Bug 710203

Summary: Review Request: gambas3 - IDE based on a basic interpreter with object extensions
Product: [Fedora] Fedora Reporter: Tom "spot" Callaway <tcallawa>
Component: Package ReviewAssignee: Gwyn Ciesla <gwync>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, gwync, hdegoede, kevin, notting
Target Milestone: ---Flags: gwync: fedora-review+
gwync: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gambas3-2.99.4-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-25 03:33:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
rpmlint
none
rpmlint, phase 2, in which Doris gets her oats. none

Description Tom "spot" Callaway 2011-06-02 16:39:53 UTC
Spec URL: http://www.auroralinux.org/people/spot/review/new/gambas3.spec
SRPM URL: http://www.auroralinux.org/people/spot/review/new/gambas3-2.99.1-1.fc15.src.rpm
Description: 
Gambas3 is a free development environment based on a Basic interpreter
with object extensions, like Visual Basic (but it is NOT a clone !).
With Gambas3, you can quickly design your program GUI, access MySQL or
PostgreSQL databases, pilot KDE applications with DCOP, translate your
program into many languages, create network applications easily, and so
on...
Koji Scratch Build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=3106353

Please note:

Gambas3 is packaged a bit... uniquely, because of how it works. Gambas is an IDE that generates RPM packages of the software coded within it. These packages are created with assumptions about the Gambas dependencies, hence, the somewhat unique decision choices.

See: http://gambasdoc.org/help/howto/package#t1

In addition, rpmlint throws quite a few errors and warnings on the -examples subpackage, like this:

gambas3-examples.x86_64: E: world-writable /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L
gambas3-examples.x86_64: E: non-standard-executable-perm /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L
gambas3-examples.x86_64: W: hidden-file-or-dir /usr/share/gambas3/examples/Sound/MusicPlayer/.startup
gambas3-examples.x86_64: W: hidden-file-or-dir /usr/share/gambas3/examples/Automation/DBusExplorer/.startup

The examples contain hidden files (necessary for Gambas3), and must be world-writable for Gambas3 users to open/compile/run the example files.

Comment 1 Kevin Kofler 2011-06-07 13:17:26 UTC
Is the kdelibs3-devel dependency still current? I don't see any KDE 3 module being built, nor do I see the dependency listed in upstream's documentation.

Comment 2 Tom "spot" Callaway 2011-06-07 18:35:25 UTC
Yeah, I think that is bogus. Good catch.

New SPEC: http://www.auroralinux.org/people/spot/review/new/gambas3.spec
New SRPM: http://www.auroralinux.org/people/spot/review/new/gambas3-2.99.1-2.fc15.src.rpm

Comment 3 Gwyn Ciesla 2011-08-08 20:09:21 UTC
In progress. . .

Comment 4 Hans de Goede 2011-08-09 07:57:22 UTC
Hi,

(In reply to comment #0)
> Spec URL: http://www.auroralinux.org/people/spot/review/new/gambas3.spec
> In addition, rpmlint throws quite a few errors and warnings on the -examples
> subpackage, like this:
> 
> gambas3-examples.x86_64: E: world-writable
> /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L
> gambas3-examples.x86_64: E: non-standard-executable-perm
> /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L
> gambas3-examples.x86_64: W: hidden-file-or-dir
> /usr/share/gambas3/examples/Sound/MusicPlayer/.startup
> gambas3-examples.x86_64: W: hidden-file-or-dir
> /usr/share/gambas3/examples/Automation/DBusExplorer/.startup
> 
> The examples contain hidden files (necessary for Gambas3), and must be
> world-writable for Gambas3 users to open/compile/run the example files.

First of all I'm not going to review this, so in the end it is Jon's calls whether or not this is ok. But to me world writable files under /usr/share just seem very wrong and thus unacceptable. How about a helper script which copies one or more  examples to $HOME, and some README telling the user to run that and open the copy?

Regards,

Hans

Comment 5 Gwyn Ciesla 2011-08-09 16:00:05 UTC
Created attachment 517439 [details]
rpmlint

Yeah, it's a lot, so I'm not pasting, I'm attaching.

It's mostly bad fsf address, with the perm issues and some shebangless scripts tossed in.

I agree with Hans, but am willing to entertain a compelling argument to the contrary.

Comment 6 Tom "spot" Callaway 2011-08-09 16:08:39 UTC
Without it, the examples don't work. The IDE assumes the examples are present in that directory and in that state, and displays them on startup. Either they keep this permission set (just like Gambas1 and Gambas2), or I get bug reports and upstream complaining that I'm not in compliance with their packaging standard.

I don't see world-writable example files in a contained directory below /usr/share as a concern. Odd, yes, but not a blocker.

Comment 7 Gwyn Ciesla 2011-08-09 16:21:05 UTC
So there's no way if I edit an example to do something nefarious on my kids's machine, then when my daughter runs the example, it can't email her private files to my son?

Comment 8 Tom "spot" Callaway 2011-08-09 16:30:08 UTC
Hm. Point taken. I'll try to think of some other way to do this, if nothing else, I'll just break the examples functionality.

Comment 9 Gwyn Ciesla 2011-08-09 16:57:03 UTC
Momma always said, if upstream does something insecure, fix it.

I mean she didn't, but I could call her and . .. never mind.

Comment 10 Tom "spot" Callaway 2011-08-09 20:11:40 UTC
Turns out that Gambas3 doesn't need those permissions at all. Silly old me.

They're gone now.

New SRPM: http://spot.fedorapeople.org/gambas3-2.99.1-3.fc15.src.rpm
New SPEC: http://spot.fedorapeople.org/gambas3.spec

Comment 11 Gwyn Ciesla 2011-08-10 15:02:44 UTC
Created attachment 517637 [details]
rpmlint, phase 2, in which Doris gets her oats.

Ah, much better then.  Next iteration.

Comment 12 Tom "spot" Callaway 2011-08-11 16:29:34 UTC
New SRPM: http://spot.fedorapeople.org/gambas3-2.99.2-1.fc15.src.rpm
New SPEC: http://spot.fedorapeople.org/gambas3.spec

I think that all the rpmlint errors are now safe to ignore (hidden-files, missing docs, one incorrect FSF address)

Comment 13 Gwyn Ciesla 2011-08-18 02:10:33 UTC
Good:

- rpmlint checks return:

See above, OK.  I don't love them, but they make sense. :)

- package meets naming guidelines
- package meets packaging guidelines
- license ( ) OK, text in %doc, matches source
- spec file legible, in am. english
- source matches upstream
- package compiles on devel (x86)
- no unnecessary BR
- no locales
- not relocatable
- owns all directories that it creates
- no duplicate files
- permissions ok
- %clean ok
- macro use consistent
- code, not content
- no need for -docs
- nothing in %doc affects runtime
- no need for .desktop file
- devel package ok
- post/postun ldconfig ok

FIX and/or comment on:
- no .la files
- devel requires base package n-v-r 

PENDING MOCK BUILD:
- no missing BR

Comment 14 Gwyn Ciesla 2011-08-18 03:08:34 UTC
BRs are fine.

Comment 15 Tom "spot" Callaway 2011-09-06 16:50:43 UTC
2.99.3 packages:

New SRPM: http://spot.fedorapeople.org/gambas3-2.99.3-1.fc15.src.rpm
New SPEC: http://spot.fedorapeople.org/gambas3.spec

Comment 16 Gwyn Ciesla 2011-09-07 19:16:18 UTC
Ok, now we have an invalid Source URL, and the devel still doesn't require the main RPM.

Comment 17 Tom "spot" Callaway 2011-09-07 19:26:33 UTC
There is no "main" RPM. The closest thing is the -runtime, so I've made devel require -runtime.

As to the invalid Source URL, I cannot reproduce that (assuming you're talking about Source0):

[spot@pterodactyl SPECS]$ wget http://downloads.sourceforge.net/gambas/gambas3-2.99.3.tar.bz2
--2011-09-07 15:23:51--  http://downloads.sourceforge.net/gambas/gambas3-2.99.3.tar.bz2
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2 [following]
--2011-09-07 15:23:51--  http://downloads.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://voxel.dl.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2 [following]
--2011-09-07 15:23:51--  http://voxel.dl.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2
Resolving voxel.dl.sourceforge.net... 74.63.46.131, 74.63.46.132, 74.63.46.133, ...
Connecting to voxel.dl.sourceforge.net|74.63.46.131|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8459327 (8.1M) [application/x-bzip2]
Saving to: “gambas3-2.99.3.tar.bz2”

100%[=======================================================================================================================================>] 8,459,327   1.12M/s   in 7.3s    

2011-09-07 15:23:59 (1.11 MB/s) - “gambas3-2.99.3.tar.bz2” saved [8459327/8459327]

******
Oh, and gambas actually uses the .la files, iirc. It's special.

New SRPM: http://spot.fedorapeople.org/gambas3-2.99.3-2.fc15.src.rpm
New SPEC: http://spot.fedorapeople.org/gambas3.spec

Comment 18 Gwyn Ciesla 2011-09-09 12:58:11 UTC
Let's call it a network fluke, then.

APPROVED.

Comment 19 Tom "spot" Callaway 2011-09-12 17:31:39 UTC
New Package SCM Request
=======================
Package Name: gambas3
Short Description: IDE based on a basic interpreter with object extensions
Owners: spot
Branches: f14 f15 f16
InitialCC:

Comment 20 Gwyn Ciesla 2011-09-12 17:39:04 UTC
Git done (by process-git-requests).

Comment 21 Fedora Update System 2011-09-14 15:35:55 UTC
gambas3-2.99.3-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/gambas3-2.99.3-2.fc15

Comment 22 Fedora Update System 2011-09-14 15:36:04 UTC
gambas3-2.99.3-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/gambas3-2.99.3-2.fc14

Comment 23 Fedora Update System 2011-09-14 15:36:13 UTC
gambas3-2.99.3-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/gambas3-2.99.3-2.fc16

Comment 24 Fedora Update System 2011-09-14 16:56:48 UTC
gambas3-2.99.3-2.fc16 has been pushed to the Fedora 16 testing repository.

Comment 25 Fedora Update System 2011-09-25 03:33:17 UTC
gambas3-2.99.3-2.fc14 has been pushed to the Fedora 14 stable repository.

Comment 26 Fedora Update System 2011-09-25 03:50:08 UTC
gambas3-2.99.3-2.fc15 has been pushed to the Fedora 15 stable repository.

Comment 27 Fedora Update System 2011-09-26 16:15:02 UTC
gambas3-2.99.4-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/gambas3-2.99.4-1.fc15

Comment 28 Fedora Update System 2011-09-26 16:15:10 UTC
gambas3-2.99.4-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/gambas3-2.99.4-1.fc16

Comment 29 Fedora Update System 2011-09-26 16:15:20 UTC
gambas3-2.99.4-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/gambas3-2.99.4-1.fc14

Comment 30 Fedora Update System 2011-10-04 21:14:10 UTC
gambas3-2.99.4-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 31 Fedora Update System 2011-10-05 03:54:55 UTC
gambas3-2.99.4-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 32 Fedora Update System 2011-10-05 03:57:24 UTC
gambas3-2.99.4-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.