This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 854723 - (bat) Review Request: bat - Binary Analysis Tool
Review Request: bat - Binary Analysis Tool
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Björn "besser82" Esser
Fedora Extras Quality Assurance
:
Depends On: bat-extratools bat-extratools-java
Blocks: FE-NEEDSPONSOR FE-SECLAB
  Show dependency treegraph
 
Reported: 2012-09-05 12:43 EDT by Wei-Lun Chao
Modified: 2015-06-02 05:51 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
fedora: fedora‑review?


Attachments (Terms of Use)

  None (edit)
Description Wei-Lun Chao 2012-09-05 12:43:36 EDT
SPEC URL: https://api.opensuse.org/public/source/home:bluebat/bat/bat.spec
SRPM URL: http://download.opensuse.org/repositories/home:/bluebat/Fedora_17/src/bat-8.0-2.1.src.rpm
Description:
The Binary Analysis Tool is a modular framework that assists with auditing the contents of compiled software. It makes it easier and cheaper to look inside technology, and this helps compliance and due diligence activities.

The tool is freely available to everyone. The community can use it and participate in further development, and work together to help reduce errors when shipping devices or products containing Free and Open Source Software.
Comment 1 Fabian Affolter 2012-09-25 07:47:45 EDT
Please read the packaging guidelines for Fedora [1]. E.g. 'vendor' is not needed, %defattr is the default, avoid INSTALLED_FILES.

[1] https://fedoraproject.org/wiki/Packaging:Guidelines
Comment 3 Fabian Affolter 2012-10-21 06:25:06 EDT
Just some more comments...

- One requirement per line would it make much easier to review than a comma-separated list
- unrar is only available in RPM Fusion but not in Fedora.
- Source0 should point to the upstream location of the tarball. If it's a scm checkout, add a comment about how the tarball was created.
- BR for python is missing 
  https://fedoraproject.org/wiki/Packaging:Python
- If you don't intent to maintain this package for EPEL5 please remove the obsolete stuff.
Comment 5 Fabian Affolter 2013-05-06 05:21:06 EDT
The latest release is 13.0. Do you why upstream doesn't provide a tarball?
Comment 6 Wei-Lun Chao 2013-05-08 01:38:02 EDT
After contacting with upstream again, the tarball is provided now.
SPEC URL: https://api.opensuse.org/public/source/home:bluebat/bat/bat.spec
SRPM URL: http://download.opensuse.org/repositories/home:/bluebat/Fedora_18/src/bat-13.0-3.1.src.rpm
Comment 9 Christopher Meng 2013-08-15 03:07:22 EDT
Requires: python-magic
Requires: binutils
Requires: e2fsprogs
Requires: e2tools
Requires: squashfs-tools
Requires: fuse
Requires: coreutils
Requires: module-init-tools
Requires: gzip
Requires: xz
Requires: xz-lzma-compat
Requires: zip
Requires: cabextract
Requires: unshield
Requires: p7zip
Requires: cpio
Requires: tar
Requires: bzip2
Requires: mtd-utils
Requires: mtd-utils-ubi
Requires: lzip
Requires: lzop
Requires: fuseiso
Requires: arj
Requires: giflib-utils
Requires: gd-progs
Requires: icoutils
Requires: rpm
Requires: rpm-python
Requires: gettext
Requires: PyXML
Requires: upx
Requires: poppler-utils
Requires: netpbm-progs
Requires: libxml2
Requires: lrzip
Requires: ncompress
Requires: python-imaging
Requires: vorbis-tools
Requires: eot-utils
Requires: libmp4v2
Requires: wxPython
Requires: ctags
Requires: python-matplotlib

Please check and remove unneeded ones.

I don't think it needs so many dependencies. For example rpm*.

And please check if it can work well with python-imaging aka python-pillow due to:

https://fedoraproject.org/wiki/Features/Pillow

Thanks.
Comment 10 Fabian Affolter 2013-08-15 03:25:41 EDT
Some more comments:

- The BR for python should be 'BR: python2-devel'
- The license tag is wrong, ASL 2.0 is the right one
- There are two different SPEC files. The one in the SRPM is not the same as the one you provide. At least different 'Release' tag.
- Check the rpmlint output:

$ rpmlint bat-14.0-1.1.src.rpm 
bat.src: W: invalid-license Apache 2.0
bat.src: W: invalid-url DistURL obs://build.opensuse.org/home:bluebat/Fedora_19/0624bc1a1dddc024b08c4f9309b83a50-bat
bat.src: E: unknown-key GPG#17a4ea30
1 packages and 0 specfiles checked; 1 errors, 2 warnings.

$ rpmlint bat-14.0-1.1.noarch.rpm 
bat.noarch: E: explicit-lib-dependency libmp4v2
bat.noarch: E: explicit-lib-dependency libxml2
bat.noarch: E: explicit-lib-dependency python-matplotlib
bat.noarch: W: incoherent-version-in-changelog 14.0-1 ['14.0-1.1', '14.0-1.1']
bat.noarch: W: invalid-license Apache 2.0
bat.noarch: W: non-conffile-in-etc /etc/bat/configs/1.7.4-config
bat.noarch: W: non-conffile-in-etc /etc/bat/configs/1.00-config
bat.noarch: W: non-conffile-in-etc /etc/bat/configs/1.2.1-config
[snip]
bat.noarch: W: no-manual-page-for-binary bruteforce.py
1 packages and 0 specfiles checked; 30 errors, 105 warnings.

- Are you still looking for a sponsor?
  https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group
Comment 11 Wei-Lun Chao 2013-08-19 12:34:35 EDT
Thanks for your comments. I will check them and try to make the package better.

The Build Service from OpenSUSE will modify the Release: tag automatically.
Is there a better place to put SPEC/SRPMs ?

I am still looking for a sponsor and plan to make few more Review Requests.
Comment 12 Christopher Meng 2013-08-20 03:36:44 EDT
(In reply to Wei-Lun Chao from comment #11)
> Thanks for your comments. I will check them and try to make the package
> better.
> 
> The Build Service from OpenSUSE will modify the Release: tag automatically.
> Is there a better place to put SPEC/SRPMs ?

Is there a reason to use OBS?
Comment 13 Wei-Lun Chao 2013-08-21 11:12:03 EDT
(In reply to Christopher Meng from comment #12)
> Is there a reason to use OBS?

nothing special...
I thought that only sponsored packager can use build services from Fedora.
Is it not true or there is another better place to put SPEC/SRPMs ?
Comment 15 Wei-Lun Chao 2013-09-11 00:31:16 EDT
Thanks! I have just learned how to use koji and fedorapeople.

http://koji.fedoraproject.org/koji/taskinfo?taskID=5921462
SPEC URL: http://bluebat.fedorapeople.org/bat.spec
SRPM URL: http://bluebat.fedorapeople.org/bat-14.0-2.fc19.src.rpm
Comment 16 Christopher Meng 2013-09-11 00:46:46 EDT
%{_sysconfdir}/bat is bad.

You should define every conf file is %config(noreplace), just use %{_sysconfdir}/bat to include them is not enough.

Should be(prototype):

%dir %{_sysconfdir}/bat --> OR %dir %{_sysconfdir}/%{name}, up to you ;)
%config(noreplace) %{_sysconfdir}/bat/a.conf
%config(noreplace) %{_sysconfdir}/bat/b.conf
%config(noreplace) %{_sysconfdir}/bat/c.conf
         .                      .           
         .                      .           
         .                      .           
         .                      .           
         .                      .           
         .                      .           
         .                      .           
%config(noreplace) %{_sysconfdir}/bat/n.conf

===========

BuildRequires: python is wrong, should be:

BuildRequires: python2-devel

And missing BuildRequires: python-setuptools
Comment 17 Björn "besser82" Esser 2013-10-19 05:36:49 EDT
taken  ;)

Is there an updated version, yet?
Comment 18 Björn "besser82" Esser 2013-10-20 04:17:43 EDT
Please update to the most recent v15.0, too.

btw.  Apart from the bat package you will also need to install the bat-extratools and bat-extratools-java packages.  Did you package them, too?  Can you provide the corresponding review-bugs, please?
Comment 19 Björn "besser82" Esser 2013-10-20 04:19:52 EDT
(In reply to Björn "besser82" Esser from comment #18)
> btw.  Apart from the bat package you will also need to install the
> bat-extratools and bat-extratools-java packages.  Did you package them, too?
> Can you provide the corresponding review-bugs, please?

Sorry, didn't notice them already in Depends of this bug...
Comment 22 Wei-Lun Chao 2015-04-02 01:57:30 EDT
http://koji.fedoraproject.org/koji/taskinfo?taskID=9397728
SPEC URL: http://bluebat.fedorapeople.org/ppa/bat.spec
SRPM URL: http://bluebat.fedorapeople.org/ppa/bat-20.0-1.fc21.src.rpm

Contacted with upstream and still requires unrar :(

Note You need to log in before you can comment on or make changes to this bug.