Bug 1290922
| Summary: | Review Request: moose - Multiscale Neuroscience and Systems Biology Simulator | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Zbigniew Jędrzejewski-Szmek <zbyszek> |
| Component: | Package Review | Assignee: | Antonio T. (sagitter) <anto.trande> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | package-review |
| Target Milestone: | --- | Flags: | anto.trande:
fedora-review+
|
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-12-31 01:51:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1276941 | ||
|
Description
Zbigniew Jędrzejewski-Szmek
2015-12-11 22:18:50 UTC
Please, take care of exonerate if you do not mind: https://bugzilla.redhat.com/show_bug.cgi?id=1290450 Linking of 'moose.bin' failed because of "undefined reference" errors. It seems to be the c++11 related errors. I was hoping that the libsbml rebuild will be enough, but apparently not. I'll work on a proper fix. You can use a F22 mock for now if you wish to build it. Yesterday I forgot to actually rebuild libsbml in non-scratch mode. I did that now. It builds fine here with the updated libsbml. Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.2.fc24.beta.2.src.rpm Also note: I didn't build documentation, because upstream has a separate repo for documentation, and I think they are in the process of splitting it out. So until the dust settles and it becomes clear which is the "right" source of docs, I don't think it makes sense to waste time on building it as part of the package. sagitter's scratch build of moose-3.0.2-0.2.fc24.beta.2.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12176320 Oh, stupid bug. Should be fixed now. Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.3.fc24.beta.2.src.rpm sagitter's scratch build of moose-3.0.2-0.3.fc24.beta.2.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12176821 (fedora-review is not reliable in these days)
Review:
===== MUST items =====
C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
Generic:
[!]: Package is licensed with an open-source compatible license and meets
other legal requirements as defined in the legal section of Packaging
Guidelines.
biophysics/VClamp.cpp: *No copyright* LGPL (v3 or later)
builtins/Func.cpp: *No copyright* LGPL (v3 or later)
builtins/Function.cpp: *No copyright* LGPL (v3 or later)
are managed by compiler; i think guidelines for "Mixed Source Licensing Scenario" may be imposed here.
https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#Mixed_Source_Licensing_Scenario
[!]: License field in the package spec file matches the actual license.
[!]: License file installed when any subpackage combination is installed.
None license file is packaged.
[x]: Package must own all directories that it creates.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[-]: gtk-update-icon-cache is invoked in %postun and %posttrans if package
contains icons.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
(~1MB) or number of files.
Note: Documentation size is 20480 bytes in 2 files.
[!]: Package complies to the Packaging Guidelines
--> See above.
[x]: Package successfully compiles and builds into binary rpms on at least
one supported primary architecture.
[x]: Rpmlint is run on all rpms the build produces.
moose.src: W: spelling-error Summary(en_US) Multiscale -> Timescale
moose.src: W: spelling-error %description -l en_US subcellular -> sub cellular, sub-cellular, cellular
moose.x86_64: W: spelling-error Summary(en_US) Multiscale -> Timescale
moose.x86_64: W: spelling-error %description -l en_US subcellular -> sub cellular, sub-cellular, cellular
moose.x86_64: W: no-manual-page-for-binary moose
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.cpp
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.h
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.cpp
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/biophysics/MarkovChannel.h
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.h
--> Fix 'spurious-executable-perm' warnings.
[!]: If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of the
license(s) for the package is included in %license.
--> See above.
[-]: Package requires other packages for directories it uses.
[-]: Package does not own files or directories owned by other packages.
[!]: All build dependencies are listed in BuildRequires, except for any
that are listed in the exceptions section of Packaging Guidelines.
--> gcc-c++ make can be removed as BR.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[-]: Package contains desktop file if it is a GUI application.
[-]: Package installs a %{name}.desktop using desktop-file-install or
desktop-file-validate if there is such a file.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
%{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local
===== SHOULD items =====
Generic:
[x]: Sources can be downloaded from URI in Source: tag
[-]: If the source package does not include license text(s) as a separate
file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Fully versioned dependency in subpackages if applicable.
Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv-
debuginfo
[ ]: Package functions as described.
[x]: Latest version is packaged.
[?]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise
justified.
--> Please, leave comments about patches.
[-]: SourceX tarball generation or download is documented.
[-]: Description and summary sections in the package spec file contains
translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
$RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.
===== EXTRA items =====
$ checksec --file ./moose
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Full Canary found enabled enabled No No RUNPATH ./moose
I suggest to control whith 'checksec' in F22 if it's necessary.
>OpenMPI (1.8.x) OPTIONAL For running moose in parallel on clusters
An OpenMPI implemented version is available even if optional.
(In reply to Antonio Trande from comment #8) > (fedora-review is not reliable in these days) I run it with '-x CheckOwnDirs' and it's mostly OK... > Generic: > [!]: Package is licensed with an open-source compatible license and meets > other legal requirements as defined in the legal section of Packaging > Guidelines. > > biophysics/VClamp.cpp: *No copyright* LGPL (v3 or later) > builtins/Func.cpp: *No copyright* LGPL (v3 or later) > builtins/Function.cpp: *No copyright* LGPL (v3 or later) > > are managed by compiler; i think guidelines for "Mixed Source Licensing > Scenario" may be imposed here. > https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/ > LicensingGuidelines#Mixed_Source_Licensing_Scenario I don't think this actually applies: that paragraph talks about the case where sources have two different licenses, and to satisfy the license you have to satisfy the constrains from both licenses (e.g. both "no advertising", and "modifications as patches only"). But in this case we are mixing LGPL and GPL. GPL is a superset of LGPL, and also, GPL does not allow any additional restrictions to be added. So effectively, the binary package is distributed under the terms of GPL, and no additional constraints exists and no different licensing is available. > [!]: License field in the package spec file matches the actual license. > [!]: License file installed when any subpackage combination is installed. > > None license file is packaged. Pull request with the license text: https://github.com/BhallaLab/moose-core/pull/50. > [x]: Package must own all directories that it creates. > [x]: %build honors applicable compiler flags or justifies otherwise. > [x]: Package contains no bundled libraries without FPC exception. > [x]: Changelog in prescribed format. > [x]: Sources contain only permissible code or content. > [-]: Development files must be in a -devel package > [x]: Package uses nothing in %doc for runtime. > [x]: Package consistently uses macros (instead of hard-coded directory > names). > [x]: Package is named according to the Package Naming Guidelines. > [x]: Package does not generate any conflict. > [x]: Package obeys FHS, except libexecdir and /usr/target. > [-]: If the package is a rename of another package, proper Obsoletes and > Provides are present. > [x]: Requires correct, justified where necessary. > [x]: Spec file is legible and written in American English. > [-]: Package contains systemd file(s) if in need. > [-]: gtk-update-icon-cache is invoked in %postun and %posttrans if package > contains icons. > [x]: Useful -debuginfo package or justification otherwise. > [x]: Package is not known to require an ExcludeArch tag. > [-]: Large documentation must go in a -doc subpackage. Large could be size > (~1MB) or number of files. > Note: Documentation size is 20480 bytes in 2 files. > [!]: Package complies to the Packaging Guidelines > > --> See above. > > [x]: Package successfully compiles and builds into binary rpms on at least > one supported primary architecture. > [x]: Rpmlint is run on all rpms the build produces. > > moose.src: W: spelling-error Summary(en_US) Multiscale -> Timescale > moose.src: W: spelling-error %description -l en_US subcellular -> sub > cellular, sub-cellular, cellular > moose.x86_64: W: spelling-error Summary(en_US) Multiscale -> Timescale > moose.x86_64: W: spelling-error %description -l en_US subcellular -> sub > cellular, sub-cellular, cellular > moose.x86_64: W: no-manual-page-for-binary moose > moose-debuginfo.x86_64: W: spurious-executable-perm > /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.cpp > moose-debuginfo.x86_64: W: spurious-executable-perm > /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.h > moose-debuginfo.x86_64: W: spurious-executable-perm > /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.cpp > moose-debuginfo.x86_64: W: spurious-executable-perm > /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/biophysics/MarkovChannel.h > moose-debuginfo.x86_64: W: spurious-executable-perm > /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.h Fixed, also https://github.com/BhallaLab/moose-core/pull/51. > --> Fix 'spurious-executable-perm' warnings. > > [!]: If (and only if) the source package includes the text of the > license(s) in its own file, then that file, containing the text of the > license(s) for the package is included in %license. > > --> See above. The way I understand this point, if the license is missing, it is not supposed to be included from other sources. > [-]: Package requires other packages for directories it uses. > [-]: Package does not own files or directories owned by other packages. > [!]: All build dependencies are listed in BuildRequires, except for any > that are listed in the exceptions section of Packaging Guidelines. > > --> gcc-c++ make can be removed as BR. That's an error in fedora-review. gcc-g++ might be removed from the default build root, and this dependency future-proofs against that. > [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT > [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the > beginning of %install. > [x]: Macros in Summary, %description expandable at SRPM build time. > [-]: Package contains desktop file if it is a GUI application. > [-]: Package installs a %{name}.desktop using desktop-file-install or > desktop-file-validate if there is such a file. > [x]: Dist tag is present. > [x]: Package does not contain duplicates in %files. > [x]: Permissions on files are set properly. > [x]: Package use %makeinstall only when make install DESTDIR=... doesn't > work. > [x]: Package is named using only allowed ASCII characters. > [x]: Package does not use a name that already exists. > [x]: Package is not relocatable. > [x]: Sources used to build the package match the upstream source, as > provided in the spec URL. > [x]: Spec file name must match the spec package %{name}, in the format > %{name}.spec. > [x]: File names are valid UTF-8. > [x]: Packages must not store files under /srv, /opt or /usr/local > > ===== SHOULD items ===== > > Generic: > [x]: Sources can be downloaded from URI in Source: tag > [-]: If the source package does not include license text(s) as a separate > file from upstream, the packager SHOULD query upstream to include it. > [x]: Final provides and requires are sane (see attachments). > [x]: Fully versioned dependency in subpackages if applicable. > Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv- > debuginfo > [ ]: Package functions as described. > [x]: Latest version is packaged. > [?]: Package does not include license text files separate from upstream. > [!]: Patches link to upstream bugs/comments/lists or are otherwise > justified. > > --> Please, leave comments about patches. > > [-]: SourceX tarball generation or download is documented. > [-]: Description and summary sections in the package spec file contains > translations for supported Non-English languages, if available. > [x]: Package should compile and build into binary rpms on all supported > architectures. > [-]: %check is present and all tests pass. > [x]: Packages should try to preserve timestamps of original installed > files. > [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file > [x]: Reviewer should test that the package builds in mock. > [x]: Buildroot is not present > [x]: Package has no %clean section with rm -rf %{buildroot} (or > $RPM_BUILD_ROOT) > [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. > [x]: Uses parallel make %{?_smp_mflags} macro. > [x]: SourceX is a working URL. > [x]: Spec use %global instead of %define unless justified. > > ===== EXTRA items ===== > > $ checksec --file ./moose > RELRO STACK CANARY NX PIE RPATH RUNPATH FILE > Full Canary found enabled enabled No No RUNPATH ./moose > > I suggest to control whith 'checksec' in F22 if it's necessary. I don't understand: this checksec output looks OK, no? > >OpenMPI (1.8.x) OPTIONAL For running moose in parallel on clusters > > An OpenMPI implemented version is available even if optional. Yeah, but the MPI stuff is pretty new. I would prefer to get the non-MPI version working reliably first. Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.4.fc24.beta.2.src.rpm zbyszek's scratch build of moose-3.0.2-0.4.fc24.beta.2.src.rpm for f23 failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12178938 I fired off some builds. F23 will probably fail because of libsbml. zbyszek's scratch build of moose-3.0.2-0.4.fc24.beta.2.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12178937 (In reply to Zbigniew Jędrzejewski-Szmek from comment #9) > (In reply to Antonio Trande from comment #8) > > > > [!]: If (and only if) the source package includes the text of the > > license(s) in its own file, then that file, containing the text of the > > license(s) for the package is included in %license. > > > > --> See above. > The way I understand this point, if the license is missing, it is not > supposed > to be included from other sources. Any license file must be tagged with '%license' macro. In this package there is not any license file but i think you can add a GPLv3 text file as long as upstream includes an own one. > > > [-]: Package requires other packages for directories it uses. > > [-]: Package does not own files or directories owned by other packages. > > [!]: All build dependencies are listed in BuildRequires, except for any > > that are listed in the exceptions section of Packaging Guidelines. > > > > --> gcc-c++ make can be removed as BR. > That's an error in fedora-review. gcc-g++ might be removed from the default > build root, and this dependency future-proofs against that. > > > [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT > > [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the > > beginning of %install. > > [x]: Macros in Summary, %description expandable at SRPM build time. > > [-]: Package contains desktop file if it is a GUI application. > > [-]: Package installs a %{name}.desktop using desktop-file-install or > > desktop-file-validate if there is such a file. > > [x]: Dist tag is present. > > [x]: Package does not contain duplicates in %files. > > [x]: Permissions on files are set properly. > > [x]: Package use %makeinstall only when make install DESTDIR=... doesn't > > work. > > [x]: Package is named using only allowed ASCII characters. > > [x]: Package does not use a name that already exists. > > [x]: Package is not relocatable. > > [x]: Sources used to build the package match the upstream source, as > > provided in the spec URL. > > [x]: Spec file name must match the spec package %{name}, in the format > > %{name}.spec. > > [x]: File names are valid UTF-8. > > [x]: Packages must not store files under /srv, /opt or /usr/local > > > > ===== SHOULD items ===== > > > > Generic: > > [x]: Sources can be downloaded from URI in Source: tag > > [-]: If the source package does not include license text(s) as a separate > > file from upstream, the packager SHOULD query upstream to include it. > > [x]: Final provides and requires are sane (see attachments). > > [x]: Fully versioned dependency in subpackages if applicable. > > Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv- > > debuginfo > > [ ]: Package functions as described. > > [x]: Latest version is packaged. > > [?]: Package does not include license text files separate from upstream. > > [!]: Patches link to upstream bugs/comments/lists or are otherwise > > justified. > > > > --> Please, leave comments about patches. > > > > [-]: SourceX tarball generation or download is documented. > > [-]: Description and summary sections in the package spec file contains > > translations for supported Non-English languages, if available. > > [x]: Package should compile and build into binary rpms on all supported > > architectures. > > [-]: %check is present and all tests pass. > > [x]: Packages should try to preserve timestamps of original installed > > files. > > [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file > > [x]: Reviewer should test that the package builds in mock. > > [x]: Buildroot is not present > > [x]: Package has no %clean section with rm -rf %{buildroot} (or > > $RPM_BUILD_ROOT) > > [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. > > [x]: Uses parallel make %{?_smp_mflags} macro. > > [x]: SourceX is a working URL. > > [x]: Spec use %global instead of %define unless justified. > > > > ===== EXTRA items ===== > > > > $ checksec --file ./moose > > RELRO STACK CANARY NX PIE RPATH RUNPATH FILE > > Full Canary found enabled enabled No No RUNPATH ./moose > > > > I suggest to control whith 'checksec' in F22 if it's necessary. > I don't understand: this checksec output looks OK, no? 'checksec' output of 'moose' bin file compiled in F24/F23 is good but hardened builds are not automatically activated on F22, so maybe you will have need to add compiler/linker flags manually. (In reply to Antonio Trande from comment #13) > (In reply to Zbigniew Jędrzejewski-Szmek from comment #9) > > (In reply to Antonio Trande from comment #8) > > > > > > [!]: If (and only if) the source package includes the text of the > > > license(s) in its own file, then that file, containing the text of the > > > license(s) for the package is included in %license. > > > > > > --> See above. > > The way I understand this point, if the license is missing, it is not > > supposed > > to be included from other sources. > > Any license file must be tagged with '%license' macro. In this package there > is not any license file but i think you can add a GPLv3 text file as long as > upstream includes an own one. "If the source package does not include the text of the license(s), the packager should contact upstream and encourage them to correct this mistake. [...] It is important to reiterate that in situations where the indicated license does not imply a requirement that the license be distributed along with the source/binaries, Fedora packagers are NOT required to manually include the full license text when it is absent from the source code. but are still encouraged to point out this issue to upstream and encourage them to remedy it." I submitted a pull request with the license text. Once upstream either merges it or resolves this in some other way, I'll include the license in the package. > > > [-]: Package requires other packages for directories it uses. > > > [-]: Package does not own files or directories owned by other packages. > > > [!]: All build dependencies are listed in BuildRequires, except for any > > > that are listed in the exceptions section of Packaging Guidelines. > > > > > > --> gcc-c++ make can be removed as BR. > > That's an error in fedora-review. gcc-g++ might be removed from the default > > build root, and this dependency future-proofs against that. > > > > > [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT > > > [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the > > > beginning of %install. > > > [x]: Macros in Summary, %description expandable at SRPM build time. > > > [-]: Package contains desktop file if it is a GUI application. > > > [-]: Package installs a %{name}.desktop using desktop-file-install or > > > desktop-file-validate if there is such a file. > > > [x]: Dist tag is present. > > > [x]: Package does not contain duplicates in %files. > > > [x]: Permissions on files are set properly. > > > [x]: Package use %makeinstall only when make install DESTDIR=... doesn't > > > work. > > > [x]: Package is named using only allowed ASCII characters. > > > [x]: Package does not use a name that already exists. > > > [x]: Package is not relocatable. > > > [x]: Sources used to build the package match the upstream source, as > > > provided in the spec URL. > > > [x]: Spec file name must match the spec package %{name}, in the format > > > %{name}.spec. > > > [x]: File names are valid UTF-8. > > > [x]: Packages must not store files under /srv, /opt or /usr/local > > > > > > ===== SHOULD items ===== > > > > > > Generic: > > > [x]: Sources can be downloaded from URI in Source: tag > > > [-]: If the source package does not include license text(s) as a separate > > > file from upstream, the packager SHOULD query upstream to include it. > > > [x]: Final provides and requires are sane (see attachments). > > > [x]: Fully versioned dependency in subpackages if applicable. > > > Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv- > > > debuginfo > > > [ ]: Package functions as described. > > > [x]: Latest version is packaged. > > > [?]: Package does not include license text files separate from upstream. > > > [!]: Patches link to upstream bugs/comments/lists or are otherwise > > > justified. > > > > > > --> Please, leave comments about patches. I forgot to address this comment. Most patches are not really upstreamable, they should be replaced with proper fixes to the build system. I added some comments to the spec file. > > > [-]: SourceX tarball generation or download is documented. > > > [-]: Description and summary sections in the package spec file contains > > > translations for supported Non-English languages, if available. > > > [x]: Package should compile and build into binary rpms on all supported > > > architectures. > > > [-]: %check is present and all tests pass. > > > [x]: Packages should try to preserve timestamps of original installed > > > files. > > > [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file > > > [x]: Reviewer should test that the package builds in mock. > > > [x]: Buildroot is not present > > > [x]: Package has no %clean section with rm -rf %{buildroot} (or > > > $RPM_BUILD_ROOT) > > > [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. > > > [x]: Uses parallel make %{?_smp_mflags} macro. > > > [x]: SourceX is a working URL. > > > [x]: Spec use %global instead of %define unless justified. > > > > > > ===== EXTRA items ===== > > > > > > $ checksec --file ./moose > > > RELRO STACK CANARY NX PIE RPATH RUNPATH FILE > > > Full Canary found enabled enabled No No RUNPATH ./moose > > > > > > I suggest to control whith 'checksec' in F22 if it's necessary. > > I don't understand: this checksec output looks OK, no? > > 'checksec' output of 'moose' bin file compiled in F24/F23 is good but > hardened builds are not automatically activated on F22, so maybe you will > have need to add compiler/linker flags manually. I added checksec output to the build process. The output is not checked, but it will show up in the logs. It turns out that the python subpackage was incomplete, and it was missing proper Requires. It seems that the rpm dependency generator ignores so files if they are not executable. Should be fixed now. I also added a simple check that imports the module to verify that at least it loads correctly. Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.4.fc24.beta.2.src.rpm zbyszek's scratch build of moose-3.0.2-0.4.fc24.beta.2.src.rpm for f22 completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12179791 Package approved. Thanks! BTW., the two pull requests I sent yesterday are already merged, so I'll update the license file before uploading. Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/moose moose-3.0.2-0.4.fc22.beta.2 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-44f4e1796a (In reply to Zbigniew Jędrzejewski-Szmek from comment #9) > (In reply to Antonio Trande from comment #8) > > Generic: > > [!]: Package is licensed with an open-source compatible license and meets > > other legal requirements as defined in the legal section of Packaging > > Guidelines. > > > > biophysics/VClamp.cpp: *No copyright* LGPL (v3 or later) > > builtins/Func.cpp: *No copyright* LGPL (v3 or later) > > builtins/Function.cpp: *No copyright* LGPL (v3 or later) > > > > are managed by compiler; i think guidelines for "Mixed Source Licensing > > Scenario" may be imposed here. > > https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/ > > LicensingGuidelines#Mixed_Source_Licensing_Scenario > I don't think this actually applies: that paragraph talks about the case > where sources have two different licenses, and to satisfy the license you > have > to satisfy the constrains from both licenses (e.g. both "no advertising", and > "modifications as patches only"). But in this case we are mixing LGPL and > GPL. > GPL is a superset of LGPL, and also, GPL does not allow any additional > restrictions > to be added. So effectively, the binary package is distributed under the > terms of GPL, > and no additional constraints exists and no different licensing is available. While looking at a different review ticket, I found the relevant part of guidelines in the FAQ: https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What_is_.22effective_license.22_and_do_I_need_to_know_that_for_the_License:_tag.3F It seems to match what I said above, but it's always good to have an authoritative source. moose-3.0.2-0.4.fc22.beta.2 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-44f4e1796a moose-3.0.2-0.4.fc22.beta.2 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |