Bug 1678233 - Review Request: rpm2swidtag - Tools for producing SWID tags from rpm package headers and inspecting the SWID tags
Summary: Review Request: rpm2swidtag - Tools for producing SWID tags from rpm package ...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Miroslav Suchý
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1678454
TreeView+ depends on / blocked
 
Reported: 2019-02-18 10:50 UTC by Jan Pazdziora
Modified: 2019-02-20 16:27 UTC (History)
3 users (show)

Fixed In Version: rpm2swidtag-0.7.1-1.fc30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-18 22:49:21 UTC
Type: ---
Embargoed:
msuchy: fedora-review+


Attachments (Terms of Use)

Description Jan Pazdziora 2019-02-18 10:50:19 UTC
Spec URL: https://adelton.fedorapeople.org/rpm2swidtag.spec
SRPM URL: https://adelton.fedorapeople.org/rpm2swidtag-0.6.5-1.fc30.src.rpm
Description: Utility for producing SWID tags for rpm packages, utility for listing and inspecting SWID tags, including supplemental tag resolution, and DNF plugin for retrieving SWID tags from repository metadata or producing them locally.
Fedora Account System Username: adelton

Comment 1 Miroslav Suchý 2019-02-18 13:01:04 UTC
I will do the review.

Comment 2 Miroslav Suchý 2019-02-18 13:37:15 UTC
> %define unmangled_version 0.6.5
> %define unmangled_version 0.6.5

Any reason to define it twice?

> %define name rpm2swidtag
> %define version 0.6.5
> %define release 1%{dist}

Any reason to define them when it is not used? BTW every tag will define a corresponding macro. So Name will define %name. So this has no use because it is overridden by a tag below.

> Summary: Tools for producing SWID tags from rpm package headers and inspecting the SWID tags

The summary should be shorter than 80 characters. Can you try to make it a bit shorter?

> Release: 1%{dist}

This should be `1%{?dist}` so it produces valid output in case of dist macro is not defined.

> Group: Development/Libraries

This tag has no use and it should be removed.

> BuildRequires: fakeroot

It would be nice if you can separate aside - with a comment - the buildrequires which are needed only for %check section.

> %package -n dnf-plugin-swidtags

I would advise putting "Recommend: dnf" in this sub-package.

> %clean
> rm -rf $RPM_BUILD_ROOT

This section is not used nowadays and should be removed entirely.

> --root=$RPM_BUILD_ROOT

Use macros consistently. Either old style or the new style. I recommend to use `--root=%{buildroot}`

> # %license LICENSE

Any reason why LICENSE is not included in tar ball? Especially when you are upstream as well?


You are missing 
 %dir %{_sysconfdir}/%{name}
in %files.


Who owns `%{_sysconfdir}/swid/` and `/usr/share/swidq` ? Hint - it should be either you or some your dependency.

> %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf.d

You probably meant:

%dir %{_sysconfdir}/%{name}/%{name}.conf.d
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf.d/*

> %{_bindir}/rpm2swidtag
> %{_bindir}/swidq

It would be really nice if you can write a man page for these two.

You are missing a %changelog section.

All python modules should BuildRequire python3-devel

> %{__python3} setup.py build

You should use %py3_build macro.

> %{__python3} setup.py install --single-version-externally-managed --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES

You should use %py3_install plus some custom option if needed.

Comment 3 Jan Pazdziora 2019-02-18 14:11:25 UTC
(In reply to Miroslav Suchý from comment #2)
> > %define unmangled_version 0.6.5
> > %define unmangled_version 0.6.5
> 
> Any reason to define it twice?
> 
> > %define name rpm2swidtag
> > %define version 0.6.5
> > %define release 1%{dist}
> 
> Any reason to define them when it is not used? BTW every tag will define a
> corresponding macro. So Name will define %name. So this has no use because
> it is overridden by a tag below.

No, these should go -- it's a leftover from the original setup.py-generated spec that I missed.

> > Summary: Tools for producing SWID tags from rpm package headers and inspecting the SWID tags
> 
> The summary should be shorter than 80 characters. Can you try to make it a
> bit shorter?

Sure, will make it into
Tools for producing SWID tags for rpm packages and inspecting the SWID tags

> > Release: 1%{dist}
> 
> This should be `1%{?dist}` so it produces valid output in case of dist macro
> is not defined.

Fixed.

> > Group: Development/Libraries
> 
> This tag has no use and it should be removed.

Removed.

> > BuildRequires: fakeroot
> 
> It would be nice if you can separate aside - with a comment - the
> buildrequires which are needed only for %check section.

OK. The only "real" BuildRequires are python3-setuptools and python3-rpm-macros, it seems.

> > %package -n dnf-plugin-swidtags
> 
> I would advise putting "Recommend: dnf" in this sub-package.

OK.

> > %clean
> > rm -rf $RPM_BUILD_ROOT
>
> This section is not used nowadays and should be removed entirely.

OK.

> 
> > --root=$RPM_BUILD_ROOT
> 
> Use macros consistently. Either old style or the new style. I recommend to
> use `--root=%{buildroot}`

OK.

> > # %license LICENSE
> 
> Any reason why LICENSE is not included in tar ball? Especially when you are
> upstream as well?

Because with the 0.6.5 upstream release, the LICENSE is not packages in the .tar.gz. Fix for that is in https://github.com/swidtags/rpm2swidtag master but I'm waiting for one more thing from the rpm team to make a new release. By that time I plan to uncomment this line.

> You are missing 
>  %dir %{_sysconfdir}/%{name}
> in %files.

Fixed.

> Who owns `%{_sysconfdir}/swid/` and `/usr/share/swidq` ? Hint - it should be
> either you or some your dependency.

# rpm -qf /etc/swid
fedora-release-common-30-0.21.noarch

Not sure if it's better to add the dependency on just add my ownership on that file (or move the swidq.conf to something like /etc/swidq/ altogether).

> > %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf.d
> 
> You probably meant:
> 
> %dir %{_sysconfdir}/%{name}/%{name}.conf.d
> %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf.d/*

True.

> > %{_bindir}/rpm2swidtag
> > %{_bindir}/swidq
> 
> It would be really nice if you can write a man page for these two.

Would you envision anything more that the relevant parts from https://github.com/swidtags/rpm2swidtag/blob/master/README.md? What is the recommended way of producing man pages from Markdown, for rpms?

> You are missing a %changelog section.

Will be added.

> All python modules should BuildRequire python3-devel

OK. That would then be the only non-test BuildRequire.

> > %{__python3} setup.py build
> 
> You should use %py3_build macro.

Fixed.

> > %{__python3} setup.py install --single-version-externally-managed --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
> 
> You should use %py3_install plus some custom option if needed.

Fixed.

I've now updated https://adelton.fedorapeople.org/rpm2swidtag.spec based on the review, except for the man pages.

Comment 4 Miroslav Suchý 2019-02-18 14:28:40 UTC
Whoa, you are fast! :

>Would you envision anything more that the relevant parts from https://github.com/swidtags/rpm2swidtag/blob/master/README.md? 

Yes.

> What is the recommended way of producing man pages from Markdown, for rpms?

Personally, I use:

BuildRequires: asciidoc
BuildRequires: libxslt

%build
a2x -d manpage -f manpage foo.8.asciidoc

%install
install -m644 foo.8 %{buildroot}/%{_mandir}/man8/

You can see an example here:
https://github.com/xsuchy/fedora-upgrade
The syntax of AsciiDoc:
https://powerman.name/doc/asciidoc


> Not sure if it's better to add the dependency on just add my ownership on that file (or move the swidq.conf to something like /etc/swidq/ altogether).

Personally, I would add the dependency. But all other solutions you mentioned are fine too.

Comment 5 Jan Pazdziora 2019-02-18 15:31:41 UTC
The dependency is there.

The man pages will likely take me some time as I'm not quite happy with any of the approaches I tried -- for example, the asciidoc seems to have rather huge set of dependencies. Do you view them as a blocker?

Comment 6 Miroslav Suchý 2019-02-18 16:01:50 UTC
> Do you view them as a blocker?

No. But I will periodically remind it to you. :)

Comment 7 Miroslav Suchý 2019-02-18 16:03:24 UTC
APPROVED

Comment 8 Jan Pazdziora 2019-02-18 16:06:32 UTC
(In reply to Miroslav Suchý from comment #6)
> 
> No. But I will periodically remind it to you. :)

That'd be very kind of you. :-P

Thank you!

Comment 9 Gwyn Ciesla 2019-02-18 20:58:47 UTC
(fedscm-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/rpm2swidtag

Comment 10 Jan Pazdziora 2019-02-18 22:49:21 UTC
I've made upstream release 0.7.1 and updated to it, we now ship the LICENSE file.

Built rpm2swidtag-0.7.1-1.fc30 via https://koji.fedoraproject.org/koji/taskinfo?taskID=32890827.


Note You need to log in before you can comment on or make changes to this bug.