Spec URL: http://glua.ua.pt/~rmatos/seahorse-sharing.spec SRPM URL: http://glua.ua.pt/~rmatos/seahorse-sharing-3.2.1-1.fc16.src.rpm http://koji.fedoraproject.org/koji/taskinfo?taskID=3858614 This was split out of the main seahorse package upstream. Please review.
Hi, a few comments : - %{_datadir}/pixmaps/seahorse/*/seahorse-share-keys.* this will create unowned directory, this should be corrected ( I think ) - there is libegg bundled, and so this requires to have a specific provides : https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Packages_granted_exceptions -
Thanks for the review! (In reply to comment #1) > - %{_datadir}/pixmaps/seahorse/*/seahorse-share-keys.* > this will create unowned directory, this should be corrected ( I think ) Should be fixed now. > - there is libegg bundled, and so this requires to have a specific provides : > > https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Packages_granted_exceptions Does this make sense when there's no "official" libegg.so on the filesystem provided by any package? Consumers of this library usually just use some files from it and statically link them into their binaries. From a quick glance at both evince.spec and eog.spec neither lists this bundled(egglib) Provides although both use libegg files. I also updated to the latest release: Spec URL: http://glua.ua.pt/~rmatos/seahorse-sharing.spec SRPM URL: http://glua.ua.pt/~rmatos/seahorse-sharing-3.3.92-1.fc16.src.rpm http://koji.fedoraproject.org/koji/taskinfo?taskID=3910422
I think the goal is to be able to see where we should push fixes if there is a security issue with libegg. And I think that both evince and eog where in the repository long before this policy have been created, so I guess no one spotted it before. And indeed, that's because this is statically linked that there is a exception for the policy.
Yeah, I don't think we have any bundled() provides in desktop packages, currently. So why not make a start here ?
Ok, here it is, updated to the latest upstream as well: Spec URL: http://glua.ua.pt/~rmatos/seahorse-sharing.spec SRPM URL: http://glua.ua.pt/~rmatos/seahorse-sharing-3.4.0-1.fc17.src.rpm http://koji.fedoraproject.org/koji/taskinfo?taskID=3936205
Package Review ============== Key: - = N/A x = Pass ! = Fail ? = Not evaluated ==== C/C++ ==== [x]: MUST Header files in -devel subpackage, if present. [x]: MUST Package does not contain any libtool archives (.la) [x]: MUST Package does not contain kernel modules. [x]: MUST Package contains no static executables. [x]: MUST Rpath absent or only used for internal libs. [x]: MUST Package is not relocatable. ==== Generic ==== [x]: MUST Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: MUST Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: MUST %build honors applicable compiler flags or justifies otherwise. [x]: MUST All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: MUST Buildroot is not present Note: Unless packager wants to package for EPEL5 this is fine [x]: MUST Package contains no bundled libraries. [x]: MUST Changelog in prescribed format. [x]: MUST Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) Note: Clean would be needed if support for EPEL is required [x]: MUST Sources contain only permissible code or content. [x]: MUST Each %files section contains %defattr if rpm < 4.4 Note: Note: defattr macros not found. They would be needed for EPEL5 [x]: MUST Macros in Summary, %description expandable at SRPM build time. [x]: MUST Package contains a properly installed %{name}.desktop using desktop- file-install file if it is a GUI application. [x]: MUST Package requires other packages for directories it uses. [x]: MUST Package uses nothing in %doc for runtime. [x]: MUST Package is not known to require ExcludeArch. [x]: MUST Permissions on files are set properly. [x]: MUST Package does not contain duplicates in %files. [x]: MUST Spec file lacks Packager, Vendor, PreReq tags. [x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. Note: rm -rf would be needed if support for EPEL5 is required [x]: MUST Large documentation files are in a -doc subpackage, if required. [x]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: MUST License field in the package spec file matches the actual license. [x]: MUST The spec file handles locales properly. [x]: MUST Package consistently uses macros (instead of hard-coded directory names). [x]: MUST Package is named according to the Package Naming Guidelines. [x]: MUST Package does not generate any conflict. [x]: MUST Package obeys FHS, except libexecdir and /usr/target. [x]: MUST Package must own all directories that it creates. [x]: MUST Package does not own files or directories owned by other packages. [x]: MUST Package installs properly. [x]: MUST Requires correct, justified where necessary. [!]: MUST Rpmlint output is silent. rpmlint seahorse-sharing-3.4.0-1.fc18.i686.rpm seahorse-sharing.i686: W: obsolete-not-provided seahorse seahorse-sharing.i686: W: non-conffile-in-etc /etc/xdg/autostart/seahorse-sharing.desktop seahorse-sharing.i686: E: incorrect-fsf-address /usr/share/doc/seahorse-sharing-3.4.0/COPYING 1 packages and 0 specfiles checked; 1 errors, 2 warnings. rpmlint seahorse-sharing-debuginfo-3.4.0-1.fc18.i686.rpm seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-hkp-server.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-sharing.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-daemon.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-unix-signal.h seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/libegg/eggdesktopfile.h seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-unix-signal.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-daemon.h seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/libegg/eggdesktopfile.c 1 packages and 0 specfiles checked; 8 errors, 0 warnings. rpmlint seahorse-sharing-3.4.0-1.fc18.src.rpm seahorse-sharing.src:11: W: unversioned-explicit-provides bundled(egglib) 1 packages and 0 specfiles checked; 0 errors, 1 warnings. [x]: MUST Sources used to build the package match the upstream source, as provided in the spec URL. /tmp/800526/seahorse-sharing-3.4.0.tar.xz : MD5SUM this package : 6f5dac5fbf4ef064ccb48469663b5fe2 MD5SUM upstream package : 6f5dac5fbf4ef064ccb48469663b5fe2 [x]: MUST Spec file is legible and written in American English. [x]: MUST Spec file name must match the spec package %{name}, in the format %{name}.spec. [-]: MUST Package contains a SysV-style init script if in need of one. [x]: MUST File names are valid UTF-8. [x]: MUST Useful -debuginfo package or justification otherwise. [x]: SHOULD Reviewer should test that the package builds in mock. [x]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: SHOULD Dist tag is present. [x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [x]: SHOULD Package functions as described. [x]: SHOULD Latest version is packaged. [x]: SHOULD Package does not include license text files separate from upstream. [x]: SHOULD SourceX is a working URL. [-]: SHOULD Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: SHOULD Package should compile and build into binary rpms on all supported architectures. [-]: SHOULD %check is present and all tests pass. [x]: SHOULD Packages should try to preserve timestamps of original installed files. [x]: SHOULD Spec use %global instead of %define. Issues: [!]: MUST Rpmlint output is silent. rpmlint seahorse-sharing-3.4.0-1.fc18.i686.rpm seahorse-sharing.i686: W: obsolete-not-provided seahorse seahorse-sharing.i686: W: non-conffile-in-etc /etc/xdg/autostart/seahorse-sharing.desktop seahorse-sharing.i686: E: incorrect-fsf-address /usr/share/doc/seahorse-sharing-3.4.0/COPYING 1 packages and 0 specfiles checked; 1 errors, 2 warnings. rpmlint seahorse-sharing-debuginfo-3.4.0-1.fc18.i686.rpm seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-hkp-server.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-sharing.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-daemon.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-unix-signal.h seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/libegg/eggdesktopfile.h seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-unix-signal.c seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/daemon/seahorse-daemon.h seahorse-sharing-debuginfo.i686: E: incorrect-fsf-address /usr/src/debug/seahorse-sharing-3.4.0/libegg/eggdesktopfile.c 1 packages and 0 specfiles checked; 8 errors, 0 warnings. rpmlint seahorse-sharing-3.4.0-1.fc18.src.rpm seahorse-sharing.src:11: W: unversioned-explicit-provides bundled(egglib) 1 packages and 0 specfiles checked; 0 errors, 1 warnings. See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint Generated by fedora-review 0.1.3 External plugins: So the rpmlint warning are either normal ( ie, obsolete without conflict is the thing to do, I think ), or something that should be corrected upstream ( the FSF address ), or just wrong ( ie, /etc/xdg/autostart, maybe this should be moved to /usr/lib, like what is done with systemd ). So the package is good to go.
New Package SCM Request ======================= Package Name: seahorse-sharing Short Description: Sharing of PGP public keys via DNS-SD and HKP Owners: rtcm Branches: f17 InitialCC:
Git done (by process-git-requests).
seahorse-sharing-3.4.0-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/seahorse-sharing-3.4.0-1.fc17
seahorse-sharing-3.4.0-1.fc17 has been pushed to the Fedora 17 testing repository.
I am pretty uncomfortable seeing Obsoletes: seahorse < 3.1.4 in this spec file. What this does on upgrades is removing seahorse and installing seahorse-sharing instead. Is this behaviour intended?
From what I understand, if I have the old seahorse, and if I install the new seahorse-sharing , it will remove the old seahorse, that's all. If I do a upgrade from one fedora version to another one, it should also install a new seahorse, and so the Obsoletes should not apply on it. But I do not know enough yum to be sure
(In reply to comment #12) > From what I understand, if I have the old seahorse, and if I install the new > seahorse-sharing , it will remove the old seahorse, that's all. Exactly, and this will also happen on package update: seahorse gets removed and replaced with seahorse-sharing. Yum has a nice wiki page that describes behaviour with Obsoletes: http://yum.baseurl.org/wiki/YumPackageUpdates If we consider a system with seahorse-3.0.0-1.fc15 installed and a repo with seahorse-3.4.0-1.fc17 and seahorse-sharing-3.4.0-1.fc17 available, there are 3 different ways to do the upgrade: a) Installed: seahorse-3.0.0-1.fc15 After distro update: seahorse-3.4.0-1.fc17 b) Installed: seahorse-3.0.0-1.fc15 After distro update: seahorse-3.4.0-1.fc17 seahorse-sharing-3.4.0-1.fc17 c) Installed: seahorse-3.0.0-1.fc15 After distro update: seahorse-sharing-3.4.0-1.fc17 Which one of these is desired here? What currently happens with the way Obsoletes are used in this package is option (c).
If we want A, that's indeed incorrect. But since the feature was present in seahorse before, I assume that's B. According to the page you gave, this should requires adding Obsoletes to seahorse and seahorse-sharing is correct. So i think a new bug should be opened against seahorse for that.
Yes, I agree, adding self-obsoletes to seahorse sounds like the right thing to do here.
seahorse-sharing-3.4.0-1.fc17 has been pushed to the Fedora 17 stable repository.
Added the self-obsoletes in seahorse-3.4.0-2.fc17: http://pkgs.fedoraproject.org/gitweb/?p=seahorse.git;a=commit;h=7b450ab5