Bug 469329 - (nebula) Review Request: nebula - An intrusion signature generator (Security tool)
Review Request: nebula - An intrusion signature generator (Security tool)
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Till Maas
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-10-31 06:35 EDT by Rakesh Pandit
Modified: 2014-10-13 19:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-11-08 00:18:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
opensource: fedora‑review+
kevin: fedora‑cvs+

Attachments (Terms of Use)

  None (edit)
Description Rakesh Pandit 2008-10-31 06:35:53 EDT
Nebula is an intrusion signature generator. It can help securing a
network by automatically calculating filter rules from attack
traces. In a common setup nebula runs as a daemon and receives attacks
from honeypots.

SPEC: http://rakesh.fedorapeople.org/spec/nebula.spec
SRPM: http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-1.fc10.src.rpm
Comment 1 Huzaifa S. Sidhpurwala 2008-10-31 06:48:00 EDT
Ok, so here are some things which would be nice to have:

URL:            http://sourceforge.net/projects/nebula/
I prefer:
URL:            http://sourceforge.net/projects/%{name}

./configure --prefix=/ --libdir=%{_libdir}

What is wrong with :

%configure ?

make should be replaced by make %{?_smp_mflags}

rpmlint is mainly silent apart from the invalid license warning.

Also i am not sure if putting binaries in /bin is ok.
Comment 2 Rakesh Pandit 2008-10-31 09:05:10 EDT
1. For consistency - done
2. the build system uses -Werror and recommended %{configure} does produce some warnings which are converted to errors. So, to avoid messing with build system I have used ./configure. I have reported maintainer about different warnings with CFLAGS from %{configure}
3. done

SPEC: http://rakesh.fedorapeople.org/spec/nebula.spec
SRPM: http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-2.fc10.src.rpm
Comment 3 Till Maas 2008-11-07 05:53:06 EST
You can use this to avoud the -Werror. The default Fedora optflags contains some security enhancements (e.g. -fstack-protector), that should not be removed except if it is not possible to use them. The usage of -Werror is not such a case imho.

make %{?_smp_mflags} AM_CFLAGS=-D_GNU_SOURCE

The AM_CFLAGS  contain the Werror and are defined in the Makefile.am files. A glance over the Makefile showed, that they can be easily overwritten.
Comment 6 Till Maas 2008-11-07 10:21:38 EST
BR: are not complete:

checking for zlib.h... no
configure: error: zlib headers not found.

You probably need at least  zlib-devel.

You can test with "koji  build --scratch dist-f10 nebula-0.2.2-4.fc10.src.rpm" whether your BRs are complete or not.
Comment 8 Till Maas 2008-11-07 11:03:51 EST
[OK] rpmlint output: silent
[OK] Spec in %{name}.spec format

[OK] license allowed:
[GPLv2] license matches shortname in License: tag
[OK] license in tarball and included in %doc: COPYING

[OK] package is code or permissive content:
{N/A} patches sent to upstream and commented

[OK] Source0 is a working URL
{OK} Sourceforge URL is Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
<N/A> SourceX / PatchY prefixed with %{name}
[OK] Source0 matches Upstream:
9d388753e6bf14c9811a92a586ce8cfa  nebula-0.2.2.tar.gz

[OK] Package builds on all platforms:
[N/A] ExcludeArch bugs are filed and commented:
[OK] BuildRequires are complete (mock builds)
zlib-devel is missing
(OK) No file dependencies outside of /etc /bin /sbin /usr/bin /usr/sbin 

[N/A] %find_lang used for locales

[N/A] Every (sub)package containing libraries runs ldconfig
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
[N/A] .h (header) files are in -devel subpackage
[N/A] .a (static libraries) are in -static subpackage
[N/A] contains .pc (pkgconfig) files and has Requires: pkgconfig
(N/A) .pc files are in -devel subpackage
[N/A] contains .so.X(.Y) files and .so is in -devel
[N/A] -devel subpackage has Requires: %{name} = %{version}-%{release}
[N/A] .la files (libtool) are not included

[N/A] Has GUI and includes %{name}.desktop
[N/A] .desktop file installed with desktop-file-install in %install

[OK] Prefix: /usr not used (not relocatable)

[OK] Owns all created directories
[OK] no duplicates in %files
[OK] %defattr(-,root,root,-) is in every %files section
[OK] Does not own files or dirs from other packages
[OK] included filenames are in UTF-8

[OK] %clean is rm -rf %{buildroot} or $RPM_BUILD_ROOT 
[OK] %install starts with rm -rf %{buildroot} or $RPM_BUILD_ROOT 

[OK] Consistent macro usage

[OK] large documentation is -doc subpackage
[OK] %doc does not affect runtime

{OK} no pre-built binaries (.a, .so*, executable)
{OK} well known BuildRoot
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
{OK} PreReq not used
{OK} RPM_OPT_FLAGS honoured

{OK} Useful debuginfo generated
{OK} no duplication of system libraries
{OK} no rpath
{OK} Timestamps preserved with cp and install
{OK} Uses parallel make (%{?_smp_mflags})
{OK} Requires(pre,post) style notation not used
{OK} only writes to tmp /var/tmp $TMPDIR %{_tmppath} %{_builddir} (and %{buildroot} on %install and %clean)
{OK} no Conflicts
{OK} nothing installed in /srv
{OK} Changelog in allowed format
{OK} does not use Scriptlets
<N/A> Architecture independent packages have: BuildArch: noarch
<OK> Sane Provides: and Requires:

{OK} Follows Naming Guidelines

This package is APPROVED.
Comment 9 Rakesh Pandit 2008-11-07 11:13:46 EST

New Package CVS Request
Package Name: nebula
Short Description: An intrusion signature generator (Security tool)
Owners: rakesh
Branches: F-8 F-9 F-10
Cvsextras Commits: yes
Comment 10 Kevin Fenzi 2008-11-07 16:29:47 EST
cvs done.
Comment 11 Fedora Update System 2008-11-08 00:02:46 EST
nebula-0.2.2-5.fc8 has been submitted as an update for Fedora 8.
Comment 12 Fedora Update System 2008-11-08 00:03:30 EST
nebula-0.2.2-5.fc9 has been submitted as an update for Fedora 9.
Comment 13 Fedora Update System 2008-11-08 00:04:17 EST
nebula-0.2.2-5.fc10 has been submitted as an update for Fedora 10.
Comment 14 Fedora Update System 2008-12-11 02:57:11 EST
nebula-0.2.2-5.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2008-12-11 02:57:50 EST
nebula-0.2.2-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fabian Affolter 2014-10-12 11:52:53 EDT
Package Change Request
Package Name: nebula
New Branches: epel7 el6
Upstream URL: http://nebula.carnivore.it/
Owners: fab
Comment 17 Kevin Fenzi 2014-10-13 19:43:59 EDT
Git done (by process-git-requests).

Note You need to log in before you can comment on or make changes to this bug.