subject:"\[Bug 1362265\] Review Request\: yara \- Malware identification tool"

[Bug 1362265] Review Request: yara - Malware identification tool

2017-07-24 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Michal Ambroz  changed:

   What|Removed |Added

  Alias|yara|yara-review



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-27 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #34 from Fedora Update System  ---
yara-3.5.0-5.fc23 has been pushed to the Fedora 23 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-27 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #33 from Fedora Update System  ---
yara-3.5.0-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-27 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #32 from Fedora Update System  ---
yara-3.5.0-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-27 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #31 from Fedora Update System  ---
yara-3.5.0-5.fc24 has been pushed to the Fedora 24 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-27 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #30 from Fedora Update System  ---
yara-3.5.0-5.fc25 has been pushed to the Fedora 25 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-27 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Fedora Update System  changed:

   What|Removed |Added

 Status|ON_QA   |CLOSED
 Resolution|--- |ERRATA
Last Closed||2016-08-27 06:42:00



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-14 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Michal Ambroz  changed:

   What|Removed |Added

  Alias||yara



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-14 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Igor Gnatenko  changed:

   What|Removed |Added

  Alias|yara|



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #29 from Fedora Update System  ---
yara-3.5.0-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If
problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-888d2c3942

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #28 from Fedora Update System  ---
yara-3.5.0-5.el6 has been pushed to the Fedora EPEL 6 testing repository. If
problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ba9ee6258f

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #27 from Fedora Update System  ---
yara-3.5.0-5.fc24 has been pushed to the Fedora 24 testing repository. If
problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8500ff0387

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #26 from Fedora Update System  ---
yara-3.5.0-5.fc23 has been pushed to the Fedora 23 testing repository. If
problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b846998bed

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #25 from Fedora Update System  ---
yara-3.5.0-5.fc25 has been pushed to the Fedora 25 testing repository. If
problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-82dd825cb6

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #24 from Fedora Update System  ---
yara-3.5.0-5.el6 has been submitted as an update to Fedora EPEL 6.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ba9ee6258f

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #23 from Fedora Update System  ---
yara-3.5.0-5.fc25 has been submitted as an update to Fedora 25.
https://bodhi.fedoraproject.org/updates/FEDORA-2016-82dd825cb6

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #22 from Fedora Update System  ---
yara-3.5.0-5.fc24 has been submitted as an update to Fedora 24.
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8500ff0387

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #21 from Fedora Update System  ---
yara-3.5.0-5.fc23 has been submitted as an update to Fedora 23.
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b846998bed

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #20 from Fedora Update System  ---
yara-3.5.0-5.el7 has been submitted as an update to Fedora EPEL 7.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-888d2c3942

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-11 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Fedora Update System  changed:

   What|Removed |Added

 Status|ASSIGNED|MODIFIED



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #19 from Jon Ciesla  ---
Package request has been approved:
https://admin.fedoraproject.org/pkgdb/package/rpms/yara

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #18 from Michal Ambroz  ---
>Package approved.
Thank you for the review Antonio.

>Just a note: hidden directory /usr/share/doc/yara-doc/html/.buildinfo 
>can be erased, i think.
OK, I will put the directory removal back

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Antonio Trande  changed:

   What|Removed |Added

  Flags|fedora-review?  |fedora-review+



--- Comment #17 from Antonio Trande  ---
Just a note: hidden directory /usr/share/doc/yara-doc/html/.buildinfo can be
erased, i think.

Package approved.

Package Review
==

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


= MUST items =

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
 other legal requirements as defined in the legal section of Packaging
 Guidelines.
[x]: License field in the package spec file matches the actual license.
 Note: Checking patched sources after %prep for licenses. Licenses
 found: "Apache (v2.0)", "GPL (v3 or later)", "Unknown or generated",
 "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 53 files have
 unknown license. Detailed output of licensecheck in
 /home/sagitter/1362265-yara/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
 names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
 Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Large documentation must go in a -doc subpackage. Large could be size
 (~1MB) or number of files.
 Note: Documentation size is 10240 bytes in 3 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
 one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
 Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
 license(s) in its own file, then that file, containing the text of the
 license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
 beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
 work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
 provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
 %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

= SHOULD items =

Generic:
[x]: Uses parallel make %{?_smp_mflags} macro.
[-]: If the source package does not include license text(s) as a separate
 file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Fully versioned dependency in subpackages if applicable.
 Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in yara-doc
 , yara-devel , yara-debuginfo
[ ]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-08 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #16 from Michal Ambroz  ---
Hello Antonio

Sorry haven't paid attention closely to the fc25 version. Having static fonts
is not manifesting in FC23. It is apparently specifics of the newer version of
sphinx that it brings the theme sphinx_rtd_theme installed by default (and the
associated fonts). I have patched configuration of the doc degenration to use
the default theme (without embedded fonts) no matter what.

Updated package:
SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec
SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-4.fc23.src.rpm

Build:
https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/439570/

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-08 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #15 from Antonio Trande  ---
(In reply to Michal Ambroz from comment #14)
> >[!]: Changelog in prescribed format.
> rpmlint yara.spec doesn't show any errors in the prescribed format of
> Changelog.

rpmlint is not able to recognize something like this.
Please, take a look to what guidelines say.
http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs

> 
> >[!]: Avoid bundling fonts in non-fonts packages.
> I guess this is some false positive - I am not aware of any fonts being
> bundled to yara package.

I have indicated where they are:
yara-doc-3.5.0-3.fc25.noarch.rpm/usr/share/doc/yara-doc/html/_static/fonts

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-08 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #14 from Michal Ambroz  ---
>[!]: Changelog in prescribed format.
rpmlint yara.spec doesn't show any errors in the prescribed format of
Changelog.

>[!]: Avoid bundling fonts in non-fonts packages.
I guess this is some false positive - I am not aware of any fonts being bundled
to yara package.

>[!]: Package should not use obsolete m4 macros
Both old and new macros used in the upstream project. 
Issue reported upstream https://github.com/VirusTotal/yara/issues/491
As it is "should" not "must" requirement and currently doesn't represent build
issue to Fedora package on all supported releases I decided to not patch at
this point.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-06 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #13 from Antonio Trande  ---
Package Review
==

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
===
- Unbundle all fonts installed in
  yara-doc-3.5.0-3.fc25.noarch.rpm/usr/share/doc/yara-doc/html/_static/fonts.
  They are already in Fedora.
  (You just need to create symbolic links)

- That is not the right way to make the %changelog section.
  http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs
  (Please, remove my name/surname)

= MUST items =

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
 other legal requirements as defined in the legal section of Packaging
 Guidelines.
[x]: License field in the package spec file matches the actual license.
 Note: Checking patched sources after %prep for licenses. Licenses
 found: "Apache (v2.0)", "GPL (v3 or later)", "Unknown or generated",
 "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 53 files have
 unknown license. Detailed output of licensecheck in
 /home/sagitter/1362265-yara/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[!]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
 names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
 Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Large documentation must go in a -doc subpackage. Large could be size
 (~1MB) or number of files.
 Note: Documentation size is 10240 bytes in 3 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
 one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
 Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
 license(s) in its own file, then that file, containing the text of the
 license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
 beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
 work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
 provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
 %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

= SHOULD items =

Generic:
[x]: Uses parallel make %{?_smp_mflags} macro.
[!]: Avoid bundling fonts in non-fonts packages.
 Note: Package contains font files
[-]: If the source package does not include license text(s) as a separate
 file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Fully versioned dependency in subpackages if applicable.
 Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in yara-doc
 , yara-devel , yara-debuginfo
[ ]: Package functions as

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-05 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Michal Ambroz  changed:

   What|Removed |Added

  Alias||yara



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-05 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #12 from Michal Ambroz  ---
Thank you Antonio.

Updated package:
SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec
SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-3.fc23.src.rpm

Build:
https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438534/


>why do you want to have this? you're not building this package for EL5.
OK, it doesn't build with 5 right now, you are right

>> Source0:
>> https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz
>if you build from commit then you should specify it in Release tag,
>otherwise you should build from tag.
Referring "Source" to tag-based tarball instead of commit-based tarball is
"should" and not "must".

Commit 74734418a256c5304ccaf1d322c57e305ff75362 is the one used for the v3.5.0
tag release - see https://github.com/VirusTotal/yara/releases
So I believe marking the package as the normal release (and not the git
snapshot release tag) is OK.

I prefer to refer to the commit based tarbal, as it gives me easy access to any
pinpoint in the github without switching the spec there and back when testing
new versions or pre-releases.

> #bison grammar parsers in libyara/* are licensed under ASL 2.0 and GPLv2+ 
> license.
> License:ASL 2.0 and GPLv2
> you say that it's GPLv2+, but write GPLv2
Well ... actually in the yara release 3.5.0. it is GPLv3+ for the grammar files

I believe that the license of the binary package is ASL 2.0 only - so I
returned it back to this value and kept the explanation in comments.

As GPLv3 is incompatible to be included in ASL, but those bison-generated
grammar files are also dual licensed with the original ASL license of the
project by exception, so the result is ASL only.

>> Requires:   pkgconfig
>drop this from -devel subpkg as it doesn't really need it
dropped

>> Requires:   zlib-devel
>should have %{?_isa} in the end
dropped, I believe this should come from dependencies automatically

>> %defattr(-,root,root,-)
>drop it
dropped

>> Group:  Development/Libraries
>consider removing Group tags from all packages.
Unfortunately without this build fails for RHEL6 because of that.
As it is not prohibited I preffer to keep it for all packages in unconditional
form due to readability.

>* Missing BuildRequires: gcc
added. duh ... I have to change probably all my packages
I also added some more recommended by auto-buildrequire

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-05 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #11 from Igor Gnatenko  ---
> %if 0%{?rhel} && 0%{?rhel} <= 5
> BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
> %endif
why do you want to have this? you're not building this package for EL5.

> Source0:
> https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz
if you build from commit then you should specify it in Release tag, otherwise
you should build from tag.

> #bison grammar parsers in libyara/* are licensed under ASL 2.0 and GPLv2+ 
> license.
> License:ASL 2.0 and GPLv2
you say that it's GPLv2+, but write GPLv2

> Requires:   pkgconfig
drop this from -devel subpkg as it doesn't really need it

> Requires:   zlib-devel
should have %{?_isa} in the end

> %defattr(-,root,root,-)
drop it

> Group:  Development/Libraries
consider removing Group tags from all packages.

* Missing BuildRequires: gcc

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-04 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #10 from Michal Ambroz  ---
Thank you Antonio.

Updated package:
SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec
SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-2.fc23.src.rpm

Build:
https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438156/

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-04 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #9 from Antonio Trande  ---
>- Build HTML documentation
I have created subpackage doc with the HTML documentation

It is a noarch package and do not need to require main package; therefore 

Requires:   %{name}%{?_isa} = %{version}-%{release}

is not needed. And you must add a "BuildArch: noarch" line.
Also, if you want provide yara-doc as standalone package, then it must provide
its own license file.


> #install the html documentation
> mkdir -p %{buildroot}%{_datadir}/doc/%{name}/
> cp -rp docs/_build/html %{buildroot}%{_datadir}/doc/%{name}/
> rm -f %{buildroot}%{_datadir}/doc/%{name}/html/.buildinfo

is a surplus, is sufficient to list that directory with %doc.

%files doc
%defattr(-,root,root,-)  <-- permissions are set automatically
%doc docs/_build/html

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-03 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Michal Ambroz  changed:

   What|Removed |Added

 Blocks||1363935




Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1363935
[Bug 1363935] Review Request: python-yara - Python binding for the YARA
pattern matching tool
-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-03 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #8 from Michal Ambroz  ---
>- AutoTools: Obsoleted m4s found
For the autotools macros I have created bug upstream, but as this is "should"
and not "must" according the guidelines, then I guess this should not be a
blocker for the package acceptance.

Upstream bug report
https://github.com/VirusTotal/yara/issues/491

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-03 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #7 from Michal Ambroz  ---
Update to version 3.5.0 

SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec
SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-1.fc23.src.rpm

Build on COPR:
https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438010/


>Note: License file COPYING is not marked as %license
I have added COPYING to license% - sorry i forgot to change this

>Please, follow naming of python package according to the packaging guidelines 
>for Python.
in version 3.5.0 all python stuff was removed from the yara package and was
moved to separate package yara-python. 
I will be submitting new package review for python-yara package to continue
with this stuff.

>- BuildRoot: is for EPEL5 only.
I have canged conditions to apply only for rhel <= 5
although packaging guidelines is not prohibiting this one, just saying it is
not necessary
https://fedoraproject.org/wiki/Packaging:Guidelines

>- Some libyara/* files are licensed under GPLv2+ license. Please, include it 
>in the License line.
I have added the GPLv2+ note on the license field and explaning notes.
Although all files having GPLv2+ license are the bison grammars which by the
already present exception
can be also licensed as the package containing those - in this case ASL v2.0

>- Required package lines are not fully versioned arch-specific:
I have changed to the recommended version checking

>- Compiler uses additional flags like "-O3 -Wall -Wno-deprecated-declarations".
>Set AM_CFLAGS variable with 'make' by using default Fedora flags.
I believe there is no need to override the AM_CFLAGS. The idea is that tools
should invoke:
gcc $AM_CFLAGS $CFLAGS file.c -o file.o
In this way if there is something set in $AM_CFLAGS (what the author of the
program thought should be set), it can be always overrode by users (in this
case packager's resp. distribution) CFLAGS.

As in the yara build scripts the %optflags are already configured by the
%configure macro when running ./configure and then stored in the makefiles in
form of CFLAGS, it is not needed or wanted to override any of AM_CFLAGS nor
CFLAGS as it overrides also "-pthread" where necessary.

>- Build HTML documentation
I have created subpackage doc with the HTML documentation

>- Please, remove commented commands.
done 

>- You can run (Python2/Python3) tests by using 'python(3)-nose'.
Will do in python-yara. 

>- Fix the warning: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25', 
>'3.4.0-5']
done

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-03 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #6 from Michal Ambroz  ---
ROFL ... was nearly done with the python stuff when they decided to remove it
from the yara package with the fresh release (after one year) :D

Thanks for the review ... 3.5.0 package on the way and I will probably raise
one another review request for the python-yara module - to at least use all the
goodies you gave me.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-03 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #5 from Antonio Trande  ---
I missed a couple of issues:

- [!]: Latest version is packaged.
https://github.com/VirusTotal/yara/releases/tag/v3.5.0

- AutoTools: Obsoleted m4s found
--
  AC_PROG_LIBTOOL found in: yara-
  040db952d484dea406ed7d4e622f7b8ba9b683cb/configure.ac:23

[!]: Package should not use obsolete m4 macros
 Note: Some obsoleted macros found, see the attachment.
 See: https://fedorahosted.org/FedoraReview/wiki/AutoTools

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-03 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #4 from Antonio Trande  ---
Package Review
==

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
===
- If (and only if) the source package includes the text of the license(s)
  in its own file, then that file, containing the text of the license(s)
  for the package is included in %license.
  Note: License file COPYING is not marked as %license
  See:
  http://fedoraproject.org/wiki/Packaging/LicensingGuidelines#License_Text

- Please, follow naming of python package according to the packaging guidelines
for Python.
  http://fedoraproject.org/wiki/Packaging:Python#Example_common_spec_file

- BuildRoot: is for EPEL5 only.

- Some libyara/* files are licensed under GPLv2+ license. Please, include it
  in the License line.

- Required package lines are not fully versioned arch-specific:

  Requires:   %{name} = %{version}-%{release}
  Requires:   yara == %{version}

should be replaced with

  Requires: %{name}%{?_isa} = %{version}-%{release}

- Compiler uses additional flags like "-O3 -Wall -Wno-deprecated-declarations".
  Set AM_CFLAGS variable with 'make' by using default Fedora flags.

- Build HTML documentation

- You can run (Python2/Python3) tests by using 'python(3)-nose'.

- Please, remove commented commands.

- Fix the warning: incoherent-version-in-changelog 3.4.0-4 ['3.4.0-5.fc25',
'3.4.0-5']

= MUST items =

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Development (unversioned) .so files in -devel subpackage, if present.
 Note: Unversioned so-files in private %_libdir subdirectory (see
 attachment). Verify they are not in ld path.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
 other legal requirements as defined in the legal section of Packaging
 Guidelines.
[x]: License field in the package spec file matches the actual license.
 Note: Checking patched sources after %prep for licenses. Licenses
 found: "Apache (v2.0)", "GPL (v2 or later)", "Unknown or generated",
 "BSD (4 clause)", "BSD (3 clause)", "BSD (2 clause)". 57 files have
 unknown license. Detailed output of licensecheck in
 /home/sagitter/1362265-yara/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[!]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
 names).
[!]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
 Provides are present.
[!]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[?]: Large documentation must go in a -doc subpackage. Large could be size
 (~1MB) or number of files.
 Note: Documentation size is 30720 bytes in 4 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
 one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
 Note: There are rpmlint messages (see attachment).
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any
 that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
 beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
 work.
[x]: Package is named using only allowed ASCII characters.
[x]:

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-01 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #3 from Michal Ambroz  ---
> Fedora <= 21 ?
- ... it is just generic definition of the python rpm macros - I use this spec
file for quite some time now, building also on some more exotic platforms. It
is there for compatibility with other repositories as well to keep single
version of a spec file working.

> BuildRequires:  python-tools  <-- Python3
You are right - python-tools was not needed indeed.
I believed that 2.7 version of 2to3 python tool is used when building the
python3 codebase, but actually the module is binary, so 2to3 is not needed at
all - removed.

>Is this package for epel5?
I hope to ship for EPEL7, EPEL6. I hope to find a way to make it working for
EPEL5, but it is not a priority now.

SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec
SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.4.0-5.fc23.src.rpm

Best regards
Michal Ambroz

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-01 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265



--- Comment #2 from Antonio Trande  ---
- %if 0%{?fedora} <= 21

Fedora <= 21 ?

- 
%if 0%{?with_python3}
BuildRequires:  python-tools  <-- Python3
BuildRequires:  python3-devel
BuildRequires:  python3-setuptools
%endif # if with_python3

- BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

Is this package for epel5?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-01 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Antonio Trande  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|nob...@fedoraproject.org|anto.tra...@gmail.com
  Flags||fedora-review?



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1362265] Review Request: yara - Malware identification tool

2016-08-01 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1362265

Michal Ambroz  changed:

   What|Removed |Added

 Blocks||563471 (FE-SECLAB)
 CC||i...@cicku.me



--- Comment #1 from Michal Ambroz  ---
*** Bug 1129023 has been marked as a duplicate of this bug. ***


Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=563471
[Bug 563471] Tracker: Review Requests for Fedora Security Lab related
packages
-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

42 matches

Mail list logo