Bug 1539134
| Summary: | Review Request: bouncycastle1.58 - Bouncy Castle Cryptography APIs for Java | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Mattias Ellert <mattias.ellert> |
| Component: | Package Review | Assignee: | Robert-André Mauchin 🐧 <eclipseo> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | el6 | CC: | eclipseo, package-review |
| Target Milestone: | --- | Flags: | eclipseo:
fedora-review+
|
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-08 04:45:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Mattias Ellert
2018-01-26 18:38:09 UTC
There's a few fedora-review errors but I don't know how pertinent they are regarding EPEL6 packaging, you're using old macros instead of %mvn_artifact/%mvn_install because they don't exist in EPEL6? Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - POM files have correct Maven mapping Note: Old style Maven package found, no add_maven_depmap calls found but POM files present See: https://fedoraproject.org/wiki/Packaging:Java#Maven_pom.xml_files - Old add_to_maven_depmap macro is being used - Javadoc subpackages should not have Requires: jpackage-utils Note: jpackage-utils requires are automatically generated by the buildsystem See: https://fedoraproject.org/wiki/Packaging:Java ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "MIT/X11 (BSD like)", "CC0", "*No copyright* Apache (v1.1)", "Unknown or generated", "*No copyright* Apache (v2.0)". 5580 files have unknown license. Detailed output of licensecheck in /home/bob/packaging/review/bouncycastle1.58/review- bouncycastle1.58/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [ ]: Package requires other packages for directories it uses. Note: No known owner of /usr/share/maven2/poms, /usr/share/maven2, /etc/maven/fragments [ ]: Package must own all directories that it creates. Note: Directories without known owners: /etc/maven, /usr/share/maven2/poms, /etc/maven/fragments, /usr/share/maven2 [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 296960 bytes in 12 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Java: [x]: Bundled jar/class files should be removed before build [x]: Packages have proper BuildRequires/Requires on jpackage-utils [x]: Javadoc documentation files are generated and included in -javadoc subpackage [x]: Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlink) Maven: [x]: If package contains pom.xml files install it (including metadata) even when building with ant [x]: Packages DO NOT have Requires(post) and Requires(postun) on jpackage- utils for %update_maven_depmap macro [x]: Package DOES NOT use %update_maven_depmap in %post/%postun [x]: Packages use .mfiles file list instead of %{_datadir}/maven2/poms ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Scriptlets must be sane, if used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. Java: [x]: Package uses upstream build method (ant/maven/etc.) [x]: Packages are noarch unless they use JNI ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: bouncycastle1.58-1.58-1.el6.noarch.rpm bouncycastle1.58-pkix-1.58-1.el6.noarch.rpm bouncycastle1.58-pg-1.58-1.el6.noarch.rpm bouncycastle1.58-mail-1.58-1.el6.noarch.rpm bouncycastle1.58-tls-1.58-1.el6.noarch.rpm bouncycastle1.58-javadoc-1.58-1.el6.noarch.rpm bouncycastle1.58-1.58-1.el6.src.rpm bouncycastle1.58.noarch: E: zero-length /etc/java/security/security.d/2158-org.bouncycastle.jce.provider.BouncyCastleProvider 7 packages and 0 specfiles checked; 1 errors, 0 warnings. (In reply to Robert-André Mauchin from comment #1) > There's a few fedora-review errors but I don't know how pertinent they are > regarding EPEL6 packaging, you're using old macros instead of > %mvn_artifact/%mvn_install because they don't exist in EPEL6? Correct. The %mvn_artifact/%mvn_install macros can be used in EPEL7 (where they are part of the maven-local package) but not in EPEL6. In EPEL6 the old %add_maven_depmap macro (used in Fedora before %mvn_artifact/%mvn_install were introduced) does not exist. The even older %add_to_maven_depmap/%update_maven_depmap macros must be used instead. The Requires: jpackage-utils is not added automatically to javadoc packages in EPEL6. The zero-length file rpmlint complains about is on purpose. All information is contained in the filename, and the file's content is never read. Compare with the file in the standard non-compat bouncycastle package (either in Fedora or EPEL): $ ls -l /etc/java/security/security.d/2000-org.bouncycastle.jce.provider.BouncyCastleProvider -rw-r--r--. 1 root root 0 19 aug 04.26 /etc/java/security/security.d/2000-org.bouncycastle.jce.provider.BouncyCastleProvider > Issues: > ======= > - POM files have correct Maven mapping > Note: Old style Maven package found, no add_maven_depmap calls found but > POM files present > See: https://fedoraproject.org/wiki/Packaging:Java#Maven_pom.xml_files > - Old add_to_maven_depmap macro is being used > - Javadoc subpackages should not have Requires: jpackage-utils > Note: jpackage-utils requires are automatically generated by the > buildsystem > See: https://fedoraproject.org/wiki/Packaging:Java > Rpmlint > ------- > Checking: bouncycastle1.58-1.58-1.el6.noarch.rpm > bouncycastle1.58-pkix-1.58-1.el6.noarch.rpm > bouncycastle1.58-pg-1.58-1.el6.noarch.rpm > bouncycastle1.58-mail-1.58-1.el6.noarch.rpm > bouncycastle1.58-tls-1.58-1.el6.noarch.rpm > bouncycastle1.58-javadoc-1.58-1.el6.noarch.rpm > bouncycastle1.58-1.58-1.el6.src.rpm > bouncycastle1.58.noarch: E: zero-length > /etc/java/security/security.d/2158-org.bouncycastle.jce.provider. > BouncyCastleProvider > 7 packages and 0 specfiles checked; 1 errors, 0 warnings. Package approved then. (fedrepo-req-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/bouncycastle1.58. You may commit to the branch "el6" in about 10 minutes. bouncycastle1.58-1.58-1.el6 canl-java-2.5.0-2.el6 jglobus-2.1.0-5.el6 voms-api-java-3.2.0-7.el6 voms-clients-java-3.0.7-6.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-71db8f6f28 bouncycastle1.58-1.58-1.el6, canl-java-2.5.0-2.el6, jglobus-2.1.0-5.el6, voms-api-java-3.2.0-7.el6, voms-clients-java-3.0.7-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-71db8f6f28 bouncycastle1.58-1.58-1.el6 canl-java-2.5.0-2.el6 jglobus-2.1.0-5.el6 voms-api-java-3.3.0-1.el6 voms-clients-java-3.3.0-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-71db8f6f28 bouncycastle1.58-1.58-1.el6, canl-java-2.5.0-2.el6, jglobus-2.1.0-5.el6, voms-api-java-3.3.0-1.el6, voms-clients-java-3.3.0-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-71db8f6f28 bouncycastle1.58-1.58-1.el6, canl-java-2.5.0-2.el6, jglobus-2.1.0-5.el6, voms-api-java-3.3.0-1.el6, voms-clients-java-3.3.0-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |