Bug 768894

rpmlint output:

haven.spec:57: W: configure-without-libdir-spec
haven.spec: W: invalid-url Source1: haven-icons-0.0.2.tar.gz
haven.spec: W: invalid-url Source0: haven-0.0.2.tar.gz

(In reply to comment #1)
> haven.spec: W: invalid-url Source1: haven-icons-0.0.2.tar.gz
> haven.spec: W: invalid-url Source0: haven-0.0.2.tar.gz

If you can't provide the full URL to these sources in SourceN for some reason, you need to add a comment indicating how to obtain them.  For more information, see:
http://fedoraproject.org/wiki/Packaging:SourceURL

You used "haven-gtkgui" as the subpackage for the GUI application, but most Fedora packages use subpackages like "haven-gtk".  Consider changing it to be consistent with existing packages.

You call the "-full" subpackage the "Basic version" in the summary.  I think you got that backwards.  ;-)

Also, consider briefly articulating the difference between the full and basic versions in the %description, to assist users in deciding which one to install.  (See "yum info vim-minimal vim-enhanced" for an example.)

One More Thing...unless the GUI is guaranteed to work with any version of the software always and forever, you probably want to version that dependency, e.g.:

Requires:  haven = %{version}-%{release}

Hi T.C.,

thank you very much for the review.

I've made the suggested changes to the spec file and re-packaged the application:

Spec URL: http://www.dbenini.com/haven/fedora/haven.spec
SRPM URL: http://www.dbenini.com/haven/fedora/haven-0.0.2-3.fc16.src.rpm


* Koji scratch build info:

https://koji.fedoraproject.org/koji/taskinfo?taskID=3603971


* rpmlint output:

$ rpmlint -v haven.spec
haven.spec:60: W: configure-without-libdir-spec
haven.spec: W: invalid-url Source1: haven-icons-0.0.2.tar.gz
haven.spec: I: checking-url http://downloads.sourceforge.net/safe-haven/haven-0.0.2.tar.gz (timeout 10 seconds)
0 packages and 1 specfiles checked; 0 errors, 2 warnings.

$ rpmlint -v haven
haven.x86_64: I: checking
haven.x86_64: I: checking-url http://sourceforge.net/projects/safe-haven/ (timeout 10 seconds)
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

$ rpmlint -v haven-enhanced
haven-enhanced.x86_64: I: checking
haven-enhanced.x86_64: I: checking-url http://sourceforge.net/projects/safe-haven/ (timeout 10 seconds)
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

$ rpmlint -v haven-gtk
haven-gtk.x86_64: I: checking
haven-gtk.x86_64: I: checking-url http://sourceforge.net/projects/safe-haven/ (timeout 10 seconds)
haven-gtk.x86_64: W: no-documentation
haven-gtk.x86_64: W: no-manual-page-for-binary ghaven
1 packages and 0 specfiles checked; 0 errors, 2 warnings.

Some comments:

1) BuildRoot tag is no longer required
2) Removing %{buildroot} in the %install section is no longer required
3) %clean section no longer required
4) defattr in %files section is no longer required

Thank you Jamie,

I removed useless sections and tags as suggested.

* Updated spec file and source RPM:

Spec URL: http://www.dbenini.com/haven/fedora/haven.spec
SRPM URL: http://www.dbenini.com/haven/fedora/haven-0.0.2-4.fc16.src.rpm

* Koji scratch build info:

http://koji.fedoraproject.org/koji/taskinfo?taskID=3784798

No, I'm no reviewer. Still, I have some remarks and questions:

The upstream version is 0.0.2, whereas the specfile's version is 0_0_2,
indirectly set using a macro. Basically, the Version: tag should reflect
the upstream version i. e. "Version: 0.0.2". Note that from that point
an implicit %{version} macro is defined, which you can use to derive
0_0_2 which is used in many places.

The "%global _configure ../../configure" macro is not used and can be removed.
The %{__mkdir_p} type of macros are not used in Fedora, plain 'mkdir -p' is fine
See http://fedoraproject.org/wiki/Packaging:Guidelines#macros

The source seems to be GPLv3 or later i. e., "License: GPLv3+" ?

Backup software is sensitive... Maybe you should  enable PIE? See
http://fedoraproject.org/wiki/Packaging:Guidelines#PIE

Why have you called the desktop file ghaven.desktop? The normal convention
is to use the package name i. e., haven.desktop or haven-gtk.desktop? The
same question applies to the icons.

In the %files section, you have entries like %{_mandir}/man1/haven.1.gz.
These are better written %{_mandir}/man1/*, partly for simplicity, partly
because the .gz suffix might change in the future.

Since the %check target is empty, you might as well remove it.

You have a configure-without-libdir-spec warning. Add --libdir=%{_libdir} to
the configure calls so that configure knows where to install (lib/lib64).

You have an empty-debuginfo-package rpmlint warning. This might be because of
the install-strip targets used, if they indeed strip the code. Basically,
you should not strip the code but instead build it with debugging enabled.
rpmbuild strips it while postprocessing, using the debuginfo in the debug
package.


Hope this helps,

--a

Non-trivial to review because a few more iterations will be needed, it seems.


> The upstream version is 0.0.2, whereas the specfile's version is 0_0_2,
> indirectly set using a macro.

Not true. Let's take a look:

| %global src_verstr 0.0.2
| %global rpm_verstr %(echo %src_verstr | sed -e 's/-/_/g')
| 
| Version: %rpm_verstr

It would substitute '-' with '_', but currently there is no '-' in "0.0.2".

This has been taken over from the spec included in the tarball.
It's dubious for a few reasons.

If the upstream version string ever contained a '-', the entire version would need to be mapped into Fedora's versioning schemes. (For example: 0.0.2-beta1 => apply Fedora's pre-release versioning scheme, which is *not* 0.0.2_beta1.)

In general, it can be beneficial to do

  %global tar_ver 0.0.2
  Version: 0.0.2
  ...

if %tar_ver frequently contains stuff like "-alphaX", "-rcX", which need to be moved into the %release value. Then one can use the different %tar_ver and %version in other places of the spec file.

What shouldn't be done is something close to

  %global version 0.0.2
  Version: %version

because the "Version" tag already defines %version, and it makes no sense to redefine it.

An example from the spec that can lead to problems:

> Requires: %{name} = %{src_verstr}-%{release}

Here you should use %version instead of %src_verstr, or else you could not split wisely between RPM-compatible and Fedora-compatible version values and upstream version values.

Btw, the following applies, too:
https://fedoraproject.org/wiki/Packaging:Guidelines#Requiring_Base_Package

But why do the subpackages depend on the "haven" package? Is it for files in that package? A comment in the spec should explain the dependency.


> Requires(post): /usr/bin/gtk-update-icon-cache
> Requires(postun): /usr/bin/gtk-update-icon-cache

That's not Fedora's way to add such dependencies:
https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Icon_Cache


> The "%global _configure ../../configure" macro is not used and can
> be removed.

It _is_ used to alter the %configure macro.



> You have a configure-without-libdir-spec warning. Add --libdir=%{_libdir}

rpmlint false positive, it seems.


> %description
> Haven backup system. 
> 
> Next Generation Backup System, from desktop personal backup to
> Enterprise Disaster Recovery.

This description is somewhat strange. No full sentences and weird usage of uppercase characters. Why not

"Haven aims at becoming a next generation backup system, from desktop personal backup to enterprise-class disaster recovery."


> %install
...
> mv "icons" "%{buildroot}/%{_datadir}/"

Caution! Please don't break --short-circuit installs. Copy or install files from within the build dir, don't move them.

Alec, Michael,

thank you for your comments.

I will analyse your suggestions (and discuss some of them with upstream) and then I'll come back with a new version of the package.

So, over three months later, was there ever any progress here?

Sorry for the long delay,

I've made the following changes to the spec file and re-packaged the application:
- removed macro forms of system executables, i.e. %{__mkdir_p} macros
- changed license from GPLv3 to GPLv3+
- enabled PIE
- replaced .gz man files suffix with .* in %files section
- removed %check target since it was empty
- replaced "install-strip" make rule with plain "install"
- removed %src_verstr and %rpm_verstr definition to avoid confusion. %src_verstr will be reintroduced if necessary, but at the moment only %version is used
- removed subpackages dependency from the "haven" (base) package including licence texts in each subpackage
- removed /usr/bin/gtk-update-icon-cache requirement
- changed description
- files are now copied, not moved, from within the build dir

* Updated spec file and source RPM:

Spec URL: http://www.dbenini.com/haven/fedora/haven.spec
SRPM URL: http://www.dbenini.com/haven/fedora/haven-0.0.2-5.fc16.src.rpm

* Koji scratch build info:

http://koji.fedoraproject.org/koji/taskinfo?taskID=4225990

When I wanted to take another look at it, it failed to build for Fedora 17 due to the header changes in glib2 ("Only <glib.h> can be included directly.").

Indeed, fails to build for me in rawhide as well.

Hi all,

Unfortunately my previous Bugzilla account has been disabled and I'm still trying to figure out how to move this package review to my new account.

Anyway, I fixed the Fedora 17+ build issue:

Spec URL: http://www.dbenini.com/haven/fedora/haven.spec
SRPM URL: http://www.dbenini.com/haven/fedora/haven-0.0.2-6.fc17.src.rpm

* Koji scratch build info:

http://koji.fedoraproject.org/koji/taskinfo?taskID=4575069
http://koji.fedoraproject.org/koji/taskinfo?taskID=4575082
http://koji.fedoraproject.org/koji/taskinfo?taskID=4575129

Since mere mortals cannot change the "Reporter" field in bugzilla, one way to transfer the ticket to you would be to clone it, 
  https://bugzilla.redhat.com/enter_bug.cgi?cloned_bug_id=768894
and then continue there.

I cloned the ticket as suggested by Michael, please continue here:
https://bugzilla.redhat.com/show_bug.cgi?id=870853

Thank you Michael, awesome source!

*** This bug has been marked as a duplicate of bug 870853 ***