Bug 209222 - Review Request: prelude-lml - Prelude log analyzer
Review Request: prelude-lml - Prelude log analyzer
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mamoru TASAKA
Fedora Package Reviews List
:
Depends On: 209214
Blocks: FE-ACCEPT
  Show dependency treegraph
 
Reported: 2006-10-03 17:41 EDT by Thorsten Scherf
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-08 09:18:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Thorsten Scherf 2006-10-03 17:41:16 EDT
Spec URL: http://people.redhat.com/tscherf/fedora-extra/
SRPM URL: http://people.redhat.com/tscherf/fedora-extra/
Description: 
Prelude-LML’s primary function is log analysis. Logs on a local system or
logs monitored over the network (if configured to accept syslog messages
from other hosts) can be processed and analyzed in order to discover
security anomalies.

This is my first package and I need a sponsor.
Comment 3 Mamoru TASAKA 2006-12-29 09:34:40 EST
I am still checking libprelude.
Well, you requested a sponsorship, however according to

http://fedoraproject.org/wiki/Extras/HowToGetSponsored

a person who want to get sponsored has to either
* submit (other) quality packages
* assist with package reviews (i.e. do a pre-review of other submitters'
  review requests and have your pre-review checked)

So... would you rewrite the spec file of this package before
I sponsor you?
I have not checked this package yet, however as far as I glanced at
the spec file of this package, your spec file has a issue at least
on directory ownership. Perhaps the attribute of the files under
%{_sysconfdir}, the requirement for -devel package are also problems

(Again, I only glanced at the spec file)
Comment 4 Thorsten Scherf 2006-12-29 10:20:00 EST
up to now I just corrected libprelude (#209214) and libpreludedb (#209215).
Maybe we can work on libpreludedb before we move over to prelude-lml, altought I
will work on this package as well. Thanks.
Comment 6 Mamoru TASAKA 2007-01-01 03:27:21 EST
Well, for prelude-lml:

* -devel package issues
  - First of all, is this package of any sense?
    I don't know how only installing one header file without
    providing any .so symlink libraries can be used for any
    other applications.

    For example, /usr/include/prelude-lml/prelude-lml.h contains
------------------------------------------------------------
const char *lml_log_entry_get_message(const lml_log_entry_t *log_entry);
------------------------------------------------------------
    However, to what library should I actually link to use
    this function *lml_log_entry_get_message ?


  The other things are:
    - prelude-lml.h includes:
-------------------------------------------------------------
#include <libprelude/prelude.h>
#include <libprelude/prelude-log.h>
-------------------------------------------------------------
    This means that -devel package should need
    "Requires: libprelude-devel"

    - The description of Requires is wrong.

* BuildRequires:
--------------------------------------------------------------
BuildRequires:	libprelude, libprelude-devel, pcre-devel  
--------------------------------------------------------------
  - "libprelude" is not necessary
  - mockbuild log says:
--------------------------------------------------------------
<snip>
checking for pcre-config... /usr/bin/pcre-config
checking for pcre_get_named_substring in -lpcre... yes
checking fam.h usability... no
checking fam.h presence... no
checking for fam.h... no
checking for FAMOpen in -lfam... no
checking whether FILENAME_MAX is declared... yes
checking for an ANSI C-conforming const... yes
<snip>
*** Dumping configuration ***
    - Enable FAM support                : no
    - Enable unsupported rulesets:      : yes
+ make
<snip>
--------------------------------------------------------------
    Why is FAM support disabled? NOTE: fam.h is included in
    gamin-devel.

* For debuginfo issue:
  - Mockbuild log says:
---------------------------------------------------------------
+ rm -f
/var/tmp/prelude-lml-0.9.8.1-1.fc7-root-mockbuild//usr/lib/prelude-lml/debug.la
+ rm -f
/var/tmp/prelude-lml-0.9.8.1-1.fc7-root-mockbuild//usr/lib/prelude-lml/pcre.la
+ /usr/lib/rpm/find-debuginfo.sh /builddir/build/BUILD/prelude-lml-0.9.8.1
extracting debug info from
/var/tmp/prelude-lml-0.9.8.1-1.fc7-root-mockbuild/usr/bin/prelude-lml
extracting debug info from
/var/tmp/prelude-lml-0.9.8.1-1.fc7-root-mockbuild/usr/lib/prelude-lml/pcre.so
extracting debug info from
/var/tmp/prelude-lml-0.9.8.1-1.fc7-root-mockbuild/usr/lib/prelude-lml/debug.so
cpio: prelude-lml-0.9.8.1/src/.libs/prelude-lmlS.c: No such file or directory <-
THIS LINE
377 blocks
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-compress
+ /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
---------------------------------------------------------------
    The description of "THIS LINE" means that a needed file for debugging
    this package is missing and this should be fixed.

    Again mockbuild log says
---------------------------------------------------------------
creating .libs/prelude-lmlS.c
(cd .libs && gcc  -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
-fasynchronous-unwind-tables -c -fno-builtin "prelude-lmlS.c")
rm -f .libs/prelude-lmlS.c .libs/prelude-lml.nm .libs/prelude-lml.nmS
.libs/prelude-lml.nmT
---------------------------------------------------------------
    "rm -f .libs/prelude-lmlS.c" is wrong and this should not be done.

* Documentation
  - Some %doc files are encoded with non-UTF-8 encodings. Please
    change to UTF-8.
---------------------------------------------------------------
/usr/share/doc/prelude-lml-0.9.8.1/ChangeLog:      ISO-8859 English text
/usr/share/doc/prelude-lml-0.9.8.1/NEWS:           ISO-8859 English text
---------------------------------------------------------------
Comment 7 Thorsten Scherf 2007-01-01 17:49:32 EST
concerning the debuging thing I got the following information from upstream:

>This is the way automake+libtool handle building the program. More
>specifically, this is related to the handling of pre-opened modules.
>You will notice similar behavior with prelude-manager, but this is all
>generated libtool code.

because of the missing .so symlink libraries in the -devel I got this:

>The prelude-lml.h header provide the necessary API for contributor to
>write LML plugins. The function (*lml_log_entry_get_message, used in your
>example) is a public function available from the LML >core. Plugin loaded by
>LML have access to LML public symbols. 

Comment 8 Mamoru TASAKA 2007-01-01 22:07:50 EST
(In reply to comment #7)
> concerning the debuging thing I got the following information from upstream:
> 
> >This is the way automake+libtool handle building the program. More
> >specifically, this is related to the handling of pre-opened modules.> >You
will notice similar behavior with prelude-manager, but this is all
> >generated libtool code.

Then? actually .libs/prelude-lmlS.o is used in prelude-lml as
--------------------------------------------------
gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=g
eneric -fasynchronous-unwind-tables -Wstrict-prototypes -Wmissing-prototypes
-Wmissing-declarations -Wbad-function-cast -Wcast-qual -Wcast-align
-Wnested-externs -Wunused -o prelude-lml -pthread .libs/prelude-lmlS.o
prelude-lml.o udp-server.o regex.o log-entry.o log-source.o log-plugins.o
lml-options.o file-server.o lml-alert.o -Wl,--export-dynamic  -L/usr/lib
-lprelude -lgnutls -lgcrypt -lgpg-error -lrt -ldl -lpcre
../libmissing/.libs/libmissing.a
--------------------------------------------------
and debugging prelude-lml actually needs prelude-lmlS.c, so
prelude-lmlS.c should not be removed.

> because of the missing .so symlink libraries in the -devel I got this:
> 
> >The prelude-lml.h header provide the necessary API for contributor to
> >write LML plugins. The function (*lml_log_entry_get_message, used in your
> >example) is a public function available from the LML >core. Plugin loaded by
> >LML have access to LML public symbols. 

Well, then what library actually provides *lml_log_entry_get_message?

Comment 9 Thorsten Scherf 2007-01-02 06:46:19 EST
from upstream:

prelude-lmlS.c problem:
>I'm not aware of any way to prevent removal of this file. I can also
>tell that this file is not necessary for debugging (it's only used by
>libtool as a way of setting up preopening).

what library actually provides *lml_log_entry_get_message:
>The symbol is exported from the Prelude-LML binary. A binary can export
>symbol, as a library does. Dynamically loaded modules have access to
>theses exported symbols.
Comment 10 Thorsten Scherf 2007-01-02 07:29:24 EST
more from upstream concerning the removed prelude-lmlS.c file:

>More information: specifically, the generated file reference plugins
>initialization symbols in a global structure available to the
>application (named lt_preloaded_symbols).

>This is only used in conjunction with --static, on platform that does
>not support dynamic library loading. On those platform, the plugin code
>is linked statically to the application, and in order to emulate the
>plugin loading, the table is looked up and referenced symbols are
>called.

>This is named dl-preopening. 
Comment 11 Mamoru TASAKA 2007-01-02 11:07:32 EST
(In reply to comment #7)
> >The prelude-lml.h header provide the necessary API for contributor to
> >write LML plugins. 
Ah.. for plugins... I see.

(In reply to comment #9)
> from upstream:
> 
> prelude-lmlS.c problem:
> >I'm not aware of any way to prevent removal of this file. I can also
> >tell that this file is not necessary for debugging (it's only used by
> >libtool as a way of setting up preopening).

It may be, however, there is a easy fix so fixing this
is preferable IMO.
-----------------------------------------------
%prep
%setup -q
sed -i.debug -e '/nlist/s|\$rm|: $rm|' ltmain.sh
-----------------------------------------------

By the way, for encoding issue, doesn't the following
make effect for you?
--------------------------------------------------
%build
%configure
make

for f in ChangeLog NEWS ; do
	iconv -f ISO-8859-15 -t UTF-8 $f > ${f}.tmp &&
		mv -f ${f}.tmp ${f} || rm -f ${f}.tmp
done
---------------------------------------------------
And.. does parallel make fail on this package?

Also, please fix the rest issues.
Comment 12 Thorsten Scherf 2007-01-02 11:38:19 EST
all problems are fixed now (thanks for the provided patch to ltmain.sh), execpt
the encoding problems. althought I called iconv I still get this:

[tscherf@tiffy SPECS]$ rpm -qpd
/home/tscherf/redhat/RPMS/i386/prelude-lml-0.9.8.1-2.i386.rpm|xargs file
/usr/share/doc/prelude-lml-0.9.8.1/AUTHORS:        ASCII text
/usr/share/doc/prelude-lml-0.9.8.1/COPYING:        ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/ChangeLog:      ISO-8859 English text
/usr/share/doc/prelude-lml-0.9.8.1/HACKING.README: ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/NEWS:           ISO-8859 English text
/usr/share/doc/prelude-lml-0.9.8.1/README:         ASCII English text
 
don't know what is going wrong, when calling iconv this way:
%build
%configure
make %{?_smp_mflags}
iconv -f ISO8859-15 -t UTF-8 NEWS > NEWS.utf8 && \
%{__mv} NEWS.utf8 NEWS
iconv -f ISO8859-15 -t UTF-8 ChangeLog > ChangeLog.utf8 && \
%{__mv} ChangeLog.utf8 Chang

here is the new package:
http://people.redhat.com/tscherf/fedora-extra/prelude-lml-0.9.8.1-2.src.rpm
http://people.redhat.com/tscherf/fedora-extra/prelude-lml.spec
Comment 13 Thorsten Scherf 2007-01-02 11:41:02 EST
all problems are fixed now (thanks for the provided patch to ltmain.sh), execpt
the encoding problems. althought I called iconv I still get this:

[tscherf@tiffy SPECS]$ rpm -qpd
/home/tscherf/redhat/RPMS/i386/prelude-lml-0.9.8.1-2.i386.rpm|xargs file
/usr/share/doc/prelude-lml-0.9.8.1/AUTHORS:        ASCII text
/usr/share/doc/prelude-lml-0.9.8.1/COPYING:        ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/ChangeLog:      ISO-8859 English text
/usr/share/doc/prelude-lml-0.9.8.1/HACKING.README: ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/NEWS:           ISO-8859 English text
/usr/share/doc/prelude-lml-0.9.8.1/README:         ASCII English text
 
don't know what is going wrong, when calling iconv this way:
%build
%configure
make %{?_smp_mflags}
iconv -f ISO8859-15 -t UTF-8 NEWS > NEWS.utf8 && \
%{__mv} NEWS.utf8 NEWS
iconv -f ISO8859-15 -t UTF-8 ChangeLog > ChangeLog.utf8 && \
%{__mv} ChangeLog.utf8 Chang

here is the new package:
http://people.redhat.com/tscherf/fedora-extra/prelude-lml-0.9.8.1-2.src.rpm
http://people.redhat.com/tscherf/fedora-extra/prelude-lml.spec
Comment 14 Mamoru TASAKA 2007-01-02 13:08:09 EST
Well, I have not checked 0.9.8.1-2, however...

* For iconv problem (only checked this for now)
Actually I cannot catch what is happening on you because
for me the result of your 0.9.8.1-2 by mockbuild on FC-devel
is...
------------------------------------------------
[root@localhost ~]# rpm -q prelude-lml
prelude-lml-0.9.8.1-2.fc7
[root@localhost ~]# rpm -ql prelude-lml | grep doc | xargs file
/usr/share/doc/prelude-lml-0.9.8.1:                directory
/usr/share/doc/prelude-lml-0.9.8.1/AUTHORS:        ASCII text
/usr/share/doc/prelude-lml-0.9.8.1/COPYING:        ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/ChangeLog:      UTF-8 Unicode English text
/usr/share/doc/prelude-lml-0.9.8.1/HACKING.README: ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/NEWS:           UTF-8 Unicode English text
/usr/share/doc/prelude-lml-0.9.8.1/README:         ASCII English text
-------------------------------------------------
... ChangeLog, NEWS are actually converted to UTF-8.

Well, once rebuild this by mockbuild. Then what result do
you gain?
Comment 15 Thorsten Scherf 2007-01-02 16:18:50 EST
problem remains in when building the package in mock:

[tscherf@tiffy result]$ rpm -qpd prelude-lml-0.9.8.1-2.fc6.i386.rpm|xargs file
/usr/share/doc/prelude-lml-0.9.8.1/AUTHORS:        ASCII text
/usr/share/doc/prelude-lml-0.9.8.1/COPYING:        ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/ChangeLog:      ISO-8859 English text
/usr/share/doc/prelude-lml-0.9.8.1/HACKING.README: ASCII English text
/usr/share/doc/prelude-lml-0.9.8.1/NEWS:           ISO-8859 English text
/usr/share/doc/prelude-lml-0.9.8.1/README:         ASCII English text

strange.
Comment 16 Mamoru TASAKA 2007-01-03 03:52:00 EST
Well,

* I cannot install -devel package.
--------------------------------------------------------
[root@localhost ~]# yum -y install prelude-lml-devel
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package prelude-lml-devel.i386 0:0.9.8.1-2.fc7 set to be updated
--> Running transaction check
--> Processing Dependency: prelude-lml-0.9.8.1-2.fc7 for package: prelude-lml-devel
--> Finished Dependency Resolution
Error: Missing Dependency: prelude-lml-0.9.8.1-2.fc7 is needed by package
prelude-lml-devel
--------------------------------------------------------
  For -devel package:
--------------------------------------------------------
Requires: libprelude-devel, prelude-lml-%{version}-%{release}
--------------------------------------------------------
  should be:
--------------------------------------------------------
Requires: libprelude-devel, prelude-lml = %{version}-%{release}
--------------------------------------------------------

= For iconv issue:
  ??  I tested mockbuild on FC-devel/6/5, and all succeedes.
      I cannot figure out why you fail on iconv, however, I
      guess something wrong happened on your system (rpm -V glibc??)

      For now I judge that your spec works.

= Debug issue is now corrected
= I leave the content of -devel package as it is.
= Other things are okay.

-----------------------------------------------------
  This package (prelude-lml) is now APPROVED by me.

  Now the rest one is prelude-manager (assigned to me), isn't it?
  I want to review it by tomorrow, however, I am also reviewing other
  12 packages (plus also checking 2-3 packages) so it may get a bit
  late to check prelude-manager...
Comment 17 Thorsten Scherf 2007-01-03 04:20:58 EST
ok, -devel requirement is corrected and package is uploaded to the buildsystem.

prelude-manager is still open, right, and I have 3 additional packages belonging
to the prelude-suite: prewikka, samhain and snort. I will upload these packages
the next couple of days. would be great if you could act as a sponsor here as well. 

If I could help you in any way, let me know.

Thanks,
Thorsten
Comment 18 Mamoru TASAKA 2007-01-08 09:06:33 EST
Please close this bug when rebuilding is done.

Note You need to log in before you can comment on or make changes to this bug.