1505374 – Review Request: python-oletools - Tools to analyze Microsoft OLE2 files

Bug 1505374 - Review Request: python-oletools - Tools to analyze Microsoft OLE2 files

Summary: Review Request: python-oletools - Tools to analyze Microsoft OLE2 files

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Zbigniew Jędrzejewski-Szmek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1471561 (view as bug list)
Depends On:
Blocks:	1500072
TreeView+	depends on / blocked

Reported:	2017-10-23 12:54 UTC by Robert Scheck
Modified:	2017-11-11 03:04 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-10-29 15:01:05 UTC
Type:	Bug
Embargoed:
Dependent Products:
Flags:	zbyszek: fedora-review+

Attachments	(Terms of Use)

Description Robert Scheck 2017-10-23 12:54:44 UTC

Spec URL: https://labs.linuxnetz.de/bugzilla/python-oletools.spec
SRPM URL: https://labs.linuxnetz.de/bugzilla/python-oletools-0.51-2.src.rpm
Fedora Account System Username: robert
Description: 
The python-oletools is a package of python tools from Philippe Lagadec
to analyze Microsoft OLE2 files (also called Structured Storage, Compound
File Binary Format or Compound Document File Format), such as Microsoft
Office documents or Outlook messages, mainly for malware analysis, forensics
and debugging. It is based on the olefile parser.
See http://www.decalage.info/python/oletools for more info.


Separate review request due to bug 1471561 comment #5. At any point Michal
is absolutely welcome and invited to maintain this package as well. I just
need this package now... ;-)

Comment 1 Zbigniew Jędrzejewski-Szmek 2017-10-23 13:31:14 UTC

*** Bug 1471561 has been marked as a duplicate of this bug. ***

Comment 2 Zbigniew Jędrzejewski-Szmek 2017-10-23 13:35:40 UTC

Looks good in general, but there's one major question (already asked in the previous ticket, but never answered):
> Are you sure that both python2 and python3 versions of the executables should be installed? I'd expect to get the same output from either version, so it should be enough to just package one of them.

Minor nitpick: Summary for documentation packages is usually something like "Documentation for %name", and not just a repeat of the Summary of the main package.

Comment 3 Robert Scheck 2017-10-23 14:08:15 UTC

(In reply to Zbigniew Jędrzejewski-Szmek from comment #2)
> Looks good in general, but there's one major question (already asked in the
> previous ticket, but never answered):
> > Are you sure that both python2 and python3 versions of the executables should be installed? I'd expect to get the same output from either version, so it should be enough to just package one of them.

Honestly, I am not sure. I guess we both agree that the future is Python 3,
but unfortunately not all Python 3 scripts in oletools might work properly yet.
Nevertheless I would like to give brave people the possibility to use them. If
that's not argumentation enough, please let me know.

> Minor nitpick: Summary for documentation packages is usually something like
> "Documentation for %name", and not just a repeat of the Summary of the main
> package.

Yes. Can we figure out all other nitpicks (or even larger issues) and I will
correct them in a row?

Comment 4 Zbigniew Jędrzejewski-Szmek 2017-10-23 14:22:18 UTC

> Nevertheless I would like to give brave people the possibility to use them.

OK, but then I think this should be mentioned in the description of the python3- package. Otherwise users will be confused like I was.

> Yes. Can we figure out all other nitpicks (or even larger issues) and I will
correct them in a row?

I didn't see anything else.

Comment 5 Robert-André Mauchin 🐧 2017-10-23 14:25:17 UTC

Hello,

 - Remove the shebangs from theses Python scripts:

python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/ezhexviewer.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/ezhexviewer.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/mraptor.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/mraptor.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/mraptor3.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/mraptor3.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/mraptor_milter.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/mraptor_milter.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/olebrowse.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/olebrowse.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/oledir.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/oledir.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/oleid.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/oleid.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/olemap.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/olemap.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/olemeta.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/olemeta.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/oleobj.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/oleobj.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/oletimes.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/oletimes.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/olevba.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/olevba.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/olevba3.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/olevba3.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/pyxswf.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/pyxswf.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/rtfobj.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/rtfobj.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/thirdparty/tablestream/tablestream.py /usr/bin/env python
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/thirdparty/tablestream/tablestream.py 644 /usr/bin/env python
python2-oletools.noarch: E: wrong-script-interpreter /usr/lib/python2.7/site-packages/oletools/thirdparty/xglob/xglob.py /usr/bin/env python2
python2-oletools.noarch: E: non-executable-script /usr/lib/python2.7/site-packages/oletools/thirdparty/xglob/xglob.py 644 /usr/bin/env python2

python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/ezhexviewer.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/ezhexviewer.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/mraptor.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/mraptor.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/mraptor3.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/mraptor3.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/mraptor_milter.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/mraptor_milter.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/olebrowse.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/olebrowse.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/oledir.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/oledir.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/oleid.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/oleid.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/olemap.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/olemap.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/olemeta.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/olemeta.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/oleobj.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/oleobj.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/oletimes.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/oletimes.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/olevba.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/olevba.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/olevba3.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/olevba3.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/pyxswf.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/pyxswf.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/rtfobj.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/rtfobj.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/thirdparty/tablestream/tablestream.py /usr/bin/env python
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/thirdparty/tablestream/tablestream.py 644 /usr/bin/env python
python3-oletools.noarch: E: wrong-script-interpreter /usr/lib/python3.6/site-packages/oletools/thirdparty/xglob/xglob.py /usr/bin/env python2
python3-oletools.noarch: E: non-executable-script /usr/lib/python3.6/site-packages/oletools/thirdparty/xglob/xglob.py 644 /usr/bin/env python2

See https://fedoraproject.org/wiki/Packaging_tricks#Remove_shebang_from_Python_libraries 

 - Fix the line encoding for these files:

python2-oletools.noarch: E: wrong-script-end-of-line-encoding /usr/lib/python2.7/site-packages/oletools/thirdparty/xglob/xglob.py
python3-oletools.noarch: E: wrong-script-end-of-line-encoding /usr/lib/python3.6/site-packages/oletools/thirdparty/xglob/xglob.py

with sed 's/\r$//' for example.

Comment 6 Robert Scheck 2017-10-23 21:00:46 UTC

Spec URL: https://labs.linuxnetz.de/bugzilla/python-oletools.spec
SRPM URL: https://labs.linuxnetz.de/bugzilla/python-oletools-0.51-3.src.rpm

Comment 7 Zbigniew Jędrzejewski-Szmek 2017-10-24 08:15:53 UTC

It seems that at least some of the python3 executables are not ready:

$ /usr/bin/mraptor-3.6
Traceback (most recent call last):
  File "/usr/bin/mraptor-3.6", line 11, in <module>
    load_entry_point('oletools==0.51', 'console_scripts', 'mraptor')()
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 563, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2651, in load_entry_point
    return ep.load()
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2305, in load
    return self.resolve()
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2311, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python3.6/site-packages/oletools/mraptor.py", line 84, in <module>
    from oletools import olevba
  File "/usr/lib/python3.6/site-packages/oletools/olevba.py", line 237, in <module>
    import cStringIO
ModuleNotFoundError: No module named 'cStringIO'

$ /usr/bin/olevba-3.6
Traceback (most recent call last):
  File "/usr/bin/olevba-3.6", line 11, in <module>
    load_entry_point('oletools==0.51', 'console_scripts', 'olevba')()
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 563, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2651, in load_entry_point
    return ep.load()
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2305, in load
    return self.resolve()
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2311, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python3.6/site-packages/oletools/olevba.py", line 237, in <module>
    import cStringIO
ModuleNotFoundError: No module named 'cStringIO'

Dunno. I don't think it's very useful to package this. I think you should diasable
those executables that crash immediately.

--

A small inconsistency:
- you have foo-3.6 → foo-3, but foo-2.7 → foo-2 ← foo
I think the less specific name should always link to the more specific one, i.e. foo-2.7 ← foo-2 ← foo.
In practice all those symlinks are provided in the same package, but at least theoretically one might install some of the less specific symlinks, e.g. in /usr/local/bin. So let's say that I install a python 3.7 version, with a foo-3.7 executable, and symlink foo-3 too this. Things would still work as expected, but there would be two foo-3 executables with different versions. I found this much cleaner when the symlinks go one way. (It's OK as is though.)

OK, without further ado:
- package name is OK
- license is acceptable for Fedora (a combination of BSD/MIT/Python)
- license is specified correctly
- latest version
- builds and installs OK
- Provides/Requires/BuildRequires look correct
- Provides bundled() have been added
- fedora-review finds no issues

Package is APPROVED.

I see that F <= 27 has python-easygui, while rawhide has python2-easygui. You'll probably need to addjust BR to build for F27-.

Comment 8 Gwyn Ciesla 2017-10-24 13:27:58 UTC

(fedrepo-req-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/python-oletools

Comment 9 Robert Scheck 2017-10-24 21:22:14 UTC

Zbigniew, thank you very much for the review! Suggestions were applied.

Comment 10 Fedora Update System 2017-10-24 21:31:28 UTC

python-oletools-0.51-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-904ab0975e

Comment 11 Fedora Update System 2017-10-24 21:50:17 UTC

python-oletools-0.51-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-24faeb196e

Comment 12 Fedora Update System 2017-10-24 21:51:20 UTC

python-oletools-0.51-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-890b45e723

Comment 13 Fedora Update System 2017-10-25 15:25:28 UTC

python-oletools-0.51-3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-eb158f41cb

Comment 14 Fedora Update System 2017-10-26 01:11:43 UTC

python-oletools-0.51-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-24faeb196e

Comment 15 Fedora Update System 2017-10-26 01:33:41 UTC

python-oletools-0.51-3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-904ab0975e

Comment 16 Fedora Update System 2017-10-26 14:08:23 UTC

python-oletools-0.51-3.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-890b45e723

Comment 17 Fedora Update System 2017-10-29 15:01:05 UTC

python-oletools-0.51-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2017-11-03 13:30:02 UTC

python-oletools-0.51-3.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2017-11-03 13:45:03 UTC

python-oletools-0.51-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2017-11-11 03:04:29 UTC

python-oletools-0.51-3.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.