Bug 2003876 - Review Request: sdrpp - SDRPlusPlus Bloat-free SDR receiver software
Summary: Review Request: sdrpp - SDRPlusPlus Bloat-free SDR receiver software
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Petr Menšík
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2021-09-14 04:02 UTC by Matt Domsch
Modified: 2021-10-02 01:27 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-09-29 00:18:49 UTC
Type: ---
pemensik: fedora-review+

Attachments (Terms of Use)
licensecheck (35.44 KB, text/plain)
2021-09-18 20:33 UTC, Petr Menšík
no flags Details

Description Matt Domsch 2021-09-14 04:02:04 UTC
Spec URL: https://domsch.com/fedora/sdrpp/fedora-rawhide-x86_64/sdrpp.spec
SRPM URL: https://domsch.com/fedora/sdrpp/fedora-rawhide-x86_64/sdrpp-1.0.3-1.fc36.src.rpm
Description: SDR++ is a cross-platform and open source SDR software
with the aim of being bloat free and simple to use.

- Wide hardware support (both through SoapySDR and dedicated modules)
- SIMD accelerated DSP
- Full waterfall update when possible. Makes browsing signals
  easier and more pleasant

Fedora Account System Username:mdomsch

Comment 1 Artur Frenszek-Iwicki 2021-09-14 15:29:21 UTC
> Provides: bundled(nlohmann-json) = 3.9.0
This is the same library as the one provided by the "json" RPM. Would it be possible to unbundle this?

> %install
> rm -rf $RPM_BUILD_ROOT
> The contents of the buildroot SHOULD NOT be removed in the first line of %install.

> License:        GPLv3
Any bundled libraries should be included in the "License:" field.

Comment 2 Matt Domsch 2021-09-14 21:39:34 UTC
Thank you Artur for the comments.  I was able to unbundle nlohmann-json, stb_image, stb_image_resize, and addressed the rest.  (removing RPM_BUILD_ROOT is still provided in rpmdev-newspec where that came from).  Upstream author explicitly requests use of g++ -O3 (instead of -O2) for performance so that change is made as well.

rawhide scratch-build: https://koji.fedoraproject.org/koji/taskinfo?taskID=75684234

Comment 3 Matt Domsch 2021-09-15 04:17:04 UTC
Artur - with regard to the License: field, the guidelines say:
The License: field refers to the licenses of the contents of the binary rpm. When in doubt, ask.

The resulting binary from sources licensed GPLv3, MIT, and WTFPL should in fact be GPLv3, not GPLv3 and MIT and WTFPL. I'll switch this back before the next round of reviews.

Comment 4 Petr Menšík 2021-09-18 19:21:13 UTC
Hi Matt,

any downstream patches should contain links to Merge requests or at least issues filled to upstream. It should be possible to remove them in later releases, their status and upstream acceptance or refusal should be easier to be tracked.

imgui [1] seems to be significant project enough to deserve separate package review first, which should block this review. We already have rust bindings to it [2] and four different packages bundling it already:

If that is not enough reason to unbundle it and make separate package, what would be? I guess some of those packages maintainers should be asked for help with that package or at least review. But it seems its upstream does not support any kind of non-static library. It does not even have any build system used. Maybe it is indeed up to best intentions of imgui upstream to be used the current way, even it violates rules of Fedora.

License tag has to include MIT and WTFPL, if those two bundled bundled(imgui) and bundled(portable-file-dialogs) are used to build the package. They became part of either library or command present in built RPM. If they are not needed, remove bundled provides.

Desktop file is installed, but is not validated [3]. readme.md should be included in %doc, contributing.md also.

Problem is with included Roboto-Medium.ttf font. Fedora forbids package included fonts[4]. And it seems the same file is part of google-roboto-fonts package, which should be used instead. Use symlink if required, add Requires: google-roboto-fonts.

1. https://github.com/ocornut/imgui
2. https://src.fedoraproject.org/rpms/rust-imgui
3. https://docs.fedoraproject.org/en-US/packaging-guidelines/#_desktop_file_install_usage
4. https://docs.fedoraproject.org/en-US/packaging-guidelines/#_avoid_bundling_of_fonts_in_other_packages

Comment 5 Petr Menšík 2021-09-18 20:32:27 UTC
Package Review

[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed

- Package installs a %{name}.desktop using desktop-file-install or desktop-
  file-validate if there is such a file.
- Font is included inside package instead of reusing system font.
- No %doc is used, but upstream contains some markdown files

===== MUST items =====

[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[-]: Development (unversioned) .so files in -devel subpackage, if present.
     Note: Unversioned so-files in private %_libdir subdirectory (see
     attachment). Verify they are not in ld path.
[x]: If your application is a C or C++ application you must list a
     BuildRequires against gcc, gcc-c++ or clang.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig not called in %post and %postun for Fedora 28 and later.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
[!]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Unknown or generated", "MIT License", "the Unlicense MIT
     License", "GNU General Public License v3.0 or later", "GNU General
     Public License v2.0 or later", "BSD (3 clause)", "Apache License 2.0".
     378 files have unknown license. Detailed output of licensecheck in
[x]: License file installed when any subpackage combination is installed.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[!]: Requires correct, justified where necessary.
      Font package required
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[!]: Package complies to the Packaging Guidelines
     - ttf font file is included from upstream, not from distribution
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package contains desktop file if it is a GUI application.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
[x]: File names are valid UTF-8.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 0 bytes in 0 files.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

[!]: Avoid bundling fonts in non-fonts packages.
     Note: Package contains font files
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[!]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise
[-]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: gpgverify is not used.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
[!]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

[!]: Spec file according to URL is the same as in SRPM.
     Note: Spec file as given by url is not the same as in SRPM (see
     attached diff).
     See: (this test has no URL)
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.

Checking: sdrpp-1.0.3-1.fc36.x86_64.rpm
sdrpp.x86_64: W: no-documentation
sdrpp.x86_64: W: no-manual-page-for-binary sdrpp
4 packages and 0 specfiles checked; 0 errors, 2 warnings.

Rpmlint (debuginfo)
Checking: sdrpp-debuginfo-1.0.3-1.fc36.x86_64.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

Rpmlint (installed packages)
Cannot parse rpmlint output:

Unversioned so-files
sdrpp: /usr/lib64/sdrpp/plugins/audio_sink.so
sdrpp: /usr/lib64/sdrpp/plugins/discord_integration.so
sdrpp: /usr/lib64/sdrpp/plugins/file_source.so
sdrpp: /usr/lib64/sdrpp/plugins/frequency_manager.so
sdrpp: /usr/lib64/sdrpp/plugins/hackrf_source.so
sdrpp: /usr/lib64/sdrpp/plugins/meteor_demodulator.so
sdrpp: /usr/lib64/sdrpp/plugins/network_sink.so
sdrpp: /usr/lib64/sdrpp/plugins/new_portaudio_sink.so
sdrpp: /usr/lib64/sdrpp/plugins/radio.so
sdrpp: /usr/lib64/sdrpp/plugins/recorder.so
sdrpp: /usr/lib64/sdrpp/plugins/rigctl_server.so
sdrpp: /usr/lib64/sdrpp/plugins/rtl_sdr_source.so
sdrpp: /usr/lib64/sdrpp/plugins/rtl_tcp_source.so
sdrpp: /usr/lib64/sdrpp/plugins/soapy_source.so
sdrpp: /usr/lib64/sdrpp/plugins/weather_sat_decoder.so

Source checksums
https://github.com/AlexandreRouma/SDRPlusPlus/archive/dcc17cdee75c55ab9d355d63b428db04c66b999b/sdrpp-dcc17cd.tar.gz :
  CHECKSUM(SHA256) this package     : 9f27b959afe99ed4e29969327a9a0636cac66dd191cf41935a88ac9594b50b1b
  CHECKSUM(SHA256) upstream package : 9f27b959afe99ed4e29969327a9a0636cac66dd191cf41935a88ac9594b50b1b

sdrpp (rpmlib, GLIBC filtered):

sdrpp-debuginfo (rpmlib, GLIBC filtered):

sdrpp-debugsource (rpmlib, GLIBC filtered):




Diff spec file in url and in SRPM
--- /home/reviewer/fedora/rawhide/2003876-sdrpp/srpm/sdrpp.spec	2021-09-18 19:12:12.814161015 +0200
+++ /home/reviewer/fedora/rawhide/2003876-sdrpp/srpm-unpacked/sdrpp.spec	2021-09-14 05:24:13.000000000 +0200
@@ -2,11 +2,9 @@
 %global gittag 1.0.3
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
-# Upstream requests use of -O3 for DSP performance and specifies c++17
-%global optflags %(eval echo %{optflags} | %{__sed} -e 's/-O2/-O3 -std=c++17/')
 Name:           sdrpp
 Version:        1.0.3
 Release:        1%{?dist}
-Summary:        SDRPlusPlus bloat-free SDR receiver software
+Summary:        Bloat-free SDR receiver software
 License:        GPLv3
@@ -32,22 +30,18 @@
 BuildRequires:  fftw-devel glew-devel volk-devel glfw-devel
 BuildRequires:  portaudio-devel libiio-devel rtaudio-devel
-BuildRequires:  spdlog-devel fmt-devel rapidjson-devel json-devel
-BuildRequires:  stb_image-devel stb_image_resize-devel
+BuildRequires:  spdlog-devel fmt-devel rapidjson-devel
 BuildRequires:  SoapySDR-devel hackrf-devel rtl-sdr-devel
 # Bundled libraries
 # https://github.com/AlexandreRouma/SDRPlusPlus/issues/292
-# https://github.com/ocornut/imgui
 # MIT License
 Provides: bundled(imgui) = 1.83
-# https://github.com/samhocevar/portable-file-dialogs
-# WTFPL License
-Provides: bundled(portable-file-dialogs) = 0.1.0
+# Public Domain
+Provides: bundled(stb_image) = 2.26
+# MIT License
+# https://github.com/nlohmann/json
+Provides: bundled(nlohmann-json) = 3.9.0
 # A local copy of libsddc is present in sddc_source but is not built.
 # A local copy of libcorrect is present in falcon9_decoder but is not built.
-# A local copy of nlohmann-json is present in the source and is deleted prior to building.
-# A local copy of stb_image and stb_image_resize is present in the source and is deleted prior to building.
-# A local copy of rapidjson is present in the source and is deleted prior to building.
-# A local copy of spdlog is present in the source and is deleted prior to building.
@@ -64,17 +58,8 @@
 %autosetup -p1 -n SDRPlusPlus-%{commit}
-# Delete local copy of spdlog. We're using the system library copy.
+# Delete localy copy of spdlog. We're using the system library copy.
 rm -rf core/src/spdlog
 # Delete local copy of rapidjson. We're using the system library copy.
 rm -rf discord_integration/discord-rpc/include/rapidjson
-# Replace use of local nlohmann-json with library version
-rm core/src/json.hpp
-grep -l -r '#include <json.hpp>' . | xargs sed -i -e 's:#include <json.hpp>:#include <nlohmann/json.hpp>:'
-# Replace use of local stb_image and stb_image_resize with library version
-rm core/src/imgui/stb_image_resize.h
-rm core/src/imgui/stb_image.h
-sed -i -e 's:#include <imgui/stb_image.h>:#include <stb/stb_image.h>:' core/src/gui/icons.cpp
-sed -i -e 's:#include <stb_image.h>:#include <stb/stb_image.h>:' \
-       -e 's:#include <stb_image_resize.h>:#include <stb/stb_image_resize.h>:' core/src/core.cpp
@@ -85,5 +70,5 @@
@@ -92,4 +77,5 @@
 rm %{buildroot}%{_libdir}/libsdrpp_core.so

Generated by fedora-review 0.7.6 (b083f91) last change: 2020-11-10
Command line :/usr/bin/fedora-review -b 2003876
Buildroot used: fedora-rawhide-x86_64
Active plugins: C/C++, Generic, Shell-api
Disabled plugins: PHP, R, Ocaml, Haskell, Perl, Python, SugarActivity, fonts, Java

Comment 6 Petr Menšík 2021-09-18 20:33:38 UTC
Created attachment 1824288 [details]

Comment 7 Matt Domsch 2021-09-19 03:04:45 UTC
Petr, sincere thanks for the package review. I've updated the package per your comments.

- As you note, upstream imgui has no build system, they fully expect and encourage consumers to bundle their code directly.  As such I leave imgui bundled.

- License field fixed, a copy of the MIT license for Discourse was found in the source and added to %license.

- %doc files added as requested.

- Font removed, uses google-roboto-fonts directly now

- Further comments added regarding sending patches upstream. Upstream has a ticket open discussing reworking the whole cmake build system, which includes extracting bundled libraries into their own directories to make it easier to spot and include/not include based on system availability. I've chimed into that thread regarding the changes necessary to be acceptable to Fedora. https://github.com/AlexandreRouma/SDRPlusPlus/issues/292

- I found another imgui-bundled library stb_truetype which is identical to the available unbundled library, so that has now been removed.  Two other stb-sourced files are effectively imgui private forks at this point, so they remain in the bundled imgui library.

- licensecheck reports quite a few additional licenses but most are in the libsddc which is present in the source but not built (upstream is not ready for it to be distributed by default).

- licensecheck did show that discord-rpc is bundled (MIT license), added to the bundled list. This library is deprecated by upstream in favor of the Discord GameSDK, so it should not be bundled into Fedora separately.

- I have run this on my local system with RTL-SDR hardware attached to my radio, and it behaves as expected.

Updated spec: https://domsch.com/fedora/sdrpp/fedora-rawhide-x86_64/sdrpp.spec
Scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=75919275

Comment 8 Petr Menšík 2021-09-23 19:03:23 UTC
Hmm, discord-rpc seems with compatible license. But anything they replace it with seems proprietary service not acceptable into Fedora. In that view, I think it would be better to include discord-rpc as separate package. retroarch package already bundles it, this would be second package. It would be shared code already. Not sure how radio software works with discord.

Anyway, I think discord-rpc is the only remaining package. If the upstream would not already say it is deprecated, I would demand adding it as separate package. It seems the only possible way in Fedora to me, but I am not a lawyer or read it in detail. I think current package is okay, granting review package.

Comment 9 Gwyn Ciesla 2021-09-23 20:00:46 UTC
(fedscm-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/sdrpp

Comment 10 Fedora Update System 2021-09-23 20:47:27 UTC
FEDORA-2021-ceae34324f has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ceae34324f

Comment 11 Fedora Update System 2021-09-23 20:48:18 UTC
FEDORA-2021-c430cb9d05 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-c430cb9d05

Comment 12 Fedora Update System 2021-09-24 02:52:23 UTC
FEDORA-2021-c430cb9d05 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2021-c430cb9d05 \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-c430cb9d05

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2021-09-24 21:48:04 UTC
FEDORA-2021-ceae34324f has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2021-ceae34324f \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ceae34324f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 14 Fedora Update System 2021-09-29 00:18:49 UTC
FEDORA-2021-c430cb9d05 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 15 Fedora Update System 2021-10-02 01:27:17 UTC
FEDORA-2021-ceae34324f has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.