Bug 469329 (nebula) - Review Request: nebula - An intrusion signature generator (Security tool)
Summary: Review Request: nebula - An intrusion signature generator (Security tool)
Keywords:
Status: CLOSED NEXTRELEASE
Alias: nebula
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Till Maas
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-10-31 10:35 UTC by Rakesh Pandit
Modified: 2014-10-13 23:43 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-11-08 05:18:34 UTC
Type: ---
Embargoed:
opensource: fedora-review+
kevin: fedora-cvs+


Attachments (Terms of Use)

Description Rakesh Pandit 2008-10-31 10:35:53 UTC
Description:
Nebula is an intrusion signature generator. It can help securing a
network by automatically calculating filter rules from attack
traces. In a common setup nebula runs as a daemon and receives attacks
from honeypots.


SPEC: http://rakesh.fedorapeople.org/spec/nebula.spec
SRPM: http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-1.fc10.src.rpm

Comment 1 Huzaifa S. Sidhpurwala 2008-10-31 10:48:00 UTC
Ok, so here are some things which would be nice to have:

1)
URL:            http://sourceforge.net/projects/nebula/
I prefer:
URL:            http://sourceforge.net/projects/%{name}

2)
./configure --prefix=/ --libdir=%{_libdir}

What is wrong with :

%configure ?

3)
make should be replaced by make %{?_smp_mflags}


rpmlint is mainly silent apart from the invalid license warning.

Also i am not sure if putting binaries in /bin is ok.

Comment 2 Rakesh Pandit 2008-10-31 13:05:10 UTC
1. For consistency - done
2. the build system uses -Werror and recommended %{configure} does produce some warnings which are converted to errors. So, to avoid messing with build system I have used ./configure. I have reported maintainer about different warnings with CFLAGS from %{configure}
3. done

Updated:
 
SPEC: http://rakesh.fedorapeople.org/spec/nebula.spec
SRPM: http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-2.fc10.src.rpm

Comment 3 Till Maas 2008-11-07 10:53:06 UTC
You can use this to avoud the -Werror. The default Fedora optflags contains some security enhancements (e.g. -fstack-protector), that should not be removed except if it is not possible to use them. The usage of -Werror is not such a case imho.

%configure
make %{?_smp_mflags} AM_CFLAGS=-D_GNU_SOURCE

The AM_CFLAGS  contain the Werror and are defined in the Makefile.am files. A glance over the Makefile showed, that they can be easily overwritten.

Comment 6 Till Maas 2008-11-07 15:21:38 UTC
BR: are not complete:

checking for zlib.h... no
configure: error: zlib headers not found.

You probably need at least  zlib-devel.

You can test with "koji  build --scratch dist-f10 nebula-0.2.2-4.fc10.src.rpm" whether your BRs are complete or not.

Comment 8 Till Maas 2008-11-07 16:03:51 UTC
[OK] rpmlint output: silent
[OK] Spec in %{name}.spec format

[OK] license allowed:
[GPLv2] license matches shortname in License: tag
[OK] license in tarball and included in %doc: COPYING

[OK] package is code or permissive content:
{N/A} patches sent to upstream and commented

[OK] Source0 is a working URL
{OK} Sourceforge URL is Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
<N/A> SourceX / PatchY prefixed with %{name}
[OK] Source0 matches Upstream:
9d388753e6bf14c9811a92a586ce8cfa  nebula-0.2.2.tar.gz

[OK] Package builds on all platforms:
[N/A] ExcludeArch bugs are filed and commented:
[OK] BuildRequires are complete (mock builds)
zlib-devel is missing
(OK) No file dependencies outside of /etc /bin /sbin /usr/bin /usr/sbin 

[N/A] %find_lang used for locales

[N/A] Every (sub)package containing libraries runs ldconfig
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
[N/A] .h (header) files are in -devel subpackage
[N/A] .a (static libraries) are in -static subpackage
[N/A] contains .pc (pkgconfig) files and has Requires: pkgconfig
(N/A) .pc files are in -devel subpackage
[N/A] contains .so.X(.Y) files and .so is in -devel
[N/A] -devel subpackage has Requires: %{name} = %{version}-%{release}
[N/A] .la files (libtool) are not included

[N/A] Has GUI and includes %{name}.desktop
[N/A] .desktop file installed with desktop-file-install in %install

[OK] Prefix: /usr not used (not relocatable)

[OK] Owns all created directories
[OK] no duplicates in %files
[OK] %defattr(-,root,root,-) is in every %files section
[OK] Does not own files or dirs from other packages
[OK] included filenames are in UTF-8

[OK] %clean is rm -rf %{buildroot} or $RPM_BUILD_ROOT 
[OK] %install starts with rm -rf %{buildroot} or $RPM_BUILD_ROOT 

[OK] Consistent macro usage

[OK] large documentation is -doc subpackage
[OK] %doc does not affect runtime

{OK} no pre-built binaries (.a, .so*, executable)
{OK} well known BuildRoot
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
{OK} PreReq not used
{OK} RPM_OPT_FLAGS honoured

{OK} Useful debuginfo generated
{OK} no duplication of system libraries
{OK} no rpath
{OK} Timestamps preserved with cp and install
{OK} Uses parallel make (%{?_smp_mflags})
{OK} Requires(pre,post) style notation not used
{OK} only writes to tmp /var/tmp $TMPDIR %{_tmppath} %{_builddir} (and %{buildroot} on %install and %clean)
{OK} no Conflicts
{OK} nothing installed in /srv
{OK} Changelog in allowed format
{OK} does not use Scriptlets
<N/A> Architecture independent packages have: BuildArch: noarch
<OK> Sane Provides: and Requires:

{OK} Follows Naming Guidelines

This package is APPROVED.

Comment 9 Rakesh Pandit 2008-11-07 16:13:46 UTC
Thanks

New Package CVS Request
=======================
Package Name: nebula
Short Description: An intrusion signature generator (Security tool)
Owners: rakesh
Branches: F-8 F-9 F-10
InitialCC:
Cvsextras Commits: yes

Comment 10 Kevin Fenzi 2008-11-07 21:29:47 UTC
cvs done.

Comment 11 Fedora Update System 2008-11-08 05:02:46 UTC
nebula-0.2.2-5.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/nebula-0.2.2-5.fc8

Comment 12 Fedora Update System 2008-11-08 05:03:30 UTC
nebula-0.2.2-5.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/nebula-0.2.2-5.fc9

Comment 13 Fedora Update System 2008-11-08 05:04:17 UTC
nebula-0.2.2-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/nebula-0.2.2-5.fc10

Comment 14 Fedora Update System 2008-12-11 07:57:11 UTC
nebula-0.2.2-5.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2008-12-11 07:57:50 UTC
nebula-0.2.2-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fabian Affolter 2014-10-12 15:52:53 UTC
Package Change Request
======================
Package Name: nebula
New Branches: epel7 el6
Upstream URL: http://nebula.carnivore.it/
Owners: fab
InitialCC:

Comment 17 Kevin Fenzi 2014-10-13 23:43:59 UTC
Git done (by process-git-requests).


Note You need to log in before you can comment on or make changes to this bug.