Bug 1559699 - Review Request: libdasm - Simple x86 disassembly library
Review Request: libdasm - Simple x86 disassembly library
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Robert-André Mauchin
Fedora Extras Quality Assurance
:
Depends On: 499875
Blocks: FE-SECLAB 1559711
  Show dependency treegraph
 
Reported: 2018-03-23 00:38 EDT by Michal Ambroz
Modified: 2018-04-20 22:56 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-14 22:33:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
zebob.m: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description Michal Ambroz 2018-03-23 00:38:13 EDT
Spec URL: http://rebus.fedorapeople.org//libdasm.spec
SRPM URL: http://rebus.fedorapeople.org//libdasm-1.5-4.fc27.src.rpm

Description:
libdasm is a C-library that tries to provide simple and convenient
way to disassemble Intel x86 raw op-code bytes (machine code).
It can parse and print out op-codes in AT&T and Intel syntax.

The op-codes are based on IA-32 Intel Architecture Software Developer's
Manual Volume 2: Instruction Set Reference, order number 243667,
year 2004.  Non-Intel instructions are not supported at the moment (also,
non-Intel but Intel-compatible CPU extensions, like AMD 3DNow! are
not supported).
Comment 1 Michal Ambroz 2018-03-23 00:42:34 EDT
==== Koji builds OK

$ koji build --scratch rawhide libdasm-1.5-4.fc27.src.rpm                                                
Uploading srpm: libdasm-1.5-4.fc27.src.rpm          
[====================================] 100% 00:00:00  85.35 KiB 209.66 KiB/sec                           
Created task: 25896515                              
Task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=25896515                                  
Watching tasks (this may be safely interrupted)...  
25896515 build (rawhide, libdasm-1.5-4.fc27.src.rpm): free                                               
25896515 build (rawhide, libdasm-1.5-4.fc27.src.rpm): free -> open (buildvm-12.phx2.fedoraproject.org)   
  25896518 buildArch (libdasm-1.5-4.fc27.src.rpm, aarch64): open (buildvm-aarch64-13.arm.fedoraproject.org)                                                                                                        
  25896522 buildArch (libdasm-1.5-4.fc27.src.rpm, armv7hl): open (buildvm-armv7-04.arm.fedoraproject.org)                                                                                                          
  25896520 buildArch (libdasm-1.5-4.fc27.src.rpm, i686): open (buildhw-04.phx2.fedoraproject.org)        
  25896516 buildArch (libdasm-1.5-4.fc27.src.rpm, x86_64): open (buildvm-29.phx2.fedoraproject.org)      
  25896517 buildArch (libdasm-1.5-4.fc27.src.rpm, ppc64le): open (buildvm-ppc64le-13.ppc.fedoraproject.org)                                                                                                          25896521 buildArch (libdasm-1.5-4.fc27.src.rpm, s390x): open (buildvm-s390x-07.s390.fedoraproject.org) 
  25896519 buildArch (libdasm-1.5-4.fc27.src.rpm, ppc64): open (buildvm-ppc64-11.ppc.fedoraproject.org)  
  25896520 buildArch (libdasm-1.5-4.fc27.src.rpm, i686): open (buildhw-04.phx2.fedoraproject.org) -> closed                                                                                                          0 free  7 open  1 done  0 failed                  
  25896516 buildArch (libdasm-1.5-4.fc27.src.rpm, x86_64): open (buildvm-29.phx2.fedoraproject.org) -> closed                                                                                                        0 free  6 open  2 done  0 failed                  
  25896521 buildArch (libdasm-1.5-4.fc27.src.rpm, s390x): open (buildvm-s390x-07.s390.fedoraproject.org) -> closed                                                                                                   0 free  5 open  3 done  0 failed                  
  25896517 buildArch (libdasm-1.5-4.fc27.src.rpm, ppc64le): open (buildvm-ppc64le-13.ppc.fedoraproject.org) -> closed                                                                                              
  0 free  4 open  4 done  0 failed                  
  25896518 buildArch (libdasm-1.5-4.fc27.src.rpm, aarch64): open (buildvm-aarch64-13.arm.fedoraproject.org) -> closed                                                                                              
  0 free  3 open  5 done  0 failed                  
  25896519 buildArch (libdasm-1.5-4.fc27.src.rpm, ppc64): open (buildvm-ppc64-11.ppc.fedoraproject.org) -> closed                                                                                                  
  0 free  2 open  6 done  0 failed                  
  25896522 buildArch (libdasm-1.5-4.fc27.src.rpm, armv7hl): open (buildvm-armv7-04.arm.fedoraproject.org) -> closed                                                                                                
  0 free  1 open  7 done  0 failed                  
25896515 build (rawhide, libdasm-1.5-4.fc27.src.rpm): open (buildvm-12.phx2.fedoraproject.org) -> closed 
  0 free  0 open  8 done  0 failed                  

25896515 build (rawhide, libdasm-1.5-4.fc27.src.rpm) completed successfully



==== rpmlint complains only about the macros in comments and spelling of disassembly
$ rpmlint libdasm.spec libdasm-1.5-4.fc27.src.rpm 
libdasm.spec:8: W: macro-in-comment %{name}
libdasm.spec:8: W: macro-in-comment %{version}
libdasm.spec: E: specfile-error warning: Macro expanded in comment on line 8: %{name}-%{version}.tar.gz
libdasm.src: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly
libdasm.src:8: W: macro-in-comment %{name}
libdasm.src:8: W: macro-in-comment %{version}
libdasm.src: E: specfile-error warning: Macro expanded in comment on line 8: %{name}-%{version}.tar.gz
1 packages and 1 specfiles checked; 2 errors, 5 warnings.
Comment 2 Tom "spot" Callaway 2018-03-25 16:05:56 EDT
So... the same legal issue which derailed 499875 is present here. We've got two conflicting license statements:

From README.txt
"libdasm is public domain software. You can do whatever you like with it."

But, the code (and the top of README.txt) says:

(c) 2004 - 2006 jt / nologin.org

If something is in the Public Domain, it means that the author has abandoned their copyright on a work. But, if you have a (c) statement, then they are asserting... copyright on the work. They do not have to make that statement to have copyright (thanks to the Berne Convention), but by having it present, it effectively negates the public domain declaration, leaving everyone (except the copyright holder) with no license terms on the work.

There are several ways to fix this. I'll list them in the order of preference:

* Relicense the work under an established open source license. In bz499875, the upstream appeared to be willing to relicense under BSD, which would work fine. This also resolves the international complexity and ambiguity which Public Domain works have.

* Switch to a Creative Commons Zero license, which is intended to resolve the Public Domain issues by enabling a license when it is not possible to abandon copyright entirely.

* Remove all of the (c) statements from the codebase and README, and replace them with the public domain statement, making it clear that copyright is abandoned on the work.

I filed an issue in the upstream github repo (https://github.com/jtpereyda/libdasm/issues/3), hopefully that will be a good start in getting this fixed. As is, I'm blocking this against FE-Legal.
Comment 3 Michal Ambroz 2018-03-25 18:50:44 EDT
Spec URL: http://rebus.fedorapeople.org//libdasm.spec
SRPM URL: http://rebus.fedorapeople.org//libdasm-1.5-5.20151201gitc1afd03.fc27.src.rpm

- Switch to most current github snapshot (https://github.com/jtpereyda/libdasm)
- Tom thank you for your review, I have already tried to contact the original author 


Here is the research on the code origins:
- Original author Jarkko Turkulainen <jt () klake org> put the code into public domain
http://www.klake.org/~jt/misc/libdasm-1.4.tar.gz -> https://web.archive.org/web/20060718012748/http://www.klake.org/~jt/misc/libdasm-1.4.tar.gz
http://www.klake.org/~jt/misc/libdasm-1.5.tar.gz -> https://web.archive.org/web/20120119123445/http://www.klake.org/~jt/misc/libdasm-1.5.tar.gz
https://labsblog.f-secure.com/author/turkja/
http://en.gravatar.com/turkja

- There was another fork on https://code.google.com/archive/p/libdasm/ by Ange Albertini
- Current code being maintained on github by Joshua Pereyda - https://github.com/jtpereyda/libdasm
Comment 4 Robert-André Mauchin 2018-03-27 12:47:36 EDT
 - Not needed, it's in the default buildroot

# ldconfig is provided by glibc
Requires(post): ldconfig
Requires(postun): ldconfig

 - Group: is not used in Fedora

 - Use the new %ldconfig_scriptlets instead of:

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

   See https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets#Upgrade.2Fcompatibility_impact


Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Development (unversioned) .so files in -devel subpackage, if present.
     Note: Unversioned so-files in private %_libdir subdirectory (see
     attachment). Verify they are not in ld path.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Unknown or generated". 24 files have unknown license. Detailed
     output of licensecheck in /home/bob/packaging/review/libdasm/review-
     libdasm/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 30720 bytes in 4 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
     Note: Multiple Release: tags found
[x]: Package does not contain duplicates in %files.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[x]: Scriptlets must be sane, if used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: There are rpmlint messages (see attachment).
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Package should not use obsolete m4 macros
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: libdasm-1.5-5.20151201gitc1afd03.fc29.x86_64.rpm
          libdasm-devel-1.5-5.20151201gitc1afd03.fc29.x86_64.rpm
          python2-pydasm-1.5-5.20151201gitc1afd03.fc29.x86_64.rpm
          libdasm-debuginfo-1.5-5.20151201gitc1afd03.fc29.x86_64.rpm
          libdasm-debugsource-1.5-5.20151201gitc1afd03.fc29.x86_64.rpm
          libdasm-1.5-5.20151201gitc1afd03.fc29.src.rpm
libdasm.x86_64: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly
libdasm.x86_64: W: no-manual-page-for-binary das
libdasm-devel.x86_64: W: only-non-binary-in-usr-lib
libdasm-devel.x86_64: W: no-documentation
python2-pydasm.x86_64: W: spelling-error %description -l en_US libdasm -> liberalism
python2-pydasm.x86_64: W: no-documentation
python2-pydasm.x86_64: W: no-manual-page-for-binary das.py
libdasm-debugsource.x86_64: W: no-documentation
libdasm.src: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly
libdasm.src:58: W: macro-in-comment %{name}
libdasm.src:58: W: macro-in-comment %{version}
libdasm.src:59: W: macro-in-comment %{gituser}
libdasm.src:59: W: macro-in-comment %{gitname}
libdasm.src:59: W: macro-in-comment %{version}
libdasm.src:59: W: macro-in-comment %{name}
libdasm.src:59: W: macro-in-comment %{version}
6 packages and 0 specfiles checked; 0 errors, 16 warnings.
Comment 5 Michal Ambroz 2018-03-29 22:37:50 EDT
Hello Robert-Andre,
thank you for review.

>- Not needed, it's in the default buildroot
removed

>- Use the new %ldconfig_scriptlets instead of:
used the scriptlets

>- Group: is not used in Fedora
is mandatory for EPEL

In the meanwhile the upstream allowed to change the license to BSD, this should clear also the FE-LEGAL blocking.

Spec URL: http://rebus.fedorapeople.org/libdasm.spec
SRPM URL: http://rebus.fedorapeople.org/libdasm-1.5-6.20180328gitc315f8d.fc27.src.rpm
Comment 6 Robert-André Mauchin 2018-03-30 04:52:49 EDT
 - Use the new tagged release 1.6 https://github.com/jtpereyda/libdasm/releases

Package approved.
Comment 7 Michal Ambroz 2018-03-31 19:45:44 EDT
bump to tagged version

Spec URL: http://rebus.fedorapeople.org/libdasm.spec
SRPM URL: http://rebus.fedorapeople.org/libdasm-1.6-1.fc27.src.rpm
Comment 8 Gwyn Ciesla 2018-04-02 09:19:46 EDT
(fedrepo-req-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/libdasm
Comment 9 Michal Ambroz 2018-04-03 16:06:25 EDT
- removing tab libdasm (due to bug in bugzilla it wont be possibe to search for the package) 
- package was built in koji, now submitting to updates
Comment 10 Fedora Update System 2018-04-03 16:07:17 EDT
libdasm-1.6-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8adce9baab
Comment 11 Fedora Update System 2018-04-03 16:07:28 EDT
libdasm-1.6-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0acbb92afb
Comment 12 Fedora Update System 2018-04-03 16:07:34 EDT
libdasm-1.6-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c9d5e8c275
Comment 13 Fedora Update System 2018-04-03 16:07:40 EDT
libdasm-1.6-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a0917c8330
Comment 14 Fedora Update System 2018-04-03 16:07:47 EDT
libdasm-1.6-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2343c53de1
Comment 15 Fedora Update System 2018-04-04 13:45:15 EDT
libdasm-1.6-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a0917c8330
Comment 16 Fedora Update System 2018-04-04 13:45:58 EDT
libdasm-1.6-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c9d5e8c275
Comment 17 Fedora Update System 2018-04-04 13:46:35 EDT
libdasm-1.6-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0acbb92afb
Comment 18 Fedora Update System 2018-04-04 13:57:17 EDT
libdasm-1.6-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2343c53de1
Comment 19 Fedora Update System 2018-04-04 14:36:12 EDT
libdasm-1.6-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8adce9baab
Comment 20 Fedora Update System 2018-04-14 22:33:58 EDT
libdasm-1.6-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2018-04-15 10:43:23 EDT
libdasm-1.6-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2018-04-15 14:12:14 EDT
libdasm-1.6-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2018-04-20 22:34:54 EDT
libdasm-1.6-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2018-04-20 22:56:39 EDT
libdasm-1.6-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.