Spec URL: http://94.247.144.115/files/rpm/capstone.spec SRPM URL: http://94.247.144.115/files/rpm/capstone-2.1.2-1.fc20.src.rpm Description: A lightweight multi-platform, multi-architecture disassembly framework. Fedora Account System Username: drago01 Scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=6862558
This is a review *template*. Besides handling the [ ]-marked tests you are also supposed to fix the template before pasting into bugzilla: - Add issues you find to the list of issues on top. If there isn't such a list, create one. - Add your own remarks to the template checks. - Add new lines marked [!] or [?] when you discover new things not listed by fedora-review. - Change or remove any text in the template which is plain wrong. In this case you could also file a bug against fedora-review - Remove the "[ ] Manual check required", you will not have any such lines in what you paste. - Remove attachments which you deem not really useful (the rpmlint ones are mandatory, though) - Remove this text Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. Note: These BR are not needed: sed grep See: http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2 - Package uses either %{buildroot} or $RPM_BUILD_ROOT Note: Using both %{buildroot} and $RPM_BUILD_ROOT See: http://fedoraproject.org/wiki/Packaging/Guidelines#macros - This seems like a Java package, please install fedora-review-plugin-java to get additional checks ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [?]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. There are 2 files LICENSE.TXT and LICENSE_LLVM.TXT i see only one packaged why the LICENSE_LLVM.TXT is *NOT packaged [?]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 161 files have unknown license. Detailed output of licensecheck in fedora/review/1098965-capstone/licensecheck.txt [!]: License file installed when any subpackage combination is installed. capstone-python and capstone-devel doesnt have any shipped licence file with it [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/java [x]: %build honors applicable compiler flags or justifies otherwise. [!]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [!]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 4 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package do not use a name that already exist [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Java: [x]: Bundled jar/class files should be removed before build Python: [!]: Python eggs must not download any dependencies during the build process. [!]: A package which is used by another package via an egg interface should provide egg info. [!]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [!]: Uses parallel make %{?_smp_mflags} macro. [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [!]: Package does not include license text files separate from upstream. [!]: Scriptlets must be sane, if used. [x]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [!]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: Dist tag is present (not strictly required in GL). [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: capstone-2.1.2-1.fc22.x86_64.rpm capstone-devel-2.1.2-1.fc22.x86_64.rpm capstone-python-2.1.2-1.fc22.x86_64.rpm capstone-java-2.1.2-1.fc22.x86_64.rpm capstone-2.1.2-1.fc22.src.rpm capstone.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.x86_64: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: summary-ended-with-dot C A lightweight multi-platform, multi-architecture disassembly framework. capstone.x86_64: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: spelling-error %description -l en_US disasm -> disarm, sadism capstone-devel.x86_64: W: only-non-binary-in-usr-lib capstone-devel.x86_64: W: no-documentation capstone-python.x86_64: W: no-documentation capstone-java.x86_64: W: no-documentation capstone.src: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.src: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.src: W: summary-ended-with-dot C A lightweight multi-platform, multi-architecture disassembly framework. capstone.src: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.src: W: spelling-error %description -l en_US disasm -> disarm, sadism capstone.src:46: W: rpm-buildroot-usage %build DESTDIR=%{buildroot} CFLAGS="%{optflags}" LIBDIR=%{_libdir} make %{?_smp_mflags} capstone.src:49: W: rpm-buildroot-usage %build sed -i 's;%{buildroot};;' capstone.pc 5 packages and 0 specfiles checked; 0 errors, 16 warnings. Rpmlint (installed packages) ---------------------------- # rpmlint capstone-python capstone-devel capstone-java capstone capstone-python.x86_64: W: no-documentation capstone-devel.x86_64: W: only-non-binary-in-usr-lib capstone-devel.x86_64: W: no-documentation capstone-java.x86_64: W: no-documentation capstone.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.x86_64: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: summary-ended-with-dot C A lightweight multi-platform, multi-architecture disassembly framework. capstone.x86_64: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: spelling-error %description -l en_US disasm -> disarm, sadism 4 packages and 0 specfiles checked; 0 errors, 9 warnings. # echo 'rpmlint-done:' Requires -------- capstone-python (rpmlib, GLIBC filtered): capstone(x86-64) python(abi) capstone-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config capstone(x86-64) libcapstone.so.2()(64bit) capstone-java (rpmlib, GLIBC filtered): capstone(x86-64) capstone (rpmlib, GLIBC filtered): /sbin/ldconfig libc.so.6()(64bit) rtld(GNU_HASH) Provides -------- capstone-python: capstone-python capstone-python(x86-64) capstone-devel: capstone-devel capstone-devel(x86-64) pkgconfig(capstone) capstone-java: capstone-java capstone-java(x86-64) capstone: capstone capstone(x86-64) libcapstone.so.2()(64bit) Source checksums ---------------- http://www.capstone-engine.org/download/2.1.2/capstone-2.1.2.tgz : CHECKSUM(SHA256) this package : 49e41d662c5ed4dcd391ec4cfce75fb31ca4bfd245eba9e8f0cb69d6f6e8d7cc CHECKSUM(SHA256) upstream package : 49e41d662c5ed4dcd391ec4cfce75fb31ca4bfd245eba9e8f0cb69d6f6e8d7cc Generated by fedora-review 0.5.2 (63c24cb) last change: 2014-07-14 Command line :/usr/bin/fedora-review -b 1098965 Buildroot used: fedora-rawhide-x86_64 Active plugins: Python, Shell-api, Generic, Java, C/C++ Disabled plugins: fonts, SugarActivity, Ocaml, Haskell, Perl, R, PHP, Ruby Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG
Created attachment 940318 [details] license check
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. Note: These BR are not needed: sed grep See: http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2 - Package uses either %{buildroot} or $RPM_BUILD_ROOT Note: Using both %{buildroot} and $RPM_BUILD_ROOT See: http://fedoraproject.org/wiki/Packaging/Guidelines#macros - This seems like a Java package, please install fedora-review-plugin-java to get additional checks ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [?]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 161 files have unknown license. Detailed output of licensecheck in fedora/review/1098965-capstone/licensecheck.txt Lot of source files don't contain any license see https://bugzilla.redhat.com/show_bug.cgi?id=1098965#c2 [!]: License file installed when any subpackage combination is installed. There are 2 files LICENSE.TXT and LICENSE_LLVM.TXT i see only one packaged why the LICENSE_LLVM.TXT is *NOT packaged [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/java [?]: %build honors applicable compiler flags or justifies otherwise. [?]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [?]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 4 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package do not use a name that already exist [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Java: [x]: Bundled jar/class files should be removed before build [?]: Packages are noarch unless they use JNI Note: capstone subpackage is not noarch. Please verify manually [?]: Package uses upstream build method (ant/maven/etc.) Python: [?]: Python eggs must not download any dependencies during the build process. [?]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [!]: Uses parallel make %{?_smp_mflags} macro. [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [?]: Package does not include license text files separate from upstream. [x]: Scriptlets must be sane, if used. [x]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [?]: Package should compile and build into binary rpms on all supported architectures. [?]: %check is present and all tests pass. [?]: Packages should try to preserve timestamps of original installed files. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: Dist tag is present (not strictly required in GL). [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: capstone-2.1.2-1.fc22.x86_64.rpm capstone-devel-2.1.2-1.fc22.x86_64.rpm capstone-python-2.1.2-1.fc22.x86_64.rpm capstone-java-2.1.2-1.fc22.x86_64.rpm capstone-2.1.2-1.fc22.src.rpm capstone.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.x86_64: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: summary-ended-with-dot C A lightweight multi-platform, multi-architecture disassembly framework. capstone.x86_64: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: spelling-error %description -l en_US disasm -> disarm, sadism capstone-devel.x86_64: W: only-non-binary-in-usr-lib capstone-devel.x86_64: W: no-documentation capstone-python.x86_64: W: no-documentation capstone-java.x86_64: W: no-documentation capstone.src: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.src: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.src: W: summary-ended-with-dot C A lightweight multi-platform, multi-architecture disassembly framework. capstone.src: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.src: W: spelling-error %description -l en_US disasm -> disarm, sadism capstone.src:46: W: rpm-buildroot-usage %build DESTDIR=%{buildroot} CFLAGS="%{optflags}" LIBDIR=%{_libdir} make %{?_smp_mflags} capstone.src:49: W: rpm-buildroot-usage %build sed -i 's;%{buildroot};;' capstone.pc 5 packages and 0 specfiles checked; 0 errors, 16 warnings. Rpmlint (installed packages) ---------------------------- # rpmlint capstone-python capstone-devel capstone-java capstone capstone-python.x86_64: W: no-documentation capstone-devel.x86_64: W: only-non-binary-in-usr-lib capstone-devel.x86_64: W: no-documentation capstone-java.x86_64: W: no-documentation capstone.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.x86_64: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: summary-ended-with-dot C A lightweight multi-platform, multi-architecture disassembly framework. capstone.x86_64: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: spelling-error %description -l en_US disasm -> disarm, sadism 4 packages and 0 specfiles checked; 0 errors, 9 warnings. # echo 'rpmlint-done:' Requires -------- capstone-python (rpmlib, GLIBC filtered): capstone(x86-64) python(abi) capstone-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config capstone(x86-64) libcapstone.so.2()(64bit) capstone-java (rpmlib, GLIBC filtered): capstone(x86-64) capstone (rpmlib, GLIBC filtered): /sbin/ldconfig libc.so.6()(64bit) rtld(GNU_HASH) Provides -------- capstone-python: capstone-python capstone-python(x86-64) capstone-devel: capstone-devel capstone-devel(x86-64) pkgconfig(capstone) capstone-java: capstone-java capstone-java(x86-64) capstone: capstone capstone(x86-64) libcapstone.so.2()(64bit) Source checksums ---------------- http://www.capstone-engine.org/download/2.1.2/capstone-2.1.2.tgz : CHECKSUM(SHA256) this package : 49e41d662c5ed4dcd391ec4cfce75fb31ca4bfd245eba9e8f0cb69d6f6e8d7cc CHECKSUM(SHA256) upstream package : 49e41d662c5ed4dcd391ec4cfce75fb31ca4bfd245eba9e8f0cb69d6f6e8d7cc Generated by fedora-review 0.5.2 (63c24cb) last change: 2014-07-14 Command line :/usr/bin/fedora-review -b 1098965 Buildroot used: fedora-rawhide-x86_64 Active plugins: Python, Shell-api, Generic, Java, C/C++ Disabled plugins: fonts, SugarActivity, Ocaml, Haskell, Perl, R, PHP, Ruby Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG -------------------------- Places where i have used [?] i need to get answers from packager and then i review again and [!] has to be fixed
Thanks for the review, will give you detailed answers (and fixes) this weekend.
(In reply to Siddharth Sharma from comment #3) > > Issues: > ======= > - All build dependencies are listed in BuildRequires, except for any that are > listed in the exceptions section of Packaging Guidelines. > Note: These BR are not needed: sed grep Removed. > > > ===== MUST items ===== > > C/C++: > [?]: Package contains no static executables. See below (contacted upstream). > Generic: > [x]: Package is licensed with an open-source compatible license and meets > other legal requirements as defined in the legal section of Packaging > Guidelines. > [!]: License field in the package spec file matches the actual license. > Note: Checking patched sources after %prep for licenses. Licenses found: > "Unknown or generated". 161 files have unknown license. Detailed output > of licensecheck in > fedora/review/1098965-capstone/licensecheck.txt > Lot of source files don't contain any license > see https://bugzilla.redhat.com/show_bug.cgi?id=1098965#c2 There is no requirement for source files to contain any license. The license is noted in the LICENSE files. > [!]: License file installed when any subpackage combination is installed. > > There are 2 files LICENSE.TXT and LICENSE_LLVM.TXT i see only one packaged > why the LICENSE_LLVM.TXT is *NOT packaged Oversight added LICENSE_LLVM.TXT > [x]: Package must own all directories that it creates. > Note: Directories without known owners: /usr/share/java Fixed. > [?]: %build honors applicable compiler flags or justifies otherwise. > [?]: Package contains no bundled libraries without FPC exception. Contacted upstream regarding that. > [?]: If the package is a rename of another package, proper Obsoletes and > Provides are present. None of this applies here. > Java: > [x]: Bundled jar/class files should be removed before build > [?]: Packages are noarch unless they use JNI > Note: capstone subpackage is not noarch. Please verify manually Fixed. > [?]: Package uses upstream build method (ant/maven/etc.) Upstream uses make to build it which we do as well- > Python: > [?]: Python eggs must not download any dependencies during the build process. > [?]: A package which is used by another package via an egg interface should > provide egg info. It doesn't. > [x]: Package meets the Packaging Guidelines::Python > [x]: Package contains BR: python2-devel or python3-devel > [x]: Binary eggs must be removed in %prep > > ===== SHOULD items ===== > > Generic: > [!]: Uses parallel make %{?_smp_mflags} macro. Fixed for the python bindings, the java ones do not build with smp_mflags, added a comment in the spec. > [x]: If the source package does not include license text(s) as a separate > file > from upstream, the packager SHOULD query upstream to include it. > [x]: Final provides and requires are sane (see attachments). > [x]: Package functions as described. > [x]: Latest version is packaged. > [?]: Package does not include license text files separate from upstream. It doesn't. > [x]: Scriptlets must be sane, if used. > [x]: Description and summary sections in the package spec file contains > translations for supported Non-English languages, if available. > [?]: Package should compile and build into binary rpms on all supported > architectures. It does see: http://koji.fedoraproject.org/koji/taskinfo?taskID=6862558 > [?]: %check is present and all tests pass. There is no "make check" in the package. The tests run as part of the build contacted upstream about that as well. > [?]: Packages should try to preserve timestamps of original installed files. It does (uses "install -p..."). --- Updated package / spec: http://94.247.144.115/files/rpm/capstone.spec http://94.247.144.115/files/rpm/capstone-2.1.2-2.fc20.src.rpm
(In reply to Adel Gadllah from comment #5) > (In reply to Siddharth Sharma from comment #3) > > > > > > ===== MUST items ===== > > > > C/C++: > > [?]: Package contains no static executables. > > See below (contacted upstream). > > > Generic: > > [x]: Package is licensed with an open-source compatible license and meets > > other legal requirements as defined in the legal section of Packaging > > Guidelines. > > [!]: License field in the package spec file matches the actual license. > > Note: Checking patched sources after %prep for licenses. Licenses found: > > "Unknown or generated". 161 files have unknown license. Detailed output > > of licensecheck in > > fedora/review/1098965-capstone/licensecheck.txt > > Lot of source files don't contain any license > > see https://bugzilla.redhat.com/show_bug.cgi?id=1098965#c2 > > There is no requirement for source files to contain any license. The license > is noted in the LICENSE files. > > > [!]: License file installed when any subpackage combination is installed. > > > > There are 2 files LICENSE.TXT and LICENSE_LLVM.TXT i see only one packaged > > why the LICENSE_LLVM.TXT is *NOT packaged > > Oversight added LICENSE_LLVM.TXT > > > [x]: Package must own all directories that it creates. > > Note: Directories without known owners: /usr/share/java > > Fixed. > > > [?]: %build honors applicable compiler flags or justifies otherwise. Upstream is looking into fixing this. I am waiting for a fixed release instead of patching it downstream for now. > > [?]: Package contains no bundled libraries without FPC exception. > > Contacted upstream regarding that. It does not actually bundle the llvm library. It just copied code from LLVM and uses it internally. Which is why it provides the LLVM license in addition to its own. > > [?]: %check is present and all tests pass. > > There is no "make check" in the package. The tests run as part of the build > contacted upstream about that as well. Upstream said he will look into creating a separate target for this.
Created attachment 1022824 [details] Updated spec file for version 3.0.2. Update to 3.0.2. It's a major version change, but the previous spec file pretty much worked, apart from a few minor tweaks. This adds the %check section, as upstream now seems to have separated them now. Also fixes 64bit packing issues. Next thing to do is to get a scratch build of this done to see if that passes on all arches.
Created attachment 1023527 [details] Updated spec file for 3.0.3 Updated spec file for 3.0.3. Scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=9686947
Well there is no need to add this bug to NEEDSPONSOR tracker; I submitted the package and am already sponsored. It would just slow down things unnecessarily. Doesn't mean that you shouldn't try to get a sponsor (would allow you to help maintaining the package) ... but this review process shouldn't be blocked by that. As for the updates thanks; I got sidetracked with other things after a few mail exchanges with upstream.
> %files > %doc README LICENSE.TXT ChangeLog LICENSE_LLVM.TXT https://fedoraproject.org/wiki/Packaging:Guidelines#Licensing https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License_Text > %files devel > %doc > %files java > %doc An empty %doc line is a no-op. Remember, %doc is not a section in the spec file like %build or %install. > %{_includedir}/* > %exclude %{_libdir} > %{_libdir}/*.so > %{_libdir}/pkgconfig/* So, somebody added this unusual %exclude line without commenting on it anywhere in the spec file. The %changelog doesn't tell why this was added. IMO, it is the cause of a broken build as it hides files that ought to be packaged. Just examine the contents of the capstone-devel package. There is no build-time library! > %{_javadir}/ > %{_javadir}/%{name}.jar The first line already includes %{_javadir} and everything in it. The second line is redundant. > https://kojipkgs.fedoraproject.org//work/tasks/6949/9686949/build.log Notice the errors in make check. Solution: Adjust runtime linker's search path to make it find the freshly build shared lib. > + make -j16 > CC cs.o > CC MCInstrDesc.o > CC SStream.o > CC utils.o Build output is non-verbose. One cannot verify which compiler flags have been used actually: https://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags
Created attachment 1024818 [details] Addressed issued found during package audit. (In reply to Michael Schwendt (Fedora Packager Sponsors Group) from comment #10) Thank you for the audit! New scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=9717792 > > %files > > %doc README LICENSE.TXT ChangeLog LICENSE_LLVM.TXT > > https://fedoraproject.org/wiki/Packaging:Guidelines#Licensing > https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License_Text Fixed by using %license > > %files devel > > %doc > > > %files java > > %doc > > An empty %doc line is a no-op. Remember, %doc is not a section in the spec > file like %build or %install. Fixed by removing %doc. > > %{_includedir}/* > > %exclude %{_libdir} > > %{_libdir}/*.so > > %{_libdir}/pkgconfig/* > > So, somebody added this unusual %exclude line without commenting on it > anywhere in the spec file. The %changelog doesn't tell why this was added. > IMO, it is the cause of a broken build as it hides files that ought to be > packaged. Just examine the contents of the capstone-devel package. There is > no build-time library! Can't explain this one. brainfart? Fixed. > > %{_javadir}/ > > %{_javadir}/%{name}.jar > > The first line already includes %{_javadir} and everything in it. The second > line is redundant. > Fixed by removing redundant line. > > https://kojipkgs.fedoraproject.org//work/tasks/6949/9686949/build.log > > Notice the errors in make check. Solution: Adjust runtime linker's search > path to make it find the freshly build shared lib. Fixed by adopting the search path, as suggested. All checks work and pass now. > > > + make -j16 > > CC cs.o > > CC MCInstrDesc.o > > CC SStream.o > > CC utils.o > > Build output is non-verbose. One cannot verify which compiler flags have > been used actually: > https://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags Fixed by enabling verbose mode.
Updated SPEC tested on FC21 - works fine - thanks. Looking forward to see it in Fedora repository. Testcase: $ ipython In [1]: from capstone import * In [2]: CODE = b"\x55\x48\x8b\x05\xb8\x13\x00\x00" In [3]: md = Cs(CS_ARCH_X86, CS_MODE_64) In [4]: for i in md.disasm(CODE, 0x1000): ...: print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str)) ...: 0x1000: push rbp 0x1001: mov rax, qword ptr [rip + 0x13b8]
Created attachment 1052423 [details] Updated spec file for 3.0.4 Version 3.0.4 includes security fixes. I ran some tests and scratch builds and found no issues so far. http://koji.fedoraproject.org/koji/taskinfo?taskID=10369873 http://koji.fedoraproject.org/koji/taskinfo?taskID=10369903 http://koji.fedoraproject.org/koji/taskinfo?taskID=10369908 http://koji.fedoraproject.org/koji/taskinfo?taskID=10369912 My plan is to get this on COPR as soon as possible, but there is one little problem with the fedorapeople.org sign-in (which I need to be able to host the src.rpm). Once that's resolved, I'll hopefully be able to provide a COPR repository.
Ping @@Josh Bressers and @Siddharth Sharma - are you still working on the review? Any update? Are there still some blockers?
I'm not, I was assigned this automatically, I had no idea. If there is someone else who should own it, please assign it (I have no idea who to even give this to).
Hello, I can see that Siddharth Sharma (siddharth.kde) was originally doing the review. Then it moved to falonso then to you. If nobody else is interested, then I can take over the review. Is that OK? Mik
(In reply to Michal Ambroz from comment #17) > Hello, > I can see that Siddharth Sharma (siddharth.kde) was originally > doing the review. Then it moved to falonso then to you. > If nobody else is interested, then I can take over the review. Is that OK? > Mik sure you can take it, I stopped because falonso requested that he would look into it. In case you want any help I would be happy to help. sid
(In reply to Michal Ambroz from comment #17) > Hello, > I can see that Siddharth Sharma (siddharth.kde) was originally > doing the review. Then it moved to falonso then to you. > If nobody else is interested, then I can take over the review. Is that OK? > Mik Hi, I a review would be excellent. Please have a look and let me know if/what needs fixing. Thank you very much!
Hello, so I would like to take over the review for capstone package. If I understand it right this package is being submitted by Adel Gadllah (drago01) as owner and Stefan Cornelius (scorneli) as co-maintainer. So I can take updates from you guys both as valid for the review right? Guys I know the SPEC file from the current version is in this bug's attachments, but it should be here as a link. Also the SRPM is gone purged from koji. Please just to follow the formal procedure and simplify the review, can you upload the current (3.0.4) SPEC and SRPM somewhere and put the link here? As project has publicly available git repository I would recommend taking the snapshot directly from there (https://github.com/aquynh/capstone) with using: %global gituser aquynh %global gitname capstone %global commit e710e4fcf40302c25d7bdc28da93571a61f21f5d %global shortcommit %(c=%{commit}; echo ${c:0:7}) Source0: https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz %prep %setup -q -n %{gitname}-%{commit} Best regards Michal Ambroz
Review Summary ============== 1) missing link to current SPEC / SRPM 2) Use {?dist} in the Release: Please note using of the DistTag is mandatory: https://fedoraproject.org/wiki/Packaging:DistTag These are the only identified issues. Personally I would recommend to reference the github for the source as it might be easier to add release+patches if necessary. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Dist tag is present. - This seems like a Java package, please install fedora-review-plugin-java to get additional checks ===== MUST items ===== C/C++: [X]: Package does not contain kernel modules. [X]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [X]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. - 2 BSD type licenses, one for the project and one for the files taken from LLVM [X]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 501 files have unknown license. Detailed output of licensecheck in licensecheck.txt [X]: License file installed when any subpackage combination is installed. - both license files installed [?]: Package does not own files or directories owned by other packages. Note: Dirs in package are owned also by: /usr/share/java(capstone- java, javapackages-tools) [X]: %build honors applicable compiler flags or justifies otherwise. - optflags and _smp_mflags used [?]: Package contains no bundled libraries without FPC exception. [X]: Changelog in prescribed format. - verified with rpmlint [X]: Sources contain only permissible code or content. - AFAIK [-]: Package contains desktop file if it is a GUI application. - not applicable [X]: Development files must be in a -devel package - checked manually [X]: Package uses nothing in %doc for runtime. - AFAIK [X]: Package consistently uses macros (instead of hard-coded directory names). - AFAIK [X]: Package is named according to the Package Naming Guidelines. [X]: Package does not generate any conflict. [X]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [X]: Requires correct, justified where necessary. [X]: Spec file is legible and written in American English. [X]: Package contains systemd file(s) if in need. [X]: Useful -debuginfo package or justification otherwise. [X]: Package is not known to require an ExcludeArch tag. [X]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 2 files. - no extensive documentation [X]: Package complies to the Packaging Guidelines - AFAIK [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Java: [x]: Bundled jar/class files should be removed before build Python: [X]: Python eggs must not download any dependencies during the build process. - egg is OK [X]: A package which is used by another package via an egg interface should provide egg info. [X]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [X]: Packager, Vendor, PreReq, Copyright tags should not be in spec file See: http://fedoraproject.org/wiki/Packaging:Guidelines#Tags [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. - not applicable - both license files present [X]: Final provides and requires are sane (see attachments). [-]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in capstone-java - doesn't seem to be applicable [X]: Package functions as described. [X]: Latest version is packaged. [X]: Package does not include license text files separate from upstream. [X]: Scriptlets must be sane, if used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [X]: Package should compile and build into binary rpms on all supported architectures. [X]: %check is present and all tests pass. [X]: Packages should try to preserve timestamps of original installed files. [x]: Sources can be downloaded from URI in Source: tag [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Uses parallel make %{?_smp_mflags} macro. [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: capstone-3.0.4-1.x86_64.rpm capstone-devel-3.0.4-1.x86_64.rpm capstone-python-3.0.4-1.x86_64.rpm capstone-python3-3.0.4-1.x86_64.rpm capstone-java-3.0.4-1.noarch.rpm capstone-3.0.4-1.src.rpm capstone.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.x86_64: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.x86_64: W: spelling-error %description -l en_US disasm -> disarm, sadism capstone-devel.x86_64: W: only-non-binary-in-usr-lib capstone-devel.x86_64: W: no-documentation capstone-python.x86_64: W: no-documentation capstone-python3.x86_64: W: no-documentation capstone-java.noarch: W: no-documentation capstone.src: W: spelling-error Summary(en_US) multi -> mulch, mufti capstone.src: W: spelling-error Summary(en_US) disassembly -> disassemble, dis assembly, dis-assembly capstone.src: W: spelling-error %description -l en_US disassembly -> disassemble, dis assembly, dis-assembly capstone.src: W: spelling-error %description -l en_US disasm -> disarm, sadism capstone.src:14: W: macro-in-comment %{version} capstone.src:14: W: macro-in-comment %{name} capstone.src:14: W: macro-in-comment %{version} capstone.src:73: W: macro-in-comment %setup capstone.src:79: W: rpm-buildroot-usage %build DESTDIR="%{buildroot}" V=1 CFLAGS="%{optflags}" \ capstone.src:83: W: rpm-buildroot-usage %build sed -i 's;%{buildroot};;' capstone.pc capstone.src:164: W: macro-in-%changelog %check capstone.src:57: W: mixed-use-of-spaces-and-tabs (spaces: line 1, tab: line 57) 6 packages and 0 specfiles checked; 0 errors, 21 warnings. Rpmlint (debuginfo) ------------------- Checking: capstone-debuginfo-3.0.4-1.x86_64.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- capstone-python.x86_64: W: no-documentation capstone-devel.x86_64: W: only-non-binary-in-usr-lib capstone-devel.x86_64: W: no-documentation capstone-python3.x86_64: W: no-documentation capstone-java.noarch: W: no-documentation 6 packages and 0 specfiles checked; 0 errors, 5 warnings. Requires -------- capstone-python (rpmlib, GLIBC filtered): capstone(x86-64) python(abi) capstone-python3 (rpmlib, GLIBC filtered): capstone(x86-64) python(abi) capstone-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config capstone(x86-64) libcapstone.so.3()(64bit) capstone-java (rpmlib, GLIBC filtered): capstone capstone (rpmlib, GLIBC filtered): /sbin/ldconfig libc.so.6()(64bit) rtld(GNU_HASH) Provides -------- capstone-python: capstone-python capstone-python(x86-64) capstone-python3: capstone-python3 capstone-python3(x86-64) capstone-devel: capstone-devel capstone-devel(x86-64) pkgconfig(capstone) capstone-java: capstone-java capstone: capstone capstone(x86-64) libcapstone.so.3()(64bit) Source checksums ---------------- https://github.com/aquynh/capstone/archive/e710e4fcf40302c25d7bdc28da93571a61f21f5d/capstone-3.0.4-e710e4f.tar.gz : CHECKSUM(SHA256) this package : ba94e285eae03dea60618d9b65c740ff00c037ba190247433567d7e713610b86 CHECKSUM(SHA256) upstream package : ba94e285eae03dea60618d9b65c740ff00c037ba190247433567d7e713610b86 Generated by fedora-review 0.5.3 (bcf15e3) last change: 2015-05-04 Command line :/usr/bin/fedora-review --rpm-spec -n /home/mambroz/rpmbuild/SRPMS/capstone-3.0.4-1.src.rpm --mock-config fedora-rawhide-x86_64 Buildroot used: fedora-rawhide-x86_64 Active plugins: Python, Shell-api, Generic, Java, C/C++ Disabled plugins: fonts, SugarActivity, Ocaml, Haskell, Perl, R, PHP, Ruby Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
One brainfart update: [X]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in capstone-java - subpackages reference full version in dependency
Ping
Hi, Thank you very much for the review and sorry for the late response - this bug wasn't part of my work-pipeline, so it slipped through the cracks. Feel free to set needinfo, that should get my attention. I believe I've fixed all problems (add dist, change to git) in this new version: https://scorneli.fedorapeople.org/capstone.spec https://scorneli.fedorapeople.org/capstone-3.0.4-3.src.rpm COPR builds completed successfully for all platforms: https://copr.fedoraproject.org/coprs/scorneli/capstone/build/130237/
Hello Stefan, in the SPEC file you still have: "Release: 3" where it should be "Release: 3{?dist}" See https://fedoraproject.org/wiki/Packaging:DistTag Possibly some wrong version shared? Best regards Michal Ambroz
Arg! I'm sorry. I had it in there, but I think rpmdev-bumpspec wiped it and I didn't catch that :( New revision: https://scorneli.fedorapeople.org/capstone.spec https://scorneli.fedorapeople.org/capstone-3.0.4-4.fc22.src.rpm COPR build (currently, everything but ppc64le passed - I'm pretty sure they'll pass, too): https://copr.fedoraproject.org/coprs/scorneli/capstone/build/130679/
All issues fixed, package works as expected. Package review passed.
If the review is complete please ask for dist-git repository to include this in fedora
(In reply to Siddharth Sharma from comment #28) > If the review is complete please ask for dist-git repository to include this > in fedora http://fedoraproject.org/wiki/PackageDB_admin_requests
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/capstone
capstone-3.0.4-4.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-40bd7e11c8
capstone-3.0.4-4.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f3a0a2d50e
capstone-3.0.4-4.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update capstone' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-40bd7e11c8
capstone-3.0.4-4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update capstone' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f3a0a2d50e
capstone-3.0.4-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
capstone-3.0.4-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.