Bug 680936
| Summary: | Review Request: libssh2-python - Python bindings for the libssh2 library | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Chris Lalancette <clalance> |
| Component: | Package Review | Assignee: | Kaleb KEITHLEY <kkeithle> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | david, fedora-package-review, kkeithle, notting |
| Target Milestone: | --- | Flags: | kkeithle:
fedora-review+
gwync: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-08 15:31:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Chris Lalancette
2011-02-28 15:23:05 UTC
OK, the maintainer got back to me and said: It's the GNU Lesser General Public License v2.1. Maybe I should add a copy of the license to the repository. I've encouraged him to do the latter. For now, I've updated the SPEC file to have this piece of information and rpmlint now says: [clalance@localhost SPECS]$ rpmlint libssh2-python.spec libssh2-python.spec: W: invalid-url Source0: libssh2-python-0.7.1.tar.gz 0 packages and 1 specfiles checked; 0 errors, 1 warnings. [clalance@localhost SPECS]$ rpmlint /home/clalance/rpmbuild/SRPMS/libssh2-python-0.7.1-1.fc14.src.rpm libssh2-python.src: W: invalid-url Source0: libssh2-python-0.7.1.tar.gz 1 packages and 0 specfiles checked; 0 errors, 1 warnings. If you can't find a direct download URL, then put only the filename in SourceX and give download instructions in a comment. Please see http://fedoraproject.org/wiki/Packaging:SourceURL#Using_Revision_Control >> Maybe I should add a copy of the license to the repository. Yes, You should provide license text and contact upstream. http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License_Text -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Please note that no guideline we have should be construed to mean that the packager should add any license text that is not already present in the upstream sources. (In reply to comment #3) > Please note that no guideline we have should be construed to mean that the > packager should add any license text that is not already present in the > upstream sources. I'm not doing that at all. As I said, I was clarifying that with upstream what the license is, and he mentioned that it should be LGPL v2.1. If he doesn't add the license text himself in the next couple of days, I'll submit my own patch to upstream to do that. That being said, I'm confident that this is LGPLv2.1, it just needs to be made explicit. So if someone wants to do the rest of the review, we can get that part out of the way and then have it ready to go once the license terms are in the upstream repository. Chris Lalancette OK, I heard back from the maintainer, and he has added the appropriate license to the repository and the source files. I've uploaded a new version of the spec file and the source RPM here: http://people.redhat.com/~clalance/libssh2-python/libssh2-python.spec http://people.redhat.com/~clalance/libssh2-python/libssh2-python-0.7.1-2.fc14.src.rpm rpmlint says: [clalance@localhost SPECS]$ rpmlint libssh2-python.spec libssh2-python.spec: W: invalid-url Source0: libssh2-python-0.7.1.tar.gz 0 packages and 1 specfiles checked; 0 errors, 1 warnings. [clalance@localhost SPECS]$ rpmlint /home/clalance/rpmbuild/SRPMS/libssh2-python-0.7.1-2.fc14.src.rpm libssh2-python.src: W: invalid-url Source0: libssh2-python-0.7.1.tar.gz 1 packages and 0 specfiles checked; 0 errors, 1 warnings. (new) fedora guidelines say:
+ BuildRoot is unnecessary, just get rid of it
+ %defattr, ditto
+ %clean, ditto
[ OK ] MUST: rpmlint must be run on every package
[ OK ] MUST: The package must be named according to the Package Naming
Guidelines
[ OK ] MUST: The spec file name must match the base package %{name} [...]
[ OK ] MUST: The package must meet the Packaging Guidelines
[ OK ] MUST: The package must be licensed with a Fedora approved license
and meet the Licensing Guidelines
[ OK ] MUST: The License field in the package spec file must match the
actual license
[ OK ] MUST: If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of
the license(s) for the package must be included in %doc
[ OK ] MUST: The spec file must be written in American English.
[ OK ] MUST: The spec file for the package MUST be legible.
[ ] MUST: The sources used to build the package must match the upstream
source, as provided in the spec URL. Reviewers should use md5sum for
this task. If no upstream URL can be specified for this package,
please see the Source URL Guidelines for how to deal with this.
[ OK ] MUST: The package MUST successfully compile and build into binary
rpms on at least one primary architecture
[ N/A ] MUST: If the package does not successfully compile, build or work on
an architecture, then those architectures should be listed in the
spec in ExcludeArch. Each architecture listed in ExcludeArch MUST
have a bug filed in bugzilla, describing the reason that the package
does not compile/build/work on that architecture. The bug number MUST
be placed in a comment, next to the corresponding ExcludeArch line
[ OK ] MUST: All build dependencies must be listed in BuildRequires, except
for any that are listed in the exceptions section of the Packaging
Guidelines ; inclusion of those as BuildRequires is optional. Apply
common sense.
[ OK ] MUST: The spec file MUST handle locales properly. This is done by
using the %find_lang macro. Using %{_datadir}/locale/* is strictly
forbidden
[ N/A ] MUST: Every binary RPM package (or subpackage) which stores shared
library files (not just symlinks) in any of the dynamic linker's
default paths, must call ldconfig in %post and %postun.
[ N/A ] MUST: If the package is designed to be relocatable, the packager must
state this fact in the request for review, along with the
rationalization for relocation of that specific package. Without
this, use of Prefix: /usr is considered a blocker.
[ OK ] MUST: A package must own all directories that it creates. If it does
not create a directory that it uses, then it should require a package
which does create that directory.
[ OK ] MUST: A package must not contain any duplicate files in the %files
listing.
[ OK ] MUST: Each package must consistently use macros.
[ OK ] MUST: The package must contain code, or permissable content.
[ OK ] MUST: Large documentation files must go in a -doc subpackage. (The
definition of large is left up to the packager's best judgement, but
is not restricted to size. Large can refer to either size or
quantity).
[ OK ] MUST: If a package includes something as %doc, it must not affect the
runtime of the application. To summarize: If it is in %doc, the
program must run properly if it is not present.
[ N/A ] MUST: Header files must be in a -devel package.
[ N/A ] MUST: Static libraries must be in a -static package.
[ N/A ] MUST: Packages containing pkgconfig(.pc) files must 'Requires:
pkgconfig' (for directory ownership and usability).
[ N/A ] MUST: If a package contains library files with a suffix (e.g.
libfoo.so.1.1), then library files that end in .so (without suffix)
must go in a -devel package.
[ N/A ] MUST: In the vast majority of cases, devel packages must require the
base package using a fully versioned dependency: Requires: %{name} =
%{version}-%{release}
[ N/A ] MUST: Packages must NOT contain any .la libtool archives, these must
be removed in the spec if they are built.
[ N/A ] MUST: Packages containing GUI applications must include a
%{name}.desktop file, and that file must be properly installed with
desktop-file-install in the %install section. If you feel that your
packaged GUI application does not need a .desktop file, you must put
a comment in the spec file with your explanation.
[ OK ] MUST: Packages must not own files or directories already owned by
other packages. The rule of thumb here is that the first package to
be installed should own the files or directories that other packages
may rely upon. This means, for example, that no package in Fedora
should ever share ownership with any of the files or directories
owned by the filesystem or man package. If you feel that you have a
good reason to own a file or directory that another package owns,
then please present that at package review time.
[ OK ] MUST: At the beginning of %install, each package MUST run rm -rf
%{buildroot} (or $RPM_BUILD_ROOT).
[ OK ] MUST: All filenames in rpm packages must be valid UTF-8.
[ ] SHOULD query upstream to include it.
[ N/A ] SHOULD: The description and summary sections in the package spec file
should contain translations for supported Non-English languages, if
available.
[ N/A ] SHOULD: The reviewer should test that the package builds in mock.
[ SKIP ] SHOULD: The package should compile and build into binary rpms on all
supported architectures.
[ ] SHOULD: The reviewer should test that the package functions as
described. A package should not segfault instead of running, for
example.
[ N/A ] SHOULD: If scriptlets are used, those scriptlets must be sane. This is
vague, and left up to the reviewers judgement to determine sanity.
[ N/A ] SHOULD: Usually, subpackages other than devel should require the base
package using a fully versioned dependency.
[ N/A ] SHOULD: The placement of pkgconfig(.pc) files depends on their
usecase, and this is usually for development purposes, so should be
placed in a -devel pkg. A reasonable exception is that the main pkg
itself is a devel tool not installed in a user runtime, e.g. gcc or
gdb.
[ N/A ] SHOULD: If the package has file dependencies outside of /etc, /bin,
/sbin, /usr/bin, or /usr/sbin consider requiring the package which
provides the file instead of the file itself.
[ ] SHOULD: your package should contain man pages for binaries/scripts. If
it doesn't, work with upstream to add them where they make sense.[34]
(In reply to comment #6) > (new) fedora guidelines say: > + BuildRoot is unnecessary, just get rid of it > + %defattr, ditto > + %clean, ditto Thanks for the review. I had submitted this package before I knew about those new guidelines, so thanks for the reminder. I've now fixed those and uploaded new versions of the spec and SRPM to the same place. Kaleb, in general when reviewing packages the procedure is to assign the bug to yourself, set the state to ASSIGNED, and also set the fedora-review flag to ?. Once you are satisfied that the package meets criteria, you then switch the fedora-review flag to +, and then I'll complete the rest of the process. Thanks again, Chris Lalancette Chris: Please increment release in your spec/srpm when making changes even if trivial, it makes it much easier on the reviewer when installing your SRPM. http://fedoraproject.org/wiki/Packaging:NamingGuidelines#Release_Tag In your source URL is there a reason you can't use this as the source URL? https://github.com/wallunit/ssh4py/zipball/0.7.1 It would still have to be a commented troublesome source url, and it'd screw up the macros, but at least it permits upstream source to be verifiable, and less work for others. I don't see it as a blocker, but perhaps something to consider. Kaleb: Can you run rpmlint on this package (spec file, SRPM, and binary RPM(s)) and paste the content in the review. Can you also paste the result of md5sum comparing source in srpm and at Source URL? In this particular case it won't work because of the special means to get to a tarball, but that at least needs to be commented in the review. Thanks for taking this on. A quick other comment, the license field is incorrect: It's currently set as LGPLv2 when it should be LGPLv2+. The source files have the 'or (at your option) any later version.' clause in the license declaration of the actual source. (In reply to comment #8) > Chris: > > Please increment release in your spec/srpm when making changes even if trivial, > it makes it much easier on the reviewer when installing your SRPM. > > http://fedoraproject.org/wiki/Packaging:NamingGuidelines#Release_Tag > > In your source URL is there a reason you can't use this as the source URL? > https://github.com/wallunit/ssh4py/zipball/0.7.1 > It would still have to be a commented troublesome source url, and it'd screw up > the macros, but at least it permits upstream source to be verifiable, and less > work for others. I don't see it as a blocker, but perhaps something to > consider. You are right, I didn't know about the zipball thing. I've updated the SPEC now. (In reply to comment #9) > A quick other comment, the license field is incorrect: > > It's currently set as LGPLv2 when it should be LGPLv2+. The source files have > the 'or (at your option) any later version.' clause in the license declaration > of the actual source. Oh, right. I've fixed this as well. A new version of the SPEC and SRPM are available: http://people.redhat.com/clalance/libssh2-python/libssh2-python-0.7.1-3.fc14.src.rpm http://people.redhat.com/clalance/libssh2-python/libssh2-python.spec % rpmlint SPECS/libssh2-python.spec 0 packages and 1 specfiles checked; 0 errors, 0 warnings. % rpmlint SRPMS/libssh2-python-0.7.1-3.fc14.src.rpm libssh2-python.src: I: enchant-dictionary-not-found en_US libssh2-python.src: W: file-size-mismatch libssh2-python-0.7.1.tar.gz = 23152, https://github.com/wallunit/ssh4py/zipball/0.7.1/libssh2-python-0.7.1.tar.gz = 20754 1 packages and 0 specfiles checked; 0 errors, 1 warnings % rpmlint RPMS/x86_64/libssh2-python-0.7.1-3.fc15.x86_64.rpm libssh2-python.x86_64: I: enchant-dictionary-not-found en_US libssh2-python.x86_64: W: private-shared-object-provides /usr/lib64/python2.7/site-packages/libssh2.so libssh2.so()(64bit) 1 packages and 0 specfiles checked; 0 errors, 1 warnings. % md5sum SOURCES/libssh2-python-0.7.1.tar.gz 2d60794fd29adeaa6071c252335c3608 SOURCES/libssh2-python-0.7.1.tar.gz % md5sum Downloads/wallunit-ssh4py-0.7.1-0-ga041047.zip 6f967df328fcbe615593f914f7e777a5 wallunit-ssh4py-0.7.1-0-ga041047.zip Thanks Kaleb! New Package SCM Request ======================= Package Name: libssh2-python Short Description: Python bindings for the libssh2 library Owners: clalance Branches: InitialCC: Git done (by process-git-requests). |