Spec URL: http://oturpe.kapsi.fi/fedora/rpms/rubygem-sync/rubygem-sync.spec SRPM URL: http://oturpe.kapsi.fi/fedora/rpms/rubygem-sync/rubygem-sync-0.5.0-1.fc34.src.rpm Description: A module that provides a two-phase lock with a counter Fedora Account System Username: oturpe Koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=71135848 I contributed the following fixes to fedora-review because of this package: https://pagure.io/FedoraReview/pull-request/416 https://pagure.io/FedoraReview/pull-request/417 https://pagure.io/FedoraReview/pull-request/419 Running fedora-review will run into the same issues until a new version is published.
The package is generally fine, with the exception of the bundled fonts. Ideally these would be packaged as a normal font package instead. Since this is both a SHOULD & a lot of work, I'm fine with leaving them in. However in that case, their license (SIL Open Font License (OFL)) needs to be added to the spec. Sidenote: Any idea why fedora-review complains about %gem_install not being used when it clearly is? Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= - (MUST) The included fonts files are OFL licensed, this should be added to the license field. Alternatively: - (SHOULD) The package contains two google fonts in its documentation that could in principle be unbundled. - (COMMENT) Disttag & changelog will be autogenerated in the final package via rpmautospec. The required macros are present & correctly applied. I have disregarded issues & rpmlint messages related to this. - (COMMENT) Further non-issue comments below, enclosed in **** ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. **** The included fonts are OFL **** [x]: License file installed when any subpackage combination is installed. [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/gems/doc, /usr/share/gems **** These are provided by ruby(rubygems), which is an (implicit, automatically generated) dependency of this package. This is OK. **** [x]: Package contains no bundled libraries without FPC exception. [-]: Changelog in prescribed format. **** Changelog is created by rpmautospec **** [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. **** Documentation is split off **** [x]: Packages must not store files under /srv, /opt or /usr/local Ruby: [x]: Platform dependent files must all go under %{gem_extdir_mri}, platform independent under %{gem_dir}. [x]: Gem package must not define a non-gem subpackage [x]: Macro %{gem_extdir} is deprecated. [x]: Gem package is named rubygem-%{gem_name} [x]: Package contains BuildRequires: rubygems-devel. [x]: Gem package must define %{gem_name} macro. [x]: Pure Ruby package must be built as noarch [x]: Package does not contain Requires: ruby(abi). ===== SHOULD items ===== Generic: [!]: Avoid bundling fonts in non-fonts packages. Note: Package contains font files [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. Ruby: [x]: Gem should use %gem_install macro. [x]: Gem package should exclude cached Gem. [x]: gems should not require rubygems package [x]: Specfile should use macros from rubygem-devel package. [x]: Test suite should not be run by rake. [x]: Test suite of the library should be run. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: rubygem-sync-0.5.0-1.fc35.noarch.rpm rubygem-sync-doc-0.5.0-1.fc35.noarch.rpm rubygem-sync-0.5.0-1.fc35.src.rpm rubygem-sync.noarch: W: no-documentation rubygem-sync.src:80: W: macro-in-%changelog %autochangelog **** this is due to the use of rpmautospec & OK **** rubygem-sync.src: W: invalid-url Source1: rubygem-sync-0.5.0-specs.tgz 3 packages and 0 specfiles checked; 0 errors, 3 warnings. Rpmlint (installed packages) ---------------------------- Cannot parse rpmlint output: Source checksums ---------------- https://rubygems.org/gems/sync-0.5.0.gem : CHECKSUM(SHA256) this package : 668356cc07c59ac7ed9ecf34fec3929831f179c07adb1f3e1c3b7a1609a638fd CHECKSUM(SHA256) upstream package : 668356cc07c59ac7ed9ecf34fec3929831f179c07adb1f3e1c3b7a1609a638fd Requires -------- rubygem-sync (rpmlib, GLIBC filtered): ruby(rubygems) rubygem-sync-doc (rpmlib, GLIBC filtered): rubygem-sync Provides -------- rubygem-sync: rubygem(sync) rubygem-sync rubygem-sync-doc: rubygem-sync-doc Generated by fedora-review 0.7.6 (b083f91) last change: 2020-11-10 Command line :/usr/bin/fedora-review -b 1978395 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, Ruby Disabled plugins: Java, C/C++, Perl, PHP, SugarActivity, Haskell, fonts, Ocaml, Python, R Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
(In reply to Christopher Engelhard from comment #1) > The package is generally fine, with the exception of the bundled fonts. > Ideally these would be packaged as a normal font package instead. Since this > is both a SHOULD & a lot of work, I'm fine with leaving them in. However in > that case, their license (SIL Open Font License (OFL)) needs to be added to > the spec. This is a problem that affects all or almost all rubygem packages. When I was creating this package, I asked about font bunding in the ruby-sig mailing list [1], you can find more information there. I did not consider licensing before, so I had to dig in more now. It turns out that the package is (barely) in compliance with the font license conditions. Refer to OFL-FAQ Q1.10 "Does the full OFL license text always need to accompany the font?" [2] and consider that all the fonts contain at least the url of the license — you can check this e.g. by uploading the font files to Font Inspector [3]. (Strangely, I could not find a cli tool for this from the Fedora repositories.) The license does not belong to specfile License field, because that is only for the main ("binary") rpm as described in Licensing Guidelines section License: field [4]. I contacted Lato upstream to suggest them a way to improve the situation [5]. Do you accept this explanation? We can also continue the discussion on the ruby-sig list since this is relevant affects very many rubygem packages. [1]: https://lists.fedoraproject.org/archives/list/ruby-sig@lists.fedoraproject.org/thread/YM3X6EDCKZ3Y37V7J5LTCUZINMN7ZEOY/ [2]: Q: 1.10 Does the full OFL license text always need to accompany the font? [3]: https://opentype.js.org/font-inspector.html [4]: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_field [5]: https://github.com/latofonts/lato-source/issues/7#issuecomment-883907559 > Sidenote: Any idea why fedora-review complains about %gem_install not being > used when it clearly is? This is a bug in fedora-review. I already submitted a fix [6] and it was merged, we are only waiting for a new release. [6]: https://pagure.io/FedoraReview/pull-request/416 > [x]: Package must own all directories that it creates. > Note: Directories without known owners: /usr/share/gems/doc, > /usr/share/gems > **** These are provided by ruby(rubygems), which is an (implicit, > automatically generated) dependency of this package. This is OK. **** Another fedora-review bug, my pull request for this [6] has also been merged. [6]: https://pagure.io/FedoraReview/pull-request/419
(In reply to Otto Urpelainen from comment #2) > This is a problem that affects all or almost all rubygem packages. > When I was creating this package, I asked about font bunding > in the ruby-sig mailing list [1], you can find more information there. Thanks, I'll take a look. > The license does not belong to specfile License field, > because that is only for the main ("binary") rpm > as described in Licensing Guidelines section License: field [4]. Right, sorry, my mistake. > Do you accept this explanation? > We can also continue the discussion on the ruby-sig list > since this is relevant affects very many rubygem packages. Yes, this seems fine. Probably a good idea to come up with some sort of policy on this at some point, but since you already brought the overall issue to the ruby-sig list I'd say we're good here. Thanks for the packaging effort & for reporting all these issues etc. upstream/ to the discussion lists.
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/rubygem-sync