[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Michal Ambrozchanged: What|Removed |Added Alias|yara|yara-review -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #34 from Fedora Update System--- yara-3.5.0-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #33 from Fedora Update System--- yara-3.5.0-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #32 from Fedora Update System--- yara-3.5.0-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #31 from Fedora Update System--- yara-3.5.0-5.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #30 from Fedora Update System--- yara-3.5.0-5.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Fedora Update Systemchanged: What|Removed |Added Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed||2016-08-27 06:42:00 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Michal Ambrozchanged: What|Removed |Added Alias||yara -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Igor Gnatenkochanged: What|Removed |Added Alias|yara| -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #29 from Fedora Update System--- yara-3.5.0-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-888d2c3942 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #28 from Fedora Update System--- yara-3.5.0-5.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ba9ee6258f -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #27 from Fedora Update System--- yara-3.5.0-5.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8500ff0387 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #26 from Fedora Update System--- yara-3.5.0-5.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b846998bed -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Fedora Update Systemchanged: What|Removed |Added Status|MODIFIED|ON_QA --- Comment #25 from Fedora Update System --- yara-3.5.0-5.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-82dd825cb6 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #24 from Fedora Update System--- yara-3.5.0-5.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ba9ee6258f -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #23 from Fedora Update System--- yara-3.5.0-5.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-82dd825cb6 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #22 from Fedora Update System--- yara-3.5.0-5.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8500ff0387 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #21 from Fedora Update System--- yara-3.5.0-5.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b846998bed -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #20 from Fedora Update System--- yara-3.5.0-5.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-888d2c3942 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Fedora Update Systemchanged: What|Removed |Added Status|ASSIGNED|MODIFIED -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #19 from Jon Ciesla--- Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/rpms/yara -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #18 from Michal Ambroz--- >Package approved. Thank you for the review Antonio. >Just a note: hidden directory /usr/share/doc/yara-doc/html/.buildinfo >can be erased, i think. OK, I will put the directory removal back -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Antonio Trandechanged: What|Removed |Added Flags|fedora-review? |fedora-review+ --- Comment #17 from Antonio Trande --- Just a note: hidden directory /usr/share/doc/yara-doc/html/.buildinfo can be erased, i think. Package approved. Package Review == Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed = MUST items = C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)", "GPL (v3 or later)", "Unknown or generated", "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 53 files have unknown license. Detailed output of licensecheck in /home/sagitter/1362265-yara/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 3 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local = SHOULD items = Generic: [x]: Uses parallel make %{?_smp_mflags} macro. [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in yara-doc , yara-devel , yara-debuginfo [ ]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #16 from Michal Ambroz--- Hello Antonio Sorry haven't paid attention closely to the fc25 version. Having static fonts is not manifesting in FC23. It is apparently specifics of the newer version of sphinx that it brings the theme sphinx_rtd_theme installed by default (and the associated fonts). I have patched configuration of the doc degenration to use the default theme (without embedded fonts) no matter what. Updated package: SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-4.fc23.src.rpm Build: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/439570/ -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #15 from Antonio Trande--- (In reply to Michal Ambroz from comment #14) > >[!]: Changelog in prescribed format. > rpmlint yara.spec doesn't show any errors in the prescribed format of > Changelog. rpmlint is not able to recognize something like this. Please, take a look to what guidelines say. http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs > > >[!]: Avoid bundling fonts in non-fonts packages. > I guess this is some false positive - I am not aware of any fonts being > bundled to yara package. I have indicated where they are: yara-doc-3.5.0-3.fc25.noarch.rpm/usr/share/doc/yara-doc/html/_static/fonts -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #14 from Michal Ambroz--- >[!]: Changelog in prescribed format. rpmlint yara.spec doesn't show any errors in the prescribed format of Changelog. >[!]: Avoid bundling fonts in non-fonts packages. I guess this is some false positive - I am not aware of any fonts being bundled to yara package. >[!]: Package should not use obsolete m4 macros Both old and new macros used in the upstream project. Issue reported upstream https://github.com/VirusTotal/yara/issues/491 As it is "should" not "must" requirement and currently doesn't represent build issue to Fedora package on all supported releases I decided to not patch at this point. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #13 from Antonio Trande--- Package Review == Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: === - Unbundle all fonts installed in yara-doc-3.5.0-3.fc25.noarch.rpm/usr/share/doc/yara-doc/html/_static/fonts. They are already in Fedora. (You just need to create symbolic links) - That is not the right way to make the %changelog section. http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs (Please, remove my name/surname) = MUST items = C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)", "GPL (v3 or later)", "Unknown or generated", "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 53 files have unknown license. Detailed output of licensecheck in /home/sagitter/1362265-yara/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [!]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 3 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local = SHOULD items = Generic: [x]: Uses parallel make %{?_smp_mflags} macro. [!]: Avoid bundling fonts in non-fonts packages. Note: Package contains font files [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in yara-doc , yara-devel , yara-debuginfo [ ]: Package functions as
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Michal Ambrozchanged: What|Removed |Added Alias||yara -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #12 from Michal Ambroz--- Thank you Antonio. Updated package: SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-3.fc23.src.rpm Build: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438534/ >why do you want to have this? you're not building this package for EL5. OK, it doesn't build with 5 right now, you are right >> Source0: >> https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz >if you build from commit then you should specify it in Release tag, >otherwise you should build from tag. Referring "Source" to tag-based tarball instead of commit-based tarball is "should" and not "must". Commit 74734418a256c5304ccaf1d322c57e305ff75362 is the one used for the v3.5.0 tag release - see https://github.com/VirusTotal/yara/releases So I believe marking the package as the normal release (and not the git snapshot release tag) is OK. I prefer to refer to the commit based tarbal, as it gives me easy access to any pinpoint in the github without switching the spec there and back when testing new versions or pre-releases. > #bison grammar parsers in libyara/* are licensed under ASL 2.0 and GPLv2+ > license. > License:ASL 2.0 and GPLv2 > you say that it's GPLv2+, but write GPLv2 Well ... actually in the yara release 3.5.0. it is GPLv3+ for the grammar files I believe that the license of the binary package is ASL 2.0 only - so I returned it back to this value and kept the explanation in comments. As GPLv3 is incompatible to be included in ASL, but those bison-generated grammar files are also dual licensed with the original ASL license of the project by exception, so the result is ASL only. >> Requires: pkgconfig >drop this from -devel subpkg as it doesn't really need it dropped >> Requires: zlib-devel >should have %{?_isa} in the end dropped, I believe this should come from dependencies automatically >> %defattr(-,root,root,-) >drop it dropped >> Group: Development/Libraries >consider removing Group tags from all packages. Unfortunately without this build fails for RHEL6 because of that. As it is not prohibited I preffer to keep it for all packages in unconditional form due to readability. >* Missing BuildRequires: gcc added. duh ... I have to change probably all my packages I also added some more recommended by auto-buildrequire -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #11 from Igor Gnatenko--- > %if 0%{?rhel} && 0%{?rhel} <= 5 > BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) > %endif why do you want to have this? you're not building this package for EL5. > Source0: > https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz if you build from commit then you should specify it in Release tag, otherwise you should build from tag. > #bison grammar parsers in libyara/* are licensed under ASL 2.0 and GPLv2+ > license. > License:ASL 2.0 and GPLv2 you say that it's GPLv2+, but write GPLv2 > Requires: pkgconfig drop this from -devel subpkg as it doesn't really need it > Requires: zlib-devel should have %{?_isa} in the end > %defattr(-,root,root,-) drop it > Group: Development/Libraries consider removing Group tags from all packages. * Missing BuildRequires: gcc -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #10 from Michal Ambroz--- Thank you Antonio. Updated package: SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-2.fc23.src.rpm Build: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438156/ -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #9 from Antonio Trande--- >- Build HTML documentation I have created subpackage doc with the HTML documentation It is a noarch package and do not need to require main package; therefore Requires: %{name}%{?_isa} = %{version}-%{release} is not needed. And you must add a "BuildArch: noarch" line. Also, if you want provide yara-doc as standalone package, then it must provide its own license file. > #install the html documentation > mkdir -p %{buildroot}%{_datadir}/doc/%{name}/ > cp -rp docs/_build/html %{buildroot}%{_datadir}/doc/%{name}/ > rm -f %{buildroot}%{_datadir}/doc/%{name}/html/.buildinfo is a surplus, is sufficient to list that directory with %doc. %files doc %defattr(-,root,root,-) <-- permissions are set automatically %doc docs/_build/html -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Michal Ambrozchanged: What|Removed |Added Blocks||1363935 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1363935 [Bug 1363935] Review Request: python-yara - Python binding for the YARA pattern matching tool -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #8 from Michal Ambroz--- >- AutoTools: Obsoleted m4s found For the autotools macros I have created bug upstream, but as this is "should" and not "must" according the guidelines, then I guess this should not be a blocker for the package acceptance. Upstream bug report https://github.com/VirusTotal/yara/issues/491 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #7 from Michal Ambroz--- Update to version 3.5.0 SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-1.fc23.src.rpm Build on COPR: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438010/ >Note: License file COPYING is not marked as %license I have added COPYING to license% - sorry i forgot to change this >Please, follow naming of python package according to the packaging guidelines >for Python. in version 3.5.0 all python stuff was removed from the yara package and was moved to separate package yara-python. I will be submitting new package review for python-yara package to continue with this stuff. >- BuildRoot: is for EPEL5 only. I have canged conditions to apply only for rhel <= 5 although packaging guidelines is not prohibiting this one, just saying it is not necessary https://fedoraproject.org/wiki/Packaging:Guidelines >- Some libyara/* files are licensed under GPLv2+ license. Please, include it >in the License line. I have added the GPLv2+ note on the license field and explaning notes. Although all files having GPLv2+ license are the bison grammars which by the already present exception can be also licensed as the package containing those - in this case ASL v2.0 >- Required package lines are not fully versioned arch-specific: I have changed to the recommended version checking >- Compiler uses additional flags like "-O3 -Wall -Wno-deprecated-declarations". >Set AM_CFLAGS variable with 'make' by using default Fedora flags. I believe there is no need to override the AM_CFLAGS. The idea is that tools should invoke: gcc $AM_CFLAGS $CFLAGS file.c -o file.o In this way if there is something set in $AM_CFLAGS (what the author of the program thought should be set), it can be always overrode by users (in this case packager's resp. distribution) CFLAGS. As in the yara build scripts the %optflags are already configured by the %configure macro when running ./configure and then stored in the makefiles in form of CFLAGS, it is not needed or wanted to override any of AM_CFLAGS nor CFLAGS as it overrides also "-pthread" where necessary. >- Build HTML documentation I have created subpackage doc with the HTML documentation >- Please, remove commented commands. done >- You can run (Python2/Python3) tests by using 'python(3)-nose'. Will do in python-yara. >- Fix the warning: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25', >'3.4.0-5'] done -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #6 from Michal Ambroz--- ROFL ... was nearly done with the python stuff when they decided to remove it from the yara package with the fresh release (after one year) :D Thanks for the review ... 3.5.0 package on the way and I will probably raise one another review request for the python-yara module - to at least use all the goodies you gave me. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #5 from Antonio Trande--- I missed a couple of issues: - [!]: Latest version is packaged. https://github.com/VirusTotal/yara/releases/tag/v3.5.0 - AutoTools: Obsoleted m4s found -- AC_PROG_LIBTOOL found in: yara- 040db952d484dea406ed7d4e622f7b8ba9b683cb/configure.ac:23 [!]: Package should not use obsolete m4 macros Note: Some obsoleted macros found, see the attachment. See: https://fedorahosted.org/FedoraReview/wiki/AutoTools -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #4 from Antonio Trande--- Package Review == Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: === - If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. Note: License file COPYING is not marked as %license See: http://fedoraproject.org/wiki/Packaging/LicensingGuidelines#License_Text - Please, follow naming of python package according to the packaging guidelines for Python. http://fedoraproject.org/wiki/Packaging:Python#Example_common_spec_file - BuildRoot: is for EPEL5 only. - Some libyara/* files are licensed under GPLv2+ license. Please, include it in the License line. - Required package lines are not fully versioned arch-specific: Requires: %{name} = %{version}-%{release} Requires: yara == %{version} should be replaced with Requires: %{name}%{?_isa} = %{version}-%{release} - Compiler uses additional flags like "-O3 -Wall -Wno-deprecated-declarations". Set AM_CFLAGS variable with 'make' by using default Fedora flags. - Build HTML documentation - You can run (Python2/Python3) tests by using 'python(3)-nose'. - Please, remove commented commands. - Fix the warning: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25', '3.4.0-5'] = MUST items = C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Apache (v2.0)", "GPL (v2 or later)", "Unknown or generated", "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 57 files have unknown license. Detailed output of licensecheck in /home/sagitter/1362265-yara/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [!]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [!]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [!]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [?]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 30720 bytes in 4 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]:
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #3 from Michal Ambroz--- > Fedora <= 21 ? - ... it is just generic definition of the python rpm macros - I use this spec file for quite some time now, building also on some more exotic platforms. It is there for compatibility with other repositories as well to keep single version of a spec file working. > BuildRequires: python-tools <-- Python3 You are right - python-tools was not needed indeed. I believed that 2.7 version of 2to3 python tool is used when building the python3 codebase, but actually the module is binary, so 2to3 is not needed at all - removed. >Is this package for epel5? I hope to ship for EPEL7, EPEL6. I hope to find a way to make it working for EPEL5, but it is not a priority now. SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.4.0-5.fc23.src.rpm Best regards Michal Ambroz -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #2 from Antonio Trande--- - %if 0%{?fedora} <= 21 Fedora <= 21 ? - %if 0%{?with_python3} BuildRequires: python-tools <-- Python3 BuildRequires: python3-devel BuildRequires: python3-setuptools %endif # if with_python3 - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Is this package for epel5? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Antonio Trandechanged: What|Removed |Added Status|NEW |ASSIGNED Assignee|nob...@fedoraproject.org|anto.tra...@gmail.com Flags||fedora-review? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
[Bug 1362265] Review Request: yara - Malware identification tool
https://bugzilla.redhat.com/show_bug.cgi?id=1362265 Michal Ambrozchanged: What|Removed |Added Blocks||563471 (FE-SECLAB) CC||i...@cicku.me --- Comment #1 from Michal Ambroz --- *** Bug 1129023 has been marked as a duplicate of this bug. *** Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=563471 [Bug 563471] Tracker: Review Requests for Fedora Security Lab related packages -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org