Bug 1821120 - Review Request: wlogout - wayland based logout menu
Summary: Review Request: wlogout - wayland based logout menu
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Lyes Saadi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-06 05:26 UTC by Bob Hepple
Modified: 2020-05-03 04:53 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-01 04:05:53 UTC
Type: ---
fedora: fedora-review+


Attachments (Terms of Use)

Description Bob Hepple 2020-04-06 05:26:03 UTC
Spec URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86_64/01328886-wlogout/wlogout.spec
SRPM URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86_64/01328886-wlogout/wlogout-1.1.1-2.fc31.src.rpm

Description: 
A wayland based logout menu.

Fedora Account System Username: wef

Note that fedora-review incorrectly flags the /etc/wlogout/* files as 'not configuration'. They are exactly that - configuration files.

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[ ]: Package does not contain kernel modules.
[ ]: Package contains no static executables.
[x]: If your application is a C or C++ application you must list a
     BuildRequires against gcc, gcc-c++ or clang.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[ ]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[ ]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[ ]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Expat License", "*No copyright* Expat License", "Unknown or
     generated". 24 files have unknown license. Detailed output of
     licensecheck in /home/bhepple/tmp/wlogout/licensecheck.txt
[ ]: License file installed when any subpackage combination is installed.
[ ]: Package does not own files or directories owned by other packages.
     Note: Dirs in package are owned also by: /usr/share/bash-
     completion(flatpak, breezy, libmbim, chocolate-doom, cpu-x, clevis,
     kmod, python3-trezor, docopt, lightdm, ffsend, the_silver_searcher,
     etckeeper, darcs, buildah, devscripts-checkbashisms, sway, maven,
     swaylock, tio, vagrant, beaker-client, yadifa-tools, calf, source-
     highlight, reprepro, toolbox, filesystem, licensecheck, zeitgeist,
     exa, rpmlint, bash-completion, tracker, cowsay, dotnet-host,
     mercurial-py3, zola, restic, dnf, swayidle, lxi-tools, mtr, pdfgrep,
     why3, glib2, pbuilder, cmake-data, python3-catkin_tools, awscli,
     bubblewrap, lxc, zypper, falkon, unar, tealdeer, skim, rtags, skopeo,
     cobbler, fedpkg, nitrokey-app, yadifa, exercism, clufter-cli, eg,
     devscripts, mercurial-py2, docker-compose, nnn, git-core, ethtool,
     git-annex, rkt, task, plowshare, ModemManager, dconf-editor, ripgrep,
     policycoreutils, datamash, hstr, ldc, stratis-cli, subversion, bodhi-
     client, python-django-bash-completion, gammu, gpaste, rpmspectool, fd-
     find, rpmdevtools, fedmod, libqmi, driverctl), /usr/share/bash-
     completion/completions(flatpak, breezy, libmbim, chocolate-doom,
     cpu-x, clevis, libappstream-glib, kmod, python3-trezor, docopt,
     lightdm, nbdkit-bash-completion, ffsend, firewalld,
     the_silver_searcher, etckeeper, buildah, devscripts-checkbashisms,
     sway, maven, swaylock, tio, vagrant, coccinelle-bash-completion,
     kompose, beaker-client, yadifa-tools, calf, source-highlight,
     reprepro, toolbox, filesystem, licensecheck, zeitgeist, exa, rpmlint,
     bash-completion, tracker, cowsay, dotnet-host, mercurial-py3, zola,
     restic, dnf, swayidle, lxi-tools, mtr, pdfgrep, why3, glib2, pbuilder,
     cmake-data, ndctl, python3-catkin_tools, awscli, libguestfs-bash-
     completion, bubblewrap, libnbd-bash-completion, lxc, zypper, lastpass-
     cli, falkon, unar, tealdeer, skim, rtags, skopeo, gtatool, cobbler,
     fedpkg, nitrokey-app, yadifa, exercism, clufter-cli, eg, devscripts,
     mercurial-py2, docker-compose, nnn, git-core, ethtool, git-annex, rkt,
     tig, task, firejail, plowshare, opensc, ModemManager, dconf-editor,
     ripgrep, calibre, datamash, nordugrid-arc-hed, minipro, hstr, ldc,
     GMT-common, python3-pip, xss-lock, stratis-cli, subversion, bodhi-
     client, python-django-bash-completion, gammu, gpaste, rpmspectool, fd-
     find, rpmdevtools, fedmod, libqmi, driverctl), /usr/share/fish(zola,
     bat, flatpak, fish, ffsend, exercism, tealdeer, fd-find, cpu-x,
     ripgrep, task, swayidle, ocrmypdf, sway, fedmod, docker-compose, exa,
     swaylock), /usr/share/fish/completions(task, fish),
     /usr/share/zsh(pulseaudio, reprepro, ripgrep, osmium-tool, cpu-x,
     awscli, python3-wstool, exa, polybar, ffsend, skim, curl, zola, kde-
     connect, etckeeper, exercism, xss-lock, stratis-cli, libinput,
     swayidle, mercurial-py2, sway, docker-compose, creds, zsh, swaylock,
     gpaste, pdfgrep, fd-find, mako, task, vcsh, why3, fedmod, ninja-build,
     mercurial-py3), /usr/share/zsh/site-functions(googler, flatpak,
     podman, pulseaudio, reprepro, osmium-tool, cpu-x, ripgrep, awscli,
     python3-wstool, exa, lastpass-cli, arch-install-scripts, polybar,
     ffsend, khard, skim, curl, firewalld, zola, buku, kde-connect,
     exercism, restic, xss-lock, stratis-cli, libinput, imgp, mercurial-
     py2, sway, swayidle, xpanes, docker-compose, creds, nnn, zsh,
     swaylock, ddgr, gpaste, pdfgrep, fd-find, mako, task, vcsh, why3, fzf,
     kompose, ninja-build, mercurial-py3)
[ ]: %build honors applicable compiler flags or justifies otherwise.
[ ]: Package contains no bundled libraries without FPC exception.
[ ]: Changelog in prescribed format.
[ ]: Sources contain only permissible code or content.
[ ]: Package contains desktop file if it is a GUI application.
[ ]: Development files must be in a -devel package
[ ]: Package uses nothing in %doc for runtime.
[ ]: Package consistently uses macros (instead of hard-coded directory
     names).
[ ]: Package is named according to the Package Naming Guidelines.
[ ]: Package does not generate any conflict.
[ ]: Package obeys FHS, except libexecdir and /usr/target.
[ ]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[ ]: Requires correct, justified where necessary.
[ ]: Spec file is legible and written in American English.
[ ]: Package contains systemd file(s) if in need.
[ ]: Useful -debuginfo package or justification otherwise.
[ ]: Package is not known to require an ExcludeArch tag.
[ ]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 10240 bytes in 1 files.
[ ]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[ ]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[ ]: Final provides and requires are sane (see attachments).
[ ]: Package functions as described.
[ ]: Latest version is packaged.
[ ]: Package does not include license text files separate from upstream.
[ ]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: gpgverify is not used.
[ ]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[ ]: Package should compile and build into binary rpms on all supported
     architectures.
[ ]: %check is present and all tests pass.
[ ]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.


Rpmlint
-------
Checking: wlogout-1.1.1-2.fc33.x86_64.rpm
          wlogout-debuginfo-1.1.1-2.fc33.x86_64.rpm
          wlogout-debugsource-1.1.1-2.fc33.x86_64.rpm
          wlogout-1.1.1-2.fc33.src.rpm
wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out
wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out
wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/layout
wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/style.css
wlogout.src: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out
wlogout.src: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out
4 packages and 0 specfiles checked; 0 errors, 6 warnings.




Rpmlint (debuginfo)
-------------------
Checking: wlogout-debuginfo-1.1.1-2.fc33.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out
wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out
wlogout.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known>
wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/layout
wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/style.css
wlogout-debuginfo.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known>
wlogout-debugsource.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known>
3 packages and 0 specfiles checked; 0 errors, 7 warnings.



Source checksums
----------------
https://github.com/ArtsyMacaw/wlogout/archive/1.1.1/wlogout-1.1.1.tar.gz :
  CHECKSUM(SHA256) this package     : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940
  CHECKSUM(SHA256) upstream package : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940


Requires
--------
wlogout (rpmlib, GLIBC filtered):
    libc.so.6()(64bit)
    libgdk-3.so.0()(64bit)
    libglib-2.0.so.0()(64bit)
    libgobject-2.0.so.0()(64bit)
    libgtk-3.so.0()(64bit)
    libgtk-layer-shell.so.0()(64bit)
    rtld(GNU_HASH)

wlogout-debuginfo (rpmlib, GLIBC filtered):

wlogout-debugsource (rpmlib, GLIBC filtered):



Provides
--------
wlogout:
    wlogout
    wlogout(x86-64)

wlogout-debuginfo:
    debuginfo(build-id)
    wlogout-debuginfo
    wlogout-debuginfo(x86-64)

wlogout-debugsource:
    wlogout-debugsource
    wlogout-debugsource(x86-64)



Generated by fedora-review 0.7.5 (5fa5b7e) last change: 2020-02-16
Command line :/usr/bin/fedora-review --rpm-spec -n /home/bhepple/rpmbuild/SRPMS/wlogout-1.1.1-2.fc31.src.rpm
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, C/C++, Shell-api
Disabled plugins: fonts, Python, SugarActivity, PHP, Java, Haskell, R, Perl, Ocaml
Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH

Comment 1 Lyes Saadi 2020-04-19 01:59:21 UTC
Hi !

> Note that fedora-review incorrectly flags the /etc/wlogout/* files as 'not configuration'. They are exactly that - configuration files.

No, that's not what it means:
> W: foo-package non-conffile-in-etc /etc/xdg/menus/applications-merged/foo-package.menu
>
> A non-executable file in your package is being installed in /etc, but is not a configuration file.
> All non-executable files in /etc should be configuration files. Mark the file as %config in the spec file. 

From "Common Rpmlint issues": https://fedoraproject.org/wiki/Common_Rpmlint_issues#non-conffile-in-etc

You need to change this in your spec file:
> %config(noreplace) %{_sysconfdir}/%{name}/layout
> %config(noreplace) %{_sysconfdir}/%{name}/style.css

(you could keep the %config macro on the whole directory, but it is better not to...)

More about that here: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_configuration_files

Also, you should just remove the %check section if you have to tests to run...

Comment 2 Bob Hepple 2020-04-19 09:31:56 UTC
Hi Lyes,

Thanks for taking a look at this.

I now understand the point about %config and I've changed the spec file accordingly. I also added (noreplace) as advised in the reference that you gave.

%check is gone as suggested as it's meaningless.

I was a bit worried about /etc/wlogout being orphaned - at least in my reading of https://docs.fedoraproject.org/en-US/packaging-guidelines/UnownedDirectories/ - so I have listed /etc/wlogout under %dir and the individual files under %config. I saw a similar arrangement in anaconda.spec 

Here's another build:

SPEC URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86_64/01341796-wlogout/wlogout.spec
SRPM URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86_64/01341796-wlogout/wlogout-1.1.1-3.fc31.src.rpm

Comment 3 Lyes Saadi 2020-04-19 16:05:41 UTC
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated

Issues:
=======
- JSMN is bundled, but it is not declared as such.
  The addition of: `Provides: bundled(jsmn)` should be enough.
  The bundled version of JSMN is unknown.
  See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling
- Upstream provide OpenPGP signatures as wlogout.tar.gz.sig in the GitHub
  Release section.
  See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification

===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: If your application is a C or C++ application you must list a
     BuildRequires against gcc, gcc-c++ or clang.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Expat License", "*No copyright* Expat License", "Unknown or
     generated". 24 files have unknown license. Detailed output of
     licensecheck in
     /home/lyes/Documents/reviews/1821120-wlogout/licensecheck.txt
[-]: License file installed when any subpackage combination is installed.
[x]: Package does not own files or directories owned by other packages.
     Note: wlogout nor any of it dependencies does requires bash, zsh or
     fish.
     Note: Dirs in package are owned also by: /usr/share/bash-
     completion(lxc, clufter-cli, toolbox, nnn, task, skim, reprepro,
     datamash, zeitgeist, nitrokey-app, bodhi-client, ethtool, eg,
     bubblewrap, rtags, maven, lightdm, vagrant, flatpak, swayidle, zola,
     dotnet-host, zypper, git-annex, git-core, sway, pdfgrep, swaylock,
     exa, rpmlint, dnf, devscripts-checkbashisms, darcs, kmod,
     licensecheck, cowsay, cmake-data, dconf-editor, awscli, buildah,
     stratis-cli, skopeo, fd-find, ModemManager, rkt, docker-compose,
     yadifa-tools, ldc, cobbler, rpmspectool, chocolate-doom,
     policycoreutils, libmbim, etckeeper, restic, python3-trezor,
     plowshare, the_silver_searcher, cpu-x, pbuilder, docopt,
     python3-catkin_tools, python-django-bash-completion, subversion,
     source-highlight, gpaste, tio, beaker-client, mtr, filesystem,
     tealdeer, glib2, breezy, fedpkg, calf, libqmi, falkon, fedmod, ffsend,
     rpmdevtools, devscripts, unar, tracker, gammu, clevis, hstr, ripgrep,
     why3, yadifa, exercism, driverctl, mercurial-py3, lxi-tools, bash-
     completion, mercurial-py2), /usr/share/bash-
     completion/completions(lxc, clufter-cli, toolbox, nnn, task, skim,
     reprepro, coccinelle-bash-completion, datamash, libnbd-bash-
     completion, zeitgeist, nitrokey-app, bodhi-client, ethtool, eg,
     bubblewrap, python3-pip, rtags, maven, lightdm, vagrant, flatpak,
     swayidle, calibre, zola, dotnet-host, zypper, git-annex, git-core,
     sway, pdfgrep, swaylock, exa, rpmlint, dnf, devscripts-checkbashisms,
     kmod, licensecheck, nordugrid-arc-hed, cowsay, cmake-data, dconf-
     editor, awscli, buildah, stratis-cli, skopeo, fd-find, ModemManager,
     rkt, libappstream-glib, docker-compose, yadifa-tools, ldc, cobbler,
     rpmspectool, chocolate-doom, libmbim, packit, etckeeper, restic,
     python3-trezor, ndctl, plowshare, the_silver_searcher, kompose, cpu-x,
     pbuilder, docopt, python3-catkin_tools, python-django-bash-completion,
     subversion, firejail, source-highlight, gpaste, lastpass-cli, tio,
     beaker-client, nbdkit-bash-completion, mtr, filesystem, tig, tealdeer,
     glib2, breezy, fedpkg, calf, libqmi, falkon, fedmod, GMT-common, xss-
     lock, ffsend, rpmdevtools, devscripts, minipro, unar, tracker, gammu,
     clevis, hstr, ripgrep, gtatool, why3, firewalld, yadifa, exercism,
     driverctl, mercurial-py3, opensc, lxi-tools, libguestfs-bash-
     completion, bash-completion, mercurial-py2), /usr/share/fish(exa,
     fedmod, ocrmypdf, task, cpu-x, ffsend, fish, fd-find, ikona-cli-fish-
     completions, ripgrep, docker-compose, flatpak, swayidle, zola,
     exercism, bat, tealdeer, sway, swaylock),
     /usr/share/fish/completions(fish, ikona-cli-fish-completions, task),
     /usr/share/zsh(exa, libinput, etckeeper, vcsh, polybar, fedmod, kde-
     connect, mako, task, cpu-x, reprepro, skim, ffsend, xss-lock, osmium-
     tool, awscli, stratis-cli, creds, python3-wstool, fd-find, pulseaudio,
     ripgrep, why3, gpaste, docker-compose, ninja-build, zsh, swayidle,
     zola, exercism, pdfgrep, curl, mercurial-py3, mercurial-py2, sway,
     swaylock), /usr/share/zsh/site-functions(exa, libinput, vcsh, buku,
     restic, polybar, kde-connect, nnn, podman, imgp, mako, task, kompose,
     cpu-x, reprepro, skim, ffsend, xss-lock, osmium-tool, awscli, ddgr,
     creds, stratis-cli, python3-wstool, khard, fd-find, pulseaudio,
     ripgrep, why3, gpaste, docker-compose, flatpak, ninja-build, lastpass-
     cli, firewalld, zsh, swayidle, arch-install-scripts, zola, googler,
     exercism, pdfgrep, curl, mercurial-py3, xpanes, fzf, mercurial-py2,
     sway, swaylock)
[x]: %build honors applicable compiler flags or justifies otherwise.
[!]: Package contains no bundled libraries without FPC exception.
     Note: jsmn is bundled.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 10240 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: upstream publishes OpenPGP signatures in the Release section.
     Note: gpgverify is not used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[?]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: wlogout-1.1.1-3.fc33.x86_64.rpm
          wlogout-debuginfo-1.1.1-3.fc33.x86_64.rpm
          wlogout-debugsource-1.1.1-3.fc33.x86_64.rpm
          wlogout-1.1.1-3.fc33.src.rpm
wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out
wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out
wlogout.src: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out
wlogout.src: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out
4 packages and 0 specfiles checked; 0 errors, 4 warnings.




Rpmlint (debuginfo)
-------------------
Checking: wlogout-debuginfo-1.1.1-3.fc33.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.





Rpmlint (installed packages)
----------------------------
wlogout-debugsource.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known>
wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out
wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out
wlogout.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known>
wlogout-debuginfo.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known>
3 packages and 0 specfiles checked; 0 errors, 5 warnings.



Source checksums
----------------
https://github.com/ArtsyMacaw/wlogout/archive/1.1.1/wlogout-1.1.1.tar.gz :
  CHECKSUM(SHA256) this package     : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940
  CHECKSUM(SHA256) upstream package : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940


Requires
--------
wlogout (rpmlib, GLIBC filtered):
    config(wlogout)
    libc.so.6()(64bit)
    libgdk-3.so.0()(64bit)
    libglib-2.0.so.0()(64bit)
    libgobject-2.0.so.0()(64bit)
    libgtk-3.so.0()(64bit)
    libgtk-layer-shell.so.0()(64bit)
    rtld(GNU_HASH)

wlogout-debuginfo (rpmlib, GLIBC filtered):

wlogout-debugsource (rpmlib, GLIBC filtered):



Provides
--------
wlogout:
    config(wlogout)
    wlogout
    wlogout(x86-64)

wlogout-debuginfo:
    debuginfo(build-id)
    wlogout-debuginfo
    wlogout-debuginfo(x86-64)

wlogout-debugsource:
    wlogout-debugsource
    wlogout-debugsource(x86-64)



Generated by fedora-review 0.7.5 (5fa5b7e) last change: 2020-02-16
Command line :/usr/bin/fedora-review -b 1821120
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, C/C++
Disabled plugins: Python, Perl, R, Java, PHP, Haskell, SugarActivity, Ocaml, fonts
Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH

Comment 4 Bob Hepple 2020-04-20 02:07:54 UTC
Hi Lyes,

I've spent most of this morning studying up on the %gpgverify issue and I just can't get it to work.

Note that AFAICS the .sig on the releases page does not refer to Source0 but to some arbitrary tarball wlogout.tar.gz that the author uploaded:

$ ll wlogout-1.1.1.tar.gz wlogout.tar.gz
-rw-rw-r--. 1 bhepple bhepple 540189 Apr  6 14:07 wlogout-1.1.1.tar.gz
-rw-rw-r--. 1 bhepple bhepple 624640 Apr 20 11:39 wlogout.tar.gz

Having downloaded the author's public key, it does not verify that file:

$ gpgv --keyring ./gpg-key-F4FDB18A9937358364B276E9E25D679AF73C6D2F.gpg wlogout.tar.gz.sig wlogout.tar.gz
gpgv: Signature made Sat 14 Mar 2020 15:37:44 AEST
gpgv:                using RSA key F4FDB18A9937358364B276E9E25D679AF73C6D2F
gpgv: [don't know]: invalid packet (ctb=2d)
gpgv: keydb_search failed: Invalid packet
gpgv: [don't know]: invalid packet (ctb=2d)
gpgv: keydb_search failed: Invalid packet
gpgv: Can't check signature: No public key

The wlogout.tar.gz does not actually download as a gzipped tarball but as a plain tarball - so it's pretty suspicious!

In any case I think we want to be working with Source0 as that's a tarball generated by github from the repo automatically.

Any ideas?

Comment 5 Lyes Saadi 2020-04-20 03:11:52 UTC
That's... That's weird indeed...

Let's just skip that... You should continue to use the github-generated tarball. It's only a SHOULD item.

You may ask the maintainer to provide a valid signature for the github-generated tarball instead of an arbitrary one. And preferably to host his public key in an appropriate place as well.

Either way, could you please provide a new spec file with an updated "Provide" to reflect the bundling of JSMN (and associated SRPM)?

I won't be able to accept the review right now though, this is my first time reviewing a package, and I have some issues regarding my Bugzilla permissions related to this infrastructure issue: https://pagure.io/fedora-infrastructure/issue/8628#comment-642931 (that's why I haven't assigned this bug to myself...).

Comment 7 Lyes Saadi 2020-04-20 14:47:28 UTC
Hello Bob,

I see that you changed this:

```
%{_datadir}/zsh/*
%{_datadir}/fish/*
%{_datadir}/bash-completion/*
```

But, according to the guidelines, you were right to own the entire directory: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_the_directory_is_owned_by_a_package_which_is_not_required_for_your_package_to_function

Except for that, your package is good to go! But I'm still waiting for my Bugzilla permissions to be fixed. I'll ask someone else to approve it for me if that takes a long time...

Comment 8 Lyes Saadi 2020-04-21 02:38:18 UTC
Hi!

So, for now at least, I have Bugzilla permissions!

Could you please send me a final-final-final version of the package :P? I know that's just an extra "*", but it's a MUST item in Packaging Guidelines: « Packages must own all directories they put files in »...

I also wanted to thank you for your work and for packaging this program!

Comment 9 Bob Hepple 2020-04-21 23:35:22 UTC
Hi Lyes,

Thanks for your patience and keen eyes. New build below.

I'm going to have to re-read and reassess my understanding on that ownership thing.

SPEC URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86_64/01344425-wlogout/wlogout.spec
SRPM URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86_64/01344425-wlogout/wlogout-1.1.1-5.fc31.src.rpm

Comment 10 Lyes Saadi 2020-04-21 23:51:36 UTC
Package Approved!

Thank you as well for your patience :).

Comment 11 Gwyn Ciesla 2020-04-22 13:03:43 UTC
(fedscm-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/wlogout

Comment 12 Fedora Update System 2020-04-22 21:36:13 UTC
FEDORA-2020-d755c36129 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d755c36129

Comment 13 Fedora Update System 2020-04-22 21:46:41 UTC
FEDORA-2020-105f9d6381 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-105f9d6381

Comment 14 Fedora Update System 2020-04-23 20:45:47 UTC
FEDORA-2020-d755c36129 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2020-d755c36129 \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d755c36129

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 15 Fedora Update System 2020-04-25 04:18:32 UTC
FEDORA-2020-105f9d6381 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2020-105f9d6381 \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-105f9d6381

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 16 Fedora Update System 2020-05-01 04:05:53 UTC
FEDORA-2020-d755c36129 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 17 Fedora Update System 2020-05-03 04:53:35 UTC
FEDORA-2020-105f9d6381 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.