Bug 1881167

Created attachment 1715565 [details]
rpmlint - spec

Created attachment 1715566 [details]
rpmlint - srpm

Created attachment 1715567 [details]
rpmlint - rpm

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated


Issues:
=======
- None

===== MUST items =====

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Unknown or generated", "*No copyright* Apache License (v2.0)",
     "Apache License (v2.0)". 176 files have unknown license. Detailed
     output of licensecheck in /home/jkang/1881167-mvel/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[-]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 0 bytes in 0 files.
[x]: Packages must not store files under /srv, /opt or /usr/local

Java:
[x]: Bundled jar/class files should be removed before build

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[-]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: gpgverify is not used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: mvel-2.3.2-3.fc34.noarch.rpm
          mvel-javadoc-2.3.2-3.fc34.noarch.rpm
          mvel-2.3.2-3.fc34.src.rpm
mvel.noarch: W: no-documentation
mvel.noarch: W: no-manual-page-for-binary mvel
3 packages and 0 specfiles checked; 0 errors, 2 warnings.




Rpmlint (installed packages)
----------------------------
warning: Found bdb Packages database while attempting sqlite backend: using bdb backend.
warning: Found bdb Packages database while attempting sqlite backend: using bdb backend.
mvel.noarch: W: invalid-url URL: https://github.com/mvel <urlopen error [Errno -3] Temporary failure in name resolution>
mvel.noarch: W: no-documentation
mvel.noarch: W: no-manual-page-for-binary mvel
warning: Found bdb Packages database while attempting sqlite backend: using bdb backend.
mvel-javadoc.noarch: W: invalid-url URL: https://github.com/mvel <urlopen error [Errno -3] Temporary failure in name resolution>
2 packages and 0 specfiles checked; 0 errors, 4 warnings.

Jie, since you are doing the review, please assign it to yourself. Thanks!

Alex, one issue I see here is that this is packaging version 2.3.2. Latest upstream is 2.4.10.FINAL. Only most recent version should be newly packaged.

https://github.com/mvel/mvel/releases/tag/mvel2-2.4.10.Final

Lets set fedora-review to '?' for neutrality. I wouldn't set it to '-' (basically saying not suitable for Fedora).

Other than the 2.3.2 vs. 2.4.10 (latest) issue, this seems fine to me.

I've updated the package to be latest (2.4.10) instead of 2.3.2. I've included a link to the spec and the SRPM below.

Spec URL: https://src.fedoraproject.org/fork/almac/rpms/mvel/blob/master/f/mvel.spec
SRPM URL: https://download.copr.fedorainfracloud.org/results/almac/lz4-java/fedora-33-x86_64/01744942-mvel/mvel-2.4.10-1.fc33.src.rpm

Having said this, there was an issue with updating to this version of mvel; lz4-java builds started failing due to improperly formatted generated code [0]. There appears to be an issue in mvel as of version 2.4.0 (related issue: [1]), where new lines are not being included when generating the files. The resulting code is written on a single line, which causes problems when the templates contain comments because it invalidates the rest of the code. As a preventative measure I've patched out the comments in the lz4-java mvel templates [2], which allows this version of mvel to work with lz4-java 1.7.1 [3].

[0] https://download.copr.fedorainfracloud.org/results/almac/lz4-java/fedora-31-x86_64/01746047-lz4-java/builder-live.log.gz
[1] https://github.com/mvel/mvel/issues/152
[2] https://src.fedoraproject.org/fork/almac/rpms/lz4-java/blob/master/f/2-remove-comments-from-templates.patch
[3] https://download.copr.fedorainfracloud.org/results/almac/lz4-java/fedora-33-x86_64/01744944-lz4-java/builder-live.log.gz

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated


Issues:
=======
- This seems like a Java package, please install fedora-review-plugin-java
  to get additional checks
- Package does not use a name that already exists.
  Note: A package with this name already exists. Please check
  https://src.fedoraproject.org/rpms/mvel
  See: https://docs.fedoraproject.org/en-US/packaging-
  guidelines/Naming/#_conflicting_package_names


===== MUST items =====

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Unknown or generated", "*No copyright* Apache License (v2.0)",
     "Apache License (v2.0)". 191 files have unknown license. Detailed
     output of licensecheck in /home/jkang/mvel/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[x]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[x]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 0 bytes in 0 files.
[x]: Packages must not store files under /srv, /opt or /usr/local

Java:
[x]: Bundled jar/class files should be removed before build

===== SHOULD items =====

Generic:
[x]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[x]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: gpgverify is not used.
[x]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[x]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: No rpmlint messages.


Rpmlint
-------
Checking: mvel-2.4.10-1.fc34.noarch.rpm
          mvel-javadoc-2.4.10-1.fc34.noarch.rpm
          mvel-2.4.10-1.fc34.src.rpm
mvel.noarch: W: no-documentation
mvel.noarch: W: no-manual-page-for-binary mvel
3 packages and 0 specfiles checked; 0 errors, 2 warnings.




Rpmlint (installed packages)
----------------------------
(none): E: no installed packages by name mvel-javadoc
0 packages and 0 specfiles checked; 0 errors, 0 warnings.
(none): E: no installed packages by name mvel



Source checksums
----------------
https://github.com/mvel/mvel/archive/mvel2-2.4.10.Final.tar.gz :
  CHECKSUM(SHA256) this package     : a96924d57a1a1d288b77836e3ca4038139bad0641af6c55dd44f16a7244d2b48
  CHECKSUM(SHA256) upstream package : a96924d57a1a1d288b77836e3ca4038139bad0641af6c55dd44f16a7244d2b48


Requires
--------
mvel (rpmlib, GLIBC filtered):
    /usr/bin/sh
    java-headless
    javapackages-filesystem
    javapackages-tools
    mvn(org.ow2.asm:asm)
    mvn(org.ow2.asm:asm-util)

mvel-javadoc (rpmlib, GLIBC filtered):
    javapackages-filesystem



Provides
--------
mvel:
    mvel
    mvn(org.mvel:mvel2)
    mvn(org.mvel:mvel2:pom:)
    osgi(org.mvel2)

mvel-javadoc:
    mvel-javadoc



Generated by fedora-review 0.7.6 (b083f91) last change: 2020-11-10
Command line :/usr/bin/fedora-review -b 1881167 -r -m fedora-rawhide-x86_64
Buildroot used: fedora-rawhide-x86_64
Active plugins: Java, Shell-api, Generic
Disabled plugins: Perl, Haskell, R, PHP, SugarActivity, fonts, Ocaml, Python, C/C++
Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH

The two bullets in the issues I listed above can be ignored. The java plugin is no longer maintained and this is a request to bring back a package.

Thanks, Alex, for going the extra mile and packaging latest mvel!

mvel is a noarch package so hopefully this isn't a big deterrent, but thought I'd post my findings here anyways for visibility.

Recently I've been verifying that lz4-java builds okay on a number of different arches, so I've been able to see how mvel builds as well. It is okay for the most part, aside from s390x on f33 onward (where jdk 11 is now default).

Here's a link to a copr build: https://copr.fedorainfracloud.org/coprs/almac/lz4-java/build/1873068/
And here's a link to the build log for the failing f33 s390x build from the above: https://download.copr.fedorainfracloud.org/results/almac/lz4-java/fedora-33-s390x/01873068-mvel/builder-live.log.

```
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGILL (0x4) at pc=0x0000004019d6ec40, pid=107, tid=142
#
# JRE version: OpenJDK Runtime Environment 18.9 (11.0.9.1+11) (build 11.0.9.1+11)
# Java VM: OpenJDK 64-Bit Server VM 18.9 (11.0.9.1+11, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-s390x)
# Problematic frame:
# J 50 c1 java.lang.StringLatin1.indexOf([BII)I java.base.9.1 (61 bytes) @ 0x0000004019d6ec40 [0x0000004019d6ec40+0x0000000000000000]
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h" (or dumping to /builddir/build/BUILD/mvel-mvel2-2.4.10.Final/core.107)
#
```

After a bit of googling, I found a similar error from a user using the docker s390x platform via qemu-user-static: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12128
In their case, setting up s390x in docker using jdk 11 or 15 resulted in a crash when running "jar -version".

There was also mention that this jdk bug could be the problem as well: https://bugs.openjdk.java.net/browse/JDK-8245051

To verify I went back to the mvel spec and added a couple lines to simply run "java -version" and "jar -version", and was able to reproduce the above issue. "java -version" is okay, but there's a sigill encountered on "jar -version".

commit in fork branch: https://src.fedoraproject.org/fork/almac/rpms/mvel/c/d95f4fda3fd39d65679d725fcc1b038c343bc8ad?branch=s390x
build log in copr: https://download.copr.fedorainfracloud.org/results/almac/lz4-java/fedora-33-s390x/01880165-mvel/builder-live.log.gz

```
+ java -version
openjdk version "11.0.9.1" 2020-11-04
OpenJDK Runtime Environment 18.9 (build 11.0.9.1+11)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.9.1+11, mixed mode, sharing)
+ jar -version
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGILL (0x4) at pc=0x0000004019d67b40, pid=99, tid=102
#
# JRE version: OpenJDK Runtime Environment 18.9 (11.0.9.1+11) (build 11.0.9.1+11)
# Java VM: OpenJDK 64-Bit Server VM 18.9 (11.0.9.1+11, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-s390x)
# Problematic frame:
# J 31 c1 java.util.HashMap.afterNodeInsertion(Z)V java.base.9.1 (1 bytes) @ 0x0000004019d67b40 [0x0000004019d67b00+0x0000000000000040]
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h" (or dumping to /builddir/build/BUILD/mvel-mvel2-2.4.10.Final/core.99)
#
```

JDK-8245051 will be fixed in 11u for 11.0.10 (Jan CPU). I'd suggest to wait a week or so and try again if the issue is gone. Either way, this seems a JDK bug, not mvel.

The package looks okay to me. I also think the issue is likely to be from the JDK rather than mvel and need not stall this review process.

Yes, this is fine. Nice work, Alex!

Thanks for the help everyone, a bit late on closing this one but I've been able to work on the repo now and have a build in koji for f34.