SPEC URL: http://rebus.fedorapeople.org/fedora/12/SPECS/dcfldd.spec SRPM URL: http://rebus.fedorapeople.org/fedora/12/SRPMS/dcfldd-1.3.4.1-2.fc12.src.rpm Please could you do a review for this package? dcfldd is one of the forensic tools requested on wishlist from Fedora Security Spin. dcfldd is an enhanced version of GNU dd with features useful for forensics and security. dcfldd has the following additional features: * Hashing on-the-fly - dcfldd can hash the input data as it is being transferred, helping to ensure data integrity. * Status output - dcfldd can update the user of its progress in terms of the amount of data transferred and how much longer operation will take. * Flexible disk wipes - dcfldd can be used to wipe disks quickly and with a known pattern if desired. * Image/wipe Verify - dcfldd can verify that a target drive is a bit-for-bit match of the specified input file or pattern. * Multiple outputs - dcfldd can output to multiple files or disks at the same time. * Split output - dcfldd can split output to multiple files with more configuration possibilities than the split command. * Piped output and logs - dcfldd can send all its log data and output to commands as well as files. This package is based on the original packlage of Dag Wiers, I have just rebuild for Fedora and aligned it with Fedora Packaging guidelines. Original package - http://dag.wieers.com/rpm/packages/dcfldd/.
I am sorry for typo - reference should be Dag Wieers.
Some quick comments: o use %global over %define (and move it to the top). o not needed to add gcc-c++ and libstdc++-devel to buildreq, remove. o change source tag to source0 o add INSTALL='install -p' to make install to preserve timestamps o change %defattr(-, root, root, 0755) to %defattr(-, root, root, -)
One more things o no need to mark man pages as %doc, done by rpm any way.
Hello Terje, thank you for the review and for the comments. Here is updated package SPEC URL: http://rebus.fedorapeople.org/fedora/12/SPECS/dcfldd.spec SRPM URL: http://rebus.fedorapeople.org/fedora/12/SRPMS/dcfldd-1.3.4.1-3.fc12.src.rpm Best regards. Michal Ambroz
Thanks, everything seems fine here now. Except a license issue. Most files are GPLv2+, good. However, there are a mix: md5.c and md5.h coming from RSA: ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** ** ** ** License to copy and use this software is granted provided that ** ** it is identified as the "RSA Data Security, Inc. MD5 Message ** ** Digest Algorithm" in all material mentioning or referencing this ** ** software or this function. ** ** ** ** License is also granted to make and use derivative works ** ** provided that such works are identified as "derived from the RSA ** ** Data Security, Inc. MD5 Message Digest Algorithm" in all ** ** material mentioning or referencing the derived work. ** ** ** ** RSA Data Security, Inc. makes no representations concerning ** ** either the merchantability of this software or the suitability ** ** of this software for any particular purpose. It is provided "as ** ** is" without express or implied warranty of any kind. ** ** ** ** These notices must be retained in any copies of any part of this ** ** documentation and/or software. sha1.c and sha1.h have * Copyright (c) 2001-2003 Allan Saddi <allan> * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY ALLAN SADDI AND HIS CONTRIBUTORS ``AS IS'' * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL ALLAN SADDI OR HIS CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. while sha2.c and sha2.h are: * AUTHOR: Aaron D. Gifford <me> * * Copyright (c) 2000-2001, Aaron D. Gifford * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the copyright holder nor the names of contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. I need some help here. Spot, I added you to CC: can you please have a look at the license status in dcfldd.
Okay. So, the latter two licenses are just BSD. The top one would be a problem (Free but GPL-incompatible), but because it is from RSA and covers the "MD5 Message Digest Algorithm", it isn't. The full explanation is here: https://fedoraproject.org/wiki/Licensing/FAQ#MD5 The short version: We can treat the code under that license as "Copyright Only", but we should advise the dcfldd upstream of the license incompatibility and recommend that they "use" this code without RSA's license as well, and reflect that usage in the source code by removing RSA's license (but not RSA's copyright). The license tag should be # Note that we are using the RSA MD5 code without license. # See: https://fedoraproject.org/wiki/Licensing:FAQ#MD5 License: GPLv2+ and BSD and Copyright Only
Hello guys, thank you for help - I will update the package in this sense and notify upstream. Best regards Michal Ambroz
Hello, I have update the package with the license statements as recommended by Tom "spot" Callaway. SPEC URL: http://rebus.fedorapeople.org/12/SPECS/dcfldd.spec SRPM URL: http://rebus.fedorapeople.org/12/SRPMS/dcfldd-1.3.4.1-4.fc12.src.rpm Output from rpmlint: $ rpmlint dcfldd-1.3.4.1-4.fc12.src.rpm dcfldd-1.3.4.1-4.fc12.i686.rpm dcfldd-debuginfo-1.3.4.1-4.fc12.i686.rpm dcfldd.src: W: invalid-license Copyright Only dcfldd.i686: W: invalid-license Copyright Only dcfldd-debuginfo.i686: W: invalid-license Copyright Only 3 packages and 0 specfiles checked; 0 errors, 3 warnings. Koji build F12: http://koji.fedoraproject.org/koji/taskinfo?taskID=2144215 Koji build F13: http://koji.fedoraproject.org/koji/taskinfo?taskID=2144225 Best regards Michal Ambroz
ok rpmlint (just warnings which can be ignored) ok naming of package and spec ok spec file ok license approved and tag ok. Thanks spot! ok license in %doc ok correct language ok sha1sum on sources and ok url fb1c55f107a6af5ef8703a44d33476e508815913 dcfldd-1.3.4-1.tar.gz fb1c55f107a6af5ef8703a44d33476e508815913 dcfldd-1.3.4-1.tar.gz.spec ok koji build with correct buildreq ok excludearch - locale files - ldconfig ok no bundling ok owns, dirs and perms and only once ok macros ok code or content - large docs ok %doc not affect the runtime - headers|static in devel|static - .so in devel - devel dep on base - no .la|.a file - gui with desktop file ok own just not owned ok utf-8 file names ok separate file from upstream ok trans ok mock/koji see comment #8 ok testing - scriptlets sane - subpkgs dep on base - pkgconfig(.pc) in devel - req on package not on files ok add man pages The package dcfldd is APPROVED.
New Package CVS Request ======================= Package Name: dcfldd Short Description: Enhanced version of GNU dd with features useful for forensics and security Owners: rebus Branches: F-12 F-13 EL-4 EL-5 devel InitialCC: Thank you Michal Ambroz
CVS done (by process-cvs-requests.py).
dcfldd-1.3.4.1-4.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.fc13
dcfldd-1.3.4.1-4.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el4
dcfldd-1.3.4.1-4.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.fc12
dcfldd-1.3.4.1-4.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el5
dcfldd-1.3.4.1-4.el4 has been pushed to the Fedora EPEL 4 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update dcfldd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el4
dcfldd-1.3.4.1-4.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update dcfldd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el5
dcfldd-1.3.4.1-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
dcfldd-1.3.4.1-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
dcfldd-1.3.4.1-4.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
dcfldd-1.3.4.1-4.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
Package Change Request ====================== Package Name: dcfldd New Branches: epel7 Owners: rebus Hello SCM team, plase can you add epel7 branch for the dcfldd package? Michal Ambroz
Git done (by process-git-requests).
dcfldd-1.3.4.1-11.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-11.el7
dcfldd-1.3.4.1-11.el7 has been pushed to the Fedora EPEL 7 stable repository.
removing the alias due to bug in bugzilla it prevented searching for dcfldd