Bug 499875 - Review Request: libdasm - Library for disassembling x86 code
Summary: Review Request: libdasm - Library for disassembling x86 code
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jason Tibbitts
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-Legal 1559699
TreeView+ depends on / blocked
 
Reported: 2009-05-08 17:32 UTC by Dave Malcolm
Modified: 2018-03-25 19:45 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-11-03 16:39:01 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Dave Malcolm 2009-05-08 17:32:20 UTC
Spec URL: http://people.redhat.com/dmalcolm/python/libdasm.spec
SRPM URL: http://people.redhat.com/dmalcolm/python/libdasm-1.5-1.src.rpm
Description:
libdasm is a C-library that tries to provide simple and convenient way to
disassemble x86 raw opcode bytes (machine code). It can parse and print out
opcodes in AT&T and Intel syntax.

It also includes a Python module, which I believe is the only Python module that can directly disassemble machine code (pointers to others welcome)

Comment 1 Jason Tibbitts 2009-06-04 05:32:15 UTC
This fails to build.  Here's a scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=1393061

Comment 2 Dave Malcolm 2009-06-05 18:56:47 UTC
Was missing a buildrequires on python-devel; added.

Spec URL: http://people.redhat.com/dmalcolm/python/libdasm.spec
SRPM URL: http://people.redhat.com/dmalcolm/python/libdasm-1.5-2.src.rpm
Successful scratch build in koji:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1395600

However, am not sure this is ready yet; rpmlint is showing some soname warnings:
libdasm.i386: W: no-soname /usr/lib/libdasm.so.1.0
libdasm-devel.i386: W: no-documentation
libdasm-devel.i386: W: no-soname /usr/lib/libdasm.so
pydasm.i386: W: no-documentation

Comment 3 Jason Tibbitts 2009-07-09 20:05:52 UTC
So, no-soname is really the only issue.  This is generally one of those "get upstream to fix their broken build procedure" kind of things.  You can fix it by patching in another option to the gcc call, but I'm not really sure that's a good idea.  This code hasn't changed in five years so I doubt there's any kind of an issue here.

However, the real issue I see is that this code isn't public domain.  Yes, we have this from README.txt:

libdasm is public domain software. You can do whatever you like with it.

but then the source files have copyright statements.  I guess spot gets another FE-Legal ticket; maybe the "whatever you like" clause gives us sufficient rights.

I would recommend using _includedir instead of /usr/include, just in case.  You're already doing that in the %files list but not in %install.

Why do you have a separate copy of the unversioned .so file in the -devel pacakge instead of a symlink?  I guess it doesn't really matter that much but I can't figure out a reason for it.

* source files match upstream.  sha256sum:
   34d6c17dbb318bf2e21c6a3ae7dcc53d918ce247f1bd422b123d5e41a730a676  
   libdasm-1.5.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
? license field matches the actual license.
? license is open source-compatible.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* debuginfo package looks complete.
* rpmlint has acceptable complaints.
* final provides and requires are sane:
   libdasm.so.1.0()(64bit)
   libdasm = 1.5-2.fc12
   libdasm(x86-64) = 1.5-2.fc12
  =
   /sbin/ldconfig

  libdasm-devel-1.5-2.fc12.x86_64.rpm
   libdasm.so()(64bit)
   libdasm-devel = 1.5-2.fc12
   libdasm-devel(x86-64) = 1.5-2.fc12
  =
   libdasm = 1.5-2.fc12

  pydasm-1.5-2.fc12.x86_64.rpm
   pydasm.so()(64bit)
   pydasm = 1.5-2.fc12
   pydasm(x86-64) = 1.5-2.fc12
  =
   libdasm = 1.5-2.fc12
   libpython2.6.so.1.0()(64bit)
   python(abi) = 2.6

* shared libraries are installed:
*  ldconfig is called properly.
X  unversioned .so file is a separate copy and not a link.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no generically named files.
* scriptlets OK (ldconfig).
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* header is in the -devel subpackage.
* no static libraries.
* no libtool .la files.

Comment 4 Tom "spot" Callaway 2009-07-14 20:53:42 UTC
Can we contact the copyright holder(s) (as listed in the files) and ask them to explicitly disclaim their copyright? Basically, they need to make a statement along the lines of:

I, NAME_OF_COPYRIGHT_HOLDER, abandon all copyright on the code contained within the libdasm software (in particular, libdasm-1.5.tar.gz with SHA256 checksum 34d6c17dbb318bf2e21c6a3ae7dcc53d918ce247f1bd422b123d5e41a730a676 ) and place it into the Public Domain.

They also need to let us know of what country they are a citizen of, because many countries do not permit copyright holders to put works into the public domain (e.g. most, if not all EU citizens cannot do this).

Comment 5 Dave Malcolm 2009-07-15 00:08:31 UTC
I have emailed the copyright holders hoping for such a statement, or a more clear license grant using a Fedora-compatible FLOSS license.

Comment 6 Dave Malcolm 2009-07-16 23:02:24 UTC
One of the developers directed me to a newer version of the code here:
  http://code.google.com/p/libdasm/
which is more actively maintained; the last commit was May 17th of this year.  I'd want to include this version.

Unfortunately the licensing there still appears ambiguous:
the "Code license" field reads "New BSD License", which is fair enough, but the "Labels" field has the label "publicdomain", and the description says "public domain".  The files still contain copyright claims.

The original author appears to be happy to license the code under a BSD-style license (private email), and believes the other contributors would be as well.

Comment 7 Jason Tibbitts 2009-07-29 19:29:39 UTC
So the  only thing we really care about is the actual license on the code itself.  Statements on the web site are only used as a last resort, and only if they're not contradictory (which they are) and we're reasonably sure they were made by the authors of the code in question.

The code itself (http://code.google.com/p/libdasm/source/browse/trunk/libdasm.c) still has a copyright notice with no rights grant.  Without that, we have no rights modify, redistribute or even make use of that code.  It is not remotely free.

If they want to relicense, they just need to include one of the many standard license blocks at the top of the .c and .h files, add a copy of the full license file to their repository, fix the README.txt file to not say "public domain" and preferably fix up the conflicting statements on their web site.  Or they could remove the copyright notices and properly disclaim copyright as spot indicated above, assuming that they have the legal right to do so.

Comment 8 Jason Tibbitts 2009-11-03 15:40:42 UTC
So, it's been quite some time since the last progress on this review; is there any chance that we could move forward, or should this just be closed out?

Comment 9 Dave Malcolm 2009-11-03 16:39:01 UTC
I no longer have a need for this library, and too many other things to be doing, so I'm going to close this as WONTFIX.

If someone else wants to pick it up, that would be great.

Jason: thanks for all your help with this, I'm sorry to drop the ball on this.


Note You need to log in before you can comment on or make changes to this bug.