Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Aug 2012 09:42:02 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Aleksey's daily status report #13

Aleksey, Frank -

On Mon, Aug 20, 2012 at 03:14:51AM +0400, Aleksey Cherepanov wrote:
> For two days...
> 
> Done
> 
> - .debs are finished
> - .rpms are finished
>   Ugh... %-)

This would be good if it were true, but from what you wrote below you're
merely repackaging previously built binaries.  Frank - did you approve
this sort of thing (and I missed it)?

Do the resulting packages have proper dependencies on the libraries?
For example, what happens when you try to install them on a system
without Qt installed?

> Observations and problems
> 
> - Fedora gives "..." in "Passwords" label
> always under gnome3 fallback mode(?)

I've seen it on other distros as well (openSUSE, Ubuntu), when testing
older versions of Johnny - talking to my X server over SSH port
forwarding.  I think it's not dependent on what distro Johnny runs on,
but rather what distro (fonts) the X server runs on.  Yet you need to
fix it in Johnny somehow.

>   Frank, do you see it? Is it important?

I saw it almost(?) every time before, and it is moderately important.

> - all Fedora, Mageia and OpenSUSE uses different doc pathes
>   On Fedora it is /usr/share/doc/<name>-<version>
>   On Mageia       /usr/share/doc/<name>
>   On OpenSUSE     /usr/share/doc/packages/<name>
>   And as I understand rpm does not provide a way to alter this path
>   during installation easily. This path is hardcoded into rpm during
>   its creation.

I think we may choose to ignore this - e.g., support
/usr/share/doc/<name> only.

>   I attached .spec file. Despite its name it is suitable for both x86
>   and x86_64.
> 
>   Should I put it on the wiki and make an instruction how to build rpm
>   for other distributions? (Should I add automatic download of
>   tarballs?) Or maybe should I provide explanation on differences
>   between .rpms so user could choose right prebuit one? Is it
>   important at all?
> 
> - my .spec file just repackages tarball from wiki
>   i.e. it could not build rpm for other architectures

Ouch.

Normally, your .spec file should be building the thing from source, and
it should be located in the same tree/tarball with sources.  Ditto for
the files needed to build .deb's - they're part of Johnny source code.
Please see how some other programs include this sort of things in their
source code release tarballs.

The pre-built binaries hack that you used is common for proprietary
software, but why use it for Johnny?

When a .spec file is properly included inside a source tarball, then
RPMs may be built by running simply "rpmbuild -tb programsources.tar".
Try it on passwdqc, for example.  passwdqc's INSTALL includes this:

---
Alternatively, on a Red Hat'ish Linux system and under an account
configured to build RPM packages (perhaps with ~/.rpmmacros specifying
the proper pathnames for %_topdir, %_tmppath, and %buildroot), you may
build RPM packages by running "rpmbuild -tb passwdqc-1.2.2.tar.gz", then
install the two binary subpackages with "rpm -Uvh passwdqc*-1.2.2*.rpm".
This works due to the RPM spec file included in the tarball.
---

Also take a look at Owl's native/Owl/packages/rpm/rpminit script.

> - Fedora uses i386 name for x86 while Mageia and OpenSUSE use i586
>   My .spec uses it. So it may not work out of the box on some x86
>   distros.

RPM recognizes all of i386 through i686 (and more) on all relevant distros.
However, your binaries should not require a CPU greater than what the
filename says.  I guess you prebuilt these for i386?  If so, any
specified i?86 arch is OK, but i386 specifically is best.

In practice, everyone is going to have an i686 capable CPU anyway.

> Name:           johnny
> Version:        1.1.2
...

Maybe take a look at Owl's doc/CONVENTIONS and some of the .spec files
in Owl and try to follow the same conventions?

> %ifarch i386 i586

%ifarch %ix86

> Group: Applications/System

If you really want to support different distros according to their
conventions, then this Group will differ by distro.

> John the Ripper is a tool designed to help systems administrators to
> find weak (easy to guess or crack through brute force) passwords, and
> even automatically mail users warning them about it, if it is desired.

BTW, I deliberately never use the ambiguous term "brute force" in John
the Ripper documentation.

> %ifarch i386 i586

%ifarch %ix86

> %ifnarch i386 i586 x86_64

%ifnarch %ix86 x86_64

> %files

Specify:

%defattr(-,root,root)

right after %files.  Otherwise, the packaged files stay owned by
whatever user built the package (and you don't want to be building
packages as root).

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ