Spec URL: https://dmoerner.fedorapeople.org/smlnj/smlnj.spec SRPM URL: https://dmoerner.fedorapeople.org/smlnj/smlnj-110.80-1.fc26.src.rpm Description: Standard ML of New Jersey (SML/NJ) is a compiler and programming environment for the Standard ML programming language. It was originally developed jointly at Bell Laboratories and Princeton University, and is now a joint project between researchers at Bell Laboratories, Lucent Technologies, Princeton University, Yale University (The FLINT Project), AT&T Research, and the University of Chicago. Fedora Account System Username: dmoerner This is a complicated spec and review. I welcome all feedback, even if you are not in a position to offer a full review. I have built on previous work by Ricky Zhou in an older review request, https://bugzilla.redhat.com/show_bug.cgi?id=670088 Comments for potential reviewers: 1. Note that this package is self-bootstrapping, and so will need Fedora Packaging Committee approval. Successful koji build using upstream precompiled binaries: https://koji.fedoraproject.org/koji/taskinfo?taskID=17823150 Logs and rpms from successful local mock self-bootstrapping using the koji rpms: https://dmoerner.fedorapeople.org/smlnj/self-bootstrap-logs/ 2. SML/NJ is 32-bit only, and of the 32 bit arches available in Fedora, has only been bootstrapped on x86. After asking around in IRC, I made the package ExclusiveArch: %{ix86}. If this is incorrect, and I should use ExcludeArch, it is easy to change. (I do not believe that being only available on x86 makes SML/NJ a bad candidate for the archive. Upstream is still active, and very slowly working on 64-bit support, and SML/NJ is actively used in a variety of academic environments.) 3. Upstream builds a static library, which can be used by the user to build statically linked SML binaries using the supplied heap2exec script. I have chosen to package this library in a separate -static subpackage. It could, however, just be removed entirely. 4. rpmlint output and commentary: smlnj.i686: E: missing-call-to-setgroups-before-setuid /usr/lib/smlnj/bin/.run/run.x86-linux.so smlnj.i686: E: missing-call-to-setgroups-before-setuid /usr/lib/smlnj/bin/.run/run.x86-linux I have looked carefully into this and I believe that this is not an issue. The setuid calls come base/runtime/c-libs/posix-procenv/setuid.c, part of where SML/NJ implements an SML function for the C setuid command, as part of implementing POSIX.1-2001. There could be a risk here that a user-constructed SML program could use this function in a dangerous way. But so far as I can see, this is a risk shared by any compiler that only implements POSIX.1-2001, of which setgroups is not a part. smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.run-sml smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.heap smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.heap smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.arch-n-opsys smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.run smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.run smlnj.i686: W: hidden-file-or-dir /usr/lib/smlnj/bin/.link-sml These hidden files are baked into upstream. I removed about 170 of these warnings by setting the variable CM_DIR_ARC, but these last 7 cannot be removed without major patching. smlnj-static.i686: W: no-documentation No issue; see note #3 above. Thanks!
*** Bug 670088 has been marked as a duplicate of this bug. ***
Ah, the DEAD-REVIEW flag got carried over from the other bug. Sorry for that.
Maybe you should offer a review swap on fedora-devel? This seems to be a pretty tough review, so people need extra motivation ;)
This is an automatic check from review-stats script. This review request ticket hasn't been updated for some time. We're sorry it is taking so long. If you're still interested in packaging this software into Fedora repositories, please respond to this comment clearing the NEEDINFO flag. You may want to update the specfile and the src.rpm to the latest version available and to propose a review swap on Fedora devel mailing list to increase chances to have your package reviewed. If this is your first package and you need a sponsor, you may want to post some informal reviews. Read more at https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group. Without any reply, this request will shortly be considered abandoned and will be closed. Thank you for your patience.