Bug 502693

Summary: Review Request: Elgg 1.5 - An open source social networking platform.
Product: [Fedora] Fedora Reporter: Justin Gallardo <justin.gallardo>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: bill-bugzilla.redhat.com, fedora-package-review, juriskovic.igor, jwildebo, kwade, louis, notting
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-18 15:17:31 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 201449    

Description Justin Gallardo 2009-05-26 19:39:49 EDT
Elgg 1.5 SPEC: http://oregonstate.edu/~gallardj/elgg-1.5-1.spec
Elgg 1.5 SRPM: http://oregonstate.edu/~gallardj/elgg-1.5-1.src.rpm

Elgg is a white label, open source social networking platform. 
It offers blogging, networking, community, collecting of news 
using feeds aggregation and file sharing features. Everything 
can be shared among users with access controls and everything
can be cataloged by tags as well. Elgg is written for the LAMP
platform (Linux, Apache, MySQL, and PHP).

As this is my first package submission, I'm seeking sponsorship.

Comment 1 Louis Lagendijk 2009-06-06 12:32:17 EDT
Here is my pre-review of your package. I have not yet been able to test the package as I do not like running my system with selinux disabled.
This is not a full fledged review as I am requiring a sponsor, just like you.

+: OK
-: not ok, see  notes
N: Not applicable
?: Not sure, please comment

-  MUST: rpmlint must be run on every package.
[louis@travel tmp]$ rpmlint *README.txt:
elgg.src: W: name-repeated-in-summary Elgg
elgg.src: W: invalid-license GPL
Remove the Elgg from the summary, e.g. This package provides and extensible social networking platform
License should be GPLv2 according to the website, GPLv2 or later according to the  README.txt, so I assume that GPLv2+ is appropriate.

+ MUST: The package must be named according to the Package Naming Guidelines .
- MUST: The spec file name must match the base package %{name}, in the format %{name}.spec

remove the version from the specfilename
See http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Spec_file_name

? MUST: The package must meet the Packaging Guidelines .
Specfile does not define buildroot, is that ok?
mod_rewrite is required according to the website, is it missing
idem for json
Php SOAP, DOM mbstring are recommended. Do these require additional dependencies?
Why are wget and ImageMagic needed? They are not listed as dependences on the website.

+ MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines .
- MUST: The License field in the package spec file must match the actual license. [3]
See above+ MUST: If (and only if) the source package includes the text....
+ MUST: The spec file must be written in American English. [5]
+ MUST: The spec file for the package MUST be legible. [6]
+ MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this.
+ MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [7]
N MUST: If the package does not successfully compile....
+ MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense.
N MUST: The spec file MUST handle locales properly.
N MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [10]
N MUST: If the package is designed to be relocatable....
+ MUST: A package must own all directories that it creates.
- MUST: A Fedora package must not list a file more than once in the spec file's %files listings. [13]

Don't know why this happens, nut buildlog says: warning: File listed twice: /usr/share/elgg/.htaccess
I asssume this is caused by the fact that you list both the file itself AND %{elggdir}

+ MUST: Permissions on files must be set properly.
+ MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). [15]
+ MUST: Each package must consistently use macros. [16]
+ MUST: The package must contain code, or permissable content. [17]
N MUST: Large documentation files must go in a -doc subpackage.
+ MUST: If a package includes something as %doc, it must not affect the runtime of the application.
N MUST: Header files must be in a -devel package. [19]
N MUST: Static libraries must be in a -static package. [20]
N MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig....
N MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} [22]
N MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.[20]
N MUST: Packages containing GUI applications must include a %{name}.desktop file,
N MUST: Packages must not own files or directories already owned by other packages.
+ MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT). [25]
? MUST: All filenames in rpm packages must be valid UTF-8. [26]

I dont know how to check this

+  SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [27]
N SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. [28]
+ SHOULD: The reviewer should test that the package builds in mock. [29]

+ SHOULD: The package should compile and build into binary rpms on all supported architectures. [30]
! SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example.
+ SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. [31]
N SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. [22]
N SHOULD: The placement of pkgconfig(.pc) files depends on their usecase....
N SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. [32]

Additional notes:

1) The package contains a number of other packages (in /usr/share/elgg/vendors) like jquery, should these not be packaged separately?

2) It may be good to use the %{?dist} Tag

3) Please add more detail in the Fedora README on how to setup elgg

4) Please add a selinux module that allows elgg to be used with SElinux enabled

5) Some doc-files still have CRLF as line terminators: INSTALL.txt, README.txt

6) INSTALL.txt shall be excluded as the RPM does the install. Add the relevant parts to your Fedora README?

best regards, Louis
Comment 2 Louis Lagendijk 2009-06-06 12:56:00 EDT
I looked a bit more into the use of jquery etc. You are actually including a COMPILED version of jquery (while later versions are available). The source files are NOT included! The same applies to the jquery.easing plugin.

kses is included, but the docs end up under /usr/share/elgg/vendors/kses/docs.

I guess that all stuff under vendors must be moved out to separate packages.
Comment 3 Mamoru TASAKA 2009-06-06 15:36:57 EDT
Only commenting for the previous comments (I have not
checked the srpm from the submitter itself)

(In reply to comment #1)
> Legend:
> +: OK
> -: not ok, see  notes
> N: Not applicable
> ?: Not sure, please comment
> ? MUST: The package must meet the Packaging Guidelines .
> Specfile does not define buildroot, is that ok?
- This can be ignored
  (on rpm 4.4.X BuildRoot in spec file defines %buildroot.
   on rpm 4.6+ BuildRoot is completely ignored and %buildroot
   is defined automatically)

> - MUST: A Fedora package must not list a file more than once in the spec file's
> %files listings. [13]
> Don't know why this happens, nut buildlog says: warning: File listed twice:
> /usr/share/elgg/.htaccess
> I asssume this is caused by the fact that you list both the file itself AND
> %{elggdir}

- Actually when the spec file contains
  (where foo is a directory) this contains the directory
  foo itself and all files/directories/etc under foo/. 

By the way, at least please specify full URL for Source0:
Comment 4 Louis Lagendijk 2009-06-06 15:41:33 EDT
Buildroot is defined anyhow. I don't know how i managed to overlook it.
Comment 5 Justin Gallardo 2009-06-24 17:59:41 EDT
Thanks for the notes. I have been swamped lately, but will have some time to look at this again very soon.
Comment 6 Louis Lagendijk 2009-08-10 15:31:37 EDT
Comment 7 Mamoru TASAKA 2009-09-16 03:24:50 EDT
What is the status of this bug?
Comment 8 Justin Gallardo 2009-09-16 03:41:31 EDT
I would like to keep working on it, but just haven't been able to find the time. I think I will have this coming weekend though. I'll get back with the changes I make.
Comment 9 Louis Lagendijk 2010-01-09 08:42:41 EST
Ping? Still no reaction! I propose to close this review
Comment 10 Mamoru TASAKA 2010-01-09 09:35:36 EST
Let's wait for another one week. If no response is received
from the reporter within one week, you or I will close
this bug as NOTABUG.
Comment 11 Louis Lagendijk 2010-01-18 15:17:31 EST
No progress since June 2009, closing