Spec URL: http://copr-dist-git.fedorainfracloud.org/cgit/bizdelnick/neuro/liblsl.git/plain/liblsl.spec?id=729813c15a8a55ba190517bf49a303a83f24faf0 SRPM URL: https://copr-be.cloud.fedoraproject.org/results/bizdelnick/neuro/fedora-rawhide-x86_64/00158389-liblsl/liblsl-1.11.0-1.fc24.src.rpm Description: The lab streaming layer is a simple all-in-one approach to streaming experiment data between applications in a lab, e.g. instrument time series, event markers, audio, and so on. Fedora Account System Username: bizdelnick
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [?]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "MIT/X11 (BSD like)", "BSL (v1.0)", "Unknown or generated". 80 files have unknown license. Detailed output of licensecheck in /var/tmp/1305655-liblsl/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [!]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [?]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 6 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [-]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in liblsl- debuginfo [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: Scriptlets must be sane, if used. [x]: SourceX tarball generation or download is documented. Note: Package contains tarball without URL, check comments [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [?]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [!]: Spec use %global instead of %define unless justified. Note: %define requiring justification: %define version_major 1, %define version_minor 11, %define version_patch 0, %define commit 9b91384 [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SourceX is a working URL. Rpmlint ------- Checking: liblsl-1.11.0-1.fc24.x86_64.rpm liblsl-devel-1.11.0-1.fc24.x86_64.rpm liblsl-debuginfo-1.11.0-1.fc24.x86_64.rpm liblsl-1.11.0-1.fc24.src.rpm liblsl-devel.x86_64: W: only-non-binary-in-usr-lib liblsl-devel.x86_64: W: no-documentation liblsl.src:18: W: macro-in-comment %{name} liblsl.src:18: W: macro-in-comment %{version} liblsl.src:18: W: macro-in-comment %{commit} liblsl.src:18: W: macro-in-comment %{SOURCE0} liblsl.src: E: specfile-error warning: Macro expanded in comment on line 18: # git archive --prefix=%{name}-%{version}/ %{commit} `ls | grep -v '^external$'` | xz > %{SOURCE0} liblsl.src: E: specfile-error 4 packages and 0 specfiles checked; 2 errors, 6 warnings. Requires -------- liblsl-debuginfo (rpmlib, GLIBC filtered): liblsl (rpmlib, GLIBC filtered): /sbin/ldconfig ld-linux-x86-64.so.2()(64bit) libboost_chrono.so.1.60.0()(64bit) libboost_filesystem.so.1.60.0()(64bit) libboost_serialization.so.1.60.0()(64bit) libboost_system.so.1.60.0()(64bit) libboost_thread.so.1.60.0()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libm.so.6()(64bit) libpthread.so.0()(64bit) librt.so.1()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.9)(64bit) rtld(GNU_HASH) liblsl-devel (rpmlib, GLIBC filtered): liblsl(x86-64) liblsl.so.1.11()(64bit) Provides -------- liblsl-debuginfo: liblsl-debuginfo liblsl-debuginfo(x86-64) liblsl: liblsl liblsl(x86-64) liblsl.so.1.11()(64bit) liblsl-devel: liblsl-devel liblsl-devel(x86-64) Issues ------ Do not use %define, use %global instead [https://fedoraproject.org/wiki/Packaging:Guidelines#.25global_preferred_over_.25define]. You might want to also package examples/ as docs in devel. You do not provide the licensing breakdown in a comment in the spec file. I'm don't think boost license applies to the binary rpm, but let's see the breakdown first. The package uses some bundled libraries: pugixml, portable_archive, boost endian. pugixml is packaged for fedora, so is boost (package boost-devel). According to the new rules, you must use the packaged versions unless there's some specific reason not to. I don't think portable_archive is packaged, so you can use the internal version, or possible package it as a seperate package. I'd do the latter if is used in other projects, and only then, but either way, it's your choice. If you choose to use bundled versions, add Provides: bundled(portable_archive) = <date-of-last-change-of-the-bundled-code>.
Thank you Zbigniew! > The package uses some bundled libraries: pugixml, portable_archive, boost endian. LSL version of endian differs from upstream boost endian (probably it is a very old fork) and incompatible to it. As this is a header only library, there are no any .so files bundled. I'm unable to find alive upstream for portable_archive, so I don't think that packaging in separately makes any sense. This is also a header-only library, and there's nothing bundled in the binary package. I'll fix other issues and post updated spec and srpm later.
> I'm don't think boost license applies to the binary rpm You are right, the Boost license does not apply to the binary package. It is used only for headers that are not installed. > Do not use %define, use %global instead fixed > pugixml is packaged for fedora Added a patch to use system pugixml. >You might want to also package examples/ as docs in devel. done Spec URL: http://copr-dist-git.fedorainfracloud.org/cgit/bizdelnick/neuro/liblsl.git/plain/liblsl.spec?id=892489a7b7018eca4dff211329f405284886b98f SRPM URL: https://copr-be.cloud.fedoraproject.org/results/bizdelnick/neuro/fedora-rawhide-x86_64/00159673-liblsl/liblsl-1.11.0-1.fc24.src.rpm
rpmlint: liblsl.src:18: W: macro-in-comment %{name} liblsl.src:18: W: macro-in-comment %{version} liblsl.src:18: W: macro-in-comment %{commit} liblsl.src:18: W: macro-in-comment %{SOURCE0} liblsl.src: E: specfile-error warning: Macro expanded in comment on line 18: # git archive --prefix=%{name}-%{version}/ %{commit} `ls | grep -v '^external$'` | xz > %{SOURCE0} liblsl.src: E: specfile-error You really should fix those because rpm will complain about those on every build (replace % with %%). You should also add Provides: bundled(boost-endian) Provides: bundles(portable-archive) I don't think it'll make any practical difference, but the guidelines require that [1], and there's no reason not to. [1] https://fedoraproject.org/wiki/Packaging:Guidelines#Bundling_and_Duplication_of_system_libraries There's a number of warnings during build about initialization issues in the code... You might want to look into those. Package is APPROVED.
> You should also add > Provides: bundled(boost-endian) > Provides: bundles(portable-archive) > I don't think it'll make any practical difference, but the guidelines require > that [1], and there's no reason not to. I'm sorry, but I don't understand why сan it be needed. That are forks of original libraries maintained by liblsl developers. The guideline you pointed to requires the version of bundled library to be defined, but the code is not identical to any upstream release. Then, as I mentioned before, both endian and portable_archive are header-only libraries, so the binary package does not bundle shared libs, it does not even contain files linked to some bundled libs statically, only generated template specializations are used. If the point of defining provides is to mark possibly duplicated binary files, there's no duplication. If it is to provide a way to track security issues, it will not work, because the code is not equal to upstream and its version can't be determined.
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/liblsl
The idea is to provide the information that package A is using code B. Would there be no bundling, this information would be provided by BuildRequires or other dependency. We want to provide a replacement. The purpose is to be able to quickly find code B, not just for security issues. Imagine that next version of gcc exposes a bug in boost::endian. If someone wants to go over all packages using boost::endian and recompile them with some patch, this Provides makes their life easier because they can identify relevant packages with one or two dnf queries. In case you cannot identify a specific version, don't include the version. There's a lot of packages which do that. You can add a comment in the specfile...
Thank you for explanation, I added provides as you adviced.