Spec URL: http://fpaste.org/158273/20483414/ SRPM URL: https://nekaka.com/d/y1ptL7VqyR Description: zbackup is a globally-deduplicating backup tool, based on the ideas found in rsync. Feed a large .tar into it, and it will store duplicate regions of it only once, then compress and optionally encrypt the result. Feed another .tar file, and it will also re-use any data found in any previous backups. This way only new changes are stored, and as long as the files are not very different, the amount of storage required is very low. Fedora Account System Username: am1g0 Build log: https://kojipkgs.fedoraproject.org//work/tasks/5584/8335584/build.log Build task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=8335582 I'm also core developer/maintainer of zbackup: https://github.com/zbackup My other open-source contribution you can see on github: https://github.com/Am1GO This is my first package and I need a sponsor.
It's best not to use temporary places like fpaste for spec files. If you don't have better place, attach it to this bug. You can use mkdir to create a directory. '%{__install} -d' is a bit hard to read ;) Also pushd is considered nicer than cd, because the path is printed to the log. From line 17 remove everything except possibly protobuf, not sure about that one. Dependencies on libraries are added automatically. Remove lines 38, 44, 45, 48, 49, and 6 too. Remove line 40, and add -D to Line 42 instead. Use %license for LICENSE instead of %doc. In line 51, use %{name}.1.* instead of %{name}.1.gz, since the compression method might change at some point, no need to adjust the spec file for that. Can't sponsor you, but otherwise looks OK.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #1) > It's best not to use temporary places like fpaste for spec files. If you > don't have better place, attach it to this bug. Spec URL: https://github.com/Am1GO/zbackup-rpm/blob/master/zbackup.spec SRPM URL: https://github.com/Am1GO/zbackup-rpm/blob/master/zbackup-1.3-2.fc20.src.rpm Build log: https://kojipkgs.fedoraproject.org//work/tasks/6555/8346555/build.log Build task: https://koji.fedoraproject.org/koji/taskinfo?taskID=8346553 > > You can use mkdir to create a directory. '%{__install} -d' is a bit hard to > read ;) Done. > Also pushd is considered nicer than cd, because the path is printed to the > log. Done. > > From line 17 remove everything except possibly protobuf, not sure about that > one. Dependencies on libraries are added automatically. Done. BTW protobuf doesn't need to be specified too (I've checked deps of rpm). > > Remove lines 38, 44, 45, 48, 49, and 6 too. Done all except 49 because if I remove 49 then rpmbuild will report "unpackaged file" error. Probably you mean to remove "%attr(755,root,root)" macros - it was done. > > Remove line 40, and add -D to Line 42 instead. Done. > > Use %license for LICENSE instead of %doc. Done. > > In line 51, use %{name}.1.* instead of %{name}.1.gz, since the compression > method might change at some point, no need to adjust the spec file for that. Done. > > Can't sponsor you, but otherwise looks OK. I've also added build scenario for tartool (it was supplementary util).
Looks good. You might want to consider adding %global _hardened_build 1, since the program processes untrusted input (http://fedoraproject.org/wiki/Packaging:Guidelines#PIE). You probably should do a few informal reviews of packages (like this one), this is required to become a packager.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #3) > Looks good. > > You might want to consider adding %global _hardened_build 1, > since the program processes untrusted input > (http://fedoraproject.org/wiki/Packaging:Guidelines#PIE). Done. SPEC URL: https://raw.githubusercontent.com/Am1GO/zbackup-rpm/master/zbackup.spec SRPM URL: https://github.com/Am1GO/zbackup-rpm/raw/master/zbackup-1.3-3.fc20.src.rpm Build task: https://koji.fedoraproject.org/koji/taskinfo?taskID=8359513 > > You probably should do a few informal reviews of packages (like this one), > this is required to become a packager. Thank you for you suggestion! I'll do it ASAP.
For that moment, I've done preliminary reviews over following requests: https://bugzilla.redhat.com/show_bug.cgi?id=1150054 https://bugzilla.redhat.com/show_bug.cgi?id=1150566 https://bugzilla.redhat.com/show_bug.cgi?id=1174290 I'll update this list ASAP.
Additional reviews: https://bugzilla.redhat.com/show_bug.cgi?id=1142407 https://bugzilla.redhat.com/show_bug.cgi?id=1168692 https://bugzilla.redhat.com/show_bug.cgi?id=1160671 https://bugzilla.redhat.com/show_bug.cgi?id=1129429 If someone could advice me something that could increase "review speed" I'll much appreciate this.
Poring over the spec file, sources, and resulting RPMS is still required, unless we develop an AI to do it ;). There are automated tools, which catch some more errors, but yield many false positives, so their output still needs to be trimmed: rpmlint fedora-review
(In reply to Zbigniew Jędrzejewski-Szmek from comment #7) > Poring over the spec file, sources, and resulting RPMS is still required, > unless we develop an AI to do it ;). There are automated tools, which catch > some more errors, but yield many false positives, so their output still > needs to be trimmed: > rpmlint > fedora-review Thank you for your reply! I'm not pushing, just thinking out loud :) BTW What was the average informal review "threshold" for new packagers? I just wanted to know if I need to write more or just to wait for some response.
Frankly, I think this is one of the weak spots in the process, because of its unpredictability (https://bugzilla.redhat.com/show_bug.cgi?id=177841 seems rather depressing). I'd wait a few days and send a message to fedora-devel that you're looking for a sponsor if no one shows up.
zbackup like a really interesting project, I will review this package.
Overally the package looks good. First some comments, then the actual review. Once licensing problems are fixed I will approve the package and sponsor you. Hardening: It is not required for this package, but you can enable it (or not) at your own discretion. For more information see [1]. If you decide to enable hardening then you should be aware of negative performance impact it can have. I think that we can keep it enabled for now, but I'd recommend to compare performance with and without hardening and decide whether keep it enabled or not. Licensing: As I understand, zbackup is licensed under GPL version 2 or later with additional OpenSSL exception -- no actual zbackup code is licensed under OpenSSL license. If that's the case then license tag should be "GPLv2+ with exceptions". LICENSE-OPENSSL file shouldn't be installed in this case as it doesn't apply to zbackup itself. You should install CONTRIBUTORS file as %doc. See [2]. There is no good reason to use macros like %{__install} and such. You should just use plain command names (mkdir, make, install) for better spec file readability. I don't like the manpage. We can keep it as-is for now, but I think that the goal should be writing proper manual page (this is upstream work). In changelogs we usually reference bugs as rhbz#1172525. Links to Bugzilla are best avoided. [1] http://fedoraproject.org/wiki/Packaging:Guidelines#PIE [2] http://fedoraproject.org/wiki/Packaging:Guidelines#Documentation Package Review ============== Key: - = N/A x = Check ! = Problem [x] rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. [x] The package must be named according to the Package Naming Guidelines. [x] The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [x] The package must meet the Packaging Guidelines. [!] The package must be licensed with a Fedora approved license and meet the Licensing Guidelines. [!] The License field in the package spec file must match the actual license. [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. [x] The spec file must be written in American English. [x] The spec file for the package MUST be legible. [x] The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. [x] The package MUST successfully compile and build into binary rpms on at least one primary architecture. [x] If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [x] All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines; inclusion of those as BuildRequires is optional. Apply common sense. [x] The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. [x] Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [x] Packages must NOT bundle copies of system libraries. [x] If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [x] A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [x] A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations.) [x] Permissions on files must be set properly. Executables should be set with executable permissions, for example. [x] Each package must consistently use macros. [x] The package must contain code, or permissible content. [x] Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). [x] If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [x] Static libraries must be in a -static package. [x] Development files must be in a -devel package. [x] In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} [x] Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. [x] Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [x] Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [x] All filenames in rpm packages must be valid UTF-8. rpmlint output -------------- (these are false-positives, ignore them) zbackup.src: W: spelling-error Summary(en_US) deduplicating -> reduplicating, duplicating, quadruplicating zbackup.src: W: spelling-error %description -l en_US deduplicating -> reduplicating, duplicating, quadruplicating zbackup.src: W: spelling-error %description -l en_US rsync -> sync, r sync zbackup.x86_64: W: spelling-error Summary(en_US) deduplicating -> reduplicating, duplicating, quadruplicating zbackup.x86_64: W: spelling-error %description -l en_US deduplicating -> reduplicating, duplicating, quadruplicating zbackup.x86_64: W: spelling-error %description -l en_US rsync -> sync, r sync 3 packages and 1 specfiles checked; 0 errors, 6 warnings.
(In reply to Mikolaj Izdebski from comment #11) > Overally the package looks good. First some comments, then the actual > review. Once licensing problems are fixed I will approve the package > and sponsor you. Ok, thanks! I'm also removing request from FE-NEEDSPONSOR blockers. > > Hardening: It is not required for this package, but you can enable it > (or not) at your own discretion. For more information see [1]. If you > decide to enable hardening then you should be aware of negative > performance impact it can have. I think that we can keep it enabled > for now, but I'd recommend to compare performance with and without > hardening and decide whether keep it enabled or not. I'd prefer to have hardening enabled. Who wants to increase performance could easily rebuild package with specific flags. I'll also perform some tests and publish results in zbackup wiki. > > Licensing: As I understand, zbackup is licensed under GPL version 2 or > later with additional OpenSSL exception -- no actual zbackup code is > licensed under OpenSSL license. If that's the case then license tag > should be "GPLv2+ with exceptions". LICENSE-OPENSSL file shouldn't be > installed in this case as it doesn't apply to zbackup itself. Done. > > You should install CONTRIBUTORS file as %doc. See [2]. There is no CONTRIBUTORS in 1.3. The reason for preserving version in this request I've described in off-list reply. > > There is no good reason to use macros like %{__install} and such. You > should just use plain command names (mkdir, make, install) for better > spec file readability. Hmm, I'm always using as many macroses as possibly for portability reasons. Fixed anyway. > > I don't like the manpage. We can keep it as-is for now, but I think > that the goal should be writing proper manual page (this is upstream > work). Ok, I'll write it. https://github.com/zbackup/zbackup/issues/34 > > In changelogs we usually reference bugs as rhbz#1172525. Links to > Bugzilla are best avoided. Done. > > [1] http://fedoraproject.org/wiki/Packaging:Guidelines#PIE > [2] http://fedoraproject.org/wiki/Packaging:Guidelines#Documentation [..] SPEC: https://raw.githubusercontent.com/Am1GO/zbackup-rpm/master/zbackup.spec SRPM: https://github.com/Am1GO/zbackup-rpm/raw/master/zbackup-1.3-4.fc20.src.rpm Build task: http://koji.fedoraproject.org/koji/taskinfo?taskID=8443902
(In reply to Vladimir Stackov from comment #12) > (In reply to Mikolaj Izdebski from comment #11) > > You should install CONTRIBUTORS file as %doc. See [2]. > There is no CONTRIBUTORS in 1.3. Right, my bad. Blocker issues were fixed. Package is approved.
New Package SCM Request ======================= Package Name: zbackup Short Description: A versatile deduplicating backup tool Upstream URL: http://zbackup.org/ Owners: am1g0 Branches: f20 f21 f22 el6 epel7 InitialCC:
Git done (by process-git-requests). (note that f22 is not yet branched)
zbackup-1.3-4.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/zbackup-1.3-4.fc21
zbackup-1.3-4.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/zbackup-1.3-4.fc20
zbackup-1.3-4.fc21 has been pushed to the Fedora 21 testing repository.
zbackup-1.3-4.fc21 has been pushed to the Fedora 21 stable repository.
zbackup-1.3-4.fc20 has been pushed to the Fedora 20 stable repository.
zbackup-1.4.1-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/zbackup-1.4.1-1.el6
zbackup-1.4.1-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/zbackup-1.4.1-1.el7
zbackup-1.4.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository.
zbackup-1.4.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.