Spec URL: http://mizdebsk.fedorapeople.org/review/takari-archiver/takari-archiver.spec SRPM URL: http://mizdebsk.fedorapeople.org/review/takari-archiver/takari-archiver-0.1.8-1.fc23.src.rpm Description: Takari Archiver is replacement for Maven Archiver for use with Takari Lifecycle Plugin. Fedora Account System Username: mizdebsk
I'll do this one.
Alec, please set bugs to assigned when you take them. I'm doing it for you now.
Alexander: thanks for changing my bad habits. Mikolaj: I see basically three issues with this package. The first is licensing. I cannot find any sign of a EPL or other license in any README, pom.xml or source files (besides in FileMode.java, below). Furthermore, you download a license file separate from upstream which normally not is OK. https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Text Please provide more info on what grounds you are applying the EPL license to this software, possibly after contacting upstream. The other is that the jar files are not removed in %prep: http://fedoraproject.org/wiki/Packaging:Java#Pre- built_JAR_files_.2F_Other_bundled_software The third is that the BSD licensed file FileMode.java seems to be a bundled copy of http://git.eclipse.org/c/jgit/jgit.git/diff/org.eclipse.jgit/src/org/eclipse/jgit/lib/FileMode.java. This is just a single file, but I still think you need an FPC exemption for it.
(In reply to Alec Leamas from comment #3) > Mikolaj: I see basically three issues with this package. > > The first is licensing. I cannot find any sign of a EPL or other license in > any README, pom.xml or source files (besides in FileMode.java, below). POM files use inheritance to avoid information duplication. pom.xml of takari-archiver specifies its <parent> as io.takari:takari:15 (see parent Po: http://repo1.maven.org/maven2/io/takari/takari/15/takari-15.pom), which defines license as "The Eclipse Public License, Version 1.0". Due to POM inheritance this information is effectively part of takari-archiver POM. > Furthermore, you download a license file separate from upstream which > normally not is OK. > > https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/ > LicensingGuidelines#License_Text > > Please provide more info on what grounds you are applying the EPL license to > this software, possibly after contacting upstream. In the past I tried working with the same upstream (Takari/Tesla, it's the same) - I contacted them more than once and they either refused to include licensing texts in their repos or not responded at all. They said that licensing information it POM itself in enough in their opinion. I had to add license text to RPM package because it is required by EPL license. Quoting from the license, "When the Program is made available in source code form [...] a copy of this Agreement [EPL] must be included with each copy of the Program", see section 3 of EPL. This case is explicitly allowed by guidelines linked by you. > The other is that the jar files are not removed in %prep: > http://fedoraproject.org/wiki/Packaging:Java#Pre- > built_JAR_files_.2F_Other_bundled_software Not a big issue IMO (these are used for tests only and tests are skipped), but I will remove bundled JARs from SRPM. > The third is that the BSD licensed file FileMode.java seems to be a bundled > copy of > http://git.eclipse.org/c/jgit/jgit.git/diff/org.eclipse.jgit/src/org/eclipse/ > jgit/lib/FileMode.java. This is just a single file, but I still think you > need an FPC exemption for it. Good catch. I will try to unbundle parts of jgit.
(In reply to Mikolaj Izdebski from comment #4) > Not a big issue IMO (these are used for tests only and tests are skipped), > but I will remove bundled JARs from SRPM. No need, it's perfectly ok if you remove them in %prep
(In reply to Mikolaj Izdebski from comment #4) > (In reply to Alec Leamas from comment #3) > POM files use inheritance to avoid information duplication. pom.xml of > takari-archiver specifies its <parent> as io.takari:takari:15 (see parent > Po: http://repo1.maven.org/maven2/io/takari/takari/15/takari-15.pom), which > defines license as "The Eclipse Public License, Version 1.0". Due to POM > inheritance this information is effectively part of takari-archiver POM. Fair enough. Still, this is hard to look through without maven knowledge. I'm fine as long as you just add short comment with a hint in the spec. > > Please provide more info on what grounds you are applying the EPL license to > > this software, possibly after contacting upstream. > > In the past I tried working with the same upstream (Takari/Tesla, it's the > same) - I contacted them more than once and they either refused to include > licensing texts in their repos or not responded at all. They said that > licensing information it POM itself in enough in their opinion. > > I had to add license text to RPM package because it is required by EPL > license. Quoting from the license, "When the Program is made available in > source code form [...] a copy of this Agreement [EPL] must be included with > each copy of the Program", see section 3 of EPL. This case is explicitly > allowed by guidelines linked by you. Fair enough, also this. Still, some kind of reference in the spec would a lot of sense. One idea could be to add a short comment with a link to comment #4 in spec
Everything should be fixed now. Spec URL: http://mizdebsk.fedorapeople.org/review/takari-archiver/takari-archiver.spec SRPM URL: http://mizdebsk.fedorapeople.org/review/takari-archiver/takari-archiver-0.1.8-2.fc23.src.rpm
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License file installed when any subpackage combination is installed. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package do not use a name that already exist [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 0 bytes in 0 files. [x]: Packages must not store files under /srv, /opt or /usr/local Java: [x]: Packages have proper BuildRequires/Requires on jpackage-utils Note: Maven packages do not need to (Build)Require jpackage-utils. It is pulled in by maven-local [x]: Javadoc documentation files are generated and included in -javadoc subpackage [x]: Javadoc subpackages should not have Requires: jpackage-utils [x]: Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlink) Maven: [x]: If package contains pom.xml files install it (including depmaps) even when building with ant [x]: POM files have correct Maven mapping [x]: Maven packages should use new style packaging [x]: Old add_to_maven_depmap macro is not being used [x]: Packages DO NOT have Requires(post) and Requires(postun) on jpackage- utils for %update_maven_depmap macro [x]: Package DOES NOT use %update_maven_depmap in %post/%postun [x]: Packages use %{_mavenpomdir} instead of %{_datadir}/maven2/poms ===== SHOULD items ===== Generic: [!]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [-]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in takari- archiver-javadoc [?]: Package functions as described. [x]: Latest version is packaged. [!]: Package does not include license text files separate from upstream. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [?]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass (sort of, run by maven). [x]: Packages should try to preserve timestamps of original installed files. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: Dist tag is present (not strictly required in GL). [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. Java: [x]: Package uses upstream build method (ant/maven/etc.) [x]: Packages are noarch unless they use JNI ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: takari-archiver-0.1.8-1.fc23.noarch.rpm takari-archiver-javadoc-0.1.8-1.fc23.noarch.rpm takari-archiver-0.1.8-1.fc23.src.rpm takari-archiver.noarch: W: no-documentation 3 packages and 0 specfiles checked; 0 errors, 1 warnings. Requires -------- takari-archiver (rpmlib, GLIBC filtered): java-headless jpackage-utils mvn(com.google.guava:guava) mvn(javax.inject:javax.inject) mvn(org.apache.commons:commons-compress) mvn(org.codehaus.plexus:plexus-utils) takari-archiver-javadoc (rpmlib, GLIBC filtered): jpackage-utils Provides -------- takari-archiver: mvn(io.takari:takari-archiver) mvn(io.takari:takari-archiver:pom:) takari-archiver takari-archiver-javadoc: takari-archiver-javadoc Source checksums ---------------- https://github.com/takari/takari-archiver/archive/takari-archiver-0.1.8.tar.gz : CHECKSUM(SHA256) this package : 8608a342b20458443e6924be2793b716cea3c6ca211d76ac1a23e446eeb9a666 CHECKSUM(SHA256) upstream package : 8608a342b20458443e6924be2793b716cea3c6ca211d76ac1a23e446eeb9a666 http://www.eclipse.org/legal/epl-v10.html : CHECKSUM(SHA256) this package : a40741b59364cc49449255e9b9bfe1fcfe6a2e7ab4d37ca89db3bacbfb14e9d2 CHECKSUM(SHA256) upstream package : a40741b59364cc49449255e9b9bfe1fcfe6a2e7ab4d37ca89db3bacbfb14e9d2 Generated by fedora-review 0.5.2 (63c24cb) last change: 2014-07-14 Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 -b 1200768 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, Java Disabled plugins: C/C++, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG
Looks good. *** Approved
New Package SCM Request ======================= Package Name: takari-archiver Short Description: Takari Archiver Owners: mizdebsk msimacek msrb Branches: f22 InitialCC: java-sig
Git done (by process-git-requests).
Built for rawhide. Closing. Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=9209891