Bug 1279104 - Review Request: python-pbkdf2 - password-based key derivation in pure Python
Review Request: python-pbkdf2 - password-based key derivation in pure Python
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: gil cattaneo
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: 1187084
  Show dependency treegraph
Reported: 2015-11-07 17:12 EST by Samuel Gyger
Modified: 2016-11-14 16:49 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-11-14 16:49:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
puntogil: fedora‑review+

Attachments (Terms of Use)

  None (edit)
Description Samuel Gyger 2015-11-07 17:12:29 EST
Spec URL: http://people.ee.ethz.ch/~gygers/rpms/python-pbkdf2.spec
SRPM URL: http://people.ee.ethz.ch/~gygers/rpms/python-pbkdf2-1.3-2.fc21.src.rpm
Description: A pure Python Implementation of the password-based key derivation function, PBKDF2, specified in RSA PKCS#5 v2.0.
Fedora Account System Username:gyger

This is a requirement for electrum
I need a sponsor too.

Koji: http://koji.fedoraproject.org/koji/taskinfo?taskID=11746490 (F22)
Comment 1 William Moreno 2015-12-09 14:02:54 EST
I can take your review request and sponsor you as packager but you need to update your spec:

1. Upstream support python3 and you must build with pyhton3 support.
2. You must provide a python2 and a python3 subpackage.
3. You must use the python provides macro.

Also if you want I take your review I will need to see you doing some informal reviews to ensure you are fine with the Fedora Packaging Guidelines.
Comment 2 Jeremy Cline 2015-12-09 22:19:49 EST
Hi Samual,

Like you, I'm looking to become a maintainer, so my review is informal. I do hope it is helpful, though!

1) In your Summary, I believe you need to replace "An module" with "A module".

2) According to the Pypi page, this project supports Python 3. According to the Python packaging guidelines, if a project supports Python 3 it must be packaged for Python 3[0] (you can package it for Python 2, as well).

3) There are several macros available for your use[1]. You should look into %py2_build, %py3_build, %py2_install, and %py3_install. 

4) You do not need to run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install.

5) You need to include a %license in %files. In this case, upstream doesn't appear to include the license in their repository (and you should probably suggest that they do that), but according to Pypi it's licensed using the MIT license.

6) You need to use %python_provides[2]

Hopefully this is helpful. Good luck with your review!

[0] https://fedoraproject.org/wiki/Packaging:Python#Python_Version_Support
[1] https://fedoraproject.org/wiki/Packaging:Python#Macros
[2] https://fedoraproject.org/wiki/Packaging:Python#The_.25python_provide_macro
Comment 3 Paul Belanger 2015-12-17 13:53:40 EST
Agree with what Jeremy says (and in the same boat, trying to become a maintainer).
Comment 4 William Moreno 2016-04-12 15:11:51 EDT
Sorry, I clossed by mistake. Do you need a sponsor?
Comment 5 Samuel Gyger 2016-04-26 17:02:12 EDT
Hello to all of you, thank you for your input.
I was stuck on fedora 21 for quite a while, but a new computer, enough power for virtualization got me running on packaging this stuff again.

Here the updated files with your inputs included.

Spec URL: http://people.ee.ethz.ch/~gygers/rpms/python-pbkdf2.spec
SRPM URL: http://people.ee.ethz.ch/~gygers/rpms/python-pbkdf2-1.3-4.fc23.src.rpm
Description: A pure Python Implementation of the password-based key derivation function, PBKDF2, specified in RSA PKCS#5 v2.0.
Fedora Account System Username:gyger

This is a requirement for electrum
I need a sponsor too.

Koji: http://koji.fedoraproject.org/koji/taskinfo?taskID=13815211 (F23)
Comment 6 William Moreno 2016-04-29 18:45:57 EDT
OK: The package must be named according to the Package Naming Guidelines .
OK: The spec file name must match the base package %{name}. 
OK: The package must be licensed with a Fedora approved license.
OK: The License field in the package spec match the actual license.
OK: The text of the license(s) for the package must be included in %license.
OK: The spec file must be written in American English. [5]
OK: The spec file for the package MUST be legible. [6]
OK: Each package must consistently use macros. [16]
OK: The package must contain code, or permissible content. [17]
OK: Large documentation files must go in a -doc subpackage.
OK: Packages must NOT contain any .la libtool archives.

Your package looks good, I will take your review request and become your sponsor but I want so see some informal reviews before aprobe the package and sponsor you as package maintainer.
Comment 7 William Moreno 2016-06-01 16:56:46 EDT
Any update?
Comment 8 Jonny Heggheim 2016-11-07 20:05:08 EST
Just to not step on anyone toes:

Any updates? Anyone want to maintain this package? This package is a dependency on Electrum, which I want to include in Fedora.
Comment 9 Samuel Gyger 2016-11-08 04:39:44 EST
From my side, feel free to take over. I'm looking forward to see electrum finally in fedora. :)
Comment 10 Jonny Heggheim 2016-11-08 16:06:42 EST
(In reply to Samuel Gyger from comment #9)
> From my side, feel free to take over. I'm looking forward to see electrum
> finally in fedora. :)

Ok, I take over this package. I will continue to use this ticket since my SPEC file is the same as your with some small changes.
Comment 11 Jonny Heggheim 2016-11-08 16:06:59 EST
Spec URL: https://jonny.fedorapeople.org/python-pbkdf2/python-pbkdf2.spec
SRPM URL: https://jonny.fedorapeople.org/python-pbkdf2/python-pbkdf2-1.3-5.fc25.src.rpm
Description: A pure Python Implementation of the password-based key derivation function, PBKDF2, specified in RSA PKCS#5 v2.0.
Fedora Account System Username: jonny
Koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=16357933
Comment 12 gil cattaneo 2016-11-12 16:37:22 EST
Package Review

[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed

===== MUST items =====

[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "MIT/X11 (BSD like)", "Unknown or generated". 3 files have
     unknown license. Detailed output of licensecheck in /home/gil/1279104
[x]: License file installed when any subpackage combination is installed.
[?]: Package does not own files or directories owned by other packages.
     Note: Dirs in package are owned also by: /usr/lib/python3.5/site-
     packages/__pycache__(system-python-libs, python3-pyparsing)
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 20480 bytes in 4 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: No rpmlint messages.
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

[x]: Python eggs must not download any dependencies during the build
[x]: A package which is used by another package via an egg interface should
     provide egg info.
[x]: Package meets the Packaging Guidelines::Python
[x]: Package contains BR: python2-devel or python3-devel
[x]: Binary eggs must be removed in %prep

===== SHOULD items =====

[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
    README.txt contains the project license
[x]: Final provides and requires are sane (see attachments).
[-]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in
     python2-pbkdf2 , python3-pbkdf2
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[?]: Patches link to upstream bugs/comments/lists or are otherwise
[x]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
[x]: %check is present and all tests pass.
[?]: Packages should try to preserve timestamps of original installed
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

[x]: Rpmlint is run on all installed packages.
     Note: No rpmlint messages.
[x]: Spec file according to URL is the same as in SRPM.

Checking: python2-pbkdf2-1.3-5.fc26.noarch.rpm
3 packages and 0 specfiles checked; 0 errors, 0 warnings.

Rpmlint (installed packages)
2 packages and 0 specfiles checked; 0 errors, 0 warnings.

python2-pbkdf2 (rpmlib, GLIBC filtered):

python3-pbkdf2 (rpmlib, GLIBC filtered):



Source checksums
https://pypi.python.org/packages/source/p/pbkdf2/pbkdf2-1.3.tar.gz :
  CHECKSUM(SHA256) this package     : ac6397369f128212c43064a2b4878038dab78dab41875364554aaf2a684e6979
  CHECKSUM(SHA256) upstream package : ac6397369f128212c43064a2b4878038dab78dab41875364554aaf2a684e6979

Generated by fedora-review 0.6.1 (f03e4e7) last change: 2016-05-02
Command line :/usr/bin/fedora-review -b 1279104 --plugins Python -m fedora-rawhide-i386
Buildroot used: fedora-rawhide-i386
Active plugins: Python, Generic, Shell-api
Disabled plugins: Java, C/C++, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby

Comment 13 Jonny Heggheim 2016-11-12 16:56:02 EST
(In reply to gil cattaneo from comment #12)

Comment 14 Gwyn Ciesla 2016-11-14 10:38:41 EST
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/rpms/python-pbkdf2

Note You need to log in before you can comment on or make changes to this bug.