Bug 683127 - Review Request: tpm-quote-tools - TPM-based attestation using the TPM quote operation (tools)
Summary: Review Request: tpm-quote-tools - TPM-based attestation using the TPM quote o...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Tom "spot" Callaway
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 683125 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-08 16:09 UTC by John D. Ramsdell
Modified: 2011-10-11 19:27 UTC (History)
10 users (show)

Fixed In Version: tpm-quote-tools-1.0.1-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-05 03:54:10 UTC
Type: ---
tcallawa: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description John D. Ramsdell 2011-03-08 16:09:43 UTC
Spec URL: http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools.spec
SRPM URL: http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools-1.0-1.src.rpm
Description: 
TPM Quote Tools is a collection of programs that provide support
for TPM based attestation using the TPM quote operation.

Note: This is the first package I've submitted.  Suggested sponsor: Steve Grubb.

Comment 1 William Lima 2011-03-08 16:52:34 UTC
Please fix your review summary:

http://fedoraproject.org/wiki/PackageMaintainers/Join#Create_Your_Review_Request

Also take a look at Packaging Guidelines:

http://fedoraproject.org/wiki/Packaging/Guidelines

* The Packager tag should not be used in spec files.
* The Vendor tag should not be used.

Do you plan to release an EPEL5 package? Read about BuildRoot tag.

Remove trousers explicit Require.

Why package INSTALL file?

Check "Parallel make" section under Guidelines too.

You should understand most of this process before ask for sponsoring...
so, let's read the docs :)

Comment 2 John D. Ramsdell 2011-03-08 18:02:42 UTC
*** Bug 683125 has been marked as a duplicate of this bug. ***

Comment 3 John D. Ramsdell 2011-03-08 18:14:58 UTC
(In reply to comment #1)

Thanks for you quick reply.  I fixed the errors in my local copy of the spec file, although I still don't see where the instructions say the Packager and Vendor tags should be omitted.  I ran rpmlint, and it didn't complain about the tags, or maybe it did, and I didn't understand the warning I received.

I don't understand what is wrong with my review summary.  I thought I was supposed to supply the name of the package followed by a hyphen and then the summary from the spec file.  Please tell me what I should have written.

> Please fix your review summary:
> 
> http://fedoraproject.org/wiki/PackageMaintainers/Join#Create_Your_Review_Request
> 
> Also take a look at Packaging Guidelines:
> 
> http://fedoraproject.org/wiki/Packaging/Guidelines
> 
> * The Packager tag should not be used in spec files.
> * The Vendor tag should not be used.
> 
> Do you plan to release an EPEL5 package? Read about BuildRoot tag.
> 
> Remove trousers explicit Require.
> 
> Why package INSTALL file?
> 
> Check "Parallel make" section under Guidelines too.
> 
> You should understand most of this process before ask for sponsoring...
> so, let's read the docs :)

Comment 4 John D. Ramsdell 2011-03-10 16:41:08 UTC
(In reply to comment #3)

I uploaded the corrected spec file to: 

http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools.spec

> (In reply to comment #1)
> 
> Thanks for you quick reply.  I fixed the errors in my local copy of the spec
> file, although I still don't see where the instructions say the Packager and
> Vendor tags should be omitted.  I ran rpmlint, and it didn't complain about the
> tags, or maybe it did, and I didn't understand the warning I received.
> 
> I don't understand what is wrong with my review summary.  I thought I was
> supposed to supply the name of the package followed by a hyphen and then the
> summary from the spec file.  Please tell me what I should have written.
> 
> > Please fix your review summary:
> > 
> > http://fedoraproject.org/wiki/PackageMaintainers/Join#Create_Your_Review_Request
> > 
> > Also take a look at Packaging Guidelines:
> > 
> > http://fedoraproject.org/wiki/Packaging/Guidelines
> > 
> > * The Packager tag should not be used in spec files.
> > * The Vendor tag should not be used.
> > 
> > Do you plan to release an EPEL5 package? Read about BuildRoot tag.
> > 
> > Remove trousers explicit Require.
> > 
> > Why package INSTALL file?
> > 
> > Check "Parallel make" section under Guidelines too.
> > 
> > You should understand most of this process before ask for sponsoring...
> > so, let's read the docs :)

Comment 5 Daniel Walsh 2011-05-31 17:27:10 UTC
Any movement on this package?

Comment 6 William Lima 2011-05-31 17:55:59 UTC
I've fixed your review summary.

Comment 7 William Lima 2011-05-31 18:11:37 UTC
Added FE-NEEDSPONSOR to you.

For more information read:
http://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group

Comment 8 William Lima 2011-05-31 18:23:49 UTC
Where is your %changelog?

http://fedoraproject.org/wiki/How_to_create_an_RPM_package

Comment 9 John D. Ramsdell 2011-06-02 15:56:14 UTC
(In reply to comment #8)
> Where is your %changelog?
> 
> http://fedoraproject.org/wiki/How_to_create_an_RPM_package

I added the %changelog and changed my configure.ac file so that this field will always be filled in from the ChangeLog.

Comment 10 John D. Ramsdell 2011-06-02 17:32:38 UTC
(In reply to comment #9)
> (In reply to comment #8)
> > Where is your %changelog?
> > 
> > http://fedoraproject.org/wiki/How_to_create_an_RPM_package
> 
> I added the %changelog and changed my configure.ac file so that this field will
> always be filled in from the ChangeLog.

I retracted the change to my configure.ac fill so that the %changelog entry differs from the ChangeLog.

Comment 11 John D. Ramsdell 2011-06-07 12:06:29 UTC
(In reply to comment #7)
> Added FE-NEEDSPONSOR to you.
> 
> For more information read:
> http://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group

I read the information.  Is this step blocked on me?  I didn't see what I was supposed to do except wait for someone to offer to be my sponsor.  If anything else is blocking on me now, please let me know.

Comment 12 John D. Ramsdell 2011-06-07 12:12:16 UTC
If you would like to read about a protocol and its analysis built on top of TPM Quote, check out http://www.ccs.neu.edu/home/ramsdell/papers/caves.pdf.  This paper describes a remote attestation protocol and shows it achieves its security goals.  The root of trust for reporting is a TPM, and the TPM Quote operation.  TPM Quote Tools provides the functionality needed to implement the attestation protocol.

Comment 13 John D. Ramsdell 2011-07-07 13:20:23 UTC
Is this task blocked on me?

Comment 14 Daniel Walsh 2011-07-07 18:26:10 UTC
William can I sponsor John?

Comment 15 William Lima 2011-07-07 19:42:19 UTC
(In reply to comment #14)
> William can I sponsor John?

He needs to read the guidelines and docs on packaging. The spec isn't OK yet.
I can contact you when he's ready.

Comment 16 John D. Ramsdell 2011-07-08 12:28:32 UTC
Okay.  I reread the packaging guidelines and noticed I was using %makeinstall, but that's apparently that is a no no.  I've placed updated versions of the sources, spec, and source rpm on www.ccs.neu.edu.

By the way, once I figure out how to get the TPM Quote Tools package in the pipeline, I have another cool package ready to go.  It's a datalog interpreter.  I recently found out that Jasper Lievisse Adriaanse has been packaging it for OpenBSD, and at the same time, Georges Louis contacted me asking questions on how to embed it into a Python runtime system.  I guess people are using it.

Comment 17 William Lima 2011-07-08 13:28:04 UTC
John, please add links for new spec and srpm in comments when you change something.

Also fix your changelog. Take a look at the format example.

http://fedoraproject.org/wiki/How_to_create_an_RPM_package

You should increase your release tag to 3.
There is no need to include "tpm-quote-tools.spec.in" on entries.

Comment 18 John D. Ramsdell 2011-07-08 14:00:11 UTC
The changelog entries have already been fixed.  Rpmlint and rpmbuild on FC15 were used.

The links are 

http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools.spec

http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools-1.0-1.src.rpm

I'll fix the release tag when I get a chance, but meetings are now taking over my day.

I'm not sure which entries you are referring to when you say including tpm-quote-tools.spec.in need not be done.  It gets put into the source distribution so that configure works.

I plan to create projects on SourceForge for both tpm-quote-tools and datalog.  The reason Jasper sent his message was to ding me for replacing source distributions rather than keeping old ones available.  I'm not sure how much space I'm allowed to use at NEU, so I delete old versions.  Package maintainers don't like that.

Comment 20 William Lima 2011-07-08 15:50:32 UTC
newer first.

your changelog should be like this:

* Fri Jul 8 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-5
- Fixed changelog

* Fri Jul 8 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-4
- Removed use of %makeinstall

* Thu Jun 2 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-3
- Added %changelog

* Wed Mar 9 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-2
- Fixed spec to meet Fedora standards.

* Wed Mar 9 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-1
- Initial package

also don't put extra space between your name:

Wed Mar 9 2011"  John D. Ramsdell  "<ramsdell@mitre.org> 1.0-3

Comment 21 John D. Ramsdell 2011-07-08 17:22:38 UTC
I fixed the comment syntax and found the "secret" to getting the syntax right, at least for emacs users.  It's M-x rpm-add-change-log-entry.  It reads the release field and generates entire first line in the correct format.  I love not having to get those kinds of details right.  

The new files are:

http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools.spec

http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools-1.0-5.src.rpm

Thanks.

(In reply to comment #20)
> newer first.
> 
> your changelog should be like this:
> 
> * Fri Jul 8 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-5
> - Fixed changelog
> 
> * Fri Jul 8 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-4
> - Removed use of %makeinstall
> 
> * Thu Jun 2 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-3
> - Added %changelog
> 
> * Wed Mar 9 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-2
> - Fixed spec to meet Fedora standards.
> 
> * Wed Mar 9 2011 John D. Ramsdell <ramsdell@mitre.org> - 1.0-1
> - Initial package
> 
> also don't put extra space between your name:
> 
> Wed Mar 9 2011"  John D. Ramsdell  "<ramsdell@mitre.org> 1.0-3

Comment 22 William Lima 2011-07-14 16:50:49 UTC
SPECS/tpm-quote-tools.spec:44: W: macro-in-%changelog %makeinstall
SPECS/tpm-quote-tools.spec:47: W: macro-in-%changelog %changelog
SPECS/tpm-quote-tools.spec: W: invalid-url Source0: tpm-quote-tools-1.0.tar.gz

- Fix RPM macros in changelog (%%name instead of %name).
- Use Source0 instead of Source alias.
- Put link of gzip'ed tarball on Source0.
- I would change your Group tag to Applications/System.
- README says it requires tpm-tools. If so, add explicit require on tpm-tools.

Comment 23 John D. Ramsdell 2011-07-14 18:51:10 UTC
(In reply to comment #22)
> - Fix RPM macros in changelog (%%name instead of %name).

Done

> - Use Source0 instead of Source alias.

Done

> - Put link of gzip'ed tarball on Source0.

Done, but there is a problem.  See below.

> - I would change your Group tag to Applications/System.

Done.

> - README says it requires tpm-tools. If so, add explicit require on tpm-tools.

I added a comment to the README that says when tpm-tools are needed.  You only need them to take ownership of a TPM.  TPM Quote Tools are used for attestation using an owned TPM.

Now on to the problem.  I set up a TPM Quote Tools project on SourceForge.  The sources are available by cloning the Git repository at http://sf.net/projects/tpmquotetools. I cannot figure out how to specify a URL to the source gzip'd tarball that doesn't time out.  Right now, the spec points to my NEU account, but I delete old versions due to disk space limitations.  Does anyone know how to specify a project URL that doesn't time out on SourceForge?

Comment 25 William Lima 2011-07-25 19:35:52 UTC
Your Source0 could be:

http://downloads.sourceforge.net/tpmquotetools/%{name}-%{version}.tar.gz

by the way, why are you using "tpmquotetools" instead of "tpm-quote-tools"
as project name under sf.net?

the gzip'ed tarball provided by sf.net differs from your latest srpm. why?


- http://fedoraproject.org/wiki/Packaging:SourceURL

Comment 26 John D. Ramsdell 2011-07-26 12:09:27 UTC
(In reply to comment #25)
> Your Source0 could be:
> 
> http://downloads.sourceforge.net/tpmquotetools/%{name}-%{version}.tar.gz

Done.

> by the way, why are you using "tpmquotetools" instead of "tpm-quote-tools"
> as project name under sf.net?

I thought project names usually don't have hyphens. Oh well...

> the gzip'ed tarball provided by sf.net differs from your latest srpm. why?

I think it's simply a matter of me screwing up.  In any case, here are the new files.

http://www.ccs.neu.edu/home/ramsdell/tools/tpm-quote-tools.spec

http://downloads.sourceforge.net/tpmquotetools/1.0.1/tpm-quote-tools-1.0.1-1.fc15.src.rpm

Comment 27 John D. Ramsdell 2011-07-26 14:46:39 UTC
(In reply to comment #25)
> Your Source0 could be:
> 
> http://downloads.sourceforge.net/tpmquotetools/%{name}-%{version}.tar.gz

FYI, rpmlint does not like this URL.  It doesn't like 

http://downloads.sourceforge.net/tpmquotetools/%{version}/%{name}-%{version}.tar.gz

either.

John

Comment 28 John D. Ramsdell 2011-07-26 15:26:59 UTC
(In reply to comment #27)
> (In reply to comment #25)
> > Your Source0 could be:
> > 
> > http://downloads.sourceforge.net/tpmquotetools/%{name}-%{version}.tar.gz
> 
> FYI, rpmlint does not like this URL.

I take it back.  It does like this URL after one correctly sets ones proxy settings.  Sorry about that.

Comment 29 William Lima 2011-07-27 20:09:40 UTC
OK, Daniel Walsh can proceed from now!

Comment 31 John D. Ramsdell 2011-09-16 21:13:07 UTC
(In reply to comment #29)
> OK, Daniel Walsh can proceed from now!

Dan,

Is there something I'm supposed to be doing?  I think the ball is in your court.  Please tell me if I'm wrong.

John

Comment 32 Daniel Walsh 2011-09-17 02:49:17 UTC
Sorry John, I asked in a private message what I am supposed to do now?  And no one responded.  I will ping the Fedora team.

Comment 33 Tom "spot" Callaway 2011-09-20 18:50:39 UTC
Looks good. APPROVED.

I've also sponsored you John, be sure you follow all the steps from http://fedoraproject.org/wiki/PackageMaintainers/Join#Install_the_Client_Tools_.28Koji.29 and below. If you have any questions on how to do things, please ask me or Dan.

Comment 34 John D. Ramsdell 2011-09-20 21:23:51 UTC
New Package SCM Request
=======================
Package Name: tpm-quote-tools
Short Description: TPM-based attestation using the TPM quote operation (tools)
Owners: ramsdell
Branches: f15 f16 el6
InitialCC: tcallaw dwalsh

Comment 35 Gwyn Ciesla 2011-09-21 01:43:09 UTC
Git done (by process-git-requests).

Fixed fas username.

Comment 36 John D. Ramsdell 2011-09-23 17:17:59 UTC
(In reply to comment #33)
> If you have any questions on how to do things, please ask me or Dan.

Do you mean to use email or though this medium?  I'll gladly switch to email if that is what you meant.

In any event, I have two problems.  The browser certificate that was generated for me is not valid for unkown reasons according to firefox.  When I try to connect to koji, the certificate is not trusted.

I git committed and pushed an SRPM to pkg.fedoraproject.org, but when i attempt to build the package, koji cannot download the source tarball.  The error message is in this file:

http://koji.fedoraproject.org/koji/getfile?taskID=3372665&name=root.log

I don't know what to do about this message.

Comment 37 Tom "spot" Callaway 2011-09-23 17:33:22 UTC
If you run "fedora-packager-setup", it should generate a proper browser certificate, if that is failing, let me know.

It doesn't look like you uploaded the source tarball to the lookaside cache, try running:

fedpkg new-sources tpm-quote-tools-1.0.1.tar.gz

(with that tarball present in the git checkout dir)

Comment 38 John D. Ramsdell 2011-09-23 18:50:19 UTC
(In reply to comment #37)
> It doesn't look like you uploaded the source tarball to the lookaside cache,
> try running:
> 
> fedpkg new-sources tpm-quote-tools-1.0.1.tar.gz
> 
> (with that tarball present in the git checkout dir)

And with this advice, we have a system that builds.  

http://koji.fedoraproject.org/koji/taskinfo?taskID=3372802


Thanks Tom!

Comment 39 John D. Ramsdell 2011-09-23 18:58:25 UTC
(In reply to comment #37)
> If you run "fedora-packager-setup", it should generate a proper browser
> certificate, if that is failing, let me know.

I tried running "fedora-package-setup" yet again, but the cert is still not valid.  It may have something to do with the fact that yesterday, I was trying to do this work behind a firewall, and something broke.  For example, "fedpkg clone" doesn't work.  I've learned to do this task at home.  

$ fedora-cert -v
Verifying Certificate
cert expires: 2012-03-20
CRL Checking not implemented yet
$

Comment 40 Fedora Update System 2011-09-26 12:30:53 UTC
tpm-quote-tools-1.0.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/tpm-quote-tools-1.0.1-1.fc16

Comment 41 Fedora Update System 2011-09-26 12:36:22 UTC
tpm-quote-tools-1.0.1-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/tpm-quote-tools-1.0.1-1.fc15

Comment 42 Fedora Update System 2011-09-26 12:38:57 UTC
tpm-quote-tools-1.0.1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/tpm-quote-tools-1.0.1-1.el6

Comment 43 Fedora Update System 2011-09-26 17:56:53 UTC
tpm-quote-tools-1.0.1-1.el6 has been pushed to the Fedora EPEL 6 testing repository.

Comment 44 Fedora Update System 2011-10-04 21:15:21 UTC
tpm-quote-tools-1.0.1-1.fc16 has been pushed to the Fedora 16 stable repository.

Comment 45 Fedora Update System 2011-10-05 03:54:01 UTC
tpm-quote-tools-1.0.1-1.fc15 has been pushed to the Fedora 15 stable repository.

Comment 46 Fedora Update System 2011-10-11 19:27:20 UTC
tpm-quote-tools-1.0.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.


Note You need to log in before you can comment on or make changes to this bug.