Bug 432228

Summary: Review Request: nettle - A low-level cryptographic library
Product: [Fedora] Fedora Reporter: Ian Weller <ian>
Component: Package ReviewAssignee: Jason Tibbitts <j>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, notting
Target Milestone: ---Flags: j: fedora-review+
kevin: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.15-3.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-21 02:53:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 833573    

Description Ian Weller 2008-02-10 05:43:37 UTC 
Spec URL: http://ianweller.fedorapeople.org/SRPMS/nettle/1.15-1/nettle.spec
SRPM URL: http://ianweller.fedorapeople.org/SRPMS/nettle/1.15-1/nettle-1.15-1.fc8.src.rpm

Description:
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.
Comment 1 Jason Tibbitts 2008-02-16 23:06:50 UTC 
Builds fine and rpmlint is silent.

I believe the license is LGPLv2+, not GPLv2+ as you have.

There's no reason to have a build dependency on glibc-common; it's installed
by default.  I guess it doesn't hurt anything to have it there, though.

For the -devel description, it helps to say something about the package
including headers needed to compile programs using nettle.

I see you deleted the static library, but I wonder if that actually leaves any
point to this package.  After all, what use are the headers if there's nothing
to link against?  If all you have left are the three executables then I don't
think you can properly call this a library.

There's a test suite in the package which is easy to run, so this needs to be
done.  Just put "make check" in a %check section.

All of the documentation is duplicated between the main and -devel packages.
You need to decide which files are useful for development and which (like the
license) are needed in the main package.  But there's no point in installing
everything twice. 

* source files match upstream:
   d6e540bf4acc857a3b09580e7f61822d352ee83c119579bf7333f0a785f7d9ac  
   nettle-1.15.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
X license field does not match the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper (glibc-common is redundant)
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
  nettle-1.15-1.fc9.x86_64.rpm
   nettle = 1.15-1.fc9
  =
   /bin/sh
   /sbin/install-info
   libgmp.so.3()(64bit)

  nettle-devel-1.15-1.fc9.x86_64.rpm
   nettle-devel = 1.15-1.fc9
  =
   nettle = 1.15-1.fc9

X %check is not present, but a test suite is present.
* no shared libraries are added to the regular linker search paths.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
X Many duplicated files.
* file permissions are appropriate.
* scriptlets are OK (install-info)
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* headers are in the -devel package.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.
Comment 2 Ian Weller 2008-02-17 07:52:27 UTC 
Spec URL: http://ianweller.fedorapeople.org/SRPMS/nettle/1.15-2/nettle.spec
SRPM URL:
http://ianweller.fedorapeople.org/SRPMS/nettle/1.15-2/nettle-1.15-2.fc8.src.rpm
Comment 3 Jason Tibbitts 2008-02-19 04:51:31 UTC 
OK, the license is OK and the test suites are called:
  All 39 tests passed
  All 3 tests passed

There's only one remaining issue that I can see.  The -devel package now
contains a static library, which is OK because this package doesn't build any
dynamic libraries.  However, in this case, you also need to have the -devel
package provide nettle-static so that packages which will link against it can
require the -static package and thus be easily tracked.  Please see the
"Packaging Static Libraries" section of
http://fedoraproject.org/wiki/Packaging/Guidelines

Since that's really just one line you need to add, I'll go ahead and approve
this and you can fix it when you check in.

APPROVED
Comment 4 Ian Weller 2008-02-19 05:09:33 UTC 
thanks jason.

New Package CVS Request
=======================
Package Name: nettle
Short Description: A low-level cryptographic library
Owners: ianweller
Branches: F-7 F-8
InitialCC: 
Cvsextras Commits: yes
Comment 5 Kevin Fenzi 2008-02-19 17:29:56 UTC 
cvs done.
Comment 6 Fedora Update System 2008-02-20 03:42:20 UTC 
nettle-1.15-3.fc7 has been submitted as an update for Fedora 7
Comment 7 Fedora Update System 2008-02-20 03:44:16 UTC 
nettle-1.15-3.fc8 has been submitted as an update for Fedora 8
Comment 8 Fedora Update System 2008-02-21 02:53:14 UTC 
nettle-1.15-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-02-21 02:57:06 UTC 
nettle-1.15-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Ian Weller 2008-03-19 22:49:02 UTC 
Package Change Request
======================
Package Name: nettle
New Branches: EL-4 EL-5
Comment 11 Kevin Fenzi 2008-03-20 02:48:09 UTC 
cvs done.