Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 825593 - Review Request: bkhive - Dump the syskey bootkey from a Windows system hive
Summary: Review Request: bkhive - Dump the syskey bootkey from a Windows system hive
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fabian Affolter
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-SECLAB
TreeView+ depends on / blocked
 
Reported: 2012-05-28 01:53 UTC by Michal Ambroz
Modified: 2019-10-20 13:52 UTC (History)
4 users (show)

Fixed In Version: bkhive-1.1.1-8.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-26 00:24:34 UTC
Type: ---
Embargoed:
mail: fedora-review+


Attachments (Terms of Use)

Description Michal Ambroz 2012-05-28 01:53:45 UTC
Spec URL: http://rebus.fedorapeople.org/SPECS/bkhive.spec
SRPM URL: http://rebus.fedorapeople.org/SRPMS/bkhive-1.1.1-1.fc17.src.rpm
Fedora Account System Username: rebus

Description: 
This tool is designed to recover the syskey bootkey from a Windows NT/2K/XP
system hive. Then we can decrypt the SAM file with the syskey and dump
password hashes.

Syskey is a Windows feature that adds an additional encryption layer to the
password hashes stored in the SAM database.


=========== rpmlint ==================
# Only spelling errors caused by specific terminology

$ rpmlint SRPMS/bkhive-1.1.1-1.fc17.src.rpm RPMS/x86_64/bkhive-1.1.1-1.fc17.x86_64.rpm RPMS/x86_64/bkhive-debuginfo-1.1.1-1.fc17.x86_64.rpm
bkhive.src: W: spelling-error Summary(en_US) syskey -> passkey
bkhive.src: W: spelling-error Summary(en_US) bootkey -> boot key, boot-key, bootee
bkhive.src: W: spelling-error %description -l en_US syskey -> passkey
bkhive.src: W: spelling-error %description -l en_US bootkey -> boot key, boot-key, bootee
bkhive.src: W: spelling-error %description -l en_US decrypt -> decry pt, decry-pt, decry
bkhive.src: W: spelling-error %description -l en_US Syskey -> Passkey
bkhive.x86_64: W: spelling-error Summary(en_US) syskey -> passkey
bkhive.x86_64: W: spelling-error Summary(en_US) bootkey -> boot key, boot-key, bootee
bkhive.x86_64: W: spelling-error %description -l en_US syskey -> passkey
bkhive.x86_64: W: spelling-error %description -l en_US bootkey -> boot key, boot-key, bootee
bkhive.x86_64: W: spelling-error %description -l en_US decrypt -> decry pt, decry-pt, decry
bkhive.x86_64: W: spelling-error %description -l en_US Syskey -> Passkey
3 packages and 0 specfiles checked; 0 errors, 12 warnings.


=========== KOJI ===================
$ koji build --scratch dist-rawhide  ../SRPMS/bkhive-1.1.1-1.fc17.src.rpm 
Uploading srpm: ../SRPMS/bkhive-1.1.1-1.fc17.src.rpm
[====================================] 100% 00:00:01  19.69 KiB  18.52 KiB/sec
Created task: 4109398
Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=4109398
Watching tasks (this may be safely interrupted)...
4109398 build (dist-rawhide, bkhive-1.1.1-1.fc17.src.rpm): free
4109398 build (dist-rawhide, bkhive-1.1.1-1.fc17.src.rpm): free -> open (x86-14.phx2.fedoraproject.org)
  4109400 buildArch (bkhive-1.1.1-1.fc17.src.rpm, i686): open (x86-07.phx2.fedoraproject.org)
  4109399 buildArch (bkhive-1.1.1-1.fc17.src.rpm, x86_64): open (x86-04.phx2.fedoraproject.org)
  4109399 buildArch (bkhive-1.1.1-1.fc17.src.rpm, x86_64): open (x86-04.phx2.fedoraproject.org) -> closed
  0 free  2 open  1 done  0 failed
  4109400 buildArch (bkhive-1.1.1-1.fc17.src.rpm, i686): open (x86-07.phx2.fedoraproject.org) -> closed
  0 free  1 open  2 done  0 failed
4109398 build (dist-rawhide, bkhive-1.1.1-1.fc17.src.rpm): open (x86-14.phx2.fedoraproject.org) -> closed
  0 free  0 open  3 done  0 failed

4109398 build (dist-rawhide, bkhive-1.1.1-1.fc17.src.rpm) completed successfully

Comment 1 Fabian Affolter 2012-06-25 19:03:34 UTC
Package Review
==============

Key:
- = N/A
x = Pass
! = Fail
? = Not evaluated



==== C/C++ ====
[x]: MUST Header files in -devel subpackage, if present.
[x]: MUST Package does not contain any libtool archives (.la)
[x]: MUST Package does not contain kernel modules.
[x]: MUST Package contains no static executables.
[x]: MUST Rpath absent or only used for internal libs.
[x]: MUST Package is not relocatable.


==== Generic ====
[x]: MUST Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: MUST Package successfully compiles and builds into binary rpms on at
     least one supported primary architecture.
[x]: MUST %build honors applicable compiler flags or justifies otherwise.
[x]: MUST All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: MUST Buildroot is not present
     Note: Unless packager wants to package for EPEL5 this is fine
[x]: MUST Package contains no bundled libraries.
[x]: MUST Changelog in prescribed format.
[x]: MUST Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: Clean would be needed if support for EPEL is required
[x]: MUST Sources contain only permissible code or content.
[x]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: Note: defattr macros not found. They would be needed for EPEL5
[x]: MUST Macros in Summary, %description expandable at SRPM build time.
[x]: MUST Package requires other packages for directories it uses.
[x]: MUST Package uses nothing in %doc for runtime.
[x]: MUST Package is not known to require ExcludeArch.
[x]: MUST Permissions on files are set properly.
[x]: MUST Package does not contain duplicates in %files.
[x]: MUST Spec file lacks Packager, Vendor, PreReq tags.
[!]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf is only needed if supporting EPEL5
[-]: MUST Large documentation files are in a -doc subpackage, if required.
[x]: MUST If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %doc.
[!]: MUST License field in the package spec file matches the actual license.
[x]: MUST Package consistently uses macros (instead of hard-coded directory
     names).
[x]: MUST Package is named according to the Package Naming Guidelines.
[x]: MUST Package does not generate any conflict.
[x]: MUST Package obeys FHS, except libexecdir and /usr/target.
[x]: MUST Package must own all directories that it creates.
[x]: MUST Package does not own files or directories owned by other packages.
[x]: MUST Package installs properly.
[x]: MUST Requires correct, justified where necessary.
[!]: MUST Rpmlint output is silent.

rpmlint bkhive-debuginfo-1.1.1-1.fc18.i686.rpm

1 packages and 0 specfiles checked; 0 errors, 0 warnings.


rpmlint bkhive-1.1.1-1.fc18.src.rpm

bkhive.src: W: spelling-error Summary(en_US) syskey -> passkey
bkhive.src: W: spelling-error Summary(en_US) bootkey -> boot key, boot-key, bootee
bkhive.src: W: spelling-error %description -l en_US syskey -> passkey
bkhive.src: W: spelling-error %description -l en_US bootkey -> boot key, boot-key, bootee
bkhive.src: W: spelling-error %description -l en_US decrypt -> decry pt, decry-pt, decry
bkhive.src: W: spelling-error %description -l en_US Syskey -> Passkey
1 packages and 0 specfiles checked; 0 errors, 6 warnings.


rpmlint bkhive-1.1.1-1.fc18.i686.rpm

bkhive.i686: W: spelling-error Summary(en_US) syskey -> passkey
bkhive.i686: W: spelling-error Summary(en_US) bootkey -> boot key, boot-key, bootee
bkhive.i686: W: spelling-error %description -l en_US syskey -> passkey
bkhive.i686: W: spelling-error %description -l en_US bootkey -> boot key, boot-key, bootee
bkhive.i686: W: spelling-error %description -l en_US decrypt -> decry pt, decry-pt, decry
bkhive.i686: W: spelling-error %description -l en_US Syskey -> Passkey
1 packages and 0 specfiles checked; 0 errors, 6 warnings.


[x]: MUST Sources used to build the package match the upstream source, as
     provided in the spec URL.
/home/fab/reviews/825593/bkhive-1.1.1.tar.gz :
  MD5SUM this package     : bb5e076f3051c60331a7831b6c11719d
  MD5SUM upstream package : bb5e076f3051c60331a7831b6c11719d

[x]: MUST Spec file is legible and written in American English.
[x]: MUST Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[-]: MUST Package contains a SysV-style init script if in need of one.
[x]: MUST File names are valid UTF-8.
[x]: MUST Useful -debuginfo package or justification otherwise.
[x]: SHOULD Reviewer should test that the package builds in mock.
[-]: SHOULD If the source package does not include license text(s) as a
     separate file from upstream, the packager SHOULD query upstream to
     include it.
[x]: SHOULD Dist tag is present.
[x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin,
     /usr/sbin.
[x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[x]: SHOULD Package functions as described.
[x]: SHOULD Latest version is packaged.
[x]: SHOULD Package does not include license text files separate from
     upstream.
[x]: SHOULD Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[!]: SHOULD SourceX / PatchY prefixed with %{name}.
     Note: Patch0: bkhive-install.patch (bkhive-install.patch)
[x]: SHOULD SourceX is a working URL.
[-]: SHOULD Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: SHOULD Package should compile and build into binary rpms on all supported
     architectures.
[-]: SHOULD %check is present and all tests pass.
[x]: SHOULD Packages should try to preserve timestamps of original installed
     files.
[x]: SHOULD Spec use %global instead of %define.

Issues:

[!]: MUST License field in the package spec file matches the actual license.
    Spec file: GPLv2
    [fab@laptop11 SOURCES]$ licensecheck bkhive-1.1.1
    bkhive-1.1.1/hive.h: GPL (v2 or later) 
    bkhive-1.1.1/bkhive.c: GPL (v2 or later) 
    bkhive-1.1.1/hive.c: GPL (v2 or later)

[!]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf is only needed if supporting EPEL5
[!]: MUST Rpmlint output is silent.
[!]: SHOULD SourceX / PatchY prefixed with %{name}.
     Note: Patch0: bkhive-install.patch (bkhive-install.patch)

Comment 2 Michal Ambroz 2012-06-25 23:02:13 UTC
Hello Fabian, 
thank you for taking the review.

1) [!]: MUST License field in the package spec file matches the actual license.
Thanks for spotting ... fixed to GPLv2+

2) [!]: MUST License field in the package spec file matches the actual license.
I do plan to support EPEL as well

3) [!]: MUST Rpmlint output is silent.
rpmlint contains only warnings because the terminology is not known to the dictionay - bootkey, syskey, decrypt - all should be where they are

4) [!]: SHOULD SourceX / PatchY prefixed with %{name}.
Fixed - thank you

Spec URL: http://rebus.fedorapeople.org/SPECS/bkhive.spec
SRPM URL: http://rebus.fedorapeople.org/SRPMS/bkhive-1.1.1-2.fc17.src.rpm

Comment 3 Fabian Affolter 2012-07-15 10:15:45 UTC
(In reply to comment #2)
> 3) [!]: MUST Rpmlint output is silent.

Sorry I didn't make it clear that there is no further action needed.   

Package APPROVED.

Comment 4 Michal Ambroz 2012-08-03 01:30:44 UTC
Hello SCM team,
please can you create the package?

New Package CVS Request
=======================
Package Name: bkhive
Short Description: Dump the syskey bootkey from a Windows system hive
Owners: rebus
Branches: F17 F16 EL6 EL5

Thank you
Michal Ambroz

Comment 5 Gwyn Ciesla 2012-08-03 02:48:31 UTC
Git done (by process-git-requests).

Comment 6 Fedora Update System 2012-08-13 16:26:04 UTC
bkhive-1.1.1-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/bkhive-1.1.1-2.fc17

Comment 7 Fedora Update System 2012-08-13 16:26:17 UTC
bkhive-1.1.1-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/bkhive-1.1.1-4.el6

Comment 8 Fedora Update System 2012-08-13 16:26:26 UTC
bkhive-1.1.1-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/bkhive-1.1.1-2.fc16

Comment 9 Fedora Update System 2012-08-13 16:26:37 UTC
bkhive-1.1.1-4.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/bkhive-1.1.1-4.el5

Comment 10 Fedora Update System 2012-08-14 09:18:56 UTC
bkhive-1.1.1-2.fc17 has been pushed to the Fedora 17 testing repository.

Comment 11 Fedora Update System 2012-08-26 00:24:34 UTC
bkhive-1.1.1-2.fc16 has been pushed to the Fedora 16 stable repository.

Comment 12 Fedora Update System 2012-08-26 00:25:45 UTC
bkhive-1.1.1-2.fc17 has been pushed to the Fedora 17 stable repository.

Comment 13 Fedora Update System 2012-08-30 05:05:07 UTC
bkhive-1.1.1-4.el5 has been pushed to the Fedora EPEL 5 stable repository.

Comment 14 Fedora Update System 2012-08-30 05:06:04 UTC
bkhive-1.1.1-4.el6 has been pushed to the Fedora EPEL 6 stable repository.

Comment 15 Michal Ambroz 2014-09-23 17:45:54 UTC
Package Change Request
======================
Package Name: bkhive
New Branches: epel7
Owners: rebus

Hello SCM team,
plase can you add epel7 branch for the bkhive package?
Michal Ambroz

Comment 16 Gwyn Ciesla 2014-09-23 19:20:48 UTC
Branch exists.

Comment 17 Fedora Update System 2014-09-24 08:30:50 UTC
bkhive-1.1.1-8.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/bkhive-1.1.1-8.el7

Comment 18 Fedora Update System 2014-10-17 17:31:16 UTC
bkhive-1.1.1-8.el7 has been pushed to the Fedora EPEL 7 stable repository.


Note You need to log in before you can comment on or make changes to this bug.