[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
https://bugzilla.redhat.com/show_bug.cgi?id=890589 Otto Urpelainen changed: What|Removed |Added Blocks||201449 (FE-DEADREVIEW) Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=201449 [Bug 201449] FE-DEADREVIEW -- Reviews stalled due to lack of submitter response should be blocking this bug. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
https://bugzilla.redhat.com/show_bug.cgi?id=890589 Jiri Hladky changed: What|Removed |Added Status|NEW |CLOSED Resolution|--- |NOTABUG Flags|needinfo?(hladky.jiri@gmail | |.com) | Last Closed||2021-05-22 13:10:46 --- Comment #8 from Jiri Hladky --- H Otto, thanks for the reminder. I don't plan to include the package in Fedora anymore. Let me close the ticket. Thanks Jirka -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
https://bugzilla.redhat.com/show_bug.cgi?id=890589 Otto Urpelainen changed: What|Removed |Added CC||otu...@iki.fi Flags||needinfo?(hladky.jiri@gmail ||.com) --- Comment #7 from Otto Urpelainen --- This review request is really old. If you still want to include this package in Fedora, please clear the needinfo tag and explain how you intend to continue. I can review. Otherwise, just leave the tag in place and this request should be automatically closed in a month. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
needinfo canceled: [Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
Product: Fedora Version: rawhide Component: Package Review Package Review has canceled Package Review 's request for Eduardo Echeverria 's needinfo: Bug 890589: Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator https://bugzilla.redhat.com/show_bug.cgi?id=890589 --- Comment #6 from Package Review --- This is an automatic action taken by review-stats script. The ticket reviewer failed to clear the NEEDINFO flag in a month. As per https://fedoraproject.org/wiki/Policy_for_stalled_package_reviews we reset the status and the assignee of this ticket. ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=890589 --- Comment #4 from Eduardo Echeverria echevemas...@gmail.com --- One detail that I forget: use %post -p /sbin/ldconfig %postun -p /sbin/ldconfig instead of %post /sbin/ldconfig %postun /sbin/ldconfig -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=PNNEW7d0nua=cc_unsubscribe ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=890589 --- Comment #2 from Jiri Hladky hladky.j...@gmail.com --- Hi Eduardo, thanks for the hints. I have fixed all the issues with the SPEC file. Please note that I do plan to provide the package for the EPEL5 and EPEL6 so I have to keep certain sections in the SPEC file. The only point I do not follow is the issue with the rpath. I do have following in my ~/.rpmmacros $more ~/.rpmmacros %__arch_install_post\ /usr/lib/rpm/check-rpaths \ /usr/lib/rpm/check-buildroot and not rpath problem was reported. Do you see rpath issue on any of the provided executable files? Regarding the bundled libraries - the project is not using any bundled libraries. There are however parts of the other GNU projects reused. 1) One part is project haveged. http://www.issihosts.com/haveged/ The project haveged implements HAVEGE RNG but it does not provide any developement libraries. I have taken parts of the project and modified so it can be used as the standalone library. I'm now working with the haveged upstream to merge my changes and provide haveged-devel package. The maintainer of the haveged project has commited to do the merge but it will take some time. 2) The other part is the implementation of the CTR DRBG algorithm. I took the basic example implementation from the year 2007 from Henric Jungheim as the basis and added prediction resitance. POLARSSL provides now the similar functionality starting from F18. However, recent versions of POLARSSL do not compile on the EPEL5 and EPEL6. I would therefore suggest to release the current package tp provide the fnctionality for EPEL and older versions of the Fedora. I do plan to update the package to use polarssl in the newer releases. Spec URL: http://jhladky.fedorapeople.org/csprng.spec SRPM URL: http://jhladky.fedorapeople.org/csprng-1.1.3-0.fc16.src.rpm Tested on Koji: http://koji.fedoraproject.org/koji/taskinfo?taskID=4841708 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UB0k7kNQCFa=cc_unsubscribe ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=890589 Eduardo Echeverria echevemas...@gmail.com changed: What|Removed |Added Status|NEW |ASSIGNED Assignee|nob...@fedoraproject.org|echevemas...@gmail.com Flags||fedora-review? -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=GbEWM92V3Ba=cc_unsubscribe ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=890589 --- Comment #3 from Eduardo Echeverria echevemas...@gmail.com --- (In reply to comment #2) The only point I do not follow is the issue with the rpath. I do have following in my ~/.rpmmacros $more ~/.rpmmacros %__arch_install_post\ /usr/lib/rpm/check-rpaths \ /usr/lib/rpm/check-buildroot and not rpath problem was reported. Do you see rpath issue on any of the provided executable files? Hi Jiri: - Try rebuilding the package: rpmbuild --rebuild csprng-1.1.3-0.fc16.src.rpm Give an error output about RPATH *0x0001 ... standard RPATHs (e.g. /usr/lib); such RPATHs are a minor * issue but are introducing redundant searchpaths without * providing a benefit. They can also cause errors in multilib * environments. ERROR 0001: file '/usr/bin/csprng-generate' contains a standard rpath '/usr/lib64' in [/usr/lib64] ERROR 0001: file '/usr/sbin/csprngd' contains a standard rpath '/usr/lib64' in [/usr/lib64] you can also check the output rpmlint: rpmlint -v csprng-1.1.3-0.fc17.x86_64.rpm csprng.x86_64: I: checking csprng.x86_64: W: spelling-error Summary(en_US) cryptographically - photographically, typographically, topographically csprng.x86_64: W: spelling-error %description -l en_US cryptographically - photographically, typographically, topographically csprng.x86_64: W: spelling-error %description -l en_US dev - deb, derv, div csprng.x86_64: W: spelling-error %description -l en_US unmonitorable - unmemorable csprng.x86_64: I: checking-url http://code.google.com/p/csrng/ (timeout 10 seconds) csprng.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/csprng-generate ['/usr/lib64'] csprng.x86_64: E: binary-or-shlib-defines-rpath /usr/sbin/csprngd ['/usr/lib64'] 1 packages and 0 specfiles checked; 2 errors, 4 warnings. - Usually, subpackages other than devel should require the base package using a fully versioned dependency. Please use Requires: %{name}%{?_isa} = %{version}-%{release} in the devel package - In the devel package there a issue with unowned directories %{_includedir}/%{name}/* should be %{_includedir}/%{name}/ Please see: https://fedoraproject.org/wiki/Packaging:UnownedDirectories -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=CASFloVUjca=cc_unsubscribe ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 890589] Review Request: csprng - Entropy source using the cryptographically secure pseudo-random number generator
Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=890589 Eduardo Echeverria echevemas...@gmail.com changed: What|Removed |Added CC||echevemas...@gmail.com --- Comment #1 from Eduardo Echeverria echevemas...@gmail.com --- Hi Jiri, Initial comments: - please document the need for automake in BR - please document the need for GDB in BR - BuildRequires and Requires entries can be listed one-by-one, is easier to read for reviewers - coreutils not needed in BR. see http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2 - not think there is the need to call to: /sbin/ldconfig openssl in Requires(post) and /sbin/ldconfig in Requires(postun) - the code is using hardcode specific library paths when linking binaries /usr/sbin/csprngd ['/usr/lib64'] see http://fedoraproject.org/wiki/Packaging/Guidelines#Beware_of_Rpath use %configure sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool see http://fedoraproject.org/wiki/Packaging:Guidelines#Removing_Rpath - Don't use the macros: %{__rm} %{__install} such macros are deprecated and shouldn't be used anymore, see http://fedoraproject.org/wiki/Packaging:Guidelines#Macros https://bugzilla.redhat.com/show_bug.cgi?id=669311#c14 - Please be consistent in the use of the macros $RPM_BUILD_ROOT or %{buildroot}, choose one of two - Specify if you want to ship your package to EPEL5 , otherwise please remove * BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) see https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#BuildRoot_tag * rm -rf %{buildroot} after %install * The section %clean see http://fedoraproject.org/wiki/Packaging:Guidelines#.25clean * and the %defattr(-, root, root, -) in %files see http://fedoraproject.org/wiki/Packaging:Guidelines#File_Permissions the output of licensecheck is: GPL (v3.1) -- /var/lib/mock/fedora-17-x86_64/root/builddir/build/BUILD/csprng-1.1.1/src/cpuid-43.h GPL (v3 or later) - /var/lib/mock/fedora-17-x86_64/root/builddir/build/BUILD/csprng-1.1.1/utils/csprngd.c Unknown or generated /var/lib/mock/fedora-17-x86_64/root/builddir/build/BUILD/csprng-1.1.1/man/create_from_help_message.sh MIT/X11 (BSD like) -- /var/lib/mock/fedora-17-x86_64/root/builddir/build/BUILD/csprng-1.1.1/src/QRBG.h ISC GPL (v3 or later) - /var/lib/mock/fedora-17-x86_64/root/builddir/build/BUILD/csprng-1.1.1/include/cs: In my experience, when there are many licenses involved in the upstream source files and these licenses do not apply to your own source, is clear indication that may contain bundled libs or bundled files See https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries Since you are the developer of upstream, tell me if this is so in case the header or source file is in Fedora patch the Makefile to build against them, otherwise build the devel package containing these files. fixed these points, I'll do the formal review Best Regards -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=w8oIxF0IJOa=cc_unsubscribe ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review