Bug 1172525
| Summary: | Review Request: zbackup - A versatile deduplicating backup tool | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Vladimir Stackov <amigo.elite> |
| Component: | Package Review | Assignee: | Mikolaj Izdebski <mizdebsk> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | mattdm, mizdebsk, package-review, zbyszek |
| Target Milestone: | --- | Flags: | mizdebsk:
fedora-review+
petersen: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | zbackup-1.4.1-1.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-01-01 08:53:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Vladimir Stackov
2014-12-10 10:01:48 UTC
It's best not to use temporary places like fpaste for spec files. If you don't have better place, attach it to this bug.
You can use mkdir to create a directory. '%{__install} -d' is a bit hard to read ;)
Also pushd is considered nicer than cd, because the path is printed to the log.
From line 17 remove everything except possibly protobuf, not sure about that one. Dependencies on libraries are added automatically.
Remove lines 38, 44, 45, 48, 49, and 6 too.
Remove line 40, and add -D to Line 42 instead.
Use %license for LICENSE instead of %doc.
In line 51, use %{name}.1.* instead of %{name}.1.gz, since the compression method might change at some point, no need to adjust the spec file for that.
Can't sponsor you, but otherwise looks OK.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #1) > It's best not to use temporary places like fpaste for spec files. If you > don't have better place, attach it to this bug. Spec URL: https://github.com/Am1GO/zbackup-rpm/blob/master/zbackup.spec SRPM URL: https://github.com/Am1GO/zbackup-rpm/blob/master/zbackup-1.3-2.fc20.src.rpm Build log: https://kojipkgs.fedoraproject.org//work/tasks/6555/8346555/build.log Build task: https://koji.fedoraproject.org/koji/taskinfo?taskID=8346553 > > You can use mkdir to create a directory. '%{__install} -d' is a bit hard to > read ;) Done. > Also pushd is considered nicer than cd, because the path is printed to the > log. Done. > > From line 17 remove everything except possibly protobuf, not sure about that > one. Dependencies on libraries are added automatically. Done. BTW protobuf doesn't need to be specified too (I've checked deps of rpm). > > Remove lines 38, 44, 45, 48, 49, and 6 too. Done all except 49 because if I remove 49 then rpmbuild will report "unpackaged file" error. Probably you mean to remove "%attr(755,root,root)" macros - it was done. > > Remove line 40, and add -D to Line 42 instead. Done. > > Use %license for LICENSE instead of %doc. Done. > > In line 51, use %{name}.1.* instead of %{name}.1.gz, since the compression > method might change at some point, no need to adjust the spec file for that. Done. > > Can't sponsor you, but otherwise looks OK. I've also added build scenario for tartool (it was supplementary util). Looks good. You might want to consider adding %global _hardened_build 1, since the program processes untrusted input (http://fedoraproject.org/wiki/Packaging:Guidelines#PIE). You probably should do a few informal reviews of packages (like this one), this is required to become a packager. (In reply to Zbigniew Jędrzejewski-Szmek from comment #3) > Looks good. > > You might want to consider adding %global _hardened_build 1, > since the program processes untrusted input > (http://fedoraproject.org/wiki/Packaging:Guidelines#PIE). Done. SPEC URL: https://raw.githubusercontent.com/Am1GO/zbackup-rpm/master/zbackup.spec SRPM URL: https://github.com/Am1GO/zbackup-rpm/raw/master/zbackup-1.3-3.fc20.src.rpm Build task: https://koji.fedoraproject.org/koji/taskinfo?taskID=8359513 > > You probably should do a few informal reviews of packages (like this one), > this is required to become a packager. Thank you for you suggestion! I'll do it ASAP. For that moment, I've done preliminary reviews over following requests: https://bugzilla.redhat.com/show_bug.cgi?id=1150054 https://bugzilla.redhat.com/show_bug.cgi?id=1150566 https://bugzilla.redhat.com/show_bug.cgi?id=1174290 I'll update this list ASAP. Additional reviews: https://bugzilla.redhat.com/show_bug.cgi?id=1142407 https://bugzilla.redhat.com/show_bug.cgi?id=1168692 https://bugzilla.redhat.com/show_bug.cgi?id=1160671 https://bugzilla.redhat.com/show_bug.cgi?id=1129429 If someone could advice me something that could increase "review speed" I'll much appreciate this. Poring over the spec file, sources, and resulting RPMS is still required, unless we develop an AI to do it ;). There are automated tools, which catch some more errors, but yield many false positives, so their output still needs to be trimmed: rpmlint fedora-review (In reply to Zbigniew Jędrzejewski-Szmek from comment #7) > Poring over the spec file, sources, and resulting RPMS is still required, > unless we develop an AI to do it ;). There are automated tools, which catch > some more errors, but yield many false positives, so their output still > needs to be trimmed: > rpmlint > fedora-review Thank you for your reply! I'm not pushing, just thinking out loud :) BTW What was the average informal review "threshold" for new packagers? I just wanted to know if I need to write more or just to wait for some response. Frankly, I think this is one of the weak spots in the process, because of its unpredictability (https://bugzilla.redhat.com/show_bug.cgi?id=177841 seems rather depressing). I'd wait a few days and send a message to fedora-devel that you're looking for a sponsor if no one shows up. zbackup like a really interesting project, I will review this package. Overally the package looks good. First some comments, then the actual
review. Once licensing problems are fixed I will approve the package
and sponsor you.
Hardening: It is not required for this package, but you can enable it
(or not) at your own discretion. For more information see [1]. If you
decide to enable hardening then you should be aware of negative
performance impact it can have. I think that we can keep it enabled
for now, but I'd recommend to compare performance with and without
hardening and decide whether keep it enabled or not.
Licensing: As I understand, zbackup is licensed under GPL version 2 or
later with additional OpenSSL exception -- no actual zbackup code is
licensed under OpenSSL license. If that's the case then license tag
should be "GPLv2+ with exceptions". LICENSE-OPENSSL file shouldn't be
installed in this case as it doesn't apply to zbackup itself.
You should install CONTRIBUTORS file as %doc. See [2].
There is no good reason to use macros like %{__install} and such. You
should just use plain command names (mkdir, make, install) for better
spec file readability.
I don't like the manpage. We can keep it as-is for now, but I think
that the goal should be writing proper manual page (this is upstream
work).
In changelogs we usually reference bugs as rhbz#1172525. Links to
Bugzilla are best avoided.
[1] http://fedoraproject.org/wiki/Packaging:Guidelines#PIE
[2] http://fedoraproject.org/wiki/Packaging:Guidelines#Documentation
Package Review
==============
Key:
- = N/A
x = Check
! = Problem
[x] rpmlint must be run on the source rpm and all binary rpms the
build produces. The output should be posted in the review.
[x] The package must be named according to the Package Naming
Guidelines.
[x] The spec file name must match the base package %{name}, in the
format %{name}.spec unless your package has an exemption.
[x] The package must meet the Packaging Guidelines.
[!] The package must be licensed with a Fedora approved license and
meet the Licensing Guidelines.
[!] The License field in the package spec file must match the actual
license.
[x] If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of
the license(s) for the package must be included in %doc.
[x] The spec file must be written in American English.
[x] The spec file for the package MUST be legible.
[x] The sources used to build the package must match the upstream
source, as provided in the spec URL. Reviewers should use
sha256sum for this task as it is used by the sources file once
imported into git. If no upstream URL can be specified for this
package, please see the Source URL Guidelines for how to deal with
this.
[x] The package MUST successfully compile and build into binary rpms
on at least one primary architecture.
[x] If the package does not successfully compile, build or work on an
architecture, then those architectures should be listed in the
spec in ExcludeArch. Each architecture listed in ExcludeArch MUST
have a bug filed in bugzilla, describing the reason that the
package does not compile/build/work on that architecture. The bug
number MUST be placed in a comment, next to the corresponding
ExcludeArch line.
[x] All build dependencies must be listed in BuildRequires, except for
any that are listed in the exceptions section of the Packaging
Guidelines; inclusion of those as BuildRequires is optional.
Apply common sense.
[x] The spec file MUST handle locales properly. This is done by using
the %find_lang macro. Using %{_datadir}/locale/* is strictly
forbidden.
[x] Every binary RPM package (or subpackage) which stores shared
library files (not just symlinks) in any of the dynamic linker's
default paths, must call ldconfig in %post and %postun.
[x] Packages must NOT bundle copies of system libraries.
[x] If the package is designed to be relocatable, the packager must
state this fact in the request for review, along with the
rationalization for relocation of that specific package. Without
this, use of Prefix: /usr is considered a blocker.
[x] A package must own all directories that it creates. If it does
not create a directory that it uses, then it should require a
package which does create that directory.
[x] A Fedora package must not list a file more than once in the spec
file's %files listings. (Notable exception: license texts in
specific situations.)
[x] Permissions on files must be set properly. Executables should be
set with executable permissions, for example.
[x] Each package must consistently use macros.
[x] The package must contain code, or permissible content.
[x] Large documentation files must go in a -doc subpackage. (The
definition of large is left up to the packager's best judgement,
but is not restricted to size. Large can refer to either size or
quantity).
[x] If a package includes something as %doc, it must not affect the
runtime of the application. To summarize: If it is in %doc, the
program must run properly if it is not present.
[x] Static libraries must be in a -static package.
[x] Development files must be in a -devel package.
[x] In the vast majority of cases, devel packages must require the
base package using a fully versioned dependency: Requires:
%{name}%{?_isa} = %{version}-%{release}
[x] Packages must NOT contain any .la libtool archives, these must be
removed in the spec if they are built.
[x] Packages containing GUI applications must include a
%{name}.desktop file, and that file must be properly installed
with desktop-file-install in the %install section. If you feel
that your packaged GUI application does not need a .desktop file,
you must put a comment in the spec file with your explanation.
[x] Packages must not own files or directories already owned by other
packages. The rule of thumb here is that the first package to be
installed should own the files or directories that other packages
may rely upon. This means, for example, that no package in Fedora
should ever share ownership with any of the files or directories
owned by the filesystem or man package. If you feel that you have
a good reason to own a file or directory that another package
owns, then please present that at package review time.
[x] All filenames in rpm packages must be valid UTF-8.
rpmlint output
--------------
(these are false-positives, ignore them)
zbackup.src: W: spelling-error Summary(en_US) deduplicating -> reduplicating, duplicating, quadruplicating
zbackup.src: W: spelling-error %description -l en_US deduplicating -> reduplicating, duplicating, quadruplicating
zbackup.src: W: spelling-error %description -l en_US rsync -> sync, r sync
zbackup.x86_64: W: spelling-error Summary(en_US) deduplicating -> reduplicating, duplicating, quadruplicating
zbackup.x86_64: W: spelling-error %description -l en_US deduplicating -> reduplicating, duplicating, quadruplicating
zbackup.x86_64: W: spelling-error %description -l en_US rsync -> sync, r sync
3 packages and 1 specfiles checked; 0 errors, 6 warnings.
(In reply to Mikolaj Izdebski from comment #11) > Overally the package looks good. First some comments, then the actual > review. Once licensing problems are fixed I will approve the package > and sponsor you. Ok, thanks! I'm also removing request from FE-NEEDSPONSOR blockers. > > Hardening: It is not required for this package, but you can enable it > (or not) at your own discretion. For more information see [1]. If you > decide to enable hardening then you should be aware of negative > performance impact it can have. I think that we can keep it enabled > for now, but I'd recommend to compare performance with and without > hardening and decide whether keep it enabled or not. I'd prefer to have hardening enabled. Who wants to increase performance could easily rebuild package with specific flags. I'll also perform some tests and publish results in zbackup wiki. > > Licensing: As I understand, zbackup is licensed under GPL version 2 or > later with additional OpenSSL exception -- no actual zbackup code is > licensed under OpenSSL license. If that's the case then license tag > should be "GPLv2+ with exceptions". LICENSE-OPENSSL file shouldn't be > installed in this case as it doesn't apply to zbackup itself. Done. > > You should install CONTRIBUTORS file as %doc. See [2]. There is no CONTRIBUTORS in 1.3. The reason for preserving version in this request I've described in off-list reply. > > There is no good reason to use macros like %{__install} and such. You > should just use plain command names (mkdir, make, install) for better > spec file readability. Hmm, I'm always using as many macroses as possibly for portability reasons. Fixed anyway. > > I don't like the manpage. We can keep it as-is for now, but I think > that the goal should be writing proper manual page (this is upstream > work). Ok, I'll write it. https://github.com/zbackup/zbackup/issues/34 > > In changelogs we usually reference bugs as rhbz#1172525. Links to > Bugzilla are best avoided. Done. > > [1] http://fedoraproject.org/wiki/Packaging:Guidelines#PIE > [2] http://fedoraproject.org/wiki/Packaging:Guidelines#Documentation [..] SPEC: https://raw.githubusercontent.com/Am1GO/zbackup-rpm/master/zbackup.spec SRPM: https://github.com/Am1GO/zbackup-rpm/raw/master/zbackup-1.3-4.fc20.src.rpm Build task: http://koji.fedoraproject.org/koji/taskinfo?taskID=8443902 (In reply to Vladimir Stackov from comment #12) > (In reply to Mikolaj Izdebski from comment #11) > > You should install CONTRIBUTORS file as %doc. See [2]. > There is no CONTRIBUTORS in 1.3. Right, my bad. Blocker issues were fixed. Package is approved. New Package SCM Request ======================= Package Name: zbackup Short Description: A versatile deduplicating backup tool Upstream URL: http://zbackup.org/ Owners: am1g0 Branches: f20 f21 f22 el6 epel7 InitialCC: Git done (by process-git-requests). (note that f22 is not yet branched) zbackup-1.3-4.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/zbackup-1.3-4.fc21 zbackup-1.3-4.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/zbackup-1.3-4.fc20 zbackup-1.3-4.fc21 has been pushed to the Fedora 21 testing repository. zbackup-1.3-4.fc21 has been pushed to the Fedora 21 stable repository. zbackup-1.3-4.fc20 has been pushed to the Fedora 20 stable repository. zbackup-1.4.1-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/zbackup-1.4.1-1.el6 zbackup-1.4.1-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/zbackup-1.4.1-1.el7 zbackup-1.4.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. zbackup-1.4.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. |