Bug 678809

This is my first package, so I need a sponsor.

Note: the author of the docbook patch is Mohamed El Morabity. He helped me a lot for my first package (not only with this patch). Thanks to him :)

Update to version 0.3.3
ftp://ks28905.kimsufi.com/pub/srpms/seeks-0.3.3-1.fc14.src.rpm
ftp://ks28905.kimsufi.com/pub/srpms/seeks.spec

Please have a look at http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Multiple_Licensing_Scenarios regarding the licenses.

Update to version 0.3.5a, adding licenses breakdown informations.
http://wilqu.fr/rpms/seeks/seeks-0.3.5a-2.fc17.src.rpm
http://wilqu.fr/rpms/seeks/seeks.spec

The "a" makes part of the version number. It doesn't stand for "alpha".

Created attachment 525960 [details]
Fix compilation issues with OpenCV 2

I provides above a patch to fix compilation issues with OpenCV. It seems latest versions of OpenCV doesn't provide anymore cxflann.h, replaced by cv.h.

Some comments by the way:

1) About this:
     # Use db2x_docbook2man, not docbook2x-man, to install doc.
     Patch0:         %{name}-%{version}-docbook.patch
     # Change configuration
     Patch1:         %{name}-%{version}-datalogfiles.patch
You should not use version macros in patch references. Keeping the versions hardwritten here allows you to reuse the patches without renaming, in case of update, if still valid. By the way, you have a kind of history of your patches with such a scheme.

2) Having a *-devel package without header is useless and nonsense here. I probably already told you that when you started working on packaging seeks, but you must clarify the status of these files with upstream:
- if they are really useful, why the headers providing the API are not installed?
- if not, they must be removed.

New spec and srpm :
http://wilqu.fr/rpms/seeks/seeks-0.3.5a-3.fc17.src.rpm
http://wilqu.fr/rpms/seeks/seeks.spec

I tried your patch, but compilation still fails with OpenCV enabled. Does it work for you ?

About the comments:

1) I removed the version.

2) I talked with upstream: those files are useless indeed, but sweeping some symlinks doesn't seem to be in their top priorities. They said I rose an interesting question about library versionning though.
I removed the package and the files.

Created attachment 529722 [details]
Fix opencv compilation issues

(In reply to comment #8)
> I tried your patch, but compilation still fails with OpenCV enabled. Does it
> work for you ?
You could have given more details about the error. Anyway the patch was broken, I've just uploaded a fixed version. This works at least for F16.

Thanks. It works for fedora 16 and rawhide.
I updated to version 0.4.0-RC1 and included your patch :

http://wilqu.fr/rpms/seeks/seeks.spec
http://wilqu.fr/rpms/seeks/seeks-0.4.0-0.2.RC1.fc17.src.rpm

Hello
This is an informal review

[!] rpmlint must be run on every package.
    rpmlint seeks-0.4.0-0.2.RC1.fc16.src.rpm
seeks.src: W: spelling-error %description -l en_US websearch -> web search, web-search, searcher
seeks.src: W: spelling-error %description -l en_US hashtable -> hash table, hash-table, washable
seeks.src: W: strange-permission autogen.sh 0755L
1 packages and 0 specfiles checked; 0 errors, 3 warnings.

     rpmlint seeks-0.4.0-0.2.RC1.fc16.x86_64.rpm
seeks.x86_64: W: spelling-error %description -l en_US hashtable -> hash table, hash-table, washable
seeks.x86_64: W: shared-lib-calls-exit /usr/lib64/libseeksplugins.so.0.0.0 exit.5
seeks.x86_64: W: shared-lib-calls-exit /usr/lib64/libseekslsh.so.0.0.0 exit.5
seeks.x86_64: W: shared-lib-calls-exit /usr/lib64/libseeksutils.so.0.0.0 exit.5
seeks.x86_64: W: shared-lib-calls-exit /usr/lib64/libseeksproxy.so.0.0.0 exit.5
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/udb_service/libudbserviceplugin.so
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/cf/libcfplugin.so
seeks.x86_64: W: non-standard-uid /var/lib/seeks seeks
seeks.x86_64: W: non-standard-gid /var/lib/seeks seeks
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/websearch/libseekswebsearchplugin.so
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/img_websearch/libseeksimgwebsearchplugin.so
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/cli/libseekscli.a
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/httpserv/libseekshttpservplugin.so
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/uri_capture/liburicaptureplugin.so
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/blocker/libblockerplugin.so
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/no_tracking/libnotrackingplugin.so
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/websearch_api_compat/libseekswebsearchapicompatplugin.so
seeks.x86_64: W: non-standard-uid /var/log/seeks seeks
seeks.x86_64: W: non-standard-gid /var/log/seeks seeks
seeks.x86_64: W: devel-file-in-non-devel-package /usr/lib64/seeks/plugins/query_capture/libquerycaptureplugin.so
seeks.x86_64: W: no-manual-page-for-binary test_bqc
seeks.x86_64: W: no-manual-page-for-binary gen_mrf_query_160
seeks.x86_64: W: no-manual-page-for-binary user_db_ops
seeks.x86_64: W: no-manual-page-for-binary test_dbqr_compression
1 packages and 0 specfiles checked; 0 errors, 24 warnings.

[X] The package must be named according to the Package Naming Guidelines.

[X] The spec file name must match the base package %{name}, in the format
      %{name}.spec unless your package has an exemption.

[!] The package must meet the Packaging Guidelines.
    Fix rpmlint, spelling errors aren't important here.
    You can remove the "BuildRoot" line, as well as all occurrences of "rm -rf
    %{buildroot}". The %clean section is obsolete also. See below for more:
    http://fedoraproject.org/wiki/Packaging:Guidelines#BuildRoot_tag
    http://fedoraproject.org/wiki/Packaging:Guidelines#.25clean

[X] The package must be licensed with a Fedora approved license and meet the
      Licensing Guidelines.

[X] The License field in the package spec file must match the actual license.

[!] If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s) for
     the package must be included in %doc.
    Add AGPL-3.txt, BSD-yui.txt, GPL-2.0.txt and LGPL-2.1.txt in %doc section.

[X] The spec file must be written in American English.

[X] The spec file for the package MUST be legible.

[X] The sources used to build the package must match the upstream source, as
      provided in the spec URL.
      Upstream md5sum: dc7905dd57496ee6ca3ee0d21d9d76b7
      Package md5sum: dc7905dd57496ee6ca3ee0d21d9d76b7

[X] The package MUST successfully compile and build into binary rpms on at
     least one primary architecture.
     Build successful on Mock Fedora 15 x86_64
                         Mock Fedora 16 x86_64
                         Mock Fedora Rawhide x86_64

[NA] If the package does not successfully compile, build or work on an
      architecture, then those architectures should be listed in the spec in
      ExcludeArch.

[X] All build dependencies must be listed in BuildRequires, except for any
     that are listed in the exceptions section of the Packaging Guidelines ;
     inclusion of those as BuildRequires is optional.

[NA] The spec file MUST handle locales properly. This is done by using the
      %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.

[X] Every binary RPM package (or subpackage) which stores shared library
      files(not just symlinks) in any of the dynamic linker's default paths,
      must call ldconfig in %post and %postun.

[X] Packages must NOT bundle copies of system libraries.

[NA] If the package is designed to be relocatable, the packager must state
      this fact in the request for review, along with the rationalization for
      relocation of that specific package. Without this, use of Prefix: /usr is
      considered a blocker.

[X] A package must own all directories that it creates. If it does not create
     a directory that it uses, then it should require a package which does
     create that directory.

[X] A Fedora package must not list a file more than once in the spec file's
      %files listings. 

[X] Permissions on files must be set properly. Executables should be set with
     executable permissions, for example. Every %files section must include a
     %defattr(...) line.

[X] Each package must consistently use macros.

[X] The package must contain code, or permissable content.

[NA] Large documentation files must go in a -doc subpackage.

[X] If a package includes something as %doc, it must not affect the runtime
     of the application. To summarize: If it is in %doc, the program must run
     properly if it is not present.

[NA] Header files must be in a -devel package.

[!] Static libraries must be in a -static package.
    rpmls seeks-0.4.0-0.2.RC1.fc16.x86_64.rpm | grep lib*.a
-rw-r--r--  /usr/lib64/seeks/cli/libseekscli.a

[!] If a package contains library files with a suffix (e.g. libfoo.so.1.1),
      then library files that end in .so (without suffix) must go in a -devel
      package.
      Fix rpmlint

[NA] In the vast majority of cases, devel packages must require the base
      package using a fully versioned dependency: Requires: %{name} =
      %{version}-%{release}.

[X] Packages must NOT contain any .la libtool archives, these must be removed
      in the spec if they are built.

[NA] Packages containing GUI applications must include a %{name}.desktop file,
      and that file must be properly installed with desktop-file-install in the
      %install section.

[X] Packages must not own files or directories already owned by other
      packages.

[X] All filenames in rpm packages must be valid UTF-8.

- Your package include some rpaths that must be removed :
rpminfo -r seeks-0.4.0-0.2.RC1.fc16.x86_64.rpm
seeks-0.4.0-0.2.RC1.fc16.x86_64.rpm
	/usr/bin/gen_mrf_query_160	RPATH /usr/lib64/seeks/plugins/uri_capture:/usr/lib64/seeks/plugins/query_capture:/usr/lib64/seeks/plugins/cf:/usr/lib64/seeks/plugins/udb_service:/usr/lib64/seeks/plugins/img_websearch:/usr/lib64/seeks/plugins/websearch:/usr/lib64/seeks/plugins/websearch_api_compat
	/usr/bin/seeks	RPATH /usr/lib64/seeks/plugins/websearch:/usr/lib64/seeks/plugins/websearch_api_compat:/usr/lib64/seeks/plugins/query_capture:/usr/lib64/seeks/plugins/uri_capture:/usr/lib64/seeks/plugins/cf:/usr/lib64/seeks/plugins/udb_service:/usr/lib64/seeks/plugins/img_websearch
	/usr/bin/test_bqc	RPATH /usr/lib64/seeks/plugins/uri_capture:/usr/lib64/seeks/plugins/query_capture:/usr/lib64/seeks/plugins/cf:/usr/lib64/seeks/plugins/udb_service:/usr/lib64/seeks/plugins/img_websearch:/usr/lib64/seeks/plugins/websearch:/usr/lib64/seeks/plugins/websearch_api_compat
	/usr/bin/test_dbqr_compression	RPATH /usr/lib64/seeks/plugins/uri_capture:/usr/lib64/seeks/plugins/query_capture:/usr/lib64/seeks/plugins/cf:/usr/lib64/seeks/plugins/udb_service:/usr/lib64/seeks/plugins/img_websearch:/usr/lib64/seeks/plugins/websearch:/usr/lib64/seeks/plugins/websearch_api_compat
	/usr/bin/user_db_ops	RPATH /usr/lib64/seeks/plugins/uri_capture:/usr/lib64/seeks/plugins/query_capture:/usr/lib64/seeks/plugins/cf:/usr/lib64/seeks/plugins/udb_service:/usr/lib64/seeks/plugins/img_websearch:/usr/lib64/seeks/plugins/websearch:/usr/lib64/seeks/plugins/websearch_api_compat
You can see for more information :
http://fedoraproject.org/wiki/Packaging:Guidelines#Beware_of_Rpath
http://fedoraproject.org/wiki/Packaging:Guidelines#Removing_Rpath

Two additional questions:
- Why :
> # Regenerate tarball after patches
> Source3:        autogen.sh
Also because I don't see it being used anywhere

- Do you plan to have this package in EPEL? If not then some cleaning can be done

Finally, the package as it is does not build for me in a rawhide mock.

(In reply to comment #13)
> Two additional questions:
> - Why :
> > # Regenerate tarball after patches
> > Source3:        autogen.sh
It is used in %build:
   %build
   %{SOURCE3}
   ...
since the configure.ac pattern file is patched (see patch 0), the configure script needs to be regenerated. This is achieved by this script.
By the way, I'll ask also two questions about it:
- where does this autogen.sh script come from? Isn't it possible to call only the autotools tools (autoconf & co)?
- did you report the issue addressed by this patch 0 to the devs? I try to made this patch as generic as possible to be merged upstream. This is also part of the job of Fedora packagers to report such issues and contribute upstream in a same way.

http://wilqu.fr/rpms/seeks/seeks.spec
http://wilqu.fr/rpms/seeks/seeks-0.4.0-0.4.RC1.fc17.src.rpm

I added the licenses files and removed the static library files. I don't plan to make an EPEL package for the moment, so I removed the clean sections.
About rpmlint warnings:
- shared-lib-calls-exit: the libs are only used by seeks, so it's acceptable.
- devel-file-in-non-devel-package: those .so files are needed by seeks
- non-standard-uid: I created a seeks user to run the proxy
- no-manual-page-for-binary: those binaries are not intended to be run directly by the user

According to the guidelines, rpath are acceptable when the libs are not intended to be used outside the package.

> Finally, the package as it is does not build for me in a rawhide mock.
I fixed a compilation problem for i386 archs.

> where does this autogen.sh script come from? Isn't it possible to call only
> the autotools tools (autoconf & co)?
This script comes from an earlier version of seeks which required to run it. I don't know autotools so I don't know which command to run instead.

> did you report the issue addressed by this patch 0 to the devs? 
Yes. See http://redmine.seeks-project.info/issues/432 and http://redmine.seeks-project.info/issues/610

http://wilqu.fr/rpms/seeks/seeks.spec
http://wilqu.fr/rpms/seeks/seeks-0.4.0-0.5.RC2.fc17.src.rpm

Update to 0.4 RC2. Upstream fixed the compilation issues on i386 and integrated the docbook patch.

Package Review
==============

Key:
- = N/A
x = Check
! = Problem
? = Not evaluated



==== C/C++ ====

[x] : MUST - Header files in -devel subpackage, if present.
[x] : MUST - ldconfig called in %post and %postun if required.
[x] : MUST - Package does not contain any libtool archives (.la)
[x] : MUST - Package does not contains kernel modules.
[x] : MUST - Package contains no static executables.
[x] : MUST - Rpath absent or only used for internal libs.
[x] : MUST - Package is not relocatable.
[!] : MUST - Development .so files in -devel subpackage, if present.
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/blocker/libblockerplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/cf/libcfplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/httpserv/libseekshttpservplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/img_websearch/libseeksimgwebsearchplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/no_tracking/libnotrackingplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/query_capture/libquerycaptureplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/udb_service/libudbserviceplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/uri_capture/liburicaptureplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/websearch/libseekswebsearchplugin.so
        seeks-0.4.0-0.5.RC2.fc17.i686.rpm : /usr/lib/seeks/plugins/websearch_api_compat/libseekswebsearchapicompatplugin.so
     The presence of these files have been explained and justified by the reviewee


==== Generic ====

[x] : MUST - Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines.
[x] : MUST - Package successfully compiles and builds into binary rpms on at least one supported architecture.
[x] : MUST - All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines.
[x] : MUST - Package contains no bundled libraries.
[x] : MUST - Changelog in prescribed format.
[x] : MUST - Sources contain only permissible code or content.
[x] : MUST - %config files are marked noreplace or the reason is justified.
[x] : MUST - Each %files section contains %defattr if rpm < 4.4
[x] : MUST - Macros in Summary, %description expandable at SRPM build time.
[x] : MUST - Package requires other packages for directories it uses.
[x] : MUST - Package uses nothing in %doc for runtime.
[x] : MUST - Package is not known to require ExcludeArch.
[x] : MUST - Permissions on files are set properly.
[x] : MUST - Package does not contain duplicates in %files.
[x] : MUST - Spec file lacks Packager, Vendor, PreReq tags.
[x] : MUST - Package run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) and the beginning of %install. (EPEL5)
[x] : MUST - If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[x] : MUST - License field in the package spec file matches the actual license.
[x] : MUST - Package consistently uses macros (instead of hard-coded directory names).
[x] : MUST - Package meets the Packaging Guidelines.
[x] : MUST - Package is named according to the Package Naming Guidelines.
[x] : MUST - No %config files under /usr.
[x] : MUST - Package does not generates any conflict.
[x] : MUST - Package obeys FHS, except libexecdir and /usr/target.
[x] : MUST - Package must own all directories that it creates.
[x] : MUST - Package does not own files or directories owned by other packages.
[x] : MUST - Package installs properly.
[x] : MUST - Requires correct, justified where necessary.
[x] : MUST - Rpmlint output is silent.
      No errors and the warnings have been explained        
        rpmlint seeks-0.4.0-0.5.RC2.fc17.i686.rpm
        ================================================================================
        seeks.i686: W: spelling-error %description -l en_US hashtable -> hash table, hash-table, washable
        seeks.i686: W: shared-lib-calls-exit /usr/lib/libseeksutils.so.0.0.0 exit
        seeks.i686: W: shared-lib-calls-exit /usr/lib/libseekslsh.so.0.0.0 exit
        seeks.i686: W: shared-lib-calls-exit /usr/lib/libseeksproxy.so.0.0.0 exit
        seeks.i686: W: shared-lib-calls-exit /usr/lib/libseeksplugins.so.0.0.0 exit
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/no_tracking/libnotrackingplugin.so
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/query_capture/libquerycaptureplugin.so
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/cf/libcfplugin.so
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/udb_service/libudbserviceplugin.so
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/img_websearch/libseeksimgwebsearchplugin.so
        seeks.i686: W: non-standard-uid /var/lib/seeks seeks
        seeks.i686: W: non-standard-gid /var/lib/seeks seeks
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/uri_capture/liburicaptureplugin.so
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/websearch/libseekswebsearchplugin.so
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/blocker/libblockerplugin.so
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/websearch_api_compat/libseekswebsearchapicompatplugin.so
        seeks.i686: W: non-standard-uid /var/log/seeks seeks
        seeks.i686: W: non-standard-gid /var/log/seeks seeks
        seeks.i686: W: devel-file-in-non-devel-package /usr/lib/seeks/plugins/httpserv/libseekshttpservplugin.so
        seeks.i686: W: no-manual-page-for-binary test_bqc
        seeks.i686: W: no-manual-page-for-binary gen_mrf_query_160
        seeks.i686: W: no-manual-page-for-binary user_db_ops
        seeks.i686: W: no-manual-page-for-binary test_dbqr_compression
        1 packages and 0 specfiles checked; 0 errors, 23 warnings.
        ================================================================================
        
        rpmlint seeks-0.4.0-0.5.RC2.fc17.src.rpm
        ================================================================================
        seeks.src: W: spelling-error %description -l en_US websearch -> web search, web-search, searcher
        seeks.src: W: spelling-error %description -l en_US hashtable -> hash table, hash-table, washable
        1 packages and 0 specfiles checked; 0 errors, 2 warnings.
        ================================================================================
        
        rpmlint seeks-debuginfo-0.4.0-0.5.RC2.fc17.i686.rpm
        ================================================================================
        1 packages and 0 specfiles checked; 0 errors, 0 warnings.
        ================================================================================
        
[x] : MUST - Sources used to build the package matches the upstream source, as provided in the spec URL.
        seeks.logrotate :
          MD5SUM this package     : 5fbdf9c327999605b0f124132f27a27d
          MD5SUM upstream package : upstream source not found
        /home/pingou/Scripts/python/FedoraReview/src/678809/seeks-0.4.0-RC2.tar.gz :
          MD5SUM this package     : dd80c832f80c34c392be5872239a8d9f
          MD5SUM upstream package : dd80c832f80c34c392be5872239a8d9f
        seeks.service :
          MD5SUM this package     : f9d85023278a6628a61d609bfaf01545
          MD5SUM upstream package : upstream source not found
    You have mentioned being in contact with upstream to try to get these files into the sources

[x] : MUST - Spec file is legible and written in American English.
[x] : MUST - Spec file name must match the spec package %{name}, in the format %{name}.spec.
[x] : MUST - Package contains a SysV-style init script if in need of one.
[x] : MUST - File names are valid UTF-8.
[x] : SHOULD - Reviewer should test that the package builds in mock.
[-] : SHOULD - If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it.
[x] : SHOULD - Dist tag is present.
[x] : SHOULD - No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x] : SHOULD - Final provides and requires are sane (rpm -q --provides and rpm -q --requires).
[-] : SHOULD - Package functions as described.
[x] : SHOULD - Package does not include license text files separate from upstream.
[x] : SHOULD - Patches link to upstream bugs/comments/lists or are otherwise justified.
[x] : SHOULD - Scriptlets must be sane, if used.
[x] : SHOULD - SourceX / PatchY prefixed with %{name}.
[x] : SHOULD - SourceX is a working URL.
[x] : SHOULD - Description and summary sections in the package spec file contains translations for supported Non-English languages, if available.
[ ] : SHOULD - Package should compile and build into binary rpms on all supported architectures.
[-] : SHOULD - %check is present and all tests pass.
[x] : SHOULD - Packages should try to preserve timestamps of original installed files.
[x] : SHOULD - Spec use %global instead of %define.

Regarding license, I found:
- BSD
  -> lsh/swl/License.txt
  -> proxy/protobuf_export_format/strutil.cc for example
    grep "Redistributions of source code must retain" -iR ./src/*

- AGPLv3+
  -> proxy/configuration_spec.cpp for example
    grep "GNU affero general" -iR ./src/*

- LGPLv2+
  -> utils/tests/ut-miscutils.cpp for example
    grep "GNU Lesser" -iR ./src/*

- GPLv2+
  -> proxy/cgi.cpp for example
    grep "GNU General" -iR ./src/*

- LGPL with restriction -> compatible with GPL v2 and not v3
  -> proxy/pcrs.cpp

The files rmd160 (under utils) kind of worry me as well.

I would like to ask spot to confirm:
 1) that all these license can be used together
 2) that the license tag used is the correct one
 3) that the files rmd160 can be redistributed

Once we have the go from spot, I will approve this review.

So, the license combination gives me a headache, but I think it all hooks together okay (barely). I've asked Red Hat Legal to double-check it for me.

There is one notable exception to that statement: the ripemd stuff is non-free. We tried to get the upstream copyright holder to resolve the licensing issue in the past, but we were not successful. See:
https://bugzilla.redhat.com/show_bug.cgi?id=452453

So, unless upstream can find a free rmd160 implementation (I am not aware of any that is not either the reference one (which is what this code uses right now) or derived from the reference one) or switches to a different cipher type, this one isn't going into Fedora.

Blocking FE-Legal.

Thanks spot for looking into this, I wish we had done this earlier.

Although, Sébastien you have shown in this review, the other review you requested and the informal reviews you did, that you have understood the packaging guidelines. I will sponsor you in the packager group and next time we'll look sooner to the licenses questions :)

We have opened a ticket concerning the RIPEMD-160 license issue, http://redmine.seeks-project.info/issues/621

I also did write to the author to give them a chance to clear up the point.

Additionally, we are considering the use of mhash library of ciphers that does include RIPEMD-160. Mhash appears to be packaged for Fedora. Would it solve the legal issue ?

ok, just got a word back from RIPEMD authors, and they seem to be willing to change the license. If this takes too long, we can study alternatives, i.e. mhash.

That's great news, especially since we didn't have any luck last time dealing with that University. Can you send me a copy of any emails where they give permission to use the RIPEMD-160 code under a free license?

Alternately, the mhash ripemd implementation seems to be fine. I didn't know it was there.

Hi. I've checked on mhash ripemd implementation and it is a full rewrite under LGPL. Seeks will be moving to mhash within weeks.

So please be patient and I'll notify this thread when the migration to the new library is complete.

Thanks for the great work on packaging Seeks, talk to you again soon!

http://wilqu.fr/rpms/seeks/seeks.spec
http://wilqu.fr/rpms/seeks/seeks-0.4.0-1.src.rpm

Update to version 0.4.0. Also removed rpath. The license issue is not yet solved, but should be in 0.4.1.

There is a "make check" available, but I didn't include it because it fails in mock for an unknown reason. This is not a BR issue since the tests pass when I launch them manually a second time via mock --shell. The tests also fail when you launch them on a machine where seeks is already installed.
See http://redmine.seeks-project.info/issues/627 and http://redmine.seeks-project.info/issues/623.

I see that seeks 0.4.1 is out now, but since http://redmine.seeks-project.info/issues/621 shows changes just made a few hours ago, I don't think the fix for the ripemd issue is present yet (and the rmd160* source files are also still in 0.4.1).

Hopefully this will be resolved soon. :)

Yes, the change was postponed to version 0.4.2. I'm trying to help with my limited knowledge. I created a patch that removes the rmd160 files and submitted it to upstream. The build is successful and seeks seems to work, but I don't know what to test to make sure that the behavior is the same as before, and my patch is certainly not perfect (I don't know autotools very well).

Spec URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks.spec
SRPM URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks-0.4.2-0.3.20130121git9f17d4a.fc18.src.rpm

The non-free files are removed in this version.

There are two new patches that fix new issues. I opened tickets upstream but their redmine is currently down so I can't find them anymore.

This version depends on jsoncpp, which needs a reviewer (bug 882617).

Spec URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks.spec
SRPM URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks-0.4.2-0.4.20130121git9f17d4a.fc18.src.rpm

This version fixes the systemd file so that seeks start after the network service is up. Otherwise seeks fails to start.

Here are the issues I mentionned in the previous comment:
http://redmine.seeks-project.info/issues/709
http://redmine.seeks-project.info/issues/710

Created attachment 775238 [details]
Submitting patch for systemd unitfile

No need to have two entry "After"; Launch process under seeks user; Launch process with --daemon option solve some logging issue (output is caught by journald instead of writing its own log file

I was (re)starting the review of this package but:

+ seems to fail building (both locally and on koji):
http://koji.fedoraproject.org/koji/taskinfo?taskID=5898333

+ I have the impression it's bundling protobuf (see src/proxy/protobuf_export_format)

Other than this, the sources look good and the spec is clean.

Please cleanup the f16 conditional lines.

Please update the systemd scriptlets.

ping?

pong

I will make the requested cleanup and update soon.

(In reply to Sébastien Willmann from comment #33)
> pong
> 
> I will make the requested cleanup and update soon.

What about the legal issue?

The rmd160 files which were the legal issue are gone in the SRPM in comment #27. Lifting FE-Legal.

Spec URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks.spec
SRPM URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks-0.4.2-0.5.20130121git9f17d4a.fc20.src.rpm

- Fixed the build
- Applied Matthieu Saulnier's patch (comment #29)
- Removed f16 conditional lines
- Updated systemd scriptlets, using macros

%triggerun -- %{name} < 0.3.4
/usr/bin/systemd-sysv-convert --save %{name} > /dev/null 2>&1 || :
/sbin/chkconfig --del %{name} > /dev/null 2>&1 || :
/bin/systemctl try-restart %{name}.service > /dev/null 2>&1 || :

Why did you add this?

I added this 3 years ago in version 0.3.4-1 when I moved the service to systemd. Should I remove it now?

(In reply to Sébastien Willmann from comment #38)
> I added this 3 years ago in version 0.3.4-1 when I moved the service to
> systemd. Should I remove it now?

Yes because this package hasn't been approved in pkgdb. Thus the older versions are not available in the repo so users won't be able to upgrade from those versions.

Yes but it is being added to the repo, so there will be updates and if it causes no harm, I am for let it in, plus it allows it to be reviewed here.

Spec URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks.spec
SRPM URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks-0.4.2-0.6.20130121git9f17d4a.fc21.src.rpm

I removed the triggerun part since we don't have to make the migration anyway: https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Packages_migrating_to_a_systemd_unit_file_from_a_SysV_initscript

Better now.

Only overuse of %defattr()

%defattr(0644,root,root,-)
%{_unitdir}/%{name}.service

Please use install -pm644 in %install. Same like %defattr(-,root,root,-)

Spec URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks.spec
SRPM URL: http://wilqu.fedorapeople.org/reviews/seeks/seeks-0.4.2-0.7.20130121git9f17d4a.fc20.src.rpm

I now use install -pm644 for the service file and removed the %defattr(0644,root,root,-) line.

I've been really bad at this review, so I'm dropping the assignment so someone else can pick it up if there is interest.
Sorry about that :(

Sébastien, are you still interested in having this reviewed?  The www.seeks-project.info domain appears to have expired and is parked.  It seems the new homepage is https://beniz.github.io/seeks/, so the URL field in your spec file needs updating.  Some other pointers:

- remove Group tag (https://docs.fedoraproject.org/en-US/packaging-guidelines/#_tags_and_sections)
- use %make_build (https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make)
- use %make_install (https://docs.fedoraproject.org/en-US/packaging-guidelines/#_why_the_makeinstall_macro_should_not_be_used)
- use %license for the licensing files (Licenses and COPYING) (https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/)
- it's no longer necessary to call ldconfig in scriptlets, remove it (https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets)

I am also slightly concerned that this project is dead upstream.  The commit was in 2014.  The last maintainer response to a pull request or issue was 2016.  Skimming https://github.com/beniz/seeks/issues/27 also makes it sound like the maintainer is no longer interested in the project.  Fedora should not be adding dead software.

I agree, this project is dead so it should not be added. Closing the review request.