Bug 883125 - (bannergrab) Review Request: bannergrab - A banner grabbing tool
Review Request: bannergrab - A banner grabbing tool
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Šabata
Fedora Extras Quality Assurance
Trivial
:
Depends On:
Blocks: FE-SECLAB
  Show dependency treegraph
 
Reported: 2012-12-03 15:25 EST by Fabian Affolter
Modified: 2014-09-11 11:22 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-27 15:12:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
psabata: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Fabian Affolter 2012-12-03 15:25:08 EST
Spec URL: http://fab.fedorapeople.org/packages/SRPMS/bannergrab.spec
SRPM URL: http://fab.fedorapeople.org/packages/SRPMS/bannergrab-3.5-1.fc17.src.rpm

Project URL: http://sourceforge.net/projects/bannergrab

Description:
Bannergrab is a simple tool, designed to collect information from network
services. It can do this using two different methods; grab the connection
banners and send triggers and collect the responses. Bannergrab defaults to
sending triggers.

Koji scratch build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=4752293

rpmlint output:
[fab@laptop11 SRPMS]$ rpmlint bannergrab-3.5-1.fc17.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

[fab@laptop11 x86_64]$ rpmlint bannergrab-*
2 packages and 0 specfiles checked; 0 errors, 0 warnings.

Fedora Account System Username: fab
Comment 1 Sébastien Boisvert 2013-01-11 10:01:25 EST
$ rpmlint bannergrab.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
$ rpmlint bannergrab-3.5-1.fc17.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
$ rpmlint  bannergrab-*.rpm
2 packages and 0 specfiles checked; 0 errors, 0 warnings.

MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. OK
MUST: The package must be named according to the Package Naming Guidelines. OK
MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [2] . OK
MUST: The package must meet the Packaging Guidelines . OK
MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . OK
MUST: The License field in the package spec file must match the actual license. [3] OK
MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.[4] OK
MUST: The spec file must be written in American English. [5] OK
MUST: The spec file for the package MUST be legible. [6] OK
MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. OK
MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [7] OK
MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [8] NOT APPLICABLE
MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. OK
MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.[9] NOT APPLICABLE
MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [10] NOT APPLICABLE
MUST: Packages must NOT bundle copies of system libraries.[11] OK
MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [12] NOT APPLICABLE
MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [13] OK
MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations)[14] OK
MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. [15] OK
MUST: Each package must consistently use macros. [16] OK
MUST: The package must contain code, or permissable content. [17] OK
MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). [18] OK
MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [18] OK
MUST: Static libraries must be in a -static package. [19] NOT APPLICABLE
MUST: Development files must be in a -devel package. [20] NOT APPLICABLE
MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} [21] NOT APPLICABLE
MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.[19] OK
MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [22] N/A
MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [23] OK
MUST: All filenames in rpm packages must be valid UTF-8. [24] OK

$ mock -r fedora-17-x86_64 rebuild bannergrab-3.5-1.fc17.src.rpm 


SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [25] NOT APPLICABLE
SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. [26] NOT APPLICABLE
SHOULD: The reviewer should test that the package builds in mock. [27] OK
SHOULD: The package should compile and build into binary rpms on all supported architectures. [28] NOT TESTED
SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. NOT TESTED
SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. [29] NOT APPLICABLE
SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. [21] NOT APPLICABLE
SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. [30] NOT APPLICABLE
SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. [31] NOT APPLICABLE
SHOULD: your package should contain man pages for binaries/scripts. If it doesn't, work with upstream to add them where they make sense.[32] OK
Comment 2 Viktor Hercinger 2013-01-17 08:02:10 EST
$ rpmlint bannergrab.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
$ rpmlint bannergrab-3.5-1.fc17.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
$ mock -r fedora-17-x86_64 rebuild bannergrab-3.5-1.fc17.src.rpm


MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. OK
MUST: The package must be named according to the Package Naming Guidelines. OK
MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption.  OK
MUST: The package must meet the Packaging Guidelines. OK
MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . OK
MUST: The License field in the package spec file must match the actual license. OK
MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. OK
MUST: The spec file must be written in American English. OK
MUST: The spec file for the package MUST be legible. OK
MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. OK
MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. OK
MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. N/A
MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. OK
MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. N/A
MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. N/A
MUST: Packages must NOT bundle copies of system libraries. OK
MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. N/A
MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. OK
MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations) OK
MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. OK
MUST: Each package must consistently use macros. OK
MUST: The package must contain code, or permissable content. OK
MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). OK
MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. OK
MUST: Static libraries must be in a -static package. N/A
MUST: Development files must be in a -devel package. N/A
MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} N/A
MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. OK
MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. N/A
MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. OK
MUST: All filenames in rpm packages must be valid UTF-8. OK

SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. N/A
SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. N/A
SHOULD: The reviewer should test that the package builds in mock. OK
SHOULD: The package should compile and build into binary rpms on all supported architectures. NOT TESTED
SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. OK
SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. N/A
SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. N/A
SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. N/A
SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. N/A
SHOULD: your package should contain man pages for binaries/scripts. If it doesn't, work with upstream to add them where they make sense. OK
Comment 3 Vijay Richard 2013-02-13 13:08:18 EST
I have done my first pass, here is the review for initial walkthrough.
I am in the process of manually reviewing those items which are without a X or items which have not passed by tool. I will add that manual review comment shortly after this comment

[richardvj11@localhost 883125-bannergrab]$ more bannergrab-review.txt 

Package Review
==============

Key:
[x] = Pass
[!] = Fail
[-] = Not applicable
[?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

Generic:
[ ]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[ ]: %build honors applicable compiler flags or justifies otherwise.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[ ]: Package contains no bundled libraries.
[ ]: Changelog in prescribed format.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[ ]: Sources contain only permissible code or content.
[x]: Each %files section contains %defattr if rpm < 4.4
[ ]: Macros in Summary, %description expandable at SRPM build time.
[ ]: Package contains desktop file if it is a GUI application.
[ ]: Development files must be in a -devel package
[ ]: Package requires other packages for directories it uses.
[ ]: Package uses nothing in %doc for runtime.
[ ]: Package is not known to require ExcludeArch.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[ ]: Package complies to the Packaging Guidelines
[x]: Spec file lacks Packager, Vendor, PreReq tags.
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[ ]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "GPL (v3 or later)". 1 files have unknown license. Detailed output of
     licensecheck in /home/richardvj11/883125-bannergrab/licensecheck.txt
[ ]: Package consistently uses macro is (instead of hard-coded directory
     names).
[x]: Package is named using only allowed ASCII characters.
[ ]: Package is named according to the Package Naming Guidelines.
[ ]: Package does not generate any conflict.
     Note: Package contains no Conflicts: tag(s)
[x]: Package do not use a name that already exist
[ ]: Package obeys FHS, except libexecdir and /usr/target.
[ ]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[ ]: Package must own all directories that it creates.
[ ]: Package does not own files or directories owned by other packages.
[x]: Package installs properly.
[ ]: Package is not relocatable.
[ ]: Requires correct, justified where necessary.
[x]: CheckResultdir
[x]: Rpmlint is run on all rpms the build produces.
     Note: No rpmlint messages.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[ ]: Spec file is legible and written in American English.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[ ]: Package contains systemd file(s) if in need.
[x]: File names are valid UTF-8.
[ ]: Useful -debuginfo package or justification otherwise.
[ ]: Large documentation must go in a -doc subpackage.
     Note: Documentation size is 51200 bytes in 4 files.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[ ]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Dist tag is present.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[ ]: Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[ ]: Package functions as described.
[ ]: Latest version is packaged.
[ ]: Package does not include license text files separate from upstream.
[x]: The placement of pkgconfig(.pc) files are correct.
[x]: SourceX tarball generation or download is documented.
[x]: SourceX / PatchY prefixed with %{name}.
[x]: SourceX is a working URL.
[ ]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[ ]: Package should compile and build into binary rpms on all supported
     architectures.
[ ]: %check is present and all tests pass.
[ ]: Packages should try to preserve timestamps of original installed files.
[x]: Spec use %global instead of %define.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: No rpmlint messages.
[x]: Spec file according to URL is the same as in SRPM.
[x]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.


Rpmlint
-------
Checking: bannergrab-3.5-1.fc18.x86_64.rpm
          bannergrab-3.5-1.fc18.src.rpm
          bannergrab-debuginfo-3.5-1.fc18.x86_64.rpm
3 packages and 0 specfiles checked; 0 errors, 0 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint bannergrab-debuginfo bannergrab
2 packages and 0 specfiles checked; 0 errors, 0 warnings.
# echo 'rpmlint-done:'



Requires
--------
bannergrab-3.5-1.fc18.x86_64.rpm (rpmlib, GLIBC filtered):
    
    libc.so.6()(64bit)
    libcrypto.so.10()(64bit)
    libcrypto.so.10(libcrypto.so.10)(64bit)
    libssl.so.10()(64bit)
    libssl.so.10(libssl.so.10)(64bit)
    rtld(GNU_HASH)

bannergrab-debuginfo-3.5-1.fc18.x86_64.rpm (rpmlib, GLIBC filtered):
    



Provides
--------
bannergrab-3.5-1.fc18.x86_64.rpm:
    
    bannergrab = 3.5-1.fc18
    bannergrab(x86-64) = 3.5-1.fc18

bannergrab-debuginfo-3.5-1.fc18.x86_64.rpm:
    
    bannergrab-debuginfo = 3.5-1.fc18
    bannergrab-debuginfo(x86-64) = 3.5-1.fc18



MD5-sum check
-------------
http://downloads.sourceforge.net/bannergrab/bannergrab-3.5.tgz :
  CHECKSUM(SHA256) this package     : f9995bc1f750234b08034d4bc8c214ec505690a8d939eeda176da46328a7638d
  CHECKSUM(SHA256) upstream package : f9995bc1f750234b08034d4bc8c214ec505690a8d939eeda176da46328a7638d


Generated by fedora-review 0.3.1 (b71abc1) last change: 2012-10-16
Buildroot used: fedora-18-x86_64
Comment 4 Vijay Richard 2013-02-13 13:12:22 EST
[richardvj11@localhost srpm-unpacked]$ rpmlint bannergrab.spec
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
Comment 5 Vijay Richard 2013-02-13 13:14:10 EST
[richardvj11@localhost srpm]$ rpmlint bannergrab-3.5-1.fc17.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
Comment 6 Fabian Affolter 2013-02-14 07:16:54 EST
Thanks for your time to review this package.
Comment 7 Fabian Affolter 2013-03-05 10:31:05 EST
Do you need something from me to proceed with the review?
Comment 8 Scott Lowrey 2013-04-24 07:56:33 EDT
Fabian, I was browsing for packages to review when I came across this.  

I believe that none of the reviewers are members of the Fedora packager group, so they are not authorized to mark this request as "reviewed".  Does that sound correct?
Comment 9 Fabian Affolter 2013-04-24 11:33:31 EDT
Yes, only members of the Fedora packager group can approve packages.
Comment 10 Petr Šabata 2013-04-25 03:55:49 EDT
Alright, I've reviewed the package myself and haven't found any blocking issues either.

Approving.

Just some notes:
Instead of installing the files in the spec, you could work with upstream to produce a better Makefile (e.g. supporting DESTDIR and PREFIX instead of hardcoded paths).

Linking against libcrypto should be done there as well.

I see upstream is alive so this should be no problem.

[cosmetics] %{_mandir}/man?/*.* -- this is a bit overzealous.  A single asterisk would have been enough :)
Comment 11 Fabian Affolter 2013-04-25 04:50:27 EDT
Thanks Petr for the review. I will get in touch with upstream.
Comment 12 Fabian Affolter 2013-04-25 04:51:38 EDT
New Package SCM Request
=======================
Package Name: bannergrab
Short Description: A banner grabbing tool
Owners: fab
Branches: F18 F19
InitialCC:
Comment 13 Jon Ciesla 2013-04-25 07:13:59 EDT
Git done (by process-git-requests).
Comment 14 Fabian Affolter 2014-09-11 10:06:58 EDT
Package Change Request
======================
Package Name: bannergrab
New Branches: el6 epel7
Owners: fab 
InitialCC:
Comment 15 Jon Ciesla 2014-09-11 11:22:49 EDT
Git done (by process-git-requests).

Note You need to log in before you can comment on or make changes to this bug.