Spec URL: https://github.com/stefanberger/swtpm/blob/tpm2-preview.v2/dist/swtpm.spec SRPM URL: https://kojipkgs.fedoraproject.org//work/tasks/5398/28795398/libtpms-0.6.0-0.fc29.src.rpm Description: TPM emulator built on libtpms providing TPM functionality for QEMU VMs Fedora Account System Username: stefanberger
Stefan, the SRPM URL is not for swtpm (but libtpms). Please provide a swtpm SRPM URL.
And swtpm depends on libtpms >= 0.6.0, but current version is 0.5.2.
(In reply to Iñaki Ucar from comment #2) > And swtpm depends on libtpms >= 0.6.0, but current version is 0.5.2. is there a way to scratch-build against another scratch-build? or should tpms 0.6 need to be in rawhide?
(In reply to Marc-Andre Lureau from comment #3) > (In reply to Iñaki Ucar from comment #2) > > And swtpm depends on libtpms >= 0.6.0, but current version is 0.5.2. > > is there a way to scratch-build against another scratch-build? or should > tpms 0.6 need to be in rawhide? AFAIK, they can't. You can build a local mock, though, if the proper libtpms RPM is provided, by installing it manually. But anyway the libtpms update should block this review request: > All package dependencies [...] MUST ALWAYS be satisfiable within the official Fedora repositories. https://fedoraproject.org/wiki/Packaging:Guidelines?rd=PackagingGuidelines#Package_Dependencies
Stefan is also the maintainer of libtpms, I assume he will update it too. - Group: is not needed in Fedora - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root is not used anymore - Don't use %define, use %global - Use %bcond_with/%bcond_without instead of %define with_gnutls 1 - %defattr(-,root,root,-) %attr( 755, root, root) Not necessary as it is the default, only use defattr when you're changing the default value - %{_libdir}/libswtpm_libtpms.so.* New guidelines: don't use a glob for major soname version to avoid accidental soname bump. See the new guidelines here https://pagure.io/packaging-committee/issue/784 - make %{?_smp_mflags} → %make_build - make %{?_smp_mflags} install DESTDIR=${RPM_BUILD_ROOT} → %make_install - rm -f ${RPM_BUILD_ROOT}%{_libdir}/*.a ${RPM_BUILD_ROOT}%{_libdir}/*.la → rm -rf $RPM_BUILD_ROOT%{_libdir}/*.{a,la} - Not needed anymore, this is handled by %transfiletrigger now for F28+. If you plan to package for F27/EPEL use %ldconfig_scriptlets instead: %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig - add a %changelog %entry - Use %selinux_modules_install/%selinux_modules_uninstall/%selinux_relabel_post See https://fedoraproject.org/wiki/SELinux/IndependentPolicy#The_.25post_Section
The latest version of the spec file is now here: https://github.com/stefanberger/swtpm/blob/tpm2-preview.v2.selinux/dist/swtpm.spec I think it addresses the above concerns and I would use it for building swtpm for Fedora.
%bcond_with gnutls will disable gnutls by default. Are you sure you don't want the opposite, %bcond_without gnutls?
(In reply to Robert-André Mauchin from comment #7) > %bcond_with gnutls will disable gnutls by default. Are you sure you don't > want the opposite, %bcond_without gnutls? Thanks. I fixed this now. I don't know why, but it was also building it correctly with the way it was.
I ran fedora-review for you :) : Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= - Please follow the common section order: https://rpm-packaging-guide.github.io/#hello-world In particular %files is before %changelog - For initial Fedora introduction, I would recommend to drop all the conditionals, and the support for building on older fedora or rhel (they can be added back later on, but they ease the initial review and avoid the cruft). - test_tpm2_save_load_encrypted_state fails (wasn't this supposed to be fixed with #1612803 ?) - These BR are not needed: coreutils sed bash - /sbin/ldconfig not called in swtpm-libs Tbh, I think having a shared library for swtpm isn't really worth it. It may create problems, not really solve any. I would rather link the common objects to the final binaries. Otherwise, I think the private libraries should rather be placed under ${_libdir}/%{name}, to avoid having the library in default link path. - fedora-review doesn't like swtpm-debugsource headers, it may be a fedora-review bug? - see other issues listed below, in particular rpmlint ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: License field in the package spec file matches the actual license. [!]: License file installed when any subpackage combination is installed. The package LICENSE file should be installed with %license with swtpm [!]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/swtpm [?]: Package does not own files or directories owned by other packages. I think I hit a fedora-review bug here... [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [!]: Changelog rpmlint error [x]: Sources contain only permissible code or content. [!]: Development files must be in a -devel package Only /usr/include/swtpm/tpm_ioctl.h is provided, which doesn't provide API to /usr/lib64/libswtpm_libtpms.so. If /usr/lib64/libswtpm_libtpms.so is a private shared library, I don't know what's the packaging rule. [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: Requires correct, justified where necessary. Sometime you use swtpm, sometime %{name} [x]: Spec file is legible and written in American English. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [ ]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 0 bytes in 0 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: Final provides and requires are sane (see attachments). [ ]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in swtpm- libs , swtpm-selinux , swtpm-devel , swtpm-tools , swtpm-debuginfo , swtpm-debugsource [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Scriptlets must be sane, if used. [ ]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. Does not yet pass on f28, due to openssl bug [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Package should not use obsolete m4 macros Note: Some obsoleted macros found, see the attachment. See: https://fedorahosted.org/FedoraReview/wiki/AutoTools [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: swtpm-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-libs-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-selinux-0.1.0-1.dev2.fc30.noarch.rpm swtpm-devel-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-tools-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-debuginfo-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-debugsource-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-0.1.0-1.dev2.fc30.src.rpm swtpm.x86_64: E: no-changelogname-tag swtpm.x86_64: W: no-url-tag swtpm-libs.x86_64: W: spelling-error %description -l en_US libtpms -> libations swtpm-libs.x86_64: E: no-changelogname-tag swtpm-libs.x86_64: W: no-url-tag swtpm-libs.x86_64: W: no-documentation swtpm-selinux.noarch: E: explicit-lib-dependency libselinux-utils swtpm-selinux.noarch: E: no-changelogname-tag swtpm-selinux.noarch: W: no-url-tag swtpm-selinux.noarch: W: no-documentation swtpm-selinux.noarch: W: dangerous-command-in-%posttrans rm swtpm-devel.x86_64: E: no-changelogname-tag swtpm-devel.x86_64: W: no-url-tag swtpm-tools.x86_64: E: no-changelogname-tag swtpm-tools.x86_64: W: no-url-tag swtpm-debuginfo.x86_64: E: no-changelogname-tag swtpm-debuginfo.x86_64: W: no-url-tag swtpm-debugsource.x86_64: E: no-changelogname-tag swtpm-debugsource.x86_64: W: no-url-tag swtpm.src: W: spelling-error %description -l en_US libtpms -> libations swtpm.src: E: no-changelogname-tag swtpm.src: W: no-url-tag swtpm.src:177: W: mixed-use-of-spaces-and-tabs (spaces: line 6, tab: line 177) swtpm.src: E: specfile-error warning: bogus date in %changelog: Mon Sep 17 2010 Stefan Berger - 0.1.0-0.20180917gitfd755d731e 8 packages and 0 specfiles checked; 10 errors, 14 warnings. Rpmlint (debuginfo) ------------------- Checking: swtpm-debuginfo-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-libs-debuginfo-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-tools-debuginfo-0.1.0-1.dev2.fc30.x86_64.rpm swtpm-debuginfo.x86_64: E: no-changelogname-tag swtpm-debuginfo.x86_64: W: no-url-tag swtpm-libs-debuginfo.x86_64: E: no-changelogname-tag swtpm-libs-debuginfo.x86_64: W: no-url-tag swtpm-tools-debuginfo.x86_64: E: no-changelogname-tag swtpm-tools-debuginfo.x86_64: W: no-url-tag 3 packages and 0 specfiles checked; 3 errors, 3 warnings. Rpmlint (installed packages) ---------------------------- sh: /usr/bin/python: No such file or directory swtpm-libs.x86_64: W: spelling-error %description -l en_US libtpms -> libations swtpm-libs.x86_64: E: no-changelogname-tag swtpm-libs.x86_64: W: no-url-tag swtpm-libs.x86_64: W: no-documentation swtpm-devel.x86_64: E: no-changelogname-tag swtpm-devel.x86_64: W: no-url-tag swtpm-tools-debuginfo.x86_64: E: no-changelogname-tag swtpm-tools-debuginfo.x86_64: W: no-url-tag swtpm-selinux.noarch: E: explicit-lib-dependency libselinux-utils swtpm-selinux.noarch: E: no-changelogname-tag swtpm-selinux.noarch: W: no-url-tag swtpm-selinux.noarch: W: no-documentation swtpm-selinux.noarch: W: dangerous-command-in-%posttrans rm swtpm-debuginfo.x86_64: E: no-changelogname-tag swtpm-debuginfo.x86_64: W: no-url-tag swtpm-tools.x86_64: E: no-changelogname-tag swtpm-tools.x86_64: W: no-url-tag swtpm-libs-debuginfo.x86_64: E: no-changelogname-tag swtpm-libs-debuginfo.x86_64: W: no-url-tag swtpm.x86_64: E: no-changelogname-tag swtpm.x86_64: W: no-url-tag swtpm-debugsource.x86_64: E: no-changelogname-tag swtpm-debugsource.x86_64: W: no-url-tag 9 packages and 0 specfiles checked; 10 errors, 13 warnings. Requires -------- swtpm-libs (rpmlib, GLIBC filtered): libc.so.6()(64bit) libcrypto.so.1.1()(64bit) libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) libglib-2.0.so.0()(64bit) libtpms.so.0()(64bit) libtpms.so.0(LIBTPMS_0.5.1)(64bit) libtpms.so.0(LIBTPMS_0.6.0)(64bit) rtld(GNU_HASH) swtpm-devel (rpmlib, GLIBC filtered): libswtpm_libtpms.so.0()(64bit) swtpm(x86-64) swtpm-selinux (rpmlib, GLIBC filtered): /bin/sh libselinux-utils policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-base swtpm-debuginfo (rpmlib, GLIBC filtered): swtpm-tools (rpmlib, GLIBC filtered): /usr/bin/bash bash config(swtpm-tools) expect fuse gnutls-utils libc.so.6()(64bit) libgnutls.so.30()(64bit) libgnutls.so.30(GNUTLS_3_4)(64bit) libtasn1.so.6()(64bit) libtasn1.so.6(LIBTASN1_0_3)(64bit) net-tools rtld(GNU_HASH) swtpm tpm-tools trousers swtpm (rpmlib, GLIBC filtered): /bin/sh fuse kernel-modules-extra libc.so.6()(64bit) libpthread.so.0()(64bit) libswtpm_libtpms.so.0()(64bit) libtpms libtpms.so.0()(64bit) libtpms.so.0(LIBTPMS_0.5.1)(64bit) libtpms.so.0(LIBTPMS_0.6.0)(64bit) rtld(GNU_HASH) swtpm-selinux swtpm-debugsource (rpmlib, GLIBC filtered): Provides -------- swtpm-libs: libswtpm_libtpms.so.0()(64bit) swtpm-libs swtpm-libs(x86-64) swtpm-devel: swtpm-devel swtpm-devel(x86-64) swtpm-selinux: swtpm-selinux swtpm-debuginfo: debuginfo(build-id) swtpm-debuginfo swtpm-debuginfo(x86-64) swtpm-tools: config(swtpm-tools) swtpm-tools swtpm-tools(x86-64) swtpm: swtpm swtpm(x86-64) swtpm-debugsource: swtpm-debugsource swtpm-debugsource(x86-64) Source checksums ---------------- Using local file /home/elmarco/pkg/swtpm/v0.1.0.tar.gz as upstream file:///home/elmarco/pkg/swtpm/v0.1.0.tar.gz : CHECKSUM(SHA256) this package : 6e3b869633a532952f0ff482439c6ef1741a530be3897b7c4e3d977539b557d0 CHECKSUM(SHA256) upstream package : 6e3b869633a532952f0ff482439c6ef1741a530be3897b7c4e3d977539b557d0 AutoTools: Obsoleted m4s found ------------------------------ AC_PROG_LIBTOOL found in: swtpm-0.1.0/configure.ac:43 Generated by fedora-review 0.6.1 (f03e4e7) last change: 2016-05-02 Command line :/usr/bin/fedora-review --rpm-spec -n /home/elmarco/rpmbuild/SRPMS/swtpm-0.1.0-1.dev2.fc28.src.rpm Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP Disabled flags: EXARCH, DISTTAG, EPEL5, BATCH, EPEL6
- Add a URL: field - Source0 must be d/l from a URL, if it's not possible details the instructions to create the archive - Group is not used in Fedora - your changelog entry should contain your email - patch this by replacing the obsolete macro with LT_INIT: AutoTools: Obsoleted m4s found ------------------------------ AC_PROG_LIBTOOL found in: swtpm-0.1.0/configure.ac:43
The latest spec is now here again: https://github.com/stefanberger/swtpm/blob/tpm2-preview.v2.selinux/dist/swtpm.spec I removed the remaining 'Group' line, added details about how to get Source0, fixed the changelog entry to have my email and replace the AC_PROG_LIBTOOL with LT_INIT. I also removed the cuse conditional. I would like to keep the gnutls one. The rpmlint is down to this list here. I wasn't sure what to do about the no-documentation warning for the subpackages, so duplicated the %doc to all of them. ]$ rpmlint ~/rpmbuild/RPMS/x86_64/swtpm-*.rpm ~/rpmbuild/SRPMS/swtpm-0.1.0-0.20180918gitbe6b378487.fc28.src.rpm ~/rpmbuild/RPMS/noarch/swtpm-selinux-0.1.0-0.20180918gitbe6b378487.fc28.noarch.rpm swtpm-libs.x86_64: W: spelling-error %description -l en_US libtpms -> libations swtpm.src: W: spelling-error %description -l en_US libtpms -> libations swtpm.src: W: invalid-url Source0: swtpm-0.1.0.tar.gz swtpm-selinux.noarch: E: explicit-lib-dependency libselinux-utils swtpm-selinux.noarch: W: dangerous-command-in-%posttrans rm 10 packages and 0 specfiles checked; 1 errors, 4 warnings. Do I have to have a URL to the tar? In Fedora I will check the tar into the fedpkg repo and it will pick it up from there.
> Tbh, I think having a shared library for swtpm isn't really worth it. It > may create problems, not really solve any. I would rather link the common > objects to the final binaries. > > Otherwise, I think the private libraries should rather be placed under > ${_libdir}/%{name}, to avoid having the library in default link path. That's where I installed them now.
- Why not use a direct link for the tar.gz? %global gitdate 20180918 %global gitcommit be6b378487548bc197bbf9fa39a01f628839a22f %global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7}) # Macros needed by SELinux %global selinuxtype targeted %global moduletype contrib %global modulename swtpm Summary: TPM Emulator Name: swtpm Version: 0.1.0 Release: 0.%{gitdate}git%{gitshortcommit}%{?dist} License: BSD Url: http://github.com/stefanberger/swtpm Source0: %url/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz and: %prep %autosetup -n %{name}-%{gitcommit} then download the source with "spectool -g swtpm.spec" And don't forget to fix the changelog (20180918gitbe6b378) - Add gcc as a BR - Own this directory: [!]: Package requires other packages for directories it uses. Note: No known owner of /usr/share/swtpm - patch this by replacing the obsolete macro with LT_INIT (or do it upstream) AutoTools: Obsoleted m4s found ------------------------------ AC_PROG_LIBTOOL found in: swtpm-0.1.0/configure.ac:43 - subpackages libs and selinux must also contain the license - There's an error here, you should require %{name}-libs%{?_isa}, not %{name}%{?_isa} %package devel Summary: Include files for the TPM emulator's CUSE interface for usage by clients Requires: %{name}-libs%{?_isa} = %{version}-%{release} - BuildRequires: python-twisted You must specify if you want python2-twisted or python3-twisted, python-twisted is deprecated. Py3 preferred as we are retiring Py2 packages. - BuildRequires: python Same, specify python2 or python3. Py 3 preferred if it's compatible. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. Note: No gcc, gcc-c++ or clang found in BuildRequires See: https://fedoraproject.org/wiki/Packaging:C_and_C%2B%2B ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "BSD (3 clause)", "Unknown or generated", "*No copyright* BSD (unspecified)". 211 files have unknown license. Detailed output of licensecheck in /home/bob/packaging/review/swtpm/review- swtpm/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [!]: Package requires other packages for directories it uses. Note: No known owner of /usr/share/swtpm [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 40960 bytes in 4 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in swtpm- libs , swtpm-selinux , swtpm-devel , swtpm-tools , swtpm-debuginfo , swtpm-debugsource [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Scriptlets must be sane, if used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Package should not use obsolete m4 macros Note: Some obsoleted macros found, see the attachment. See: https://fedorahosted.org/FedoraReview/wiki/AutoTools [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: swtpm-0.1.0-0.20180918gitbe6b378.fc30.x86_64.rpm swtpm-libs-0.1.0-0.20180918gitbe6b378.fc30.x86_64.rpm swtpm-selinux-0.1.0-0.20180918gitbe6b378.fc30.noarch.rpm swtpm-devel-0.1.0-0.20180918gitbe6b378.fc30.x86_64.rpm swtpm-tools-0.1.0-0.20180918gitbe6b378.fc30.x86_64.rpm swtpm-debuginfo-0.1.0-0.20180918gitbe6b378.fc30.x86_64.rpm swtpm-debugsource-0.1.0-0.20180918gitbe6b378.fc30.x86_64.rpm swtpm-0.1.0-0.20180918gitbe6b378.fc30.src.rpm swtpm-libs.x86_64: W: spelling-error %description -l en_US libtpms -> libations swtpm-selinux.noarch: E: explicit-lib-dependency libselinux-utils swtpm-selinux.noarch: W: dangerous-command-in-%posttrans rm swtpm.src: W: spelling-error %description -l en_US libtpms -> libations 8 packages and 0 specfiles checked; 1 errors, 3 warnings.
(In reply to Robert-André Mauchin from comment #13) > and: > > %prep > %autosetup -n %{name}-%{gitcommit} Cool! Thanks. I am using this now. > > > > then download the source with "spectool -g swtpm.spec" > > And don't forget to fix the changelog (20180918gitbe6b378) > > > - Add gcc as a BR Done. > > - Own this directory: > > [!]: Package requires other packages for directories it uses. > Note: No known owner of /usr/share/swtpm I do not know what to do about this. > > > - patch this by replacing the obsolete macro with LT_INIT (or do it > upstream) This is fixed. > - subpackages libs and selinux must also contain the license Done. > > - There's an error here, you should require %{name}-libs%{?_isa}, not > %{name}%{?_isa} > > %package devel > Summary: Include files for the TPM emulator's CUSE interface for > usage by clients > Requires: %{name}-libs%{?_isa} = %{version}-%{release} Fixed. > > - BuildRequires: python-twisted > > You must specify if you want python2-twisted or python3-twisted, > python-twisted is deprecated. Py3 preferred as we are retiring Py2 packages. > Using python2-twisted now. > - BuildRequires: python > > Same, specify python2 or python3. Py 3 preferred if it's compatible. python3 doesn't seem to create the symlink of python to the python3 executable. So I have to use python2.
Actually, I need python as well. It seems to be the one setting the symlink. I suppose it will set a different symlink once python3 takes over?
> Done. > > > > > > - Own this directory: > > > > [!]: Package requires other packages for directories it uses. > > Note: No known owner of /usr/share/swtpm > > > I do not know what to do about this. Using %dir solved the problem. Fixed.
- remove the duplicated "License: BSD" lines, the top-level one is enough - no need to duplicate %doc & %license for each pacakge - use regular section order, %files come just before %changelog (thanks!) - since the package builds with python3, why not BR python3 and remove BR python2-twisted? - %post -> %post selinux ? Why do you make it a seperate (required) -selinux package, and not include the policy in swtpm package directly? What is the status of selinux policy review ? - I suggest to remove the top-level comment: # --- swtpm rpm-spec --- - dist'ing libswtpm_libtpms.so in -devel isn't useful if you don't provide a header & stable API to use it. - it is a good idea to add a link to this BZ in the changelog my attempt so far: https://paste.fedoraproject.org/paste/zkHXboAJJnggRwMUo0dBlA
> python3 doesn't seem to create the symlink of python to the python3 executable. > So I have to use python2. > Actually, I need python as well. It seems to be the one setting the symlink. I > suppose it will set a different symlink once python3 takes over? Actually you must not use the "python" executable in your build script, it is a warning since F28, and an error on F30. You should fix whatever part of your buildsystem that use "python" and make it use "python3". (In reply to Marc-Andre Lureau from comment #17) > - remove the duplicated "License: BSD" lines, the top-level one is enough > > - no need to duplicate %doc & %license for each pacakge > Licensi is needed for each package combinaison possible. Since libs can be installed withoit the main package it must also contain the license
(In reply to Marc-Andre Lureau from comment #17) >- dist'ing libswtpm_libtpms.so in -devel isn't useful if you don't provide a >header & stable API to use it. I don't see why this would be a problem. There is no need to provide a header with the library to make a devel package.
(In reply to Robert-André Mauchin from comment #19) > (In reply to Marc-Andre Lureau from comment #17) > >- dist'ing libswtpm_libtpms.so in -devel isn't useful if you don't provide a > >header & stable API to use it. > > I don't see why this would be a problem. There is no need to provide a > header with the library to make a devel package. There is no intent to make it a public library to link against (with some stability guarantees etc), so no need to have it in -devel.
(In reply to Robert-André Mauchin from comment #18) > > python3 doesn't seem to create the symlink of python to the python3 executable. > So I have to use python2. > > Actually, I need python as well. It seems to be the one setting the symlink. I > > suppose it will set a different symlink once python3 takes over? > > Actually you must not use the "python" executable in your build script, it > is a warning since F28, and an error on F30. You should fix whatever part of > your buildsystem that use "python" and make it use "python3". > If I follow the logic in this python specification then python is the generic executable for programs running with python2 or python3. https://www.python.org/dev/peps/pep-0394/ With the logic the 'provides' python and python-twisted are virtual provides in the python2 and python2-twisted packages that will be moved into python3 and python3-twisted at some point. So I doubt that python and python-twisted will go away, they will just move to another package, and should be usable by python version independent programs (which is what we have). $ rpm -q --provides python2-twisted python-twisted = 18.4.0-4.fc28 python-twisted(x86-64) = 18.4.0-4.fc28 python-twisted-conch = 18.4.0-4.fc28 python-twisted-core = 18.4.0-4.fc28 python-twisted-core-doc = 18.4.0-4.fc28 python-twisted-mail = 18.4.0-4.fc28 python-twisted-names = 18.4.0-4.fc28 python-twisted-news = 18.4.0-4.fc28 python-twisted-runner = 18.4.0-4.fc28 python-twisted-web = 18.4.0-4.fc28 python-twisted-web2 = 18.4.0-4.fc28 python-twisted-words = 18.4.0-4.fc28 python2-twisted = 18.4.0-4.fc28 python2-twisted(x86-64) = 18.4.0-4.fc28 python2.7dist(twisted) = 18.4.0 python2dist(twisted) = 18.4.0 $ rpm -q --provides python3-twisted python3-twisted = 18.4.0-4.fc28 python3-twisted(x86-64) = 18.4.0-4.fc28 python3.6dist(twisted) = 18.4.0 python3dist(twisted) = 18.4.0
(In reply to Marc-Andre Lureau from comment #20) > (In reply to Robert-André Mauchin from comment #19) > > (In reply to Marc-Andre Lureau from comment #17) > > >- dist'ing libswtpm_libtpms.so in -devel isn't useful if you don't provide a > > >header & stable API to use it. > > > > I don't see why this would be a problem. There is no need to provide a > > header with the library to make a devel package. > > There is no intent to make it a public library to link against (with some > stability guarantees etc), so no need to have it in -devel. Correct. I will remove this from the -devel package. Otherwise those are private libraries.
(In reply to Marc-Andre Lureau from comment #17) > - remove the duplicated "License: BSD" lines, the top-level one is enough Actually added a license to the -devel package. > > - use regular section order, %files come just before %changelog (thanks!) Fixed. > > - since the package builds with python3, why not BR python3 and remove BR > python2-twisted? > > - %post -> %post selinux ? Dropped selinux package. > > Why do you make it a seperate (required) -selinux package, and not include > the policy in swtpm package directly? > > What is the status of selinux policy review ? Haven't heared back from Lukas. > > - I suggest to remove the top-level comment: # --- swtpm rpm-spec --- Done. > > - dist'ing libswtpm_libtpms.so in -devel isn't useful if you don't provide a > header & stable API to use it. > > - it is a good idea to add a link to this BZ in the changelog > Done. And pushed the update. > > my attempt so far: > https://paste.fedoraproject.org/paste/zkHXboAJJnggRwMUo0dBlA
(In reply to Stefan Berger from comment #21) > (In reply to Robert-André Mauchin from comment #18) > > > python3 doesn't seem to create the symlink of python to the python3 executable. > So I have to use python2. > > > Actually, I need python as well. It seems to be the one setting the symlink. I > > > suppose it will set a different symlink once python3 takes over? > > > > Actually you must not use the "python" executable in your build script, it > > is a warning since F28, and an error on F30. You should fix whatever part of > > your buildsystem that use "python" and make it use "python3". > > > > If I follow the logic in this python specification then python is the > generic executable for programs running with python2 or python3. > > https://www.python.org/dev/peps/pep-0394/ > That's not the policy in Fedora: https://fedoraproject.org/wiki/Packaging:Python#Multiple_Python_Runtimes Packages in Fedora MUST NOT use /usr/bin/python. Instead packages for Python 3 MUST use /usr/bin/python3 (even if upstream supports both Python 2 and 3). As a result of that /usr/bin/python (as well as /usr/bin/env python and similar) MUST NOT be used in shebang lines or as a dependency of a package. As of Fedora 30, all uses of unversioned python executables in shebang lines will fail the build. These shebangs MUST be fixed. If it is necessary to disable the checks, please see the information in Packaging:Guidelines#Shebang_lines. > With the logic the 'provides' python and python-twisted are virtual provides > in the python2 and python2-twisted packages that will be moved into python3 > and python3-twisted at some point. So I doubt that python and python-twisted > will go away, they will just move to another package, and should be usable > by python version independent programs (which is what we have). > I am the maintainer of python-twisted, there won't be any provides for python-twisted in F29 and F30, the large list of provides was due to a rename years ago.
(In reply to Robert-André Mauchin from comment #24) > (In reply to Stefan Berger from comment #21) > > (In reply to Robert-André Mauchin from comment #18) > > > > python3 doesn't seem to create the symlink of python to the python3 executable. > So I have to use python2. > > > > Actually, I need python as well. It seems to be the one setting the symlink. I > > > > suppose it will set a different symlink once python3 takes over? > > > > > > Actually you must not use the "python" executable in your build script, it > > > is a warning since F28, and an error on F30. You should fix whatever part of > > > your buildsystem that use "python" and make it use "python3". > > > > > > > If I follow the logic in this python specification then python is the > > generic executable for programs running with python2 or python3. > > > > https://www.python.org/dev/peps/pep-0394/ > > > That's not the policy in Fedora: > https://fedoraproject.org/wiki/Packaging:Python#Multiple_Python_Runtimes > > Packages in Fedora MUST NOT use /usr/bin/python. Instead packages for Python > 3 MUST use /usr/bin/python3 (even if upstream supports both Python 2 and 3). > As a result of that /usr/bin/python (as well as /usr/bin/env python and > similar) MUST NOT be used in shebang lines or as a dependency of a package. > As of Fedora 30, all uses of unversioned python executables in shebang lines > will fail the build. These shebangs MUST be fixed. If it is necessary to > disable the checks, please see the information in > Packaging:Guidelines#Shebang_lines. Changed to python3 and python3-twised.
- Fix the release-version in your %changelog entry: swtpm.x86_64: W: incoherent-version-in-changelog 0.1.0-0.20180918git67d7ea3 ['0.1.0-0.20180918gitda71c2a.fc30', '0.1.0-0.20180918gitda71c2a'] Package approved. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "BSD (3 clause)", "Unknown or generated", "*No copyright* BSD (unspecified)". 211 files have unknown license. Detailed output of licensecheck in /home/bob/packaging/review/swtpm/review- swtpm/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 30720 bytes in 3 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in swtpm- libs , swtpm-devel , swtpm-tools , swtpm-debuginfo , swtpm-debugsource [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Package should not use obsolete m4 macros [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: swtpm-0.1.0-0.20180918gitda71c2a.fc30.x86_64.rpm swtpm-libs-0.1.0-0.20180918gitda71c2a.fc30.x86_64.rpm swtpm-devel-0.1.0-0.20180918gitda71c2a.fc30.x86_64.rpm swtpm-tools-0.1.0-0.20180918gitda71c2a.fc30.x86_64.rpm swtpm-debuginfo-0.1.0-0.20180918gitda71c2a.fc30.x86_64.rpm swtpm-debugsource-0.1.0-0.20180918gitda71c2a.fc30.x86_64.rpm swtpm-0.1.0-0.20180918gitda71c2a.fc30.src.rpm swtpm.x86_64: E: explicit-lib-dependency libselinux-utils swtpm.x86_64: W: incoherent-version-in-changelog 0.1.0-0.20180918git67d7ea3 ['0.1.0-0.20180918gitda71c2a.fc30', '0.1.0-0.20180918gitda71c2a'] swtpm.x86_64: W: dangerous-command-in-%posttrans rm swtpm-libs.x86_64: W: spelling-error %description -l en_US libtpms -> libations swtpm.src: W: spelling-error %description -l en_US libtpms -> libations 7 packages and 0 specfiles checked; 1 errors, 4 warnings.
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/swtpm
package has been released in fedora, closing