Bug 736262 - Review Request: proxyfuzz - man-in-the-middle non-deterministic network fuzzer
Summary: Review Request: proxyfuzz - man-in-the-middle non-deterministic network fuzzer
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Michal Nowak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-07 08:07 UTC by Petr Sklenar ⛄
Modified: 2013-03-08 02:12 UTC (History)
5 users (show)

Fixed In Version: proxyfuzz-20110923-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-10 00:54:22 UTC
mnowak: fedora-review+
mnowak: needinfo+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description Petr Sklenar ⛄ 2011-09-07 08:07:55 UTC
Spec URL: http://people.redhat.com/psklenar/pub/proxyfuzz/proxyfuzz.spec
SRPM URL: http://people.redhat.com/psklenar/pub/proxyfuzz/proxyfuzz-1-2.fc14.src.rpm
Description: ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

Comment 1 Michal Nowak 2011-09-07 13:59:23 UTC
Taking for review.

Comment 2 Michal Nowak 2011-09-22 11:51:39 UTC
[ proxyfuzz review ]

+ URL: Should be http://www.secforce.co.uk/research/tools.html
+ Version: If the author does not claim version, use the date of the release e.g. 20070404. For the actual release you may ask the author of review the Windows zip package.
+ Group: Does it really work as a daemon? What about "Applications/Internet"?
+ Regarding README: 

`file' says:

/usr/share/doc/proxyfuzz-1/README: ASCII English text, with very long lines

But should say:

"ASCII text" or "UTF-8 Unicode text"

Should be named README-Fedora to indicate it's not an upstream README file. The file should be trimmed to no more that 80 chars. 

+ License: Should be GPLv3+
+ BuildRoot: not necessary anymore
+ Patch1: we usually start with Patch0, but doesn't mather
+ description: Trim to 80 chars
+ Non need for %setup
+ rpmlint output:

[newman@dhcp-25-35 verify-that-report-edits]$ rpmlint /home/newman/rpmbuild/RPMS/noarch/proxyfuzz-1-2.el6.noarch.rpm 
proxyfuzz.noarch: W: summary-ended-with-dot C ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer.
proxyfuzz.noarch: W: name-repeated-in-summary C ProxyFuzz
proxyfuzz.noarch: W: spelling-error %description -l en_US fuzzer -> fuzzier, fuzzes, fuzzed
proxyfuzz.noarch: E: description-line-too-long C ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

+ Requieres are missing:
$ proxyfuzz 
Traceback (most recent call last):
  File "/usr/sbin/proxyfuzz", line 23, in <module>
    from twisted.protocols import portforward
ImportError: No module named twisted.protocols

+ According to https://fedoraproject.org/wiki/Packaging:Python you should require python{2,3}-devel
+ Run rpmlint when you are happy with your changes.

Comment 3 Petr Sklenar ⛄ 2011-10-13 08:36:29 UTC
(In reply to comment #2)
> [ proxyfuzz review ]
hello,
thank you very much for your review. I fixed issues and there is another version:

Spec URL: http://people.redhat.com/psklenar/pub/proxyfuzz/proxyfuzz.spec
SRPM URL:
http://people.redhat.com/psklenar/pub/proxyfuzz/proxyfuzz-0.1-20110923.fc14.src.rpm

Comment 5 Michal Nowak 2011-11-24 11:27:28 UTC
The new spec looks good to me. However, when I built it under mock f-16-x86_64 the resulted RPMSs could not be installed due to some noarch/arch problem. Could you build that SRPM under Mock and let me know how it went?

Comment 6 Petr Sklenar ⛄ 2011-11-24 12:02:31 UTC
hmm for me it goes OK:

[makerpm@masox ~]$ mock -r fedora-16-x86_64 ~/rpmbuild/SRPMS/proxyfuzz-0.1-20110923.fc14.src.rpm 
INFO: mock.py version 1.1.16 starting...
State Changed: init plugins
INFO: selinux enabled
State Changed: start
INFO: Start(/home/makerpm/rpmbuild/SRPMS/proxyfuzz-0.1-20110923.fc14.src.rpm)  Config(fedora-16-x86_64)
State Changed: lock buildroot
State Changed: clean
State Changed: unlock buildroot
State Changed: init
State Changed: lock buildroot
Mock Version: 1.1.16
INFO: Mock Version: 1.1.16
INFO: calling preinit hooks
INFO: enabled root cache
INFO: enabled yum cache
State Changed: cleaning yum metadata
INFO: enabled ccache
State Changed: running yum
State Changed: creating cache
State Changed: unlock buildroot                                                                                                                                       
State Changed: setup                                                                                                                                                  
State Changed: build                                                                                                                                                  
INFO: Done(/home/makerpm/rpmbuild/SRPMS/proxyfuzz-0.1-20110923.fc14.src.rpm) Config(fedora-16-x86_64) 2 minutes 33 seconds                                            
INFO: Results and/or logs in: /var/lib/mock/fedora-16-x86_64/result                                                                                                   
State Changed: end    

results: http://people.redhat.com/psklenar/pub/proxyfuzz/mock-result/

Comment 7 Michal Nowak 2011-11-30 15:19:44 UTC
Sorry for the delay.

> Version:	0.1
> Release:	20110923%{?dist}

Since the script does not contain any information regarding it's version I suggest to set the RPM version to 20110923 and release to 1 (we do it this way for fonts e.g. kurdit-unikurd-web-fonts package).

Rest looks good to me. When fixed I do formal review.

Comment 8 Petr Sklenar ⛄ 2012-01-02 12:27:08 UTC
Spec URL: http://people.redhat.com/psklenar/pub/proxyfuzz/proxyfuzz.spec
SRPM URL: http://people.redhat.com/psklenar/pub/proxyfuzz/proxyfuzz-20110923-1.fc14.src.rpm

mock -r fedora-16-x86_64 ~/rpmbuild/SRPMS/proxyfuzz-20110923-1.fc14.src.rpm
# progress seems good, results in :
http://people.redhat.com/psklenar/pub/proxyfuzz/mock-result/

Comment 9 Michal Nowak 2012-01-17 16:08:02 UTC
[PASS]    MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review.[1]

Just:

proxyfuzz.src: W: spelling-error Summary(en_US) fuzzer -> fuzzier, fuzzes, fuzzed

[PASS]    MUST: The package must be named according to the Package Naming Guidelines .
[PASS]    MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [2] .
[PASS]    MUST: The package must meet the Packaging Guidelines .
[PASS]    MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines .
[PASS]    MUST: The License field in the package spec file must match the actual license. [3]
[PASS]    MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.[4]
[PASS]    MUST: The spec file must be written in American English. [5]
[PASS]    MUST: The spec file for the package MUST be legible. [6]
[PASS]    MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this.

7bd8bcdfb7c68ea8e7e6a459b0f4fe9c  rpmbuild/SOURCES/proxyfuzz.py.txt
7bd8bcdfb7c68ea8e7e6a459b0f4fe9c  proxyfuzz.py.txt

[PASS]    MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [7]
[PASS]    MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [8]
[PASS]    MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense.
[PASS]    MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.[9]
[PASS]    MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [10]
[PASS]    MUST: Packages must NOT bundle copies of system libraries.[11]
[PASS]    MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [12]
[PASS]    MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [13]
[PASS]    MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations)[14]
[PASS]    MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. [15]
[PASS]    MUST: Each package must consistently use macros. [16]
[PASS]    MUST: The package must contain code, or permissable content. [17]
[PASS]    MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). [18]
[PASS]    MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [18]
[PASS]    MUST: Header files must be in a -devel package. [19]
[PASS]    MUST: Static libraries must be in a -static package. [20]
[PASS]    MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. [19]
[PASS]    MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} [21]
[PASS]    MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.[20]
[PASS]    MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [22]
[PASS]    MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [23]
[PASS]    MUST: All filenames in rpm packages must be valid UTF-8. [24]

Reviewed and APPROVED by me.

Comment 10 Petr Sklenar ⛄ 2012-01-30 12:15:31 UTC
New Package SCM Request
=======================
Package Name: proxyfuzz
Short Description: Man-in-the-middle non-deterministic network fuzzer
Owners: psklenar
Branches: f15 f16 el6
InitialCC:

Comment 11 Gwyn Ciesla 2012-01-30 13:27:11 UTC
Git done (by process-git-requests).

Comment 12 Fedora Update System 2012-02-01 09:54:39 UTC
proxyfuzz-20110923-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/proxyfuzz-20110923-1.fc16

Comment 13 Fedora Update System 2012-02-01 09:54:48 UTC
proxyfuzz-20110923-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/proxyfuzz-20110923-1.el6

Comment 14 Fedora Update System 2012-02-01 15:35:50 UTC
proxyfuzz-20110923-1.el6 has been pushed to the Fedora EPEL 6 testing repository.

Comment 15 Fedora Update System 2012-02-10 00:54:22 UTC
proxyfuzz-20110923-1.fc16 has been pushed to the Fedora 16 stable repository.

Comment 16 Fedora Update System 2012-03-06 07:08:16 UTC
proxyfuzz-20110923-1.el6 has been pushed to the Fedora EPEL 6 stable repository.


Note You need to log in before you can comment on or make changes to this bug.