This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 583251 - (dcfldd) Review Request: dcfldd - Improved dd, useful for forensics and security
Review Request: dcfldd - Improved dd, useful for forensics and security
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Terje Røsten
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-SECLAB
  Show dependency treegraph
 
Reported: 2010-04-17 08:05 EDT by Michal Ambroz
Modified: 2014-10-17 13:33 EDT (History)
5 users (show)

See Also:
Fixed In Version: dcfldd-1.3.4.1-11.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-04 02:08:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
terjeros: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Michal Ambroz 2010-04-17 08:05:34 EDT
SPEC URL: http://rebus.fedorapeople.org/fedora/12/SPECS/dcfldd.spec
SRPM URL: http://rebus.fedorapeople.org/fedora/12/SRPMS/dcfldd-1.3.4.1-2.fc12.src.rpm

Please could you do a review for this package? dcfldd is one of the forensic tools requested on wishlist from Fedora Security Spin.

dcfldd is an enhanced version of GNU dd with features useful for forensics
and security. dcfldd has the following additional features:

   * Hashing on-the-fly - dcfldd can hash the input data as it is being
     transferred, helping to ensure data integrity.
   * Status output - dcfldd can update the user of its progress in terms of
     the amount of data transferred and how much longer operation will take.
   * Flexible disk wipes - dcfldd can be used to wipe disks quickly
     and with a known pattern if desired.
   * Image/wipe Verify - dcfldd can verify that a target drive is a
     bit-for-bit match of the specified input file or pattern.
   * Multiple outputs - dcfldd can output to multiple files or disks at
     the same time.
   * Split output - dcfldd can split output to multiple files with more
     configuration possibilities than the split command.
   * Piped output and logs - dcfldd can send all its log data and output
     to commands as well as files.

This package is based on the original packlage of Dag Wiers, I have just rebuild for Fedora and aligned it with Fedora Packaging guidelines.
Original package - http://dag.wieers.com/rpm/packages/dcfldd/.
Comment 1 Michal Ambroz 2010-04-17 08:06:53 EDT
I am sorry for typo - reference should be Dag Wieers.
Comment 2 Terje Røsten 2010-04-17 14:04:12 EDT
Some quick comments:

 o use %global over %define (and move it to the top).
 o not needed to add gcc-c++ and  libstdc++-devel to buildreq, remove.
 o change source tag to source0
 o add INSTALL='install -p' to make install to preserve timestamps
 o change %defattr(-, root, root, 0755) to %defattr(-, root, root, -)
Comment 3 Terje Røsten 2010-04-17 14:08:34 EDT
One more things

 o no need to mark man pages as %doc, done by rpm any way.
Comment 4 Michal Ambroz 2010-04-17 20:24:59 EDT
Hello Terje,
thank you for the review and for the comments. Here is updated package

SPEC URL: http://rebus.fedorapeople.org/fedora/12/SPECS/dcfldd.spec
SRPM URL:
http://rebus.fedorapeople.org/fedora/12/SRPMS/dcfldd-1.3.4.1-3.fc12.src.rpm

Best regards.
Michal Ambroz
Comment 5 Terje Røsten 2010-04-18 03:24:25 EDT
Thanks, everything seems fine here now. Except a license issue.

Most files are GPLv2+, good.

However, there are a mix:

md5.c and md5.h coming from RSA:

 ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
 **                                                                  **
 ** License to copy and use this software is granted provided that   **
 ** it is identified as the "RSA Data Security, Inc. MD5 Message     **
 ** Digest Algorithm" in all material mentioning or referencing this **
 ** software or this function.                                       **
 **                                                                  **
 ** License is also granted to make and use derivative works         **
 ** provided that such works are identified as "derived from the RSA **
 ** Data Security, Inc. MD5 Message Digest Algorithm" in all         **
 ** material mentioning or referencing the derived work.             **
 **                                                                  **
 ** RSA Data Security, Inc. makes no representations concerning      **
 ** either the merchantability of this software or the suitability   **
 ** of this software for any particular purpose.  It is provided "as **
 ** is" without express or implied warranty of any kind.             **
 **                                                                  **
 ** These notices must be retained in any copies of any part of this **
 ** documentation and/or software.


sha1.c and sha1.h have

 * Copyright (c) 2001-2003 Allan Saddi <allan@saddi.com>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY ALLAN SADDI AND HIS CONTRIBUTORS ``AS IS''
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL ALLAN SADDI OR HIS CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.

while sha2.c and sha2.h are:

 * AUTHOR:      Aaron D. Gifford <me@aarongifford.com>
 * 
 * Copyright (c) 2000-2001, Aaron D. Gifford
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the copyright holder nor the names of contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.

I need some help here.


Spot, I added you to CC: can you please have a look at the license status in dcfldd.
Comment 6 Tom "spot" Callaway 2010-04-19 12:38:54 EDT
Okay. So, the latter two licenses are just BSD. The top one would be a problem (Free but GPL-incompatible), but because it is from RSA and covers the "MD5 Message Digest Algorithm", it isn't.

The full explanation is here:
https://fedoraproject.org/wiki/Licensing/FAQ#MD5

The short version: We can treat the code under that license as "Copyright Only", but we should advise the dcfldd upstream of the license incompatibility and recommend that they "use" this code without RSA's license as well, and reflect that usage in the source code by removing RSA's license (but not RSA's copyright).

The license tag should be

# Note that we are using the RSA MD5 code without license.
# See: https://fedoraproject.org/wiki/Licensing:FAQ#MD5
License: GPLv2+ and BSD and Copyright Only
Comment 7 Michal Ambroz 2010-04-19 13:09:09 EDT
Hello guys,
thank you for help - I will update the package in this sense and notify upstream.
Best regards
Michal Ambroz
Comment 8 Michal Ambroz 2010-04-28 18:18:53 EDT
Hello, 
I have update the package with the license statements as recommended by  Tom "spot" Callaway. 

SPEC URL: http://rebus.fedorapeople.org/12/SPECS/dcfldd.spec
SRPM URL: http://rebus.fedorapeople.org/12/SRPMS/dcfldd-1.3.4.1-4.fc12.src.rpm


Output from rpmlint:
$ rpmlint dcfldd-1.3.4.1-4.fc12.src.rpm dcfldd-1.3.4.1-4.fc12.i686.rpm dcfldd-debuginfo-1.3.4.1-4.fc12.i686.rpm
dcfldd.src: W: invalid-license Copyright Only
dcfldd.i686: W: invalid-license Copyright Only
dcfldd-debuginfo.i686: W: invalid-license Copyright Only
3 packages and 0 specfiles checked; 0 errors, 3 warnings.

Koji build F12: http://koji.fedoraproject.org/koji/taskinfo?taskID=2144215
Koji build F13: http://koji.fedoraproject.org/koji/taskinfo?taskID=2144225

Best regards
Michal Ambroz
Comment 9 Terje Røsten 2010-04-29 14:10:43 EDT
ok rpmlint (just warnings which can be ignored)
ok naming of package and spec
ok spec file 
ok license approved and tag ok. Thanks spot!
ok license in %doc
ok correct language
ok sha1sum on sources and ok url
    fb1c55f107a6af5ef8703a44d33476e508815913  dcfldd-1.3.4-1.tar.gz
    fb1c55f107a6af5ef8703a44d33476e508815913  dcfldd-1.3.4-1.tar.gz.spec
ok koji build with correct buildreq
ok excludearch
 - locale files 
 - ldconfig
ok no bundling
ok owns, dirs and perms and only once
ok macros
ok code or content
 - large docs
ok %doc not affect the runtime
 - headers|static in devel|static
 - .so in devel
 - devel dep on base
 - no .la|.a file
 - gui with desktop file
ok own just not owned
ok utf-8 file names

ok separate file from upstream
ok trans
ok mock/koji
   see comment #8
ok testing
 - scriptlets sane
 - subpkgs dep on base
 - pkgconfig(.pc) in devel
 - req on package not on files
ok add man pages



 The package dcfldd is APPROVED.
Comment 10 Michal Ambroz 2010-04-30 05:06:02 EDT
New Package CVS Request
=======================
Package Name: dcfldd
Short Description: Enhanced version of GNU dd with features useful for forensics and security
Owners: rebus
Branches: F-12 F-13 EL-4 EL-5 devel
InitialCC: 

Thank you
Michal Ambroz
Comment 11 Kevin Fenzi 2010-04-30 13:44:03 EDT
CVS done (by process-cvs-requests.py).
Comment 12 Fedora Update System 2010-05-01 11:34:37 EDT
dcfldd-1.3.4.1-4.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.fc13
Comment 13 Fedora Update System 2010-05-01 11:34:43 EDT
dcfldd-1.3.4.1-4.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el4
Comment 14 Fedora Update System 2010-05-01 11:34:49 EDT
dcfldd-1.3.4.1-4.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.fc12
Comment 15 Fedora Update System 2010-05-01 11:34:54 EDT
dcfldd-1.3.4.1-4.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el5
Comment 16 Fedora Update System 2010-05-03 16:27:07 EDT
dcfldd-1.3.4.1-4.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update dcfldd'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el4
Comment 17 Fedora Update System 2010-05-03 16:27:12 EDT
dcfldd-1.3.4.1-4.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update dcfldd'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el5
Comment 18 Fedora Update System 2010-05-04 02:08:07 EDT
dcfldd-1.3.4.1-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2010-05-04 02:22:36 EDT
dcfldd-1.3.4.1-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2010-05-24 15:16:15 EDT
dcfldd-1.3.4.1-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2010-05-24 15:16:51 EDT
dcfldd-1.3.4.1-4.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 22 Michal Ambroz 2014-09-23 13:47:39 EDT
Package Change Request
======================
Package Name: dcfldd
New Branches: epel7
Owners: rebus

Hello SCM team,
plase can you add epel7 branch for the dcfldd package?
Michal Ambroz
Comment 23 Jon Ciesla 2014-09-23 15:17:21 EDT
Git done (by process-git-requests).
Comment 24 Fedora Update System 2014-09-23 18:20:06 EDT
dcfldd-1.3.4.1-11.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-11.el7
Comment 25 Fedora Update System 2014-10-17 13:33:12 EDT
dcfldd-1.3.4.1-11.el7 has been pushed to the Fedora EPEL 7 stable repository.

Note You need to log in before you can comment on or make changes to this bug.