Bug 1270622 (sdb) - Review Request: sdb - The string database from radare reverse engineering framework
Summary: Review Request: sdb - The string database from radare reverse engineering fra...
Keywords:
Status: POST
Alias: sdb
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Zbigniew Jędrzejewski-Szmek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1130396 1162816 valabind-unretire
Blocks: FE-DEADREVIEW
TreeView+ depends on / blocked
 
Reported: 2015-10-12 00:05 UTC by Michal Ambroz
Modified: 2018-09-06 13:28 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
zbyszek: fedora-review?


Attachments (Terms of Use)

Description Michal Ambroz 2015-10-12 00:05:39 UTC
Spec URL: https://rebus.fedorapeople.org/SPECS/sdb.spec
SRPM URL: https://rebus.fedorapeople.org/SRPMS/sdb-0.9.8-1.0e133f1.fc21.src.rpm
Fedora Account System Username: rebus
Description: 
The sdb is a simple string key/value database based on djb's cdb disk
storage and supports JSON and arrays introspection.
The mcsdbd is a memcache server with disk storage based on sdb.
It is distributed as a standalone binary and a library.
There's also the sdbtypes: a vala library that implements several data
structures on top of an sdb or a memcache instance.

Comment 1 Zbigniew Jędrzejewski-Szmek 2015-11-30 17:01:50 UTC
IIUC, mcsdbd is a separate thing. It shouldn't be mentioned in %description.

%autosetup is nowadays recommended, especially if you have at least one patch.

- license is OK
- license file is present, %license is used
- ldconfig scriptlet is present
- -devel subpackage is split correctly
- builds fine
- latest version
- fedora-review says:

[ ]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf %{buildroot} present but not required
Please drop that.

Also, '%make_install LIBDIR=%{_libdir} PREFIX=%{_prefix}' is probably better than the explicit make invocation.
And '%make_build CFLAGS="%{optflags}" LIBDIR=%{_libdir} PREFIX=%{_prefix} DATADIR=%{_datadir}' can be used to trim down make invocation in %build.

Use find -delete instead of find -exec rm -f {} ';' .

[ ]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in sdb-
     devel , sdb-debuginfo

sdb-devel should have
Requires: %{name}%{_isa} = %{version}-%{release}
(the arch must match too).

- rpmlint:

sdb.x86_64: W: incoherent-version-in-changelog 0.9.8-1.0e133f1.fc21 ['0.9.8-1.0e133f1.fc24', '0.9.8-1.0e133f1']

Please fix.

sdb.src: W: spelling-error Summary(en_US) radare -> radar, radars, rad are
sdb.src: W: spelling-error %description -l en_US djb's -> deb's, dab's, dub's
sdb.src: W: spelling-error %description -l en_US cdb -> db, cab, cob
sdb.src: W: spelling-error %description -l en_US memcache -> sachem
sdb.src: W: spelling-error %description -l en_US vala -> lava, val, vale
sdb.x86_64: W: spelling-error Summary(en_US) radare -> radar, radars, rad are
sdb.x86_64: W: spelling-error %description -l en_US djb's -> deb's, dab's, dub's
sdb.x86_64: W: spelling-error %description -l en_US cdb -> db, cab, cob
sdb.x86_64: W: spelling-error %description -l en_US memcache -> sachem
sdb-devel.x86_64: W: only-non-binary-in-usr-lib
sdb-devel.x86_64: W: no-documentation

All bogus.

4 packages and 0 specfiles checked; 0 errors, 12 warnings.

Comment 2 Michal Ambroz 2016-08-21 20:06:20 UTC
Hello Zbyszek,
Thanks for review - I am sorry I missed that one. Actually the package (radare2) for which I would like to have sdb library still doesn't support to use the sdb as system library so I forgot to check the review.

Here is updated package:
Spec URL: https://rebus.fedorapeople.org/SPECS/sdb.spec
SRPM URL: https://rebus.fedorapeople.org/SRPMS/sdb-0.10.5-1.bf6575a.fc23.src.rpm


Thank you 
Michal Ambroz

Comment 3 Zbigniew Jędrzejewski-Szmek 2016-08-21 20:41:06 UTC
===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
(MIT)
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "MIT/X11 (BSD like)", "Unknown or generated". 197 files have
     unknown license. Detailed output of licensecheck in
     /var/tmp/1270622-sdb/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: Package must own all directories that it creates.
     Note: Directories without known owners: /usr/share/vala/vapi,
     /usr/share/vala
OK.

[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 10240 bytes in 3 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[-]: Scriptlets must be sane, if used.
(see below)

[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
No %check, alas.

[-]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: The placement of pkgconfig(.pc) files are correct.
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: sdb-0.10.5-1.bf6575a.fc26.x86_64.rpm
          sdb-devel-0.10.5-1.bf6575a.fc26.x86_64.rpm
          sdb-debuginfo-0.10.5-1.bf6575a.fc26.x86_64.rpm
          sdb-0.10.5-1.bf6575a.fc26.src.rpm
sdb.x86_64: W: spelling-error Summary(en_US) radare -> radar, radars, rad are
sdb.x86_64: W: spelling-error %description -l en_US djb's -> deb's, dab's, dub's
sdb.x86_64: W: spelling-error %description -l en_US cdb -> db, cab, cob
sdb-devel.x86_64: W: only-non-binary-in-usr-lib
sdb-devel.x86_64: W: no-documentation
sdb.src: W: spelling-error Summary(en_US) radare -> radar, radars, rad are
sdb.src: W: spelling-error %description -l en_US djb's -> deb's, dab's, dub's
sdb.src: W: spelling-error %description -l en_US cdb -> db, cab, cob
sdb.src: W: spelling-error %description -l en_US vala -> lava, val, vale
4 packages and 0 specfiles checked; 0 errors, 9 warnings.

Rpmlint (debuginfo)
-------------------
Checking: sdb-debuginfo-0.10.5-1.bf6575a.fc26.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

Rpmlint (installed packages)
----------------------------
sdb-devel.x86_64: W: only-non-binary-in-usr-lib
sdb-devel.x86_64: W: no-documentation
sdb.x86_64: W: spelling-error Summary(en_US) radare -> radar, radars, rad are
sdb.x86_64: W: spelling-error %description -l en_US djb's -> deb's, dab's, dub's
sdb.x86_64: W: spelling-error %description -l en_US cdb -> db, cab, cob
3 packages and 0 specfiles checked; 0 errors, 5 warnings.

Requires
--------
sdb-devel (rpmlib, GLIBC filtered):
    /sbin/ldconfig
    /usr/bin/pkg-config
    libsdb.so.0()(64bit)
    sdb(x86-64)

sdb (rpmlib, GLIBC filtered):
    /sbin/ldconfig
    libc.so.6()(64bit)
    rtld(GNU_HASH)

sdb-debuginfo (rpmlib, GLIBC filtered):

Provides
--------
sdb-devel:
    pkgconfig(sdb)
    pkgconfig(sdbtypes)
    sdb-devel
    sdb-devel(x86-64)

sdb:
    libsdb.so.0()(64bit)
    sdb
    sdb(x86-64)

sdb-debuginfo:
    sdb-debuginfo
    sdb-debuginfo(x86-64)

Looks all good, except that there's no need to call ldconfig for -devel subpackage. You should drop the second set of scriptlets.

Package is APPROVED.

Comment 4 Igor Gnatenko 2016-09-10 15:12:24 UTC
Few notes here:
* LDFLAGS are ignored
* Missing BuildRequires: gcc
* Redundant BuildRequires: vala-devel (should be just vala)
* %make_build and %make_install are preferred way
* Group tag is redundant
* vapi files should go under devel subpackage
* Tests are not ran
* BR: nodejs-devel is not needed as you don't package nodejs lib from tree
* BR: leveldb-devel is not needed unless you run tests
* Timestamps are not preserved

Probably there are more issues.

Comment 5 Michal Ambroz 2016-09-12 13:29:42 UTC
removing blocks 1368855 - radare2 right now is not possible to build with standalone sdb. Yes I thought the same and planned it as dependency for radare2, but I haven't found a way to unbundle it and have it as external library in radare2.

Comment 6 Michal Ambroz 2016-09-13 00:39:06 UTC
Hi Igor, 
thanks for additional review.

SPEC: https://rebus.fedorapeople.org/SPECS/sdb.spec
SRPM: https://rebus.fedorapeople.org/SRPMS/sdb-0.10.5-3.bf6575a.fc23.src.rpm

Fixed:
>* Missing BuildRequires: gcc
>* vapi files should go under devel subpackage
>* Redundant BuildRequires: vala-devel (should be just vala)
>* Tests are not ran
>* BR: leveldb-devel is not needed unless you run tests

I Will check:
>* LDFLAGS are ignored
>* BR: nodejs-devel is not needed as you don't package nodejs lib from tree


>* %make_build and %make_install are preferred way
not mandatory and not preffered by me


Will check and report upstream (I have to change):
>* Timestamps are not preserved

>* Group tag is redundant
it is not prohibited and needed to epel


Best regards 
Michal Abroz

Comment 7 Riccardo Schirone 2018-09-06 08:45:21 UTC
It's great to see this! As said, right now radare2 doesn't allow to build with system-provided sdb, but I'm planning to work on that upstream. Right now I'm trying to introduce radare2 in Fedora with https://bugzilla.redhat.com/show_bug.cgi?id=1625276, and it Provides sdb.

However it would make a lot of sense to remove that Provides and create the sdb package as well, once radare2 will support that. Moreover, soon it should be possible to compile sdb with meson, which I think makes package review easier as things are more "standard".

BTW, last comment on this issue was 2 years ago. Shall we close it?

Comment 8 Zbigniew Jędrzejewski-Szmek 2018-09-06 13:28:27 UTC
Yeah, since this wasn't built, I'm pretty sure it should be re-reviewed. I'll unset the review flag for now. Let's not close it though, so that if somebody picks up the work, it is easier to find this.


Note You need to log in before you can comment on or make changes to this bug.