Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120820180211.GB10426@debian>
Date: Mon, 20 Aug 2012 22:02:11 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Aleksey's daily status report #13

On Mon, Aug 20, 2012 at 09:42:02AM +0400, Solar Designer wrote:
> On Mon, Aug 20, 2012 at 03:14:51AM +0400, Aleksey Cherepanov wrote:
> > - all Fedora, Mageia and OpenSUSE uses different doc pathes
> >   On Fedora it is /usr/share/doc/<name>-<version>
> >   On Mageia       /usr/share/doc/<name>
> >   On OpenSUSE     /usr/share/doc/packages/<name>
> >   And as I understand rpm does not provide a way to alter this path
> >   during installation easily. This path is hardcoded into rpm during
> >   its creation.
> 
> I think we may choose to ignore this - e.g., support
> /usr/share/doc/<name> only.

Ok. I'll keep only mageia's rpm.

BTW Owl uses /usr/share/doc/<name>-<version>

> >   I attached .spec file. Despite its name it is suitable for both x86
> >   and x86_64.
> > 
> >   Should I put it on the wiki and make an instruction how to build rpm
> >   for other distributions? (Should I add automatic download of
> >   tarballs?) Or maybe should I provide explanation on differences
> >   between .rpms so user could choose right prebuit one? Is it
> >   important at all?
> > 
> > - my .spec file just repackages tarball from wiki
> >   i.e. it could not build rpm for other architectures
> 
> Ouch.
> 
> Normally, your .spec file should be building the thing from source, and
> it should be located in the same tree/tarball with sources.  Ditto for
> the files needed to build .deb's - they're part of Johnny source code.

.deb control file is not in the tree yet.

> Please see how some other programs include this sort of things in their
> source code release tarballs.

Ok.

> The pre-built binaries hack that you used is common for proprietary
> software, but why use it for Johnny?

I prefer right (even perfect) ways. But now this dirty, limited, ugly
hack looks good because
- it is easy and short,
- I know possible problems with builddeps (e.g. qmake vs q4make),
- it is a straightforward way to get right rpm from good binaries,
- it suits my needs because I aim to provide good rpms for most users
(who need prebuilt binary packages) in quite short time.

Testing binaries I found a border between qt 4.6 and qt 4.7: johnny
linked against qt 4.7 does not work with qt 4.6 runtime but johnny
linked qt 4.6 works with all qt 4.6, 4.7 and 4.8 (it seems to be a
well known problem on the Internet). So I considered to use prebuilt
binaries from debian.

I do not intend to keep things so. Due to qt's 4.6/4.7 problem it may
be useful to keep current .spec but as an addition to the right .spec.
So I plan to make right .spec file (probably for next release).

The same affects .deb packages. I plan to make src .deb too.
(Currently I package it from prebuilt binaries too).

> When a .spec file is properly included inside a source tarball, then
> RPMs may be built by running simply "rpmbuild -tb programsources.tar".
> Try it on passwdqc, for example.  passwdqc's INSTALL includes this:
> 
> ---
> Alternatively, on a Red Hat'ish Linux system and under an account
> configured to build RPM packages (perhaps with ~/.rpmmacros specifying
> the proper pathnames for %_topdir, %_tmppath, and %buildroot), you may
> build RPM packages by running "rpmbuild -tb passwdqc-1.2.2.tar.gz", then
> install the two binary subpackages with "rpm -Uvh passwdqc*-1.2.2*.rpm".
> This works due to the RPM spec file included in the tarball.
> ---

I saw -tb option. It is nice. I'll satisfy its needs (later).

> Also take a look at Owl's native/Owl/packages/rpm/rpminit script.
> 
> > - Fedora uses i386 name for x86 while Mageia and OpenSUSE use i586
> >   My .spec uses it. So it may not work out of the box on some x86
> >   distros.
> 
> RPM recognizes all of i386 through i686 (and more) on all relevant distros.
> However, your binaries should not require a CPU greater than what the
> filename says.  I guess you prebuilt these for i386?  If so, any
> specified i?86 arch is OK, but i386 specifically is best.
> 
> In practice, everyone is going to have an i686 capable CPU anyway.
> 
> > Name:           johnny
> > Version:        1.1.2
> ...
> 
> Maybe take a look at Owl's doc/CONVENTIONS and some of the .spec files
> in Owl and try to follow the same conventions?
> 
> > %ifarch i386 i586
> 
> %ifarch %ix86

I tried. It works well.

> > Group: Applications/System
> 
> If you really want to support different distros according to their
> conventions, then this Group will differ by distro.

I looked into doc/rpm/GROUPS on fedora, mageia, opensuse and owl, all
of them have such group. Though it does not mean that all distros have
it.

I saw in Fedora's guide about packaging that starting from Fedora 17
tag "Group" is deprecated.

> > John the Ripper is a tool designed to help systems administrators to
> > find weak (easy to guess or crack through brute force) passwords, and
> > even automatically mail users warning them about it, if it is desired.
> 
> BTW, I deliberately never use the ambiguous term "brute force" in John
> the Ripper documentation.

I got this paragraph from Debian's description. I'll replace it with
better one.

> > %files
> 
> Specify:
> 
> %defattr(-,root,root)
> 
> right after %files.  Otherwise, the packaged files stay owned by
> whatever user built the package (and you don't want to be building
> packages as root).

I do not build packages as root but they have proper uid and gid
without this line under mageia, fedora and opensuse. I guess it is
needed by others though.

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.