Bug 1479967 - Review Request: fritzing-parts - Parts library for the Fritzing electronic design application
Review Request: fritzing-parts - Parts library for the Fritzing electronic de...
Status: POST
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Robert-André Mauchin
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2017-08-09 16:26 EDT by Ed Marshall
Modified: 2017-09-06 14:27 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
zebob.m: fedora‑review+

Attachments (Terms of Use)

  None (edit)
Description Ed Marshall 2017-08-09 16:26:43 EDT
Spec URL: https://fedorapeople.org/~logic/fritzing-parts/fritzing-parts.spec
SRPM URL: https://fedorapeople.org/~logic/fritzing-parts/fritzing-parts-0.9.2b-1.fc27.src.rpm
Description: Fritzing is a free software tool to support designers, artists and hobbyists to work creatively with interactive electronics. The fritzing-parts package contains a library of part definitions, including both meta-data and related graphics.
Fedora Account System Username: logic

This isn't a new package, technically; it's a split of the original fritzing package, allowing Fedora to release both Fritzing and it's parts library independently. Upstream has moved to a git-based distribution model for the parts library, so we'll be taking occasional checkpoints of that and shipping it on an ongoing basis.

The plan is to get this split done first (as version 0.9.2b), then update both fritzing and fritzing-parts to 0.9.3b, and then finally update fritzing-parts to a point-in-time release from upstream git.

If you review this, fedora-review is going to complain about a lot of duplicated paths with the fritzing package; that will be corrected after this package has been approved (by removing the parts library from fritzing, at which point fritzing will require fritzing-parts). I haven't added an explicit Conflicts to this (for <= current fritzing release), since the file conflicts will naturally handle that, but I'm open to the idea if someone thinks that's necessary.

A successful koji scratch build of this is here: https://koji.fedoraproject.org/koji/taskinfo?taskID=21116609
Comment 1 Robert-André Mauchin 2017-08-10 03:17:54 EDT

No time to do a full review right now, but here's a preliminary couple of issues:

 - The tag "Group:" is to be removed. See https://fedoraproject.org/wiki/Packaging:Guidelines#Tags_and_Sections

 - Your patches… what do they do? Have they been reported upstream? Do you have a bug number for them? See https://fedoraproject.org/wiki/Packaging:Guidelines#All_patches_should_have_an_upstream_bug_link_or_comment

 - Change: 

Source0:       https://github.com/fritzing/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz 


Source0:       https://github.com/fritzing/%{name}/archive/%{version}/%{name}-%{version}.tar.gz

 - %defattr(-,root,root,-) is not needed. See https://fedoraproject.org/wiki/Packaging:Guidelines#File_Permissions
Comment 2 Ed Marshall 2017-08-10 17:30:49 EDT
Spec URL: https://fedorapeople.org/~logic/fritzing-parts/fritzing-parts.spec
SRPM URL: https://fedorapeople.org/~logic/fritzing-parts/fritzing-parts-0.9.2b-1.fc27.src.rpm
Description: Fritzing is a free software tool to support designers, artists and hobbyists to work creatively with interactive electronics. The fritzing-parts package contains a library of part definitions, including both meta-data and related graphics.
Fedora Account System Username: logic

Thanks for catching those!

- I've yanked the Group: tag, and I'll pull it from Fritzing itself the next time I issue an update.
- I've punted entirely on the patches, since as of the next update (which will follow on the heels of this pretty quickly) those scripts won't even exist anymore (which was the reason for both patches: fixing hashbang lines, and an outdated FSF address, to make fedora-review happy). So, I've pulled the obsolete parts scripts entirely, and both patches.
- I had no idea that URL would work with Github! This is so much better than the reference trick I was using (which I'm sure I borrowed from an old mailing list thread at some point), thank you!
- Yanked defattr, will get rid of it in Fritzing itself with the next release too.

Koji scratch build is at: https://koji.fedoraproject.org/koji/taskinfo?taskID=21155649
Comment 3 Robert-André Mauchin 2017-08-11 00:48:06 EDT
There are some issues with the licences, some files are GPLv2+ and some other GPLv3+:

*No copyright* CC0

CC by

GPL (v2 or later) (with incorrect FSF address)

GPL (v3 or later)

It should be reflected in the License: tag

 - I think you should add a specific verion of fritzing in the Requires tag otherwiseit will conflicts with lower version of fritzing.

Package Review

[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed

- Package installs properly.
  Note: Installation errors (see attachment)
  See: https://fedoraproject.org/wiki/Packaging:Guidelines

===== MUST items =====

[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
[!]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "GPL (v2 or later) (with incorrect FSF address)", "CC by", "GPL
     (v3 or later)", "Unknown or generated", "*No copyright* CC0". 8576
     files have unknown license. Detailed output of licensecheck in
[ ]: Package does not own files or directories owned by other packages.
     Note: Dirs in package are owned also by:
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 10240 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Rpmlint is run on all rpms the build produces.
     Note: No rpmlint messages.
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[-]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

[!]: Rpmlint is run on all installed packages.
     Note: Mock build failed
     See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint
[x]: Spec file according to URL is the same as in SRPM.

Installation errors
INFO: mock.py version 1.4.2 starting (python version = 3.6.2)...
Start: init plugins
INFO: selinux disabled
Finish: init plugins
Start: run
Start: chroot init
INFO: calling preinit hooks
INFO: enabled root cache
INFO: enabled dnf cache
Start: cleaning dnf metadata
Finish: cleaning dnf metadata
INFO: enabled HW Info plugin
Mock Version: 1.4.2
INFO: Mock Version: 1.4.2
Finish: chroot init
INFO: installing package(s): /home/bob/packaging/review/fritzing-parts/review-fritzing-parts/results/fritzing-parts-0.9.2b-1.fc27.noarch.rpm
ERROR: Command failed: 
 # /usr/bin/dnf --installroot /var/lib/mock/fedora-rawhide-x86_64/root/ --releasever 27 --disableplugin=local --setopt=deltarpm=False install /home/bob/packaging/review/fritzing-parts/review-fritzing-parts/results

Checking: fritzing-parts-0.9.2b-1.fc27.noarch.rpm
2 packages and 0 specfiles checked; 0 errors, 0 warnings.
Comment 4 Ed Marshall 2017-08-13 17:55:20 EDT
Spec URL: https://fedorapeople.org/~logic/fritzing-parts/fritzing-parts.spec
SRPM URL: https://fedorapeople.org/~logic/fritzing-parts/fritzing-parts-0.9.3b-1.fc27.src.rpm
Description: Fritzing is a free software tool to support designers, artists and hobbyists to work creatively with interactive electronics. The fritzing-parts package contains a library of part definitions, including both meta-data and related graphics.
Fedora Account System Username: logic

So yeah, Friting asset licensing has not been very well-managed. :( To make things, simpler, I'm rebasing this to 0.9.3b, since upstream cleaned up a few things with respect to licensing in that release (and that was going to be my next step anyway, so might as well just do it now).

An audit by hand shows most assets as not being individually-licensed, thankfully. A bunch of assets are explicitly licensed CC-BY-SA, (which goes with the top-level LICENSE.txt), and there's a large number of SVG assets (which appear to be converted from external sources like gEDA and Kicad) which are all unversioned GPL (tagged by Fritzing's XML schema, so fedora-review wasn't catching it).

The two CC0 matches appear to be mistakes; there's no license mentioned at all in either of those files, which should fall back to the distribution-level license. These mismatches carry through to 0.9.3b as well.

Also with 0.9.3b, there's a new file that throws a CC0 error, and while it has an xmlns:cc attribute on the svg element, there's no license actually specified, so again, we should fall back to the distribution-level license. This one is weird in that it's not the only file in the distribution with a ccREL xmlns attribute, although it's the only one that I noticed from a quick check that didn't have some sort of cc:* element or an rdf section. I think I'm going to have to chalk this up to a bug somewhere, unless someone has a better idea of what is happening here.

(Weird that it's all SparkFun SVG files throwing these errors. ;))

Anyway, long story short: I'll update the License tag to "CC-BY-SA and GPL+", but I'm going to skip adding CC0, since there is already a license on everything that doesn't explicitly have one here (the top-level license), and none of the files fedora-review tags as "CC0" explicitly specify any kind of license (and nothing in the distribution explicitly chooses CC0).

Regarding a "Requires: fritzing = %{version}" tag, I've intentionally avoided adding an explicit dependency from the parts library to Fritzing itself, because during this transition phase you have to be able to install this without explicitly pulling in Fritzing (because the current version of Fritzing's file conflicts prevent it). Even in the future, there's no explicit reason why fritzing-parts needs fritzing to be installed, and there's always the possibility of other software in the future being able to make use of the parts library.

(fritzing, however, will need to have a Requires on fritzing-parts once it's been updated, because it's useless without the parts library.)

Anyway, thanks for taking the time to look at this! I've updated the .spec and SRPM above.
Comment 5 Robert-André Mauchin 2017-08-17 04:12:01 EDT
One thing that is missing from your SPEC is the license breakdown: If the package is under multiple licenses, the licensing breakdown must be documented in the spec.
Comment 6 Ed Marshall 2017-08-17 16:05:21 EDT
Ah, good point. I've added a comment about licensing disposition, and both spec and SRPM have been updated, and the koji task is at: https://koji.fedoraproject.org/koji/taskinfo?taskID=21285345
Comment 7 Robert-André Mauchin 2017-08-18 01:31:44 EDT
Everything's okay. Package accepted.

Thanks for your work.
Comment 8 Gwyn Ciesla 2017-08-19 15:10:42 EDT
(fedrepo-req-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/fritzing-parts
Comment 9 Matt Prahl 2017-08-20 09:35:50 EDT
(fedrepo-req-admin):  The Pagure repository was created at https://src.stg.fedoraproject.org/rpms/fritzing-parts
Comment 10 Matt Prahl 2017-08-20 09:36:41 EDT
Please ignore the above comment. That was just testing in staging.

Note You need to log in before you can comment on or make changes to this bug.