Bug 506681 - Review Request: autodafe - Fuzzing framework
Summary: Review Request: autodafe - Fuzzing framework
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Matěj Cepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: DebugInfo
TreeView+ depends on / blocked
 
Reported: 2009-06-18 09:52 UTC by Jan F. Chadima
Modified: 2018-04-11 09:22 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-06-29 12:24:41 UTC
Type: ---
Embargoed:
mcepl: fedora-review+
j: fedora-cvs+


Attachments (Terms of Use)
Patch build to honor CFLAGS from environment (1.60 KB, patch)
2009-06-24 22:37 UTC, Ville Skyttä
no flags Details | Diff

Description Jan F. Chadima 2009-06-18 09:52:57 UTC
Spec URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe.spec
SRPM URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe-0.1-1.fc12.src.rpm
Description:
Autodafé is a fuzzing framework able to uncover buffer overflows 
by using the fuzzing by weighting attacks with markers technique.

Comment 1 Matěj Cepl 2009-06-18 12:25:32 UTC
+ GOOD: rpmlint is bradford:rpmbuild$ rpmlint -i SRPMS/autodafe-0.1-1.fc11.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
bradford:rpmbuild$ rpmlint -i RPMS/x86_64/autodafe-*
autodafe.x86_64: W: incoherent-version-in-changelog 0.1-1 ['1:0.1-1.fc11', '1:0.1-1']
The last entry in %changelog contains a version identifier that is not
coherent with the epoch:version-release tuple of the package.

2 packages and 0 specfiles checked; 0 errors, 1 warnings.
bradford:rpmbuild$ 
silent on both source and binary package.
Warning doesn't make any sense to me and should be ignored.
+ GOOD: The package is named according to the Package Naming Guidelines .
+ GOOD: The spec file name matches the base package %{name}, in the format
  %{name}.spec.
???: The package meets the Packaging Guidelines .
+ BAD: The package is licensed with a Fedora approved license and meet the
Licensing Guidelines.
1) # -*- coding: utf-8 -*-
in the top is not needed ... .spec files are in Fedora UTF-8 per definition.
2) This is not good:
mkdir -p $RPM_BUILD_ROOT/usr/share
mkdir -p $RPM_BUILD_ROOT/usr/bin
make prefix=$RPM_BUILD_ROOT/usr -C src/adbg install
make prefix=$RPM_BUILD_ROOT/usr -C src/adc install
make prefix=$RPM_BUILD_ROOT/usr -C src/autodafe install
make prefix=$RPM_BUILD_ROOT/usr -C src/pdml2ad install
( cd ./etc/generator; ./generator.sh . )
mv ./etc/generator/autodafe $RPM_BUILD_ROOT/usr/share
You should use %{_prefix}, %{_datadir}, %{_bindir}, %{_sysconfdir}, etc.
+ GOOD: The License field in the package spec file matches the actual license.
- GOOD: LICENSE file is in %doc.
+ GOOD: The spec file is written in American English.
+ GOOD: The spec file for the package is legible.
+ BAD: The sources used to build the package matches the upstream source,
as provided in the spec URL.
No URL in Source:
should be
Source: autodafe-%{version}.tar.gz
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
then OK.
MD5: 1c10c69080952ab9dd2c819d1e9c044c
+ GOOD: The package successfully compiles and build into binary rpms on at
least one supported architecture.
  Koji scratch build is
  http://koji.fedoraproject.org/koji/taskinfo?taskID=1422739
+ GOOD: builds on all architectures
+ GOOD: All build dependencies are listed in BuildRequires. (builds in koji)
+ GOOD: The spec file MUST handle locales properly.
  No locale support.
+ GOOD: %post and %postun scripts OK
no scripts
+ GOOD: not relocatable
+ BAD: A package owns all directories that it creates.
I don't like this in %files:
%{_usr}/share/*
a) you should use macros,
b) how many directories in %{_datadir} you want? Just write them down in %files individually.
The same for 
%{_bindir}/*
This is not safe.
+ GOOD: A package must not contain any duplicate files in the %files listing.
+ GOOD: Permissions on files must be set properly.
+ GOOD: Each package have a %clean section.
+ BAD: Each package consistently use macros.
see above
+ GOOD: The package contains code, or permissable content.
+ BAD: No large documentation files, so no a -doc subpackage.
at least tutorials.tar.gz should go to -doc (or to hell ;-))
+ GOOD: Files registered in %doc does not affect the runtime of the
application.
+ GOOD: No header files.
+ GOOD: No static libraries.
+ GOOD: No pkgconfig(.pc) files.
+ GOOD: .so file is provided in -devel package.
no .so file
+ GOOD: Correct Requires in -devel subpackage.
no -devel package
+ GOOD: No .la libtool archives.
+ GOOD: Packages does not contain GUI applications.
+ GOOD: Packages does not own files or directories owned by other packages.
+ GOOD: Runs rm -rf $RPM_BUILD_ROOT in %install
+ GOOD: All filenames in rpm packages are valid UTF-8.
+ GOOD: Includes license text.

NOT APPROVED
Please fix the above shown problems.

Comment 3 Matěj Cepl 2009-06-19 09:38:46 UTC
Perfect!

APPROVED

Comment 4 Jan F. Chadima 2009-06-19 09:49:03 UTC
New Package CVS Request
=======================
Package Name: autodafe
Short Description: Fuzzing framework
Owners: jfch2222
Branches: F-10 F-11
InitialCC:

Comment 5 Jason Tibbitts 2009-06-20 15:02:40 UTC
CVS done.

Comment 6 Ville Skyttä 2009-06-24 22:37:09 UTC
Created attachment 349312 [details]
Patch build to honor CFLAGS from environment

Package is not built with $RPM_OPT_FLAGS, fix attached.  This patch should be applicable upstream as well, please forward it there.

Comment 7 Jan F. Chadima 2009-06-29 12:24:41 UTC
build as http://koji.fedoraproject.org/koji/buildinfo?buildID=112087
thanks for the patch


Note You need to log in before you can comment on or make changes to this bug.