Bug 817271

Updating metadata

Updating to 6.1, new links:
spec: http://dl.dropbox.com/u/17870887/openerp-6.1/openerp.spec
srpm: http://dl.dropbox.com/u/17870887/openerp-6.1/openerp-6.1-1.fc16.src.rpm

The URL of Source0 in 6.1 specfile seems 404.

And if you change the name of the package, you should update the title of this report.

And the summary is missed in the title.

Thanks for input. However, note the 'NotReady' whiteboard status: this is a work in progress not ready for review.

As of now, the python-xlwt dependency is only available in rawhide.

And as of now python-xlwt is in updates-testing for F16 and F17

The test tool openerp-client is under review in bug 818805.

I think this bug is ready for review.

Ok, licenses is one of my weak points and I'm not sure you have all the bases covered but I could definitely be wrong :)

Licenses detected in source:
$ licensecheck -r . | awk -F ": " '{ print $2 }' | sort | uniq -c
      1 AGPL
     22 AGPL (v2.1 or later) LGPL (v2.1 or later)
   1276 AGPL (v3 or later)
      9 AGPL (v3 or later) GENERATED FILE
      2 AGPL (v3 or later) LGPL (v3 or later)
      5 BSD (2 clause)
      6 BSD (3 clause)
      7 BSD (4 clause)
     43 GPL
      2 GPL GENERATED FILE
     40 GPL (v2 or later)
     41 GPL (v3 or later)
      1 LGPL
      1 *No copyright* AGPL (v3 or later)
     43 *No copyright* GENERATED FILE
    161 *No copyright* UNKNOWN
      4 UNKNOWN

Is just using "AGPLv3+" good enough to cover all of the AGPLs listed? Same for GPL. Also, BSD (4 clause) should be referenced as "BSD with advertising"...

Also, it's never OK to patch licenses. The bad FSF address is not considered a blocker but it is recommended to at least tell upstream about it. You might as well send them your patch.

Duh, I looked at your LICENSING file... never mind. But perhaps using the guidelines version of the comment and file name would be good?

# For a breakdown of the licensing, see PACKAGE-LICENSING

(In reply to comment #8)
> Also, it's never OK to patch licenses. The bad FSF address is not considered
> a blocker but it is recommended to at least tell upstream about it. You
> might as well send them your patch.

License files can't be patched, agreed. But license text in source can be patched, see https://fedoraproject.org/wiki/Common_Rpmlint_issues#incorrect-fsf-address (OK, I actually wrote that :), but it's still kind of a reference)

(In reply to comment #9)
> Duh, I looked at your LICENSING file... never mind. But perhaps using the
> guidelines version of the comment and file name would be good?
> 
> # For a breakdown of the licensing, see PACKAGE-LICENSING

Sure, I can change it according to that. 

I read this as you hadn't noticed the break-down when you wrote comment #7

Holding updated links in wait for more remarks or conclusions.

(In reply to comment #10)
> (In reply to comment #8)
> > Also, it's never OK to patch licenses.[cut] You
> > might as well send them your patch.
Already done, see the comment attached to the patch.

(In reply to comment #11)
> (In reply to comment #10)
> > (In reply to comment #8)
> > > Also, it's never OK to patch licenses.[cut] You
> > > might as well send them your patch.
> Already done, see the comment attached to the patch.

Yup, sorry. I use puTTY at work to ssh into my home machine and the blue on black is almost unreadable :)

I would just drop the patch since it's not a blocker and let it be fixed on the next upstream release.

If you insist, I will certainly drop it. But I prefer to use it - it's a question of keeping rpmlint output at a reasonable size. Without the patch, the output is just insane.

And since the guidelines allows it, why not? Of course, if they release another version without applying the patch it's some work. But it's generated by a script, so I'm not that worried. I can even drop it at an update. But for the review, I think it's an advantage to keep it. 

But, like I said, it's your decision.

Nah, good enough for me.

Ok, now that the whole freecad, pycxx, zipios issues on my end are done, time to get back to this. Working on the full review.

Ok, a couple of nit-picks:

1. The source tag could use the %name and %version tags a little more:
Source0:    http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
could be:
Source0:    http://nightly.openerp.com/%{version}/nightly/src/%{name}-%{version}%{oe_rel}.tar.gz

unless the 6.1 doesn't get the patch level version number when/if it occurs. 

2. If your using "install" to install additional files from the source then you need to add the -p option to preserve time stamps, i.e.:

install -m 644 -D install/openerp-server.conf  \
    %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf
to:
install -pm 644 -D install/openerp-server.conf  \
    %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf

3. I'm not a reviewers that insists on using %dir in %files and calling out each directory/file underneath it separately but if you're going to glob a whole directory it's a good practice to leave a trailing slash on the entry so it's obvious to someone else looking at your spec:

%{_datadir}/openerp
to:
%{_datadir}/openerp/

4. I assume some of the strange permissions are needed for functionality or security? It would probably be a good idea to add comments to the entries in %files where you're assigning non-standard perms.

(In reply to comment #16)
> Ok, a couple of nit-picks:
> 
> 1. The source tag could use the %name and %version tags a little more:
> Source0:   
> http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
> could be:
> Source0:   
> http://nightly.openerp.com/%{version}/nightly/src/%{name}-
> %{version}%{oe_rel}.tar.gz
> 
> unless the 6.1 doesn't get the patch level version number when/if it occurs.
I certainly could, and I will if you insist. However, using openerp instead of name is on purpose and as I understand it according to the guidelines. The macro section explicitly says that using macros (besides paths) is a question of personal preferences, and I prefer writing the name "in clear".
 
> 
> 2. If your using "install" to install additional files from the source then
> you need to add the -p option to preserve time stamps, i.e.:
> 
> install -m 644 -D install/openerp-server.conf  \
>     %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf
> to:
> install -pm 644 -D install/openerp-server.conf  \
>     %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf
> 
Fixed. "blushes"

> 3. I'm not a reviewers that insists on using %dir in %files and calling out
> each directory/file underneath it separately but if you're going to glob a
> whole directory it's a good practice to leave a trailing slash on the entry
> so it's obvious to someone else looking at your spec:
> 
> %{_datadir}/openerp
> to:
> %{_datadir}/openerp/
Fixed
> 
> 4. I assume some of the strange permissions are needed for functionality or
> security? It would probably be a good idea to add comments to the entries in
> %files where you're assigning non-standard perms.

Fixed


Updating in place, same links, no release bumb (which actually is OK, promise :) )

(In reply to comment #17)
> (In reply to comment #16)
> > Ok, a couple of nit-picks:
> > 
> > 1. The source tag could use the %name and %version tags a little more:
> > Source0:   
> > http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
> > could be:
> > Source0:   
> > http://nightly.openerp.com/%{version}/nightly/src/%{name}-
> > %{version}%{oe_rel}.tar.gz
> > 
> > unless the 6.1 doesn't get the patch level version number when/if it occurs.
> I certainly could, and I will if you insist. However, using openerp instead
> of name is on purpose and as I understand it according to the guidelines.
> The macro section explicitly says that using macros (besides paths) is a
> question of personal preferences, and I prefer writing the name "in clear".

Nah, just something I've seen recommended.

  
> Updating in place, same links, no release bumb (which actually is OK,
> promise :) )

Hmm... Once bitten twice shy for me. I was chastised for doing just that early in my packaging career :)

(In reply to comment #18)

> > Updating in place, same links, no release bump (which actually is OK,
> > promise :) )
> 
> Hmm... Once bitten twice shy for me. I was chastised for doing just that
> early in my packaging career :)

The Guidelines have been updated:  http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs, look for Multiple Changelog Entries per Release).

BTW: those two sentences were not trivial, "chastised" and "once bitten twice shy" being completely new to me. Even if I'll never learn packaging properly, I'll at least learn some English. By now you should know I appreciate that :)

--a

(In reply to comment #19)
> (In reply to comment #18)
> 
> > > Updating in place, same links, no release bump (which actually is OK,
> > > promise :) )
> > 
> > Hmm... Once bitten twice shy for me. I was chastised for doing just that
> > early in my packaging career :)
> 
> The Guidelines have been updated: 
> http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs, look for
> Multiple Changelog Entries per Release).
> 
> BTW: those two sentences were not trivial, "chastised" and "once bitten
> twice shy" being completely new to me. Even if I'll never learn packaging
> properly, I'll at least learn some English. By now you should know I
> appreciate that :)

Hehe. I couldn't tell since your English is so good. It's hard these days because so many have a gmail account I can't rely on the domain suffix :)

Ok, got the full review done. One final nit but not a blocker.

%attr(0755,openerp,openerp) %{_localstatedir}/run/openerp

should probably be prefixed with %dir since it's just and empty directory, right?



Package Review
==============

Key:
- = N/A
x = Pass
! = Fail
? = Not evaluated



==== Generic ====
[x]: MUST Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: MUST Package successfully compiles and builds into binary rpms on at
     least one supported primary architecture.
[-]: MUST %build honors applicable compiler flags or justifies otherwise.
[x]: MUST All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: MUST Buildroot is not present
     Note: Unless packager wants to package for EPEL5 this is fine
[x]: MUST Package contains no bundled libraries.
[x]: MUST Changelog in prescribed format.
[x]: MUST Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: Clean would be needed if support for EPEL is required
[x]: MUST Sources contain only permissible code or content.
[x]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: Note: defattr macros not found. They would be needed for EPEL5
[x]: MUST Macros in Summary, %description expandable at SRPM build time.
[x]: MUST Package requires other packages for directories it uses.
[x]: MUST Package uses nothing in %doc for runtime.
[x]: MUST Package is not known to require ExcludeArch.
[x]: MUST Permissions on files are set properly.
[x]: MUST Package does not contain duplicates in %files.
[x]: MUST Spec file lacks Packager, Vendor, PreReq tags.
[x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf would be needed if support for EPEL5 is required
[-]: MUST Large documentation files are in a -doc subpackage, if required.
[x]: MUST If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %doc.
[x]: MUST License field in the package spec file matches the actual license.
[x]: MUST Package consistently uses macros (instead of hard-coded directory
     names).
[x]: MUST Package is named according to the Package Naming Guidelines.
[x]: MUST Package does not generate any conflict.
[x]: MUST Package obeys FHS, except libexecdir and /usr/target.
[x]: MUST Package must own all directories that it creates.
[x]: MUST Package does not own files or directories owned by other packages.
[x]: MUST Package installs properly.
[x]: MUST Requires correct, justified where necessary.
[!]: MUST Rpmlint output is silent.

rpmlint openerp-6.1-1.fc18.noarch.rpm

openerp.noarch: E: explicit-lib-dependency pyftpdlib
openerp.noarch: W: non-standard-gid /etc/openerp/openerp-server.conf openerp
openerp.noarch: E: non-readable /etc/openerp/openerp-server.conf 0660L
openerp.noarch: W: non-standard-gid /etc/openerp openerp
openerp.noarch: W: non-standard-uid /var/run/openerp openerp
openerp.noarch: W: non-standard-gid /var/run/openerp openerp
openerp.noarch: W: no-manual-page-for-binary openerp-gen-cert
1 packages and 0 specfiles checked; 2 errors, 5 warnings.


rpmlint openerp-6.1-1.fc18.src.rpm

openerp.src: W: strange-permission openerp-gen-cert 0755L
openerp.src:14: W: macro-in-comment %{version}
1 packages and 0 specfiles checked; 0 errors, 2 warnings.


[x]: MUST Sources used to build the package match the upstream source, as
     provided in the spec URL.
/home/build/817271/openerp-6.1-20120505-233516.tar.gz :
  MD5SUM this package     : 572987da13d71942c252339b38d5d575
  MD5SUM upstream package : 572987da13d71942c252339b38d5d575

[x]: MUST Spec file is legible and written in American English.
[x]: MUST Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: MUST Package contains a SysV-style init script if in need of one.
[x]: MUST File names are valid UTF-8.
[-]: MUST Useful -debuginfo package or justification otherwise.
[x]: SHOULD Reviewer should test that the package builds in mock.
[-]: SHOULD If the source package does not include license text(s) as a
     separate file from upstream, the packager SHOULD query upstream to
     include it.
[x]: SHOULD Dist tag is present.
[-]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin,
     /usr/sbin.
[x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[?]: SHOULD Package functions as described.
[x]: SHOULD Latest version is packaged.
[x]: SHOULD Package does not include license text files separate from
     upstream.
[x]: SHOULD Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[-]: SHOULD Scriptlets must be sane, if used.
[!]: SHOULD SourceX / PatchY prefixed with %{name}.
     Note: Source0:
     http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
     (openerp-%{version}%{oe_rel}.tar.gz) Source1: openerp.service
     (openerp.service) Source2: openerp-gen-cert (openerp-gen-cert) Source3:
     README.fedora (README.fedora) Source4: LICENSING (LICENSING) Patch0:
     openerp-fsf-fix.patch (openerp-fsf-fix.patch) Patch1: openerp-unbundle-
     pyftpdlib.patch (openerp-unbundle-pyftpdlib.patch) Patch10: openerp-
     server-relicense-dict_tools-to-LGPL2.1.patch (openerp-server-relicense-
     dict_tools-to-LGPL2.1.patch)
[x]: SHOULD SourceX is a working URL.
[-]: SHOULD Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: SHOULD Package should compile and build into binary rpms on all supported
     architectures.
[-]: SHOULD %check is present and all tests pass.
[x]: SHOULD Packages should try to preserve timestamps of original installed
     files.
[x]: SHOULD Spec use %global instead of %define.

Issues:
[!]: MUST Rpmlint output is silent.

rpmlint openerp-6.1-1.fc18.noarch.rpm

openerp.noarch: E: explicit-lib-dependency pyftpdlib
openerp.noarch: W: non-standard-gid /etc/openerp/openerp-server.conf openerp
openerp.noarch: E: non-readable /etc/openerp/openerp-server.conf 0660L
openerp.noarch: W: non-standard-gid /etc/openerp openerp
openerp.noarch: W: non-standard-uid /var/run/openerp openerp
openerp.noarch: W: non-standard-gid /var/run/openerp openerp
openerp.noarch: W: no-manual-page-for-binary openerp-gen-cert
1 packages and 0 specfiles checked; 2 errors, 5 warnings.


rpmlint openerp-6.1-1.fc18.src.rpm

openerp.src: W: strange-permission openerp-gen-cert 0755L
openerp.src:14: W: macro-in-comment %{version}
1 packages and 0 specfiles checked; 0 errors, 2 warnings.


See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint


Generated by fedora-review 0.1.3
External plugins:


*** APPROVED ***

(In reply to comment #21)
> Ok, got the full review done. One final nit but not a blocker.
> 
> %attr(0755,openerp,openerp) %{_localstatedir}/run/openerp
> 
> should probably be prefixed with %dir since it's just and empty directory,
> right?

Right! (fixed)

This is the beginning of the end of quite a journey. I first tried to breath life into  #641261, and worked with an (at the time) openerp employee Panos Christeas over spring 2011. And now it goes through. It's kind of a relief.

Now, let's see if I can get it right, this has become a challenge: 

New Package SCM Request
=======================
Package Name: openerp
Short Description: Business Applications Server
Owners: leamas
Branches: f16 f17
InitialCC:

Two things:

1. The git/scm crawler may find your request but generally it should go at the top and any explanatory text goes under it.
2. Don't forget to set the fedora-cvs flag to "?".

Didn't make this time either... Thanks for this remark, some English lessons and of course also for the review!

--alec

Git done (by process-git-requests).

openerp-6.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/openerp-6.1-1.fc16

openerp-6.1-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/openerp-6.1-1.fc17

openerp-6.1-1.fc17 has been pushed to the Fedora 17 stable repository.

openerp-6.1-1.fc16 has been pushed to the Fedora 16 stable repository.