Bug 2356145

Summary: Review Request: perl-Crypt-URandom-Token - Generate secure strings for passwords, secrets and similar
Product: [Fedora] Fedora Reporter: Jitka Plesnikova <jplesnik>
Component: Package ReviewAssignee: Michal Josef Spacek <mspacek>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mspacek, package-review
Target Milestone: ---Flags: mspacek: fedora-review+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: perl-Crypt-URandom-Token-0.003-1.fc43 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-04-03 13:34:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2354882    

Description Jitka Plesnikova 2025-03-31 06:17:07 UTC 
Spec URL: https://jplesnik.fedorapeople.org/perl-Crypt-URandom-Token/perl-Crypt-URandom-Token.spec
SRPM URL: https://jplesnik.fedorapeople.org/perl-Crypt-URandom-Token/perl-Crypt-URandom-Token-0.003-1.fc43.noarch.rpm
Description:
This module provides a secure way to generate a random token for passwords
and similar using Crypt::URandom as the source of random bits.

Fedora Account System Username: jplesnik
Comment 1 Michal Josef Spacek 2025-04-02 12:23:22 UTC 
@jplesnik 

Some nits
* The dependency on coreutils is not needed. Sure?
* There are two "NO_PACKLIST=1"
* Regarding the module versions and Perl version used. There are >>use v5.20;<<, >>"Crypt::URandom" => "0.40"<< and >>"Test::Exception" => "0.43"<<. Isn't it better to present them in the spec file? I understand that we don't hit this issue, but for common use, it could be better.
Comment 2 Jitka Plesnikova 2025-04-03 07:04:33 UTC 
(In reply to Michal Josef Spacek from comment #1)
> @jplesnik 
> 
> Some nits
> * The dependency on coreutils is not needed. Sure?
It is required for %{_fixperms}, it uses 'chmod'.

> * There are two "NO_PACKLIST=1"
Good catch, I missed it.

> * Regarding the module versions and Perl version used. There are >>use
> v5.20;<<, >>"Crypt::URandom" => "0.40"<< and >>"Test::Exception" =>
> "0.43"<<. Isn't it better to present them in the spec file? I understand
> that we don't hit this issue, but for common use, it could be better.
I added the version constrain. 

Updated files are on the same link
Comment 3 Michal Josef Spacek 2025-04-03 07:42:16 UTC 
Source file is not present, but I think that's ok
Summary is ok
License is ok
Description is ok
URL and Source0 are ok
All tests passed
BuildRequires are ok

$ rpm -qp --requires perl-Crypt-URandom-Token-0.003-1.fc43.noarch.rpm | sort | uniq -c | grep -v rpmlib
      1 perl(Carp)
      1 perl(Crypt::URandom) >= 0.40
      1 perl(Exporter)
      1 perl-libs
      1 perl(strict)
      1 perl(:VERSION) >= 5.20.0
      1 perl(warnings)
Binary requires are Ok.

$ rpm -qp --provides perl-Crypt-URandom-Token-0.003-1.fc43.noarch.rpm | sort | uniq -c
      1 perl(Crypt::URandom::Token)
      1 perl-Crypt-URandom-Token = 0.003-1.fc43
Binary provides are Ok.

$ rpmlint ./perl-Crypt-URandom-Token*
2 packages and 1 specfiles checked; 0 errors, 0 warnings, 8 filtered, 0 badness; has taken 0.2 s
Rpmlint is ok

The package is in line with Fedora and Perl packaging guide lines.

Resolution:
Approved
Comment 4 Fedora Admin user for bugzilla script actions 2025-04-03 08:58:38 UTC 
The Pagure repository was created at https://src.fedoraproject.org/rpms/perl-Crypt-URandom-Token
Comment 5 Jitka Plesnikova 2025-04-03 13:34:33 UTC 
Thank you for review.