Bug 1094570 - Review Request: gf-complete - A library for Galois Field arithmetic
Summary: Review Request: gf-complete - A library for Galois Field arithmetic
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Florian "der-flo" Lehner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-Legal
TreeView+ depends on / blocked
 
Reported: 2014-05-06 04:05 UTC by Pete Zaitcev
Modified: 2018-07-30 18:43 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-30 18:43:27 UTC
dev: fedora-review?


Attachments (Terms of Use)

Description Pete Zaitcev 2014-05-06 04:05:10 UTC
Spec URL: http://people.redhat.com/zaitcev/tmp/gf-complete-1.02-1.spec
SRPM URL: http://people.redhat.com/zaitcev/tmp/gf-complete-1.02-1.fc20.src.rpm

Description:
A comprehensive Open Source library for Galois Field arithmetic.

Comment 1 Jeff Backus 2014-05-17 22:48:39 UTC
Hi Pete,

This is an informal review as I am not an official packager.  Here are a few notes before we delve into the actual review:
* Please try to build your package on Koji and please provide links to the Koji reports.
* If you haven't tried running fedora-review, please familiarize yourself with it. It flags a lot of important things that are easy to overlook.
* Spec name should not contain any verion information in the file name, but should simply be <package name>.spec. For more info, please refer to:
http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Spec_file_name
* Please remove commented Requires and BuildRequires
* Please include README and COPYING in *all* subpackages as well as the primary package.
* Please correct the version number in the changelog. You have 2.0-1, but it should be 1.02-1.
* Please do not do an rm -rf $RPM_BUILD_ROOT at beginning of %install.
* A better solution with regard to preventing the examples from landing in the pacakge is to modify the Makefile macro SUBDIRS in the main Makefile, or better yet, the Makefile.in. For example, I added this line to %prep right after %setup:
sed -i 's|^\(SUBDIRS = src tools test\) examples|\1|g' Makefile.in
* Please work with upstream to find a more elegant way of not building or installing the .la. The --disable-static option to %configure implies to me that not installing the .la is supposed to be a supported behavior? Bug?
* Please work with upstream to provide man pages for each of the tools.
* It might make sense to put Manual.pdf in its own -doc subpackage, however, as it is under the 1M limit you are ok to leave it as is.

***
Most importantly, and this is a show-stopper in my opinion, is the fact that the library calls exit() on several occasions. This can cause all kinds of problems in any programs that link against this library. Please encourage/work with upstream to implement proper error handling.
***

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
=======
- Spec file name must match the spec package %{name}, in the format
  %{name}.spec.
  Note: gf-complete-1.02-1.spec should be gf-complete.spec
  See: http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Spec_file_name


===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "Unknown or generated". 37 files have unknown license. Detailed output of
     licensecheck in /mnt/storage/backed_up/home/jeff/tmp/reviews/gf-complete
     /review-gf-complete-1.02-1/licensecheck.txt
[!]: License file installed when any subpackage combination is installed.
     Need to include COPYING and README in all subpackages!
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[!]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[ ]: Package consistently uses macros (instead of hard-coded directory names).
[!]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 522240 bytes in 3 files.
[!]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
     Builds fine on x86_64
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[!]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
     work.
     Package uses %make_install, which is allowed.
[x]: Package is named using only allowed ASCII characters.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[x]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[!]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in gf-
     complete-tools
[ ]: Package functions as described.
[ ]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[-]: Scriptlets must be sane, if used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[ ]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: Dist tag is present (not strictly required in GL).
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: gf-complete-1.02-1.fc20.x86_64.rpm
          gf-complete-devel-1.02-1.fc20.x86_64.rpm
          gf-complete-tools-1.02-1.fc20.x86_64.rpm
          gf-complete-1.02-1.fc20.src.rpm
gf-complete.x86_64: W: incoherent-version-in-changelog 2.0-1 ['1.02-1.fc20', '1.02-1']
gf-complete.x86_64: W: shared-lib-calls-exit /usr/lib64/libgf_complete.so.1.0.0 exit@GLIBC_2.2.5
gf-complete-tools.x86_64: W: no-documentation
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_poly
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_methods
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_inline_time
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_mult
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_div
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_add
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_time
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_unit
4 packages and 0 specfiles checked; 0 errors, 11 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint gf-complete-devel gf-complete gf-complete-tools
gf-complete.x86_64: W: incoherent-version-in-changelog 2.0-1 ['1.02-1.fc20', '1.02-1']
gf-complete.x86_64: W: shared-lib-calls-exit /usr/lib64/libgf_complete.so.1.0.0 exit@GLIBC_2.2.5
gf-complete-tools.x86_64: W: no-documentation
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_poly
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_methods
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_inline_time
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_mult
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_div
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_add
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_time
gf-complete-tools.x86_64: W: no-manual-page-for-binary gf_unit
3 packages and 0 specfiles checked; 0 errors, 11 warnings.
# echo 'rpmlint-done:'



Requires
--------
gf-complete-devel (rpmlib, GLIBC filtered):
    gf-complete(x86-64)
    libgf_complete.so.1()(64bit)

gf-complete (rpmlib, GLIBC filtered):
    /sbin/ldconfig
    libc.so.6()(64bit)
    rtld(GNU_HASH)

gf-complete-tools (rpmlib, GLIBC filtered):
    libc.so.6()(64bit)
    libgf_complete.so.1()(64bit)
    rtld(GNU_HASH)



Provides
--------
gf-complete-devel:
    gf-complete-devel
    gf-complete-devel(x86-64)

gf-complete:
    gf-complete
    gf-complete(x86-64)
    libgf_complete.so.1()(64bit)

gf-complete-tools:
    gf-complete-tools
    gf-complete-tools(x86-64)



Source checksums
----------------
http://www.kaymgee.com/Kevin_Greenan/Software_files/gf-complete.tar.gz :
  CHECKSUM(SHA256) this package     : 90ff528e3ee071c47c93dec0548fdabdfdb72d7b81dc521f0961fd5d25ae0738
  CHECKSUM(SHA256) upstream package : 90ff528e3ee071c47c93dec0548fdabdfdb72d7b81dc521f0961fd5d25ae0738


Generated by fedora-review 0.5.1 (bb9bf27) last change: 2013-12-13
Command line :/usr/bin/fedora-review -n gf-complete
Buildroot used: fedora-20-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG

Comment 2 Pete Zaitcev 2015-03-17 04:17:33 UTC
Spec URL: http://people.redhat.com/zaitcev/tmp/gf-complete-1.03-2.20150316git.spec
SRPM URL: http://people.redhat.com/zaitcev/tmp/gf-complete-1.03-2.20150316git.fc21.src.rpm

Description:
A comprehensive Open Source library for Galois Field arithmetic.

This update addresses all the mechanical issues at the front of
Jeff's comments, but does not fix the substantial issues:
 - examples are still built (and man, that sed-fu...)
 - I have no clue about .la
 - exit() calls are still in. Fortunately, upstream is alive now and
Loic fixed up the similar problems in the related library jerasure
(by replacing exit() with assert() mechanically).

The main point of the update is to switch the upstream.

Comment 3 Florian "der-flo" Lehner 2015-03-17 19:37:09 UTC
Hi Pete!

There are a few things:

[ ] Please rename the .spec-File to gf-complete.spec
    For more information please take a look at:
    http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Spec_file_name

[ ] Your package does not build on all supported architectures:
    http://koji.fedoraproject.org/koji/taskinfo?taskID=9255088

[ ] Please take a look at
    https://fedoraproject.org/wiki/Packaging:NamingGuidelines#Snapshot_packages
    and
    https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/SourceURL#Github
    for Source0

[ ] From http://web.eecs.utk.edu/~plank/plank/www/software.html:
    "StreamScale, Inc. asserts that the use of GF-Complete (particularly as part
     of Jerasure 2.0 or later) or any similar software, method or code for
     erasure coding infringes StreamScale's issued United States Patent
     No. 8,683,296."
    Is this fine with the goal of the Fedora Project to work with the Linux
    community to create a complete, general purpose operating system
    exclusively from Free and Open Source software.

[ ] If you do not want to build the examples, just remove it from the Makefile
    sed -i "s|examples||g" Makefile.am

Cheers,
 Florian

Comment 4 Tom "spot" Callaway 2018-07-30 18:43:27 UTC
Legal issues prevent gf-complete from going into Fedora. Closing this as CANTFIX.


Note You need to log in before you can comment on or make changes to this bug.