Bug 2235084 (python-typecode)
| Summary: | Review Request: python-typecode - Comprehensive filetype and mimetype detection | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Robert-André Mauchin 🐧 <eclipseo> | ||||
| Component: | Package Review | Assignee: | Sandro <gui1ty> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | gui1ty, package-review | ||||
| Target Milestone: | --- | Flags: | gui1ty:
fedora-review+
|
||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| URL: | https://github.com/nexB/typecode | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2023-11-11 05:40:55 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 2235055 | ||||||
| Attachments: |
|
||||||
|
Description
Robert-André Mauchin 🐧
2023-08-26 11:26:17 UTC
I'm taking this. A few questions/remarks looking at the spec file. Formal review is coming up. 1. PyPI vs. GitHub You are getting the source from GitHub. Is the PyPI tarball not usable? Since pulling from GitHub, did you consider using forge macros? It makes the Source URL more readable and saves you from having to construct it yourself. 2. Documenting changes In %prep you modify pyproject.toml and setup.cfg. Could you add a comment explaining why this is necessary. For the first edit there might be a cleaner, more readable solution. Or you could do without it completely using the PyPI source which has the version set. 3. Duplicate license files All license files are defined in `license_files` in `setup.cfg`. That means `%pyproject_save_files` treats them as such and marks them as license files. Use `rpm -q --licensefiles -p $RPM` to verify. Long story short, you can drop `%license`. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. Note: License file bsd-new.LICENSE is not marked as %license See: https://docs.fedoraproject.org/en-US/packaging- guidelines/LicensingGuidelines/#_license_text - Binary eggs must be removed in %prep Note: Binary egg files not removed in %prep: ./tests/data/filetest/package/TicketImport-0.7a-py2.5.egg See: https://docs.fedoraproject.org/en-US/packaging- guidelines/Python_Eggs/ => These are bogus due to the nature of the package. The files are used for testing and/or internally. [!]: License file installed when any subpackage combination is installed. => When installing the doc subpackage, no license files are installed. One solution is to make it require the main package. [ ]: Macros in Summary, %description expandable at SRPM build time. Note: Macros in: python3-typecode (description) => I'm not sure about this one. Will check. ===== MUST items ===== Generic: [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "Apache License 2.0", "*No copyright* Apache License 2.0", "MIT License", "*No copyright* MIT License", "BSD 2-Clause with views sentence", "MIT License BSD 2-Clause with views sentence", "*No copyright* BSD 3-Clause License", "*No copyright* BSD 2-Clause License", "MIT License Apache License 2.0", "Python License 2.0", "*No copyright* Public domain", "BSD 2-Clause License", "BSD 2-Clause License Apache License 2.0", "BSD 2-Clause License [generated file]", "Python Software Foundation License 2.0", "GNU General Public License, Version 2", "X11 License", "GNU General Public License", "BSD-4-Clause (University of California-Specific)", "GNU General Public License v2.0 or later [obsolete FSF postal address (Temple Place)]", "GNU Lesser General Public License v2.1 or later [obsolete FSF postal address (Temple Place)]". 630 files have unknown license. Detailed output of licensecheck in /var/lib/copr- rpmbuild/results/python-typecode/licensecheck.txt => Normally, I'd remove that, but this looks awesome ;) [!]: License file installed when any subpackage combination is installed. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [ ]: Macros in Summary, %description expandable at SRPM build time. Note: Macros in: python3-typecode (description) [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. [x]: Package complies to the Packaging Guidelines [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [-]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files ===== SHOULD items ===== Generic: [x]: Reviewer should test that the package builds in mock. [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in python3-typecode [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. [?]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). Rpmlint ------- Checking: python3-typecode-30.0.1-1.fc38.noarch.rpm python-typecode-doc-30.0.1-1.fc38.noarch.rpm python-typecode-30.0.1-1.fc38.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpw729vvfe')] checks: 31, packages: 3 python3-typecode.noarch: W: files-duplicate /usr/lib/python3.11/site-packages/typecode/apache-2.0.LICENSE /usr/lib/python3.11/site-packages/typecode/_vendor/apache-2.0.LICENSE python3-typecode.noarch: W: files-duplicate /usr/lib/python3.11/site-packages/typecode/bsd-new.LICENSE /usr/lib/python3.11/site-packages/typecode/_vendor/bsd-new.LICENSE python3-typecode.noarch: W: files-duplicate /usr/lib/python3.11/site-packages/typecode/pygments_lexers_mapping.py.NOTICE /usr/lib/python3.11/site-packages/typecode/pygments_lexers.py.NOTICE 3 packages and 0 specfiles checked; 0 errors, 3 warnings, 0 badness; has taken 0.5 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 2 python3-typecode.noarch: W: files-duplicate /usr/lib/python3.11/site-packages/typecode/apache-2.0.LICENSE /usr/lib/python3.11/site-packages/typecode/_vendor/apache-2.0.LICENSE python3-typecode.noarch: W: files-duplicate /usr/lib/python3.11/site-packages/typecode/bsd-new.LICENSE /usr/lib/python3.11/site-packages/typecode/_vendor/bsd-new.LICENSE python3-typecode.noarch: W: files-duplicate /usr/lib/python3.11/site-packages/typecode/pygments_lexers_mapping.py.NOTICE /usr/lib/python3.11/site-packages/typecode/pygments_lexers.py.NOTICE 2 packages and 0 specfiles checked; 0 errors, 3 warnings, 0 badness; has taken 0.3 s Source checksums ---------------- https://github.com/nexB/typecode/archive/v30.0.1/typecode-30.0.1.tar.gz : CHECKSUM(SHA256) this package : 7c1c3e89426aa5f3636a97b7deb4dce873a3111075d58094ea0ce11da4c64969 CHECKSUM(SHA256) upstream package : 7c1c3e89426aa5f3636a97b7deb4dce873a3111075d58094ea0ce11da4c64969 Requires -------- python3-typecode (rpmlib, GLIBC filtered): ((python3.11dist(attrs) < 20.1 or python3.11dist(attrs) > 20.1) with python3.11dist(attrs) >= 18.1) python(abi) python3.11dist(binaryornot) python3.11dist(commoncode) python3.11dist(pdfminer-six) python3.11dist(plugincode) python-typecode-doc (rpmlib, GLIBC filtered): Provides -------- python3-typecode: python-typecode python3-typecode python3.11-typecode python3.11dist(typecode) python3dist(typecode) python-typecode-doc: python-typecode-doc Generated by fedora-review 0.9.0 (6761b6c) last change: 2022-08-23 Command line :/usr/bin/fedora-review --no-colors --prebuilt --rpm-spec --name python-typecode --mock-config /var/lib/copr-rpmbuild/results/configs/child.cfg Buildroot used: fedora-38-x86_64 Active plugins: Shell-api, Generic, Python Disabled plugins: C/C++, PHP, SugarActivity, Haskell, Perl, R, Ocaml, Java, fonts Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH Created attachment 1991074 [details] Create git repo and tag with v%{version} (In reply to Sandro from comment #2) > For the first edit there might be a cleaner, more readable solution. Or you > could do without it completely using the PyPI source which has the version > set. This is what I meant with "cleaner" solution. It's a matter of taste and thus not a blocker for the review. Ping? >1. PyPI vs. GitHub > Pypi tarball rarely haves docs or tests, Githb have them. >You are getting the source from GitHub. Is the PyPI tarball not usable? >Since pulling from GitHub, did you consider using forge macros? It makes the Source URL more readable and saves you from having to construct it yourself. Forge macros are largely unmaintained and generally not recommended. Some woek is being done to streamline them. >2. Documenting changes > >In %prep you modify pyproject.toml and setup.cfg. Could you add a comment explaining why this is necessary. >For the first edit there might be a cleaner, more readable solution. Or you could do without it completely using the PyPI source which has the version set. >3. Duplicate license files > >All license files are defined in `license_files` in `setup.cfg`. That means `%pyproject_save_files` treats them as such and marks them as license files. Use `rpm -q --licensefiles -p $RPM` to verify. Long story short, you can drop `%license`. ok >[!]: License file installed when any subpackage combination is installed. > >=> When installing the doc subpackage, no license files are installed. One solution is to make it require the main package. They literally are: %files -n python-%{pypi_name}-doc %doc html %license NOTICE apache-2.0.LICENSE Thanks for the review! Spec URL: https://eclipseo.fedorapeople.org/for-review/python-typecode.spec SRPM URL: https://eclipseo.fedorapeople.org/for-review/python-typecode-30.0.1-1.fc39.src.rpm Copr build: https://copr.fedorainfracloud.org/coprs/build/6540341 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2235084-python-typecode/fedora-rawhide-x86_64/06540341-python-typecode/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string. (In reply to Robert-André Mauchin 🐧 from comment #6) > >1. PyPI vs. GitHub > > > > Pypi tarball rarely haves docs or tests, Githb have them. True. That's why I prefer GitHub sources myself. But I also submit PRs upstream to get that fixed. It's usually a packaging error. Tests and docs should be included in the sdist, but not the wheel. > >You are getting the source from GitHub. Is the PyPI tarball not usable? > >Since pulling from GitHub, did you consider using forge macros? It makes the Source URL more readable and saves you from having to construct it yourself. > > Forge macros are largely unmaintained and generally not recommended. Some > woek is being done to streamline them. Not anymore. Maxwell has done an excellent job reviving them: https://fedoraproject.org/wiki/Changes/Revitalize_Forge_Macros But it's not a requirement, more a matter of personal preference. In my opinion it makes spec files more readable, if nothing else. > >[!]: License file installed when any subpackage combination is installed. > > > >=> When installing the doc subpackage, no license files are installed. One solution is to make it require the main package. > > They literally are: > > %files -n python-%{pypi_name}-doc > %doc html > %license NOTICE apache-2.0.LICENSE My mistake. They are indeed. > Spec URL: https://eclipseo.fedorapeople.org/for-review/python-typecode.spec > SRPM URL: > https://eclipseo.fedorapeople.org/for-review/python-typecode-30.0.1-1.fc39. > src.rpm The package no longer builds using `fedora-review -b 2235084`, while it did build before just fine. The only significant change I can see in the spec file, that might be relevant: %generate_buildrequires -%pyproject_buildrequires -t +%pyproject_buildrequires Since that actually skips tox requirements, I'm surprised it no longer builds. The error message in `build.log` is: No matching package to install: 'python3dist(typecode-libmagic-system-provided)' Could you enable `fedora-review` in your Copr repo and rebuild the package, please? Seems to buid fine, https://copr.fedorainfracloud.org/coprs/eclipseo/scancode-toolkit/build/6553875/ I have activated the fedora-review option if you wanna look. Same as for python-sameyaml, the generated HTML docs contain Javascript code, which requires expansion of License: and additional Requires:. See: https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/thread/LLUAURXZVADATHK65HBPPBHKF4EM4UC3/ My apologies, again, for only noticing this now. That's the only remaining issue that needs to be addressed. You may want to ask upstream, why they mark non-license files as license files in their setup.cfg: license_files = apache-2.0.LICENSE NOTICE AUTHORS.rst CHANGELOG.rst CODE_OF_CONDUCT.rst https://github.com/nexB/saneyaml/blob/40e5fa7c0b6e0012452053839184e5cd29802063/setup.cfg#L29C1-L34C24 Unbundled pygments and added missing licenses. Added licenses for doc packages javacript Added Provides for embedded javascript Spec URL: https://eclipseo.fedorapeople.org/for-review/python-typecode.spec SRPM URL: https://eclipseo.fedorapeople.org/for-review/python-typecode-30.0.1-1.fc39.src.rpm Thanks. > You may want to ask upstream, why they mark non-license files as license files in their setup.cfg: I've sent an inquiry upstream. One last nitpick. Since you now have
Requires: python3-%{pypi_name} = %{?epoch:%{epoch}:}%{version}-%{release}
you can drop
%license NOTICE apache-2.0.LICENSE
from
%files -n python-%{pypi_name}-doc
But that can be dealt with when importing the package. Package is APPROVED.
Thanks for the review! The Pagure repository was created at https://src.fedoraproject.org/rpms/python-typecode FEDORA-2023-312d34471b has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-312d34471b FEDORA-2023-c4f87c1527 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4f87c1527 FEDORA-2023-e32c66cab3 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e32c66cab3 FEDORA-2023-312d34471b has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-312d34471b \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-312d34471b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2023-c4f87c1527 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-c4f87c1527 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4f87c1527 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2023-e32c66cab3 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e32c66cab3 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e32c66cab3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2023-e32c66cab3 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2023-c4f87c1527 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2023-312d34471b has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report. |