Spec URL: https://raw.githubusercontent.com/scitokens/scitokens-cpp/master/rpm/scitokens-cpp.spec SRPM URL: https://github.com/scitokens/scitokens-cpp/releases/download/v0.3.3/scitokens-cpp-0.3.3-1.el7.src.rpm Description: SciTokens provide a token format for distributed authorization. The tokens are self-describing, can be verified in a distributed fashion (no need to contact the issuer to determine if the token is valid). This is convenient for a federated environment where several otherwise-independent storage endpoints want to delegate trust for an issuer for managing a storage allocation. This is the SciTokens C++ development library. Fedora Account System Username: djw8605
This is my first package and I need a sponsor. I am the upstream developer of this package. Successful Koji Scratch Build: https://koji.fedoraproject.org/koji/taskinfo?taskID=36654942
%if 0%{?el6} scl enable devtoolset-8 do_build %else do_build %endif You are compiling with devtoolset-8 on EPEL6 only, not on EPEL7+. Is it what you want?
The source contains actually 2 sources, the one is [0] and the other one jwt-cpp. The preferred way is to package both of them separately. If you decide against that, you must at least mentioned that you have bundled jwt-cpp, see [1] I don't think that the script to generate the source is acceptable, as it does not ensure that other people get the same version, that you used. You should ensure that the source is a link that ensures a specific version is returned, such as using the above link to a release or a specific git-commit. Also, you shouldn't invoke make directly, but use %make_build instead, see [2] [0] https://github.com/scitokens/scitokens-cpp/archive/v0.3.3.tar.gz [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling [2] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
Thank you for your comments. I hope I have addressed all of the comments: - devtoolset-8 is required on EPEL6 because the package needs c++11. - We package the header-only jwt-cpp dependency. I made a note in the spec file [0] about the inclusion of jwt-cpp. But, since it's a header-only dependency, it will not be "provided" by the package at the end. - I reworked how to generate the source. Now it is simply a few different steps, git submodule update, ... It is all documented in the spec. - Now calling %make_build [0] https://raw.githubusercontent.com/scitokens/scitokens-cpp/dec05b8a8532f13d2b01371c95347efdf961a7e1/rpm/scitokens-cpp.spec
pushd build %make_build install DESTDIR=$RPM_BUILD_ROOT popd No, use: %make_install -C build - Not needed: %defattr(-,root,root,-) - Use %ldconfig_scriptlets instead of: %post /sbin/ldconfig %postun /sbin/ldconfig - Missing isa: Requires: %{name}%{?_isa} = %{version} - Valid shorthand for Apache 2.0 is ARL 2.0: License: ASL 2.0 - Why do you include: # Generated from: # git archive --prefix "scitokens-cpp-0.3.3/" -o "scitokens-cpp-0.3.3.tar" v0.3.3 # git submodule update --init # git submodule foreach --recursive "git archive --prefix=scitokens-cpp-0.3.3/\$path/ --output=\$sha1.tar HEAD && tar --concatenate --file=$(pwd)/scitokens-cpp-0.3.3.tar \$sha1.tar && rm \$sha1.tar" # gzip "scitokens-cpp-0.3.3.tar" if the source is downloaded from: https://github.com/scitokens/%{name}/archive/%{name}-%{version}.tar.gz Use directly https://github.com/scitokens/scitokens-cpp/releases/download/v%{version}/%{name}-%{version}.tar.gz - In order to avoid unintentional soname bump, we forbid globiing the major soname version: %{_libdir}/libSciTokens.so.0* - You *must* include the LICENSE file in %files with %license and you should include the README.md file with %doc %license LICENSE %doc README.md
Thank you all for the great feedback! I have incorporated all of your feedback into the spec file [0] - Using the %make_install macro - Removed the defattr - ldconfig_scriplets does not appear to exist on epel7. The package is will need to support this platform. - Added isa to requires - Renamed ASL license - Those are mostly instructions for up stream how to make a release for this package with RPM in mind. I have added those instructions to the README.md as well. - Updated the source0 line. - Modified the soname globbing. - Added the LICENSE and README.md to the files. [0] https://raw.githubusercontent.com/scitokens/scitokens-cpp/master/rpm/scitokens-cpp.spec
> ldconfig_scriplets does not appear to exist on epel7. The package is will need to support this platform. EPEL7 does support %ldconfig_scriptlets -- see [0] for more info. [0] https://fedoraproject.org/wiki/EPEL:Packaging#Shared_Libraries
I can't find the %ldconfig_scriptlets macro anywhere on my CentOS7 system. On Fedora 29, it's provided by redhat-rpm-config-119-1.fc29.noarch in the file /usr/lib/rpm/macros.d/macros.ldconfig. On Centos7, the latest version of redhat-rpm-config is redhat-rpm-config-9.1.0-87.el7.centos.noarch and does not provide the macros.ldconfig file. In fact, yum cannot find any package that provides macros.ldconfig file. I believe that that ldconfig scriptlet is not provided for EPEL7.
Hi, %ldconfig_scriptlets is provided on EPEL7 by the epel-rpm-macros package. See [0] for the source repo, and [1] for the update which added the ldconfig macros. [0] https://src.fedoraproject.org/rpms/epel-rpm-macros/blob/epel7/f/macros.epel-rpm-macros [1] https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c5ae067f71
Ah, I was looking in the wrong place. Indeed, I have installed the epel-rpm-macros, and everything is working. Thanks very much for the help. New spec file with all the changes: https://raw.githubusercontent.com/scitokens/scitokens-cpp/master/rpm/scitokens-cpp.spec
- Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files directly in %_libdir. See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_devel_packages %{_libdir}/libSciTokens.soou
- Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files directly in %_libdir. See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_devel_packages %{_libdir}/libSciTokens.so should be in the devel subpackage.
[!]: Package requires other packages for directories it uses. Note: No known owner of /usr/include/scitokens Own this directory: %dir %{_includedir}/scitokens - Remove the dot at the end of Summary: Summary: Header files for the scitokens-cpp public interfaces. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files directly in %_libdir. See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_devel_packages ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* Apache License (v2.0)", "Expat License", "BSD 2-clause "Simplified" License". 30 files have unknown license. Detailed output of licensecheck in /home/bob/packaging/review/scitokens-cpp/review-scitokens- cpp/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [!]: Package requires other packages for directories it uses. Note: No known owner of /usr/include/scitokens [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in scitokens-cpp , scitokens-cpp-devel [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: scitokens-cpp-0.3.3-3.fc31.x86_64.rpm scitokens-cpp-devel-0.3.3-3.fc31.x86_64.rpm scitokens-cpp-debuginfo-0.3.3-3.fc31.x86_64.rpm scitokens-cpp-debugsource-0.3.3-3.fc31.x86_64.rpm scitokens-cpp-0.3.3-3.fc31.src.rpm scitokens-cpp.x86_64: W: devel-file-in-non-devel-package /usr/lib64/libSciTokens.so scitokens-cpp-devel.x86_64: W: summary-ended-with-dot C Header files for the scitokens-cpp public interfaces. scitokens-cpp-devel.x86_64: W: no-documentation 5 packages and 0 specfiles checked; 0 errors, 3 warnings.
Thank you for the review. I have updated the spec file [0] with all of the comments. [0] https://raw.githubusercontent.com/scitokens/scitokens-cpp/master/rpm/scitokens-cpp.spec
Package approved. You still need to find a sponsor. Please read https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group
Sponsored.
Refreshed flag.
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/scitokens-cpp
Package is in repos