[Bug 2182151] Review Request: ktls-utils - TLS Handshake agent for kernel sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2182151



--- Comment #40 from Petr Pisar <ppisar@xxxxxxxxxx> ---
FIX: The ktls-utils-0.8.tar.gz archive (SHA512
9da04aa8cdbb34193cd26a7bb882bd7f02d4fc2c5065ff1088112057b6e14f3ab6a926356366ab7c0827693b90465d5bb398eb7c5ab722a19c1c7ac2279fd3d3)
from ktls-utils-0.8%5e20230516.gc60fab91ef83-1.fc39.src.rpm does not match the
upstream tar ball (SHA512:
027824a8ffb42bf8b39ce8d8a83f8f3d0c3d2e6cd0c2867f622e04ce914f578767ce7803617fe922c44a5fb5e69636efc6c0fc1726be1a3852b41cb6ad7579eb).

THIRD_PARTY_LICENSES is correctly unpackaged. No LGPL code exists in the
sources.
License tag is Ok.


Regarding the global crypto policy conformance, I have doubts about:

  pstring = strdup("SECURE256:+SECURE128:-COMP-ALL");

in tlshd_gnutls_priority_init(). Subsequent for-cycle with:

  pstring = tlshd_cipher_string_emit(pstring, ciphers[i]);

adds ciphersuits common to default GnuTLS set and Linux set. I worry that in
effect it means all 256-bit, all 128-bit suits and all the common suits. What
if the global policy excluded 128-bit suits?

$ rpmlint ktls-utils.spec
../SRPMS/ktls-utils-0.8^20230516.gc60fab91ef83-1.fc39.src.rpm
../RPMS/x86_64/ktls-utils-*
======================================== rpmlint session starts
=======================================
rpmlint: 2.4.0
configuration:
    /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
checks: 31, packages: 5

ktls-utils.spec:40: W: setup-not-quiet
ktls-utils.spec:40: W: setup-not-quiet
ktls-utils.x86_64: W: crypto-policy-non-compliance-gnutls-2 /usr/sbin/tlshd
gnutls_priority_init
========= 4 packages and 1 specfiles checked; 0 errors, 3 warnings, 0 badness;
has taken 0.3 s ========
rpmlint is Ok.
"setup-not-quiet" means that %autosetup lists unpacked files, which indeed does
not, but that's against RPM documentation
<https://rpm-software-management.github.io/rpm/manual/autosetup.html#autosetup-options>.
I guess it's a bug in current rpmbuild.

FIX: The package fails to build Fedora 39 on i686
(https://koji.fedoraproject.org/koji/taskinfo?taskID=101246895):

config.c:155:52: error: comparison of integer expressions of different
signedness: '__off_t' {aka 'long int'} and 'unsigned int'
[-Werror=sign-compare]
  155 |         if (statbuf.st_size < 0 || statbuf.st_size > UINT_MAX) {
      |                                                    ^

Please correct the FIX items and provide an updated spec file.
Then I will approve this package. I think the crypto policy details can be
improved later.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=2182151
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux