https://bugzilla.redhat.com/show_bug.cgi?id=2182151 --- Comment #17 from Petr Pisar <ppisar@xxxxxxxxxx> --- URL is Ok. FIX: Source0 address is broken: $ spectool -g ../SPECS/ktls-utils.spec Downloading: https://github.com/oracle/ktls-utils/archive/v0.8/ktls-utils-0.8.tar.gz [...] HTTP request sent, awaiting response... 404 Not Found 2023-04-24 16:13:23 ERROR 404: Not Found. The address advertised by upstream is <https://github.com/oracle/ktls-utils/releases/download/ktls-utils-0.8/ktls-utils-0.8.tar.gz>. I don't know whether it's because of a git tag being "v0.8" while the release archive just "0.8" without "v", or it's a bug in %forgemeta macro. If you do not want to debug it, I recommend specifying Source0 address manually like this: Source0: %{forgeurl}/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz Source0 archive (SHA-512: 027824a8ffb42bf8b39ce8d8a83f8f3d0c3d2e6cd0c2867f622e04ce914f578767ce7803617fe922c44a5fb5e69636efc6c0fc1726be1a3852b41cb6ad7579eb) is original. Ok. Summary is Ok. Description verified in README. Ok. GPL-2.0-only license verified from configure.ac, autogen.sh, LICENSE.txt, src/tlshd/handshake.c, src/tlshd/config.c, src/tlshd/ktls.c, src/tlshd/tlshd.man, src/tlshd/main.c, src/tlshd/log.c, src/tlshd/tlshd.conf.man, src/tlshd/tlshd.conf, src/tlshd/netlink.c, src/tlshd/server.c, src/tlshd/client.c, src/tlshd/keyring.c, src/tlshd/tlshd.h, COPYING (a duplicate of LICENSE.txt). FIX: These licenses are missing from a License tag: GPL-2.0-only OR BSD-3-Clause: src/tlshd/netlink.h (Fedora ignores Linux-syscall-note "exception" <https://gitlab.com/fedora/legal/fedora-license-data/-/issues/198>). GPL-1.0-or-later: README.md. TODO: I believe a license declaration in REAMDE.md ("Released under the GNU GENERAL PUBLIC LICENSE") is an upstream's omission and that they rather intended "GNU GENERAL PUBLIC LICENSE version 2" there. Please report it to them. Licenses of nonpackaged files: FSFAP: INSTALL FSFUL: configure FSFULLRWD AND GPL-2.0-only: Makefile.in, src/Makefile.in, src/tlshd/Makefile.in, systemd/Makefile.in FSFULLR ANDF FSFULLRWD AND GPL-2.0-or-later WITH Autoconf-exception-generic: aclocal.m4 GPL-1.0-or-later: README GPL-2.0-only: Makefile.am, src/Makefile.am, src/tlshd/Makefile.am, systemd/Makefile.am GPL-2.0-or-later WITH Autoconf-exception-generic: compile, depcomp, missing X11: install-sh FIX: Build-require 'bash' (autogen.sh:1). TODO: Constrain 'autoconf' build dependency with '>= 2.69' (configure.ac:20). FIX: Build-require 'pkgconf-pkg-config >= 0.9.0' (configure.ac:49). TODO: Build-require 'pkgconfig(gnutls) >= 3.3.0' instead of 'gnutls-devel' (configure.ac:50). In Fedora we prefer depending on pkg-config modules over devel subpackages <https://docs.fedoraproject.org/en-US/packaging-guidelines/PkgConfigBuildRequires/>. TODO: Build-require 'pkgconfig(libkeyutils)' instead of 'keyutils-libs-devel' (configure.ac:53). TODO: Build-require 'pkgconfig(glib-2.0) >= 2.6' instead of 'glib2-devel' (configure.ac:56). TODO: Build-require 'pkgconfig(libnl-3.0) >= 3.1' instead of 'libnl3-devel' (configure.ac:59). FIX: Build-require 'coreutils' (systemd/Makefile.am:28). No tests, no %check section. Ok. TODO: Package AUTHORS and ChangeLog files with %doc macro. Systemd unit file, including the disabled default dependencies, is Ok. $ rpmlint ktls-utils.spec ../SRPMS/ktls-utils-0.8-1.fc39.src.rpm ../RPMS/x86_64/ktls-utils-* ======================================== rpmlint session starts ======================================= rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 5 ktls-utils.x86_64: W: crypto-policy-non-compliance-gnutls-1 /usr/sbin/tlshd gnutls_priority_set_direct ========= 4 packages and 1 specfiles checked; 0 errors, 1 warnings, 0 badness; has taken 0.3 s ======== FIX: The daemon does not respect distribution-wide crypto policies. It enables algorithms in tlshd_make_priorities_string() based on what Linux supported at build time of this package. Ideally the daemon should consult crypto policy <https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/> and only enable a disjunction of what Linux offers and what user-space crypto policy mandates. Please contact <security@xxxxxxxxxxxxxxxxxxxxxxx> for help. There is a possibility that Linux already does that in other way. Please get a crypto review from the security team on that mailing list. The package build in Fedora 39 (https://koji.fedoraproject.org/koji/taskinfo?taskID=100344410). Ok. $ rpm -q -lv -p ../RPMS/x86_64/ktls-utils-0.8-1.fc39.x86_64.rpm -rw-r--r-- 1 root root 1016 Apr 5 17:24 /etc/tlshd.conf drwxr-xr-x 2 root root 0 Apr 24 02:00 /usr/lib/.build-id drwxr-xr-x 2 root root 0 Apr 24 02:00 /usr/lib/.build-id/d8 lrwxrwxrwx 1 root root 26 Apr 24 02:00 /usr/lib/.build-id/d8/09e2707e2a4a7eb2335e8e605f7e05f9402d7a -> ../../../../usr/sbin/tlshd -rw-r--r-- 1 root root 226 Apr 24 02:00 /usr/lib/systemd/system/tlshd.service -rwxr-xr-x 1 root root 50440 Apr 24 02:00 /usr/sbin/tlshd drwxr-xr-x 2 root root 0 Apr 24 02:00 /usr/share/doc/ktls-utils -rw-r--r-- 1 root root 2140 Apr 5 17:24 /usr/share/doc/ktls-utils/README.md -rw-r--r-- 1 root root 1742 Apr 5 17:24 /usr/share/doc/ktls-utils/SECURITY.md drwxr-xr-x 2 root root 0 Apr 24 02:00 /usr/share/licenses/ktls-utils -rw-r--r-- 1 root root 17994 Apr 5 17:24 /usr/share/licenses/ktls-utils/COPYING -rw-r--r-- 1 root root 1420 Apr 5 17:24 /usr/share/man/man5/tlshd.conf.5.gz -rw-r--r-- 1 root root 1387 Apr 5 17:24 /usr/share/man/man8/tlshd.8.gz File layout and permission are Ok. $ rpm -q --requires -p ../RPMS/x86_64/ktls-utils-0.8-1.fc39.x86_64.rpm | sort -f | uniq -c 3 /bin/sh 1 config(ktls-utils) = 0.8-1.fc39 1 libc.so.6()(64bit) 1 libc.so.6(GLIBC_2.2.5)(64bit) 1 libc.so.6(GLIBC_2.3.4)(64bit) 1 libc.so.6(GLIBC_2.33)(64bit) 1 libc.so.6(GLIBC_2.34)(64bit) 1 libc.so.6(GLIBC_2.4)(64bit) 1 libglib-2.0.so.0()(64bit) 1 libgnutls.so.30()(64bit) 1 libgnutls.so.30(GNUTLS_3_4)(64bit) 1 libgnutls.so.30(GNUTLS_3_6_9)(64bit) 1 libgnutls.so.30(GNUTLS_3_7_3)(64bit) 1 libkeyutils.so.1()(64bit) 1 libkeyutils.so.1(KEYUTILS_0.3)(64bit) 1 libkeyutils.so.1(KEYUTILS_1.5)(64bit) 1 libnl-3.so.200()(64bit) 1 libnl-3.so.200(libnl_3)(64bit) 1 libnl-genl-3.so.200()(64bit) 1 libnl-genl-3.so.200(libnl_3)(64bit) 1 rpmlib(CompressedFileNames) <= 3.0.4-1 1 rpmlib(FileDigests) <= 4.6.0-1 1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 1 rpmlib(PayloadIsZstd) <= 5.4.18-1 1 rtld(GNU_HASH) Binary requires are Ok. $ rpm -q --provides -p ../RPMS/x86_64/ktls-utils-0.8-1.fc39.x86_64.rpm | sort -f | uniq -c 1 config(ktls-utils) = 0.8-1.fc39 1 ktls-utils = 0.8-1.fc39 1 ktls-utils(x86-64) = 0.8-1.fc39 Binary provides are Ok. $ resolvedeps rawhide ../RPMS/x86_64/ktls-utils-0.8-1.fc39.x86_64.rpm Binary dependencies are resolvable. Ok. Otherwise, this package is in line with Fedora packaging guidelines. Please correct all FIX items, consider fixing TODO items, and provide an updated spec file. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182151 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue