Red Hat Bugzilla – Bug 245432
Review Request: libtomcrypt - comprehensive, portable cryptographic toolkit
Last modified: 2013-09-29 06:21:16 EDT
Spec URL: http://jeremy.hinegardner.org/fedora/libtomcrypt.spec
SRPM URL: http://jeremy.hinegardner.org/fedora/libtomcrypt-1.17-1.fc7.src.rpm
Description: LibTomCrypt is a fairly comprehensive, modular and portable
cryptographic toolkit that provides developers with a vast array of well
known published block ciphers, one-way hash functions, chaining modes,
pseudo-random number generators, public key cryptography and a plethora
of other routines.
LibTomCrypt has been designed from the ground up to be very simple to
use. It has a modular and standard API that allows new ciphers, hashes
and PRNGs to be added or removed without change to the overall end
application. It features easy to use functions and a complete user
manual which has many source snippet examples.
LibTomCrypt has a build and runtime dependency on libtommath which is also a new
package request (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245431).
New spec and srpm to fix deployment in 64bit environments:
Spec URL: http://jeremy.hinegardner.org/fedora/libtomcrypt/libtomcrypt.spec
SRPM URL: http://jeremy.hinegardner.org/fedora/libtomcrypt/libtomcrypt-1.17-2.fc7.src.rpm
New spec and srpm to make sure compiling honors RPM_OPT_FLAGS and uses per
package header subdirectories. Update build to use header subdirectory of
Now that libtommath is done, I thought I'd take a look at this. However, I find
many rpmlint complaints like the following:
W: libtomcrypt undefined-non-weak-symbol /usr/lib64/libtomcrypt.so.0.0.117
It seems that this library isn't actually linked against libtommath even though
it uses functions from it heavily. I added
to the %build section and that makes most of them go away, but there are still a
bunch in libtomcrypt_prof.so:
W: libtomcrypt undefined-non-weak-symbol /usr/lib64/libtomcrypt_prof.so.0.0.117
I'm not really sure what the _prof library is, however. Is it something we
really want to ship?
(In reply to comment #4)
> Now that libtommath is done, I thought I'd take a look at this. However, I find
> many rpmlint complaints like the following:
> W: libtomcrypt undefined-non-weak-symbol /usr/lib64/libtomcrypt.so.0.0.117
> It seems that this library isn't actually linked against libtommath even though
> it uses functions from it heavily. I added
> export EXTRALIBS="-ltommath"
> to the %build section and that makes most of them go away, but there are still a
> bunch in libtomcrypt_prof.so:
> W: libtomcrypt undefined-non-weak-symbol /usr/lib64/libtomcrypt_prof.so.0.0.117
> I'm not really sure what the _prof library is, however. Is it something we
> really want to ship?
I didn't get those W:'s when I ran rpmlint, but I also don't have a x86_64
machine. Let me know if the new SRPM causes the same complaints
Your right, the _prof library is not necessary, and I've removed it from the
RPM. I had the wrong -l flag in the spec so that fixes the -ltommath linkage
failure. Also, I managed to get the make test && ./test to work so we have a
new SPEC: http://jeremy.hinegardner.org/fedora/libtomcrypt/libtomcrypt.spec
FYI, you must actually install the package in order to see those rpmlint complaints.
(In reply to comment #6)
> FYI, you must actually install the package in order to see those rpmlint
Nice, good to learn something new. I get some still now. I'll see if I can
figure out what is going on.
New spec and srpm that really do fix the rpmlint warnings for undefined-non-weak
OK, everything builds OK and rpmlint is finally silent.
The URL: and Source0: are off as with the libtommath; Source0: should be what's
in URL: and URL: should be
You generally shouldn't start Summary: with the name of the package.
Those issues are minor; I'll go ahead and approve this and you can fix them when
you check in.
* source files match upstream:
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
? summary starts with the name of the package.
* description is OK.
* dist tag is present.
* build root is OK.
* license field matches the actual license.
* license is open source-compatible.
* license text (grant to public domain) included in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (development, x86_64).
* package installs properly
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
libtomcrypt = 1.17-5.fc8
libtommath >= 0.41
libtomcrypt-devel = 1.17-5.fc8
libtomcrypt = 1.17-5.fc8
* %check is present and all tests pass (I think):
I guess "NOPpassed" means the test doesn't do anything.
* ldconfig is called as necessary to install shared libs, and unversioned .so
files are in the -devel subpackage.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* scriptlets OK (ldconfig)
* code, not content.
* documentation is small, so no -docs subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* headers are in the -devel subpackage.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.
(In reply to comment #9)
> OK, everything builds OK and rpmlint is finally silent.
> The URL: and Source0: are off as with the libtommath; Source0: should be what's
> in URL: and URL: should be
> You generally shouldn't start Summary: with the name of the package.
> Those issues are minor; I'll go ahead and approve this and you can fix them when
> you check in.
New Package CVS Request
Package Name: libtomcrypt
Short Description: a comprehensive, portable cryptographic toolkit
Package Change Request
Package Name: libtomcrypt
New Branches: el6
New branch required for importing stoken in EPEL-6, a toolkit for using RSA SecureID soft tokens in Linux.
Git done (by process-git-requests).