Red Hat Bugzilla – Bug 469329
Review Request: nebula - An intrusion signature generator (Security tool)
Last modified: 2014-10-13 19:43:59 EDT
Description: Nebula is an intrusion signature generator. It can help securing a network by automatically calculating filter rules from attack traces. In a common setup nebula runs as a daemon and receives attacks from honeypots. SPEC: http://rakesh.fedorapeople.org/spec/nebula.spec SRPM: http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-1.fc10.src.rpm
Ok, so here are some things which would be nice to have: 1) URL: http://sourceforge.net/projects/nebula/ I prefer: URL: http://sourceforge.net/projects/%{name} 2) ./configure --prefix=/ --libdir=%{_libdir} What is wrong with : %configure ? 3) make should be replaced by make %{?_smp_mflags} rpmlint is mainly silent apart from the invalid license warning. Also i am not sure if putting binaries in /bin is ok.
1. For consistency - done 2. the build system uses -Werror and recommended %{configure} does produce some warnings which are converted to errors. So, to avoid messing with build system I have used ./configure. I have reported maintainer about different warnings with CFLAGS from %{configure} 3. done Updated: SPEC: http://rakesh.fedorapeople.org/spec/nebula.spec SRPM: http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-2.fc10.src.rpm
You can use this to avoud the -Werror. The default Fedora optflags contains some security enhancements (e.g. -fstack-protector), that should not be removed except if it is not possible to use them. The usage of -Werror is not such a case imho. %configure make %{?_smp_mflags} AM_CFLAGS=-D_GNU_SOURCE The AM_CFLAGS contain the Werror and are defined in the Makefile.am files. A glance over the Makefile showed, that they can be easily overwritten.
Thanks - Updated http://rakesh.fedorapeople.org/spec/nebula.spec http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-3.fc10.src.rpm
http://rakesh.fedorapeople.org/spec/nebula.spec http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-4.fc10.src.rpm Updated.
BR: are not complete: checking for zlib.h... no configure: error: zlib headers not found. You probably need at least zlib-devel. You can test with "koji build --scratch dist-f10 nebula-0.2.2-4.fc10.src.rpm" whether your BRs are complete or not.
http://rakesh.fedorapeople.org/spec/nebula.spec http://rakesh.fedorapeople.org/srpm/nebula-0.2.2-5.fc10.src.rpm Thanks Koji Build - http://koji.fedoraproject.org/koji/taskinfo?taskID=921010
[OK] rpmlint output: silent [OK] Spec in %{name}.spec format [OK] license allowed: [GPLv2] license matches shortname in License: tag [OK] license in tarball and included in %doc: COPYING [OK] package is code or permissive content: {N/A} patches sent to upstream and commented [OK] Source0 is a working URL {OK} Sourceforge URL is Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz <N/A> SourceX / PatchY prefixed with %{name} [OK] Source0 matches Upstream: 9d388753e6bf14c9811a92a586ce8cfa nebula-0.2.2.tar.gz [OK] Package builds on all platforms: [N/A] ExcludeArch bugs are filed and commented: [OK] BuildRequires are complete (mock builds) zlib-devel is missing (OK) No file dependencies outside of /etc /bin /sbin /usr/bin /usr/sbin [N/A] %find_lang used for locales [N/A] Every (sub)package containing libraries runs ldconfig %post -p /sbin/ldconfig %postun -p /sbin/ldconfig [N/A] .h (header) files are in -devel subpackage [N/A] .a (static libraries) are in -static subpackage [N/A] contains .pc (pkgconfig) files and has Requires: pkgconfig (N/A) .pc files are in -devel subpackage [N/A] contains .so.X(.Y) files and .so is in -devel [N/A] -devel subpackage has Requires: %{name} = %{version}-%{release} [N/A] .la files (libtool) are not included [N/A] Has GUI and includes %{name}.desktop [N/A] .desktop file installed with desktop-file-install in %install [OK] Prefix: /usr not used (not relocatable) [OK] Owns all created directories [OK] no duplicates in %files [OK] %defattr(-,root,root,-) is in every %files section [OK] Does not own files or dirs from other packages [OK] included filenames are in UTF-8 [OK] %clean is rm -rf %{buildroot} or $RPM_BUILD_ROOT [OK] %install starts with rm -rf %{buildroot} or $RPM_BUILD_ROOT [OK] Consistent macro usage [OK] large documentation is -doc subpackage [OK] %doc does not affect runtime {OK} no pre-built binaries (.a, .so*, executable) {OK} well known BuildRoot %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) {OK} PreReq not used {OK} RPM_OPT_FLAGS honoured {OK} Useful debuginfo generated {OK} no duplication of system libraries {OK} no rpath {OK} Timestamps preserved with cp and install {OK} Uses parallel make (%{?_smp_mflags}) {OK} Requires(pre,post) style notation not used {OK} only writes to tmp /var/tmp $TMPDIR %{_tmppath} %{_builddir} (and %{buildroot} on %install and %clean) {OK} no Conflicts {OK} nothing installed in /srv {OK} Changelog in allowed format {OK} does not use Scriptlets <N/A> Architecture independent packages have: BuildArch: noarch <OK> Sane Provides: and Requires: {OK} Follows Naming Guidelines This package is APPROVED.
Thanks New Package CVS Request ======================= Package Name: nebula Short Description: An intrusion signature generator (Security tool) Owners: rakesh Branches: F-8 F-9 F-10 InitialCC: Cvsextras Commits: yes
cvs done.
nebula-0.2.2-5.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/nebula-0.2.2-5.fc8
nebula-0.2.2-5.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/nebula-0.2.2-5.fc9
nebula-0.2.2-5.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/nebula-0.2.2-5.fc10
nebula-0.2.2-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
nebula-0.2.2-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Package Change Request ====================== Package Name: nebula New Branches: epel7 el6 Upstream URL: http://nebula.carnivore.it/ Owners: fab InitialCC:
Git done (by process-git-requests).