Bug 669858
Summary: | Review Request: signpost-core - A simple, light-weight, and modular OAuth client library for the Java platform | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Cédric OLIVIER <cedric.olivier> |
Component: | Package Review | Assignee: | David Nalley <david> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | akurtako, david, fedora-package-review, notting |
Target Milestone: | --- | Flags: | david:
fedora-review+
gwync: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | signpost-core-1.2.1.1-4.fc14 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-02-04 19:50:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Cédric OLIVIER
2011-01-15 06:15:43 UTC
According to current Java packaging guidelines http://fedoraproject.org/wiki/Packaging:Java there shouldn't be versioned jar and javadoc to not polute needlesly directories. Spec URL: http://cedric.olivier.free.fr/rpms/signpost-core-1.2.1.1-2/signpost-core.spec SRPM URL: http://cedric.olivier.free.fr/rpms/signpost-core-1.2.1.1-2/signpost-core-1.2.1.1-2.fc13.src.rpm Thanks a lot for this comment. I don't understand why I was installing versioned jar and doing symlink for name-version to name. It is now corrected for this package. I was doing same mistake for some other packages which are now corrected also. Spec URL: http://cedric.olivier.free.fr/rpms/signpost-core-1.2.1.1-3/signpost-core.spec SRPM URL: http://cedric.olivier.free.fr/rpms/signpost-core-1.2.1.1-3/signpost-core-1.2.1.1-3.fc13.src.rpm Some other thing I have corrected now - Remove unneeded clean section (A %clean section containing only "rm -rf $RPM_BUILD_ROOT" is no longer needed) - Remove unneeded requires in javadoc section Package Review ============== Key: - = N/A x = Check ! = Problem ? = Not evaluated === REQUIRED ITEMS === [X] Rpmlint output: [ke4qqq@L1012001 SPECS]$ rpmlint ./signpost-core.spec ../SRPMS/signpost-core-1.2.1.1-3.fc14.src.rpm ../RPMS/noarch/signpost-core-* ./signpost-core.spec: W: invalid-url Source0: signpost-core-1.2.1.1.tar.gz signpost-core.src: W: strange-permission signpost-core-generate-tarball.sh 0775L signpost-core.src: W: invalid-url Source0: signpost-core-1.2.1.1.tar.gz signpost-core.noarch: W: no-documentation 3 packages and 1 specfiles checked; 0 errors, 4 warnings. [X] Package is named according to the Package Naming Guidelines[1]. So I've marked this OK - Part of me thinks that this should really be signpost with subpackages for (or not, have signpost be core) and things like signpost-jetty be a subpackage of the same srpm. [X] Spec file name must match the base package name, in the format %{name}.spec. [X] Package meets the Packaging Guidelines[2]. [X] Package successfully compiles and builds into binary rpms. [ ] Buildroot definition is not present [X] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4]. [X] License field in the package spec file matches the actual license. License type: [-] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [-] All independent sub-packages have license of their own [X] Spec file is legible and written in American English. [-] Sources used to build the package matches the upstream source, as provided in the spec URL. I think the shell script is probably a bit overkill - regardless -I'd prefer to see the 'why' (which I think is justified) explained a bit more in the spec. I noted that as required fix below. MD5SUM this package : MD5SUM upstream package: I am marking NA here as the method you've used to generate your tarballs is essentially unverifiable via this means. A different md5sum is generated everytime source is downloaded. [X] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5]. [X] Package must own all directories that it creates. [-] Package requires other packages for directories it uses. [X] Package does not contain duplicates in %files. [X] Permissions on files are set properly. [-] Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore) [X] Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing) [X] Package contains code, or permissable content. [!] Fully versioned dependency in subpackages, if present. I think the javadoc package needs a versioned dep on the subpackage. [-] Package contains a properly installed %{name}.desktop file if it is a GUI application. [X] Package does not own files or directories owned by other packages. [X] Javadoc documentation files are generated and included in -javadoc subpackage [X] Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks) [X] Packages have proper BuildRequires/Requires on jpackage-utils [X] Javadoc subpackages have Require: jpackage-utils [-] Package uses %global not %define [!] If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...) [-] If source tarball includes bundled jar/class files these need to be removed prior to building [X] All filenames in rpm packages must be valid UTF-8. [X] Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details) [!] If package contains pom.xml files install it (including depmaps) even when building with ant I don't see this installed [?] pom files has correct add_to_maven_depmap call which resolves to the pom file (use "JPP." and "JPP-" correctly) === Other suggestions === [?] If possible use upstream build method (maven/ant/javac) [X] Avoid having BuildRequires on exact NVR unless necessary [X] Package has BuildArch: noarch (if possible) [X] Latest version is packaged. [X] Reviewer should test that the package builds in mock. Tested on: http://koji.fedoraproject.org/koji/taskinfo?taskID=2738464 Thanks a lot for this review. Spec URL: http://cedric.olivier.free.fr/rpms/signpost-core-1.2.1.1-4/signpost-core.spec SRPM URL: http://cedric.olivier.free.fr/rpms/signpost-core-1.2.1.1-4/signpost-core-1.2.1.1-4.fc13.src.rpm [!] Fully versioned dependency in subpackages, if present. I think the javadoc package needs a versioned dep on the subpackage. -> Requirement added in javadoc section. [!] If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...) -> Comment added in spec file with git command used [!] If package contains pom.xml files install it (including depmaps) even when building with ant I don't see this installed -> There is a pom.xml, but it isn't used. I have created a build.xml from scratch because upstream pom.xml require a recent maven version which is not available in F-13 and EPEL. So I think it not necessary to install an pom.xml which is not usable. OK, this looks good to me. APPROVED New Package SCM Request ======================= Package Name: signpost-core Short Description: A simple, light-weight, and modular OAuth client library for the Java platform Owners: cquad Branches: f13 f14 InitialCC: Git done (by process-git-requests). signpost-core-1.2.1.1-4.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/signpost-core-1.2.1.1-4.fc14 signpost-core-1.2.1.1-4.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/signpost-core-1.2.1.1-4.fc13 signpost-core-1.2.1.1-4.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update signpost-core'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/signpost-core-1.2.1.1-4.fc14 signpost-core-1.2.1.1-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. signpost-core-1.2.1.1-4.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. Package Change Request ====================== Package Name: signpost-core New Branches: epel7 Owners: cquad mcepl Git done (by process-git-requests). |