Bug 506681 - Review Request: autodafe - Fuzzing framework
Review Request: autodafe - Fuzzing framework
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matěj Cepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks: DebugInfo
  Show dependency treegraph
 
Reported: 2009-06-18 05:52 EDT by Jan F. Chadima
Modified: 2009-06-29 08:24 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-29 08:24:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mcepl: fedora‑review+
tibbs: fedora‑cvs+


Attachments (Terms of Use)
Patch build to honor CFLAGS from environment (1.60 KB, patch)
2009-06-24 18:37 EDT, Ville Skyttä
no flags Details | Diff

  None (edit)
Description Jan F. Chadima 2009-06-18 05:52:57 EDT
Spec URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe.spec
SRPM URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe-0.1-1.fc12.src.rpm
Description:
Autodafé is a fuzzing framework able to uncover buffer overflows 
by using the fuzzing by weighting attacks with markers technique.
Comment 1 Matěj Cepl 2009-06-18 08:25:32 EDT
+ GOOD: rpmlint is bradford:rpmbuild$ rpmlint -i SRPMS/autodafe-0.1-1.fc11.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
bradford:rpmbuild$ rpmlint -i RPMS/x86_64/autodafe-*
autodafe.x86_64: W: incoherent-version-in-changelog 0.1-1 ['1:0.1-1.fc11', '1:0.1-1']
The last entry in %changelog contains a version identifier that is not
coherent with the epoch:version-release tuple of the package.

2 packages and 0 specfiles checked; 0 errors, 1 warnings.
bradford:rpmbuild$ 
silent on both source and binary package.
Warning doesn't make any sense to me and should be ignored.
+ GOOD: The package is named according to the Package Naming Guidelines .
+ GOOD: The spec file name matches the base package %{name}, in the format
  %{name}.spec.
???: The package meets the Packaging Guidelines .
+ BAD: The package is licensed with a Fedora approved license and meet the
Licensing Guidelines.
1) # -*- coding: utf-8 -*-
in the top is not needed ... .spec files are in Fedora UTF-8 per definition.
2) This is not good:
mkdir -p $RPM_BUILD_ROOT/usr/share
mkdir -p $RPM_BUILD_ROOT/usr/bin
make prefix=$RPM_BUILD_ROOT/usr -C src/adbg install
make prefix=$RPM_BUILD_ROOT/usr -C src/adc install
make prefix=$RPM_BUILD_ROOT/usr -C src/autodafe install
make prefix=$RPM_BUILD_ROOT/usr -C src/pdml2ad install
( cd ./etc/generator; ./generator.sh . )
mv ./etc/generator/autodafe $RPM_BUILD_ROOT/usr/share
You should use %{_prefix}, %{_datadir}, %{_bindir}, %{_sysconfdir}, etc.
+ GOOD: The License field in the package spec file matches the actual license.
- GOOD: LICENSE file is in %doc.
+ GOOD: The spec file is written in American English.
+ GOOD: The spec file for the package is legible.
+ BAD: The sources used to build the package matches the upstream source,
as provided in the spec URL.
No URL in Source:
should be
Source: autodafe-%{version}.tar.gz
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
then OK.
MD5: 1c10c69080952ab9dd2c819d1e9c044c
+ GOOD: The package successfully compiles and build into binary rpms on at
least one supported architecture.
  Koji scratch build is
  http://koji.fedoraproject.org/koji/taskinfo?taskID=1422739
+ GOOD: builds on all architectures
+ GOOD: All build dependencies are listed in BuildRequires. (builds in koji)
+ GOOD: The spec file MUST handle locales properly.
  No locale support.
+ GOOD: %post and %postun scripts OK
no scripts
+ GOOD: not relocatable
+ BAD: A package owns all directories that it creates.
I don't like this in %files:
%{_usr}/share/*
a) you should use macros,
b) how many directories in %{_datadir} you want? Just write them down in %files individually.
The same for 
%{_bindir}/*
This is not safe.
+ GOOD: A package must not contain any duplicate files in the %files listing.
+ GOOD: Permissions on files must be set properly.
+ GOOD: Each package have a %clean section.
+ BAD: Each package consistently use macros.
see above
+ GOOD: The package contains code, or permissable content.
+ BAD: No large documentation files, so no a -doc subpackage.
at least tutorials.tar.gz should go to -doc (or to hell ;-))
+ GOOD: Files registered in %doc does not affect the runtime of the
application.
+ GOOD: No header files.
+ GOOD: No static libraries.
+ GOOD: No pkgconfig(.pc) files.
+ GOOD: .so file is provided in -devel package.
no .so file
+ GOOD: Correct Requires in -devel subpackage.
no -devel package
+ GOOD: No .la libtool archives.
+ GOOD: Packages does not contain GUI applications.
+ GOOD: Packages does not own files or directories owned by other packages.
+ GOOD: Runs rm -rf $RPM_BUILD_ROOT in %install
+ GOOD: All filenames in rpm packages are valid UTF-8.
+ GOOD: Includes license text.

NOT APPROVED
Please fix the above shown problems.
Comment 3 Matěj Cepl 2009-06-19 05:38:46 EDT
Perfect!

APPROVED
Comment 4 Jan F. Chadima 2009-06-19 05:49:03 EDT
New Package CVS Request
=======================
Package Name: autodafe
Short Description: Fuzzing framework
Owners: jfch2222
Branches: F-10 F-11
InitialCC:
Comment 5 Jason Tibbitts 2009-06-20 11:02:40 EDT
CVS done.
Comment 6 Ville Skyttä 2009-06-24 18:37:09 EDT
Created attachment 349312 [details]
Patch build to honor CFLAGS from environment

Package is not built with $RPM_OPT_FLAGS, fix attached.  This patch should be applicable upstream as well, please forward it there.
Comment 7 Jan F. Chadima 2009-06-29 08:24:41 EDT
build as http://koji.fedoraproject.org/koji/buildinfo?buildID=112087
thanks for the patch

Note You need to log in before you can comment on or make changes to this bug.