Spec URL: http://fab.fedorapeople.org/packages/SRPMS/slowhttptest.spec SRPM URL: http://fab.fedorapeople.org/packages/SRPMS/slowhttptest-1.5-1.fc17.src.rpm Project URL: http://code.google.com/p/slowhttptest/ Description: SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It implements most common low-bandwidth Application Layer DoS attacks, such as slow-loris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server. Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=4674284 rpmlint output: [fab@laptop11 SRPMS]$ rpmlint slowhttptest-1.5-1.fc17.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. [fab@laptop11 x86_64]$ rpmlint slowhttptest* 2 packages and 0 specfiles checked; 0 errors, 0 warnings. Fedora Account System Username: fab
Hi Fabian. I'm not a packager so let me try an unofficial review of this package. ;)
- In %setup you can use '%setup -q -n %{name}-%{version}' - According to Licensing Guide Lines [1], if the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. If the source package does not include the text of the license(s), the packager should contact upstream and encourage them to correct this mistake. License seems indicated on slowstats.cc file. [1] https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Text Package Review ============== Key: [x] = Pass [!] = Fail [-] = Not applicable [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== Generic: [?]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. Note: Using prebuilt packages [x]: %build honors applicable compiler flags or justifies otherwise. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. Note: Using prebuilt rpms. [-]: Package contains no bundled libraries. [x]: Changelog in prescribed format. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [ ]: Sources contain only permissible code or content. [x]: Each %files section contains %defattr if rpm < 4.4 [ ]: Macros in Summary, %description expandable at SRPM build time. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [-]: Package requires other packages for directories it uses. [?]: Package uses nothing in %doc for runtime. [-]: Package is not known to require ExcludeArch. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [?]: Package complies to the Packaging Guidelines [x]: Spec file lacks Packager, Vendor, PreReq tags. [-]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [?]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)". 1 files have unknown license. Detailed output of licensecheck in /home/sagitter/rpmbuild/SRPMS/review- slowhttptest/licensecheck.txt [-]: Package consistently uses macro is (instead of hard-coded directory names). [x]: Package is named using only allowed ASCII characters. [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. Note: Package contains no Conflicts: tag(s) [x]: Package do not use a name that already exist [ ]: Package obeys FHS, except libexecdir and /usr/target. [ ]: If the package is a rename of another package, proper Obsoletes and Provides are present. [-]: Package must own all directories that it creates. [-]: Package does not own files or directories owned by other packages. [x]: Package installs properly. [ ]: Package is not relocatable. [-]: Requires correct, justified where necessary. [x]: CheckResultdir [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file is legible and written in American English. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [-]: Package contains systemd file(s) if in need. [x]: File names are valid UTF-8. [-]: Large documentation must go in a -doc subpackage. [-]: Packages must not store files under /srv, /opt or /usr/local Note: Cannot unpack rpms (using --prebuilt?) ===== SHOULD items ===== Generic: [!]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [!]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Dist tag is present. [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [ ]: Package functions as described. [ ]: Latest version is packaged. [!]: Package does not include license text files separate from upstream. [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX tarball generation or download is documented. [x]: SourceX / PatchY prefixed with %{name}. [x]: SourceX is a working URL. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [ ]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Spec use %global instead of %define. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [-]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: slowhttptest-1.5-1.fc17.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- 1 packages and 0 specfiles checked; 0 errors, 0 warnings. Requires -------- Provides -------- MD5-sum check ------------- http://slowhttptest.googlecode.com/files/slowhttptest-1.5.tar.gz : CHECKSUM(SHA256) this package : 23750c7f04ac6da5567014c40d0eb4bac148cba95fa88c50a6f34ccc1579e23b CHECKSUM(SHA256) upstream package : 23750c7f04ac6da5567014c40d0eb4bac148cba95fa88c50a6f34ccc1579e23b Generated by fedora-review 0.3.1 (b71abc1) last change: 2012-10-16 Buildroot used: fedora-16-x86_64 Command line :/usr/bin/fedora-review -p -rn slowhttptest-1.5-1.fc17.src.rpm
[x]: Reviewer should test that the package builds in mock.
Thanks for your informal review. (In reply to comment #2) > - In %setup you can use '%setup -q -n %{name}-%{version}' Well, there is no benefit from using '-n %{name}-%{version}' in this case because '-n %{name}-%{version}' is the default. > - According to Licensing Guide Lines [1], if the source package includes the > text of the license(s) in its own file, then that file, containing the text > of the license(s) for the package must be included in %doc. If the source > package does not include the text of the license(s), the packager should > contact upstream and encourage them to correct this mistake. > License seems indicated on slowstats.cc file. http://code.google.com/p/slowhttptest/issues/detail?id=16&thanks=16&ts=1353075779
Antonio, you should actually fill out this form! There are warnings about comparing unsigned and signed integers. Maybe you can patch that and send it upstream! Please ask upstream to provide a license file. =APPROVED= Package Review ============== Key: [x] = Pass [!] = Fail [-] = Not applicable [?] = Not evaluated ===== MUST items ===== C/C++: [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package contains no bundled libraries. [x]: Changelog in prescribed format. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Sources contain only permissible code or content. [x]: Each %files section contains %defattr if rpm < 4.4 [-]: Macros in Summary, %description expandable at SRPM build time. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [-]: Package requires other packages for directories it uses. [-]: Package uses nothing in %doc for runtime. [x]: Package is not known to require ExcludeArch. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package complies to the Packaging Guidelines [x]: Spec file lacks Packager, Vendor, PreReq tags. [-]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)". 1 files have unknown license. Detailed output of licensecheck in /media/speicher1/makerpm/rpmbuild/SPECS/875299-slowhttptest/licensecheck.txt [x]: Package consistently uses macro is (instead of hard-coded directory names). [x]: Package is named using only allowed ASCII characters. [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. Note: Package contains no Conflicts: tag(s) [x]: Package do not use a name that already exist [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [-]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package installs properly. [x]: Package is not relocatable. [-]: Requires correct, justified where necessary. [x]: CheckResultdir [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file is legible and written in American English. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [-]: Package contains systemd file(s) if in need. [x]: File names are valid UTF-8. [x]: Useful -debuginfo package or justification otherwise. [x]: Large documentation must go in a -doc subpackage. Note: Documentation size is 0 bytes in 0 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [!]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Dist tag is present. [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [x]: Package functions as described. Ran one of the tests from the manpage [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX tarball generation or download is documented. [x]: SourceX / PatchY prefixed with %{name}. [x]: SourceX is a working URL. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Spec use %global instead of %define. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Spec file according to URL is the same as in SRPM. [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: slowhttptest-1.5-1.fc19.x86_64.rpm slowhttptest-1.5-1.fc19.src.rpm slowhttptest-debuginfo-1.5-1.fc19.x86_64.rpm 3 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- # rpmlint slowhttptest slowhttptest-debuginfo 2 packages and 0 specfiles checked; 0 errors, 0 warnings. # echo 'rpmlint-done:' Requires -------- slowhttptest-1.5-1.fc19.x86_64.rpm (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libm.so.6()(64bit) libssl.so.10()(64bit) libssl.so.10(libssl.so.10)(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) rtld(GNU_HASH) slowhttptest-debuginfo-1.5-1.fc19.x86_64.rpm (rpmlib, GLIBC filtered): Provides -------- slowhttptest-1.5-1.fc19.x86_64.rpm: slowhttptest = 1.5-1.fc19 slowhttptest(x86-64) = 1.5-1.fc19 slowhttptest-debuginfo-1.5-1.fc19.x86_64.rpm: slowhttptest-debuginfo = 1.5-1.fc19 slowhttptest-debuginfo(x86-64) = 1.5-1.fc19 MD5-sum check ------------- http://slowhttptest.googlecode.com/files/slowhttptest-1.5.tar.gz : CHECKSUM(SHA256) this package : 23750c7f04ac6da5567014c40d0eb4bac148cba95fa88c50a6f34ccc1579e23b CHECKSUM(SHA256) upstream package : 23750c7f04ac6da5567014c40d0eb4bac148cba95fa88c50a6f34ccc1579e23b Generated by fedora-review 0.3.1 (b71abc1) last change: 2012-10-16 Buildroot used: fedora-rawhide-x86_64 Command line :/usr/bin/fedora-review -b 875299 -m fedora-rawhide-x86_64
Thanks for the review. (In reply to comment #5) > There are warnings about comparing unsigned and signed integers. Maybe you > can patch that and send it upstream! I will inform upstream about that. > Please ask upstream to provide a license file. http://code.google.com/p/slowhttptest/issues/detail?id=16&can=1
New Package SCM Request ======================= Package Name: slowhttptest Short Description: An Application Layer DoS attack simulator Owners: fab Branches: F17 F18 InitialCC:
Git done (by process-git-requests).
slowhttptest-1.5-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/slowhttptest-1.5-1.fc18
slowhttptest-1.5-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/slowhttptest-1.5-1.fc17
slowhttptest-1.5-1.fc17 has been pushed to the Fedora 17 testing repository.
slowhttptest-1.5-1.fc17 has been pushed to the Fedora 17 stable repository.
slowhttptest-1.5-1.fc18 has been pushed to the Fedora 18 stable repository.
Package Change Request ====================== Package Name: slowhttptest New Branches: el5 el6 epel7 Owners: dfateyev InitialCC:
Any comments from the Fedora maintainer?
(In reply to Jon Ciesla from comment #15) > Any comments from the Fedora maintainer? Well, let's include that Package in EPEL. Package Change Request ====================== Package Name: slowhttptest New Branches: el5 el6 epel7 Owners: dfateyev fab InitialCC: