Bug 833573
| Summary: | Review Request: nettle - Low level crytopgraphic library | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michael Cronenworth <mike> |
| Component: | Package Review | Assignee: | Nobody's working on this, feel free to take it <nobody> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dwmw2, hobbes1069, notting, package-review |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-07-05 15:03:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 432228 | ||
| Bug Blocks: | |||
|
Description
Michael Cronenworth
2012-06-19 19:42:47 UTC
It was pointed out to me that "libnettle" probably not going to work. Renamed. Spec URL: http://michael.cronenworth.com/RPMS/nettle.spec SRPM URL: http://michael.cronenworth.com/RPMS/nettle-2.5-0.1pre.fc17.src.rpm Ok, quick spec review: 1. Although I find it strange as well, LGPLv2.1 or later should be referenced as just "LGPLv2+" From http://fedoraproject.org/wiki/Licensing:Main GNU Lesser General Public License v2 (or 2.1) or later LGPLv2+ 2. I know hogweed is a library and on some other distros library packages are always prefixed with lib, but as we don't have that convention in Fedora, would it not be better to call the hogweed package just "hogweed" to be consistent with "nettle"? 3. Missed one arch specific Requires: in the devel subpackage. (In reply to comment #2) > 2. I know hogweed is a library and on some other distros library packages > are always prefixed with lib, but as we don't have that convention in > Fedora, would it not be better to call the hogweed package just "hogweed" to > be consistent with "nettle"? The nettle documentation refers to it as "libhogweed". An alternative name I could give this package is to make it a sub-package called "nettle-gmp" or "nettle-bignum". Another alternative is to leave libhogweed.so* in the nettle package, but I'd like to keep dependencies (gmp) to a minimum. (In reply to comment #3) > (In reply to comment #2) > > 2. I know hogweed is a library and on some other distros library packages > > are always prefixed with lib, but as we don't have that convention in > > Fedora, would it not be better to call the hogweed package just "hogweed" to > > be consistent with "nettle"? > > The nettle documentation refers to it as "libhogweed". An alternative name I > could give this package is to make it a sub-package called "nettle-gmp" or > "nettle-bignum". Another alternative is to leave libhogweed.so* in the > nettle package, but I'd like to keep dependencies (gmp) to a minimum. Either way I wouldn't call it a blocker but I did have a crazy idea I'd like your opinion on. What about not even creating a "nettle" binary package? Instead create 5 sub-packages exclusively. libnettle libhogweed nettle-tools libnettle-devel libhogweed-devel I like separating the devel packages so if you install one you don't automatically pull in the other library. I don't see anywhere where this isn't allowed... Thoughts? (In reply to comment #4) > I like separating the devel packages so if you install one you don't > automatically pull in the other library. The only problem with splitting -devel packages is that the include files are stored in the same, single directory so I would need to create a package to own the include directory so that I can seperate the headers into their respective -devel package. Debian packages it the way I wanted to originally so I think we're best off keeping to one -devel package. Just a brief look: * https://fedoraproject.org/wiki/Packaging:NamingGuidelines#General_Naming As a precedent, Debian and openSUSE called it libnettle. * https://fedoraproject.org/wiki/Packaging:ReviewGuidelines | MUST: rpmlint must be run on the source rpm and all binary rpms | the build produces. The output should be posted in the review.[1] That doesn't imply it's only the reviewer who must do this. rpmlint is also a tool for packagers. > Version: 2.5 > Release: 0.1pre%{?dist} https://fedoraproject.org/wiki/Packaging:NamingGuidelines#Pre-Release_packages A little bit pedantic, but Fedora adds another dot after the X.Y number: Release: 0.1.pre%{?dist} > License: LGPLv2.1+ https://fedoraproject.org/wiki/Licensing#Good_Licenses > %package tools > Group: System Environment/Libraries As tools are not libraries, the package could fit into groups "System Environment/Base" or "Development/Tools". The package description doesn't expand on what these utility programs do, however. > %package devel > Summary: Development files for libnettle > License: GPLv2+ and LGPLv2.1+ This will require a closer look. Why does the licensing here differ from the base library packages? > Requires: %{name} = %{version}-%{release} > Requires: libhogweed = %{version}-%{release} https://fedoraproject.org/wiki/Packaging:Guidelines#Requiring_Base_Package > %preun -p /sbin/ldconfig > > %preun -n libhogweed -p /sbin/ldconfig %postun would be the correct place to execute this. > %files tools > %doc COPYING.LIB https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Subpackage_Licensing > testsuite Please investigate whether this is suitable for running "make check" in the %check section of the spec file. Michael, thanks for the comments, but I have not posted a new spec yet due to the indecision on the package name. Fedora previously had this library as "nettle": https://admin.fedoraproject.org/pkgdb/acls/name/nettle If someone could give me a straight answer on the package name I can finish fixing the spec file. I do not have a preference of "nettle" or "libnettle". I just need to know which to put up for review. Sorry, it's beyond my time and interest to dig into this much. For Debian there are tickets from 2009 such as: libnettle-dev is gone, replaced (and not provided) by nettle-dev http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542133 The current naming can be found here: http://packages.debian.org/source/wheezy/nettle nettle (source) libnettle4 libhogweed2 nettle-dev nettle-bin nettle-dbg The old Fedora review is in bug 432228. It passed the "naming and versioning guidelines" requirements there with nettle src.rpm nettle nettle-devel One could try to find out whether https://fedoraproject.org/wiki/Packaging:NamingGuidelines#General_Naming has been considered in 2008 and what package names other dists used around that time. Btw, the old review also mentioned a few of the item's I have pointed out, such as the test-suite. The old package has been included in F12 for the last time, so whatever the new naming will be, I don't think it would be necessary to add Obsoletes/Provides for the ancient stuff in F12. I've just noticed this review request; sorry. I have revived the nettle package and it has been reviewed in bug #837331. Would you like to be a co-maintainer? *** This bug has been marked as a duplicate of bug 837331 *** I don't think I'd get too worked up about package naming. When the library is pulled in as a runtime dependency, it's referenced by the library name(s): libhogweed.so.2()(64bit) libnettle.so.4()(64bit) And when it's seen in BuildRequires:, it should be referred to as pkgconfig(hogweed) pkgconfig(nettle) In neither case should anyone really care about the *name* of the package. We could call it anything we like, and it wouldn't matter. And likewise in this context it shouldn't matter whether we split it into separate nettle/hogweed packages. If a dependent package has correct BuildRequires on the pkgconfig() objects it needs, it'll be fine. On the topic of splitting nettle/hogweed.... we also need to ship GnuTLS v3, since we're currently shipping a hopelessly out of date GnuTLS v2.12 (bug #726886). And GnuTLS uses hogweed, so I'm not sure how often you'd manage to *avoid* having hogweed installed; it might not be worth splitting them at. But if you feel strongly that it's useful, feel free to make changes to the package (I'll grant you permissions if you aren't a provenpackager). |