Spec URL: https://hedayat.fedorapeople.org/reviews/obfs4/obfs4.spec SRPM URL: https://hedayat.fedorapeople.org/reviews/obfs4/obfs4-0.0.7-1.fc26.src.rpm Description: This is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol. The obfs naming was chosen primarily because it was shorter, in terms of protocol ancestry obfs4 is much closer to ScrambleSuit than obfs2/obfs3. The notable differences between ScrambleSuit and obfs4: * The handshake always does a full key exchange (no such thing as a Session Ticket Handshake). * The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping. * The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20). As an added bonus, obfs4proxy also supports acting as an obfs2/3 client and bridge to ease the transition to the new protocol. Fedora Account System Username: hedayat Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=22150998 % rpmlint obfs4.spec ~/rpmbuild/SRPMS/obfs4-0.0.7-1.fc26.src.rpm ~/rpmbuild/RPMS/x86_64/obfs4-0.0.7-1.fc26.x86_64.rpm ~/rpmbuild/RPMS/x86_64/obfs4-debuginfo-0.0.7-1.fc26.x86_64.rpm obfs4.spec: W: invalid-url Source0: obfs4-0.0.7.tar.xz obfs4.src: W: spelling-error Summary(en_US) obfourscator -> obfuscation obfs4.src: W: spelling-error Summary(en_US) pluggable -> plug gable, plug-gable, plugged obfs4.src: W: spelling-error %description -l en_US obfs -> obs, fobs, obis obfs4.src: W: spelling-error %description -l en_US ntor -> nor, tor, torn obfs4.src: W: invalid-url Source0: obfs4-0.0.7.tar.xz obfs4.x86_64: W: spelling-error Summary(en_US) obfourscator -> obfuscation obfs4.x86_64: W: spelling-error Summary(en_US) pluggable -> plug gable, plug-gable, plugged obfs4.x86_64: W: spelling-error %description -l en_US obfs -> obs, fobs, obis obfs4.x86_64: W: spelling-error %description -l en_US ntor -> nor, tor, torn 3 packages and 1 specfiles checked; 0 errors, 10 warnings. Note: 'obfourscator' is how the developer have named it. Tor calls these 'pluggable' transports. "ntor handshake": type of handshake! (The description is actually copied from the README file) To properly work with SELinux enabled, bug #1496274 should be also fixed.
Just so I'm getting this right, this is both intended to be used as a binary AND a development library? If not, there's no need to package -devel and -unit-test-devel.
Well, actually not AFAIK. While -devel & unit-test-devel subpackage expressions are still in the spec, I've set with_devel to 0, so they are not built currently (and if I want to enable it someday, I should fix unit-test-devel package name too.). I was unsure if I should remove them altogether, but for now I decided to keep them but disable them. If you think it it better to cleanup the .spec and remove them completely, I'll do. Currently, only obfs4 & its debuginfo package(s) are generated.
Ok, package accepted. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "BSD (3 clause)", "BSD (2 clause)", "Unknown or generated". 5 files have unknown license. Detailed output of licensecheck in /home/bob/packaging/review/obfs4/review-obfs4/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: Package does not own files or directories owned by other packages. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [-]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 2 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in obfs4-debuginfo , obfs4-debugsource [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Spec use %global instead of %define unless justified. Note: %define requiring justification: %define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: SourceX is a working URL. [x]: Package should compile and build into binary rpms on all supported architectures. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: obfs4-0.0.7-1.fc28.x86_64.rpm obfs4-debuginfo-0.0.7-1.fc28.x86_64.rpm obfs4-debugsource-0.0.7-1.fc28.x86_64.rpm obfs4-0.0.7-1.fc28.src.rpm obfs4.x86_64: W: spelling-error Summary(en_US) obfourscator -> obfuscation obfs4.x86_64: W: spelling-error Summary(en_US) pluggable -> plug gable, plug-gable, plugged obfs4.x86_64: W: spelling-error %description -l en_US obfs -> obs, fobs, obis obfs4.x86_64: W: spelling-error %description -l en_US ntor -> nor, tor, torn obfs4.x86_64: W: only-non-binary-in-usr-lib obfs4-debugsource.x86_64: W: no-documentation obfs4.src: W: spelling-error Summary(en_US) obfourscator -> obfuscation obfs4.src: W: spelling-error Summary(en_US) pluggable -> plug gable, plug-gable, plugged obfs4.src: W: spelling-error %description -l en_US obfs -> obs, fobs, obis obfs4.src: W: spelling-error %description -l en_US ntor -> nor, tor, torn obfs4.src: E: specfile-error warning: Macro expanded in comment on line 44: (c=%%{commit}; echo ${c:0:7}) 4 packages and 0 specfiles checked; 1 errors, 10 warnings.
Really thank you for your review. Hmm.. Just a question: while this package is clearly called 'obfs4', it provides obfs4proxy binary and also it is named as such in some other places (e.g. AFAIK in Debian). Do you think that adding a 'Provides: obfs4proxy' is good/acceptable? Thanks again
(fedrepo-req-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/obfs4. You may commit to the branch "f27" in about 10 minutes.
persepolis-3.0.1-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-50c7ab5902
persepolis-3.0.1-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2e35b639c9