Spec URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-31-x86_64/01137539-wireguard-tools/wireguard-tools.spec SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-31-x86_64/01137539-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.x86_64.rpm Description: WireGuard is a novel VPN that runs inside the Linux Kernel and uses state-of-the-art cryptography (the "Noise" protocol). It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. This package provides the wg binary for controlling WireGuard. FAS Username: jdoss WireGuard is set to be included in Linux 5.6 and the upstream maintainer of WireGuard wants to stage this package to be included in Fedora when Linux 5.6 hits Rawhide.
This is the .spec that we've been suggesting users install on the official instructions at www.wireguard.com/install/ for several years now. It seems to work well and now would be a good time to add it to Fedora indeed.
Taking this review.
> SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-31-x86_64/01137539-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.x86_64.rpm This is not the Source RPM URL. Please post a link to the source RPM. It's the package with the ".src.rpm" extension.
First pass spec review notes: > %global debug_package %{nil} This is not acceptable. Some quick tests indicate the reason why you're unable to generate debuginfo is because you are not setting the build flags from the distribution as part of the build. Please fix this. > Epoch: 1 Drop this. There has never been a point where this has been in Fedora such that an Epoch is needed. Moreover, RPM Fusion's version of this package is an older version, so this will seamlessly upgrade properly. > Requires: (kernel >= 5.6 or wireguard-dkms) This is not allowed. You cannot describe a dependency that cannot exist in Fedora. My suggestion here is to use "Requires: kmod(wireguard.ko)". > Provides: wireguard-tools = %{epoch}:%{version}-%{release} This is pointless and redundant. Remove it. > %setup -q -n wireguard-tools-%{version} Use "%autosetup -p1" instead. > LDFLAGS="$LDFLAGS -s" RUNSTATEDIR=/run make I'm not sure what's going on here, but $LDFLAGS isn't defined yet, because you don't have a "%set_build_flags" call at the beginning of the %build section. Also, %{_rundir} is the macro for RUNSTATEDIR. And why is make at the end instead of the beginning? So, then, why isn't this '%make_build LDFLAGS="$LDFLAGS -s" RUNSTATEDIR=%{_rundir}'? > DESTDIR=%{buildroot} BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=/run \ > make install More loopy make calls...? Why isn't this just "%make_install BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=%{_rundir}"? > %clean > rm -rf %{buildroot} Unneeded. RPM does this automatically. Drop it. > %defattr(-,root,root,-) Drop this. RPM does this automatically since RPM 4.2 days. > %attr(0755, root, root) %{_bindir}/wg .. [snip] ... > %attr(0644, root, root) %{_mandir}/man8/wg-quick.8* Drop all the %attr() statements. They're superfluous because RPM is already using those values by default. > %{!?_licensedir:%global license %doc} Drop this, it's not needed for anything anymore.
(In reply to Neal Gompa from comment #3) > > SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-31-x86_64/01137539-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.x86_64.rpm > > This is not the Source RPM URL. Please post a link to the source RPM. It's > the package with the ".src.rpm" extension. Woops! Yep, I just copied the wrong URL. Here ya go! SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-31-x86_64/01137539-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm
Hey Neal, Please see the updated Spec and SRPM below. The reason why you saw a ton of things out of date on the old spec was due to the fact that we used to support EL 6, EL7 and Fedora. I didn't want to maintain individual spec files for copr so there was a lot of compat cruft in the old spec. The good news is everything is building on EL 7 with the feedback you provided. :) Spec URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01138789-wireguard-tools/wireguard-tools.spec SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01138789-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm Let me know if you see anything else that needs to be changed!
> %set_build_flags RUNSTATEDIR=%{_rundir} The RUNSTATEDIR argument goes with %make_build, not %set_build_flags...
> cd %{_builddir}/wireguard-tools-%{version}/src > > %make_build You can simplify this to %make_build RUNSTATEDIR=%{_rundir} -C src
> ## Start DNS Hatchet > cd %{_builddir}/wireguard-tools-%{version}/contrib/dns-hatchet > ./apply.sh > ## End DNS Hatchet This can change to: > ## Start DNS Hatchet > pushd contrib/dns-hatchet > ./apply.sh > popd > ## End DNS Hatchet
OK all of your recommendations have been done. Spec URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-30-x86_64/01139383-wireguard-tools/wireguard-tools.spec SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01139383-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm
> cd %{_builddir}/wireguard-tools-%{version}/src > > %make_install BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=%{_rundir} This can change to: > %make_install BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=%{_rundir} -C src
> %autosetup -p1 wireguard-tools-%{version} I don't know how this is working, but it shouldn't... You just need "%autosetup -p1" there.
Here ya go Neal. Spec URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01140299-wireguard-tools/wireguard-tools.spec SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01140299-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm
> %make_install BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=%{_rundir} -C src Change this line to: %make_install BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=%{_rundir} WITH_BASHCOMPLETION=yes WITH_WGQUICK=yes WITH_SYSTEMDUNITS=yes -C src Relying on the makefile's "auto detection" usually isn't advisable for distro packages which might be run on intentionally minimal machines.
Updated per Jason's feedback. Spec URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01140370-wireguard-tools/wireguard-tools.spec SRPM URL: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01140370-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm
*** Bug 1686506 has been marked as a duplicate of this bug. ***
So, I've talked to Justin Forbes from the Fedora kernel team a bit about this package (since it does have a kmod dependency that can't be satisfied), and it seems the best solution would be to leave it out. So, could you please comment out the dependency? Put a note indicating that the kmod is needed for the tools to be useful, but we're not enforcing it while we want for kernel 5.6 to arrive.
Seems reasonable to me. We can always add that back in later when it makes sense to do that.
Updated the spec and SRPM with Requires: kmod(wireguard.ko) commented out. https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01142510-wireguard-tools/wireguard-tools.spec https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01142510-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm
Some changelog entries still contain Epoch prefixes in the version string. Those must be fixed as well. I Hope Neal doesn't mind this drive-by comment :)
(In reply to Fabio Valentini from comment #20) > Some changelog entries still contain Epoch prefixes in the version string. > Those must be fixed as well. > I Hope Neal doesn't mind this drive-by comment :) It's gravy with me, and yes, I agree that should be fixed.
Group: is not needed. Thank you for taking over, I don't have much cycle to take care of it.
(In reply to Fabio Valentini from comment #20) > Some changelog entries still contain Epoch prefixes in the version string. > Those must be fixed as well. > I Hope Neal doesn't mind this drive-by comment :) Fixed. (In reply to Robert-André Mauchin from comment #22) > Group: is not needed. > > Thank you for taking over, I don't have much cycle to take care of it. Group has been removed. You are welcome Robert-André! OK here we go. The beatings will continue until spec perfection is achieved... See below! :) https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01142957-wireguard-tools/wireguard-tools.spec https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01142957-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm
Let's make the commented out kmod dependency this: > # Requires: (kmod(wireguard.ko) if kernel) That way, when we uncomment it, wireguard-tools can still be installed in containers without pulling in a kernel.
OK here is that change Neal. https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01144129-wireguard-tools/wireguard-tools.spec https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard-testing/fedora-31-x86_64/01144129-wireguard-tools/wireguard-tools-1.0.20200102-1.fc31.src.rpm Let's hope this gets it over the line so we can move on to the next steps here.
Seems solid to me.
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* GNU Lesser General Public License (v2.1)". 99 files have unknown license. Detailed output of licensecheck in /home/makerpm/1787714-wireguard- tools/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: Package does not own files or directories owned by other packages. Note: Dirs in package are owned also by: /usr/share/doc/wireguard- tools(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/dns- hatchet(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/embeddable-wg-library(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/external-tests(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/external-tests/go(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/external-tests/haskell(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/external- tests/haskell/src(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/external- tests/haskell/src/Data(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/external- tests/haskell/src/Data/Time(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/external-tests/python(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/external-tests/rust(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/external- tests/rust/src(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/extract-handshakes(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/extract-keys(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/highlighter(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/highlighter/gui(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/json(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/keygen-html(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/launchd(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/nat- hole-punching(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/ncat-client-server(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/reresolve-dns(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard-tools/contrib/sticky-sockets(locale,, to, C, defaulting, Failed, set), /usr/share/doc/wireguard- tools/contrib/synergy(locale,, to, C, defaulting, Failed, set), /usr/share/licenses/wireguard-tools(locale,, to, C, defaulting, Failed, set) [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [x]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 215040 bytes in 55 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [?]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: wireguard-tools-1.0.20200102-1.fc32.x86_64.rpm wireguard-tools-debuginfo-1.0.20200102-1.fc32.x86_64.rpm wireguard-tools-debugsource-1.0.20200102-1.fc32.x86_64.rpm wireguard-tools-1.0.20200102-1.fc32.src.rpm wireguard-tools.x86_64: W: spelling-error %description -l en_US performant -> perform ant, perform-ant, performance wireguard-tools.src: W: spelling-error %description -l en_US performant -> perform ant, perform-ant, performance wireguard-tools.src: W: spelling-error %description -l en_US wg -> w, g, wig 4 packages and 0 specfiles checked; 0 errors, 3 warnings. Rpmlint (debuginfo) ------------------- Checking: wireguard-tools-debuginfo-1.0.20200102-1.fc32.x86_64.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- wireguard-tools-debugsource.x86_64: W: invalid-url URL: https://www.wireguard.com/ <urlopen error [Errno -2] Name or service not known> wireguard-tools-debuginfo.x86_64: W: invalid-url URL: https://www.wireguard.com/ <urlopen error [Errno -2] Name or service not known> wireguard-tools.x86_64: W: spelling-error %description -l en_US performant -> perform ant, perform-ant, performance wireguard-tools.x86_64: W: invalid-url URL: https://www.wireguard.com/ <urlopen error [Errno -2] Name or service not known> 3 packages and 0 specfiles checked; 0 errors, 4 warnings. Source checksums ---------------- https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-1.0.20200102.tar.xz : CHECKSUM(SHA256) this package : 547cd1c2f8dca904faac9e8d3964f1ef956c24bb12e3498da88dde95243c7f08 CHECKSUM(SHA256) upstream package : 547cd1c2f8dca904faac9e8d3964f1ef956c24bb12e3498da88dde95243c7f08 Requires -------- wireguard-tools (rpmlib, GLIBC filtered): /usr/bin/bash libc.so.6()(64bit) libmnl.so.0()(64bit) libmnl.so.0(LIBMNL_1.0)(64bit) rtld(GNU_HASH) systemd wireguard-tools-debuginfo (rpmlib, GLIBC filtered): wireguard-tools-debugsource (rpmlib, GLIBC filtered): Provides -------- wireguard-tools: wireguard-tools wireguard-tools(x86-64) wireguard-tools-debuginfo: debuginfo(build-id) wireguard-tools-debuginfo wireguard-tools-debuginfo(x86-64) wireguard-tools-debugsource: wireguard-tools-debugsource wireguard-tools-debugsource(x86-64) Generated by fedora-review 0.7.4 (54fa030) last change: 2019-12-07 Command line :/usr/bin/fedora-review -b 1787714 -m fedora-rawhide-x86_64 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, C/C++, Generic Disabled plugins: Haskell, Perl, Python, Ocaml, Java, fonts, R, SugarActivity, PHP Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
Issues: ======= > - Header files in -devel subpackage, if present. > Note: wireguard-tools : /usr/share/doc/wireguard- > tools/contrib/embeddable-wg-library/wireguard.h wireguard-tools : > /usr/share/doc/wireguard-tools/contrib/highlighter/highlighter.h > See: https://docs.fedoraproject.org/en-US/packaging- > guidelines/#_devel_packages This is fine as those header files are part of examples shipped as docs. > - systemd_post is invoked in %post, systemd_preun in %preun, and > systemd_postun in %postun for Systemd service files. > Note: Systemd service file(s) in wireguard-tools > See: https://docs.fedoraproject.org/en-US/packaging- > guidelines/Scriptlets/#_scriptlets The systemd unit shipped here is a template unit, so those scriptlets do not apply.
I see no other issues, so this package is now ready to enter Fedora! PACKAGE APPROVED.
Packager is already sponsored, so removing FE-NEEDSPONSOR.
Congratulations! This package is now approved! Joe, you can proceed to the next step to bring this into Fedora. :) Good luck!
Thank you so much Neal!!
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/wireguard-tools