Bug 985753 - Review Request: dfuzzer - Fuzzer for processes connected to D-Bus
Review Request: dfuzzer - Fuzzer for processes connected to D-Bus
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Luboš Uhliarik
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-18 03:21 EDT by Matus Marhefka
Modified: 2015-07-21 08:29 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-04-02 07:51:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
luhliari: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Matus Marhefka 2013-07-18 03:21:42 EDT
Spec URL: www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer.spec
SRPM URL: www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer-1.0-1.fc18.src.rpm
Description:
Hi, I would like to include dfuzzer to Fedora packages, also this is
my first package and I need a sponsor.
dfuzzer is a tool for fuzz testing processes communicating through D-Bus.

Fedora Account System Username: mmarhefk
Comment 1 Christopher Meng 2013-07-18 04:45:11 EDT
Where is the source? 

Why not %setup in %prep section? 

Why not add smpflag for make during %build?

All can be found:

http://fedoraproject.org/wiki/Packaging:Guidelines
Comment 2 Matus Marhefka 2013-07-18 06:34:05 EDT
I am sorry, I haven't realized missing source. I corrected it, updated files
are on the same location.
Comment 4 Eduardo Echeverria 2013-07-21 05:54:44 EDT
You must use a valid url for the Source0 in the spec (that is to say, the url of the pristine sources), in this case, the project is published in Github, please see https://fedoraproject.org/wiki/Packaging:SourceURL#Github, for see an example of how proceed 

Don't use both %{buildroot} and $RPM_BUILD_ROOT see http://fedoraproject.org/wiki/Packaging/Guidelines#macros

rpmlint out 
dfuzzer.x86_64: W: no-documentation
Please add the license, README, etc, (btw, your spec not include %doc section, please add it)

dfuzzer.x86_64: E: non-standard-executable-perm /usr/bin/dfuzzer 0775L
Fix the permission. btw, you can install directly, by example, you can do
mkdir -p %{buildroot}%{_bindir}/
install -pm 0755 dfuzzer %{buildroot}%{_bindir}/%{name}

dfuzzer.x86_64: W: no-manual-page-for-binary dfuzzer
it would be useful to have it, and have sense because is a CLI tool

the package don't honor the applicable compiler flags, see https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#Compiler_flags 

Your package contains documentation that can be build via doxygen please do it

Please remove the superfluous comments.
Comment 5 Matus Marhefka 2013-07-24 05:40:10 EDT
Eduardo: Thank you for help.
I added docs, man page and corrected gcc flags and source.

Spec URL: <http://www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer.spec>
SRPM URL: <www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer-1.0-1.fc18.src.rpm>

As GitHub generates different links from names of downloaded packages, you
must use spectool to download source. I included comment in spec file.
Comment 6 Matus Marhefka 2013-07-25 08:13:11 EDT
Our school servers seems to be down, download from here please:

Spec: "http://mmprog.sweb.cz/Download/dfuzzer.spec"
SRPM: "mmprog.sweb.cz/Download/dfuzzer-1.0-1.fc18.src.rpm"
Comment 7 Veaceslav Mindru 2013-07-30 03:24:55 EDT
Hello Matus Marhefka ,

I don't see any more errors reported by rpmlint so GJ.  I recommend to correct this. 

> install -pm 0755 src/dfuzzer %{buildroot}%{_bindir}/%{name}

http://fedoraproject.org/wiki/Packaging:Guidelines#Statically_Linking_Executables


 Statically Linking Executables

    Static linkage is a special exception and should be decided on a case-by-case basis. The packager must provide rationale for linking statically, including precedences where available, to FESCO for approval.
    If you link statically against a library, add yourself to the initialcc list for the library so you can watch for any security issues or bug fixes for which you'd want to rebuild your package against a new version of the library. Here are instructions for making that request.  


VM
Comment 8 Michael Schwendt 2013-08-02 06:02:36 EDT
Run rpmlint (or rpmlint -I for more helpful output) on the src.rpm and all
built rpms. Feel free to ignore obvious false positives in the report, but fix
anything else. Preferably add a comment here about whether/when you think what
rpmlint reports is correct or incorrect.


> Summary: Package does fuzz testing of processes connected to D-Bus

Imagine every %summary started with "Package does ...". ;-) Not only would it look strange, it would be less concise than it could be:

  Summary: Fuzz testing processes communicating through D-Bus
  Summary: D-Bus fuzz testing tool

https://fedoraproject.org/wiki/Examples_of_good_package_summaries


> install -pm 0644 man/dfuzzer.1.gz %{buildroot}%{_mandir}/man1/dfuzzer.1.gz

Please prefer the uncompressed manual page, because rpmbuild compresses man pages on-the-fly.

> %{_mandir}/man1/dfuzzer.1.gz

%{_mandir}/man1/dfuzzer.1*  is what many reviewers recommend, because it allows for changed/customised/disabled compression of manual pages.


> warning: bogus date in %changelog: Tue Jul 29 2013 Matus Marhefka <mmarhefk@redhat.com> 1.0-1

$ date -d 'Tue Jul 29 2013'
Mon 29 Jul 00:00:00 CEST 2013

or Tue Jul 30


> + make doc
> doxygen doxyfile
> make: doxygen: Command not found
> make: *** [doc] Error 127

BuildRequires: doxygen
Comment 9 Michael Schwendt 2013-08-02 06:04:29 EDT
> Statically Linking Executables

I don't understand comment 7. This package builds a single executable, not a library.
Comment 10 Matus Marhefka 2013-08-13 06:26:17 EDT
Thanks Michael, I will correct it.
We are also working on the newer version, so when it is done I will
upload everything.

I too don't understand the comment 7. Veaceslav can you explain ?
Comment 11 Michael Scherer 2014-01-25 20:17:57 EST
Any news for the new version ?
Comment 13 Matus Marhefka 2014-05-09 09:14:49 EDT
Sorry bad links, here are the correct ones:

http://www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer.spec
http://www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer-1.0-1.fc20.src.rpm
Comment 14 Zbigniew Jędrzejewski-Szmek 2014-12-17 15:58:17 EST
Packaging is correct.

%description might be extended a bit more (for example, is it only for testing d-bus services, or also for clients?, what kind of tests does it do?)

I cannot sponsor you, but I'd suggest doing some informal reviews (like the ones done by me and other people in for this bug), and adding links here. See https://bugzilla.redhat.com/buglist.cgi?component=Package%20Review&list_id=3102456&product=Fedora for a list of awaiting packages.
Comment 15 Miroslav Vadkerti 2015-03-13 06:47:09 EDT
Hello, Looks like all packaging issues were resolved. Would it be possible to sponsor this package please? We would like to integrate it to taskotron and use it for sanity testing of D-Bus interfaces ...
Comment 16 Tomáš Hozza 2015-03-13 06:55:36 EDT
Lubos, please do the formal review. Thank you.
Comment 17 Luboš Uhliarik 2015-03-16 10:08:51 EDT
Hi Matus,

I did a review of your package, but there is one problem. Version of package does not correspond to versions in ChangeLog file. 

Could you please fix the version of RPM package, or just change ChangeLog, if it was your private versioning.

Here is package review output:

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "GPL (v3 or later)", "Unknown or generated". 2 files have unknown
     license. Detailed output of licensecheck in
     /home/luhliarik/985753-dfuzzer/licensecheck.txt
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[!]: Changelog in prescribed format.
- please fix version collision between versions in ChangeLog and SPEC file (RPM package)

[x]: Sources contain only permissible code or content.
[x]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[x]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x] : Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 993280 bytes in 143 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: No rpmlint messages.
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[!]: Uses parallel make %{?_smp_mflags} macro.
[x]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[ ]: Package does not include license text files separate from upstream.
[ ]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[ ]: Package should compile and build into binary rpms on all supported
     architectures.
[ ]: %check is present and all tests pass.
[ ]: Packages should try to preserve timestamps of original installed files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: Dist tag is present (not strictly required in GL).
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[ ]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.
     Note: Arch-ed rpms have a total of 1003520 bytes in /usr/share
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: dfuzzer-1.0-1.fc21.x86_64.rpm
          dfuzzer-1.0-1.fc21.src.rpm
2 packages and 0 specfiles checked; 0 errors, 0 warnings.
Comment 19 Luboš Uhliarik 2015-03-23 05:05:24 EDT
(In reply to Matus Marhefka from comment #18)
> I fixed the version of RPM package:
> 
> http://www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer.spec
> http://www.stud.fit.vutbr.cz/~xmarhe00/dfuzzer-1.4-1.fc20.src.rpm

It's OK now Matus, so I'm approving this package.
Comment 20 Matus Marhefka 2015-03-23 08:48:20 EDT
New Package SCM Request
=======================
Package Name: dfuzzer
Short Description: D-Bus services fuzz testing tool
Upstream URL: https://github.com/matusmarhefka/dfuzzer
Owners: mmarhefk
Branches: f20 f21 f22
InitialCC:
Comment 21 Gwyn Ciesla 2015-03-23 09:18:00 EDT
Git done (by process-git-requests).
Comment 22 Fedora Update System 2015-03-23 11:00:45 EDT
dfuzzer-1.4-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/dfuzzer-1.4-1.fc20
Comment 23 Fedora Update System 2015-03-23 11:03:46 EDT
dfuzzer-1.4-1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/dfuzzer-1.4-1.fc21
Comment 24 Fedora Update System 2015-03-31 17:50:48 EDT
dfuzzer-1.4-1.fc20 has been pushed to the Fedora 20 stable repository.
Comment 25 Fedora Update System 2015-03-31 17:57:20 EDT
dfuzzer-1.4-1.fc21 has been pushed to the Fedora 21 stable repository.
Comment 26 Fedora Update System 2015-06-30 10:34:09 EDT
dfuzzer-1.4-1.fc22.1 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/dfuzzer-1.4-1.fc22.1
Comment 27 Fedora Update System 2015-07-13 15:19:25 EDT
dfuzzer-1.4-1.fc22.1 has been pushed to the Fedora 22 stable repository.

Note You need to log in before you can comment on or make changes to this bug.