Spec URL: http://people.redhat.com/green/FE/devel/jetty5.spec SRPM URL: http://people.redhat.com/green/FE/devel/jetty5-5.1.11-0.rc0.4jpp.src.rpm Description: Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server (like Apache) in order to use java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate server/container solutions, this means that your web server and web application run in the same process, without interconnection overheads and complications. Furthermore, as a pure java component, Jetty can be simply included in your application for demonstration, distribution or deployment. Jetty is available on all Java supported platforms.
The extras guidelines for jpp packages have never been finalized, so currently packages can't have .jpp in their name. Would you be willing to drop the jpp from the name to get this moving forward? See: http://fedoraproject.org/wiki/PackagingDrafts/JavaPackageNaming for discussion.
Just a minor clarification: there is very, very little chance that the guidelines will ever be changed to allow "jpp" in a release. The packaging committee made a few proposals to the Core Java folks, but we never heard back. I assume that was due to the general lack of free time due to RHEL5 and FC6 stuff.
Ping Anthony. Any reply to comments #1 and #2? It's been almost 3 months since you submitted this...
(In reply to comment #3) > Ping Anthony. > > Any reply to comments #1 and #2? It's been almost 3 months since you submitted > this... Woops. Yes, I can remove "jpp". I'll submit a new package shortly. Thanks, AG
Hey Anthony. Any further word on a jetty5 package without jpp tags?
We can certainly remove the jpp tags, but it's clear that I'm not making time to continue with this package, so I'd like to withdraw my review request. Perhaps somebody else would like to continue with this one. Sorry!
We're going to need jetty for Eclipse 3.3 so I'm going to re-open this review request.
This requires a little bit of cleanup for rpmlint, but it seems to work for me (I added the demo.xml stuff to jetty.xml and browsed localhost:8080). I'm going to see if I can get someone who actually knows about jetty to take it over. In the meantime, here are the updated SRPM and spec: http://fedorapeople.org/~overholt/jetty5-5.1.12-1jpp.1.fc7.src.rpm http://fedorapeople.org/~overholt/jetty5.spec
This fails to build for me; at the end of the build process, I get: + /usr/lib/rpm/check-buildroot Binary file /var/tmp/jetty5-5.1.12-1jpp.1.fc8-root-mockbuild/usr/lib/debug/usr/lib64/gcj/jetty5/jetty5-5.1.12_classes.so.debug matches Binary file /var/tmp/jetty5-5.1.12-1jpp.1.fc8-root-mockbuild/usr/lib/debug/usr/lib64/gcj/jetty5/template_classes.so.debug matches Binary file /var/tmp/jetty5-5.1.12-1jpp.1.fc8-root-mockbuild/usr/lib/debug/usr/lib64/gcj/jetty5/jsp-examples.war.so.debug matches Binary file /var/tmp/jetty5-5.1.12-1jpp.1.fc8-root-mockbuild/usr/lib/debug/usr/lib64/gcj/jetty5/servlets-examples.war.so.debug matches Found '/var/tmp/jetty5-5.1.12-1jpp.1.fc8-root-mockbuild' in installed files; aborting error: Bad exit status from /var/tmp/rpm-tmp.85229 (%install) So somehow the buildroot is leaking into the build package. It seems pretty bogus to me but you should double-check that there's nothing going wrong and if everything is OK then you can export QA_SKIP_BUILD_ROOT=1 in %install and the test should be skipped.
Updated RPM to fix the problems in comment #9 and add the manifest needed for Eclipse 3.3. http://www.bagu.org/eclipse/jetty5.spec http://www.bagu.org/eclipse/jetty5-5.1.12-1jpp.1.fc8.src.rpm
I guess it would help if I CC'd myself on things ... I can't see how I didn't hit the same thing Jason did, but thanks for fixing it, Ben!
I forgot to disable the demos package. This needs to be done to avoid having to push security updates for bugs in the example code.
The demo package has been disabled. The new spec file and src rpms can be found here: http://www.vermillionskye.com/downloads/jetty5.spec http://www.vermillionskye.com/downloads/jetty5-5.1.12-1jpp.1.src.rpm Jason, would you be willing to review this? I cc'd you on the bug, I hope that is ok. Please feel free to remove your name if you did not wish to be on the list.
Unfortunately I think this package is a bit beyond my ken. I was trying to see of these old packages awaiting review would at least build, but I have no idea what this package does, I know pretty close to zero about java and frankly I just haven't the chops to review a java package of this complexity. Perhaps if nobody has stepped forward to look at this after I've made some good progress elsewhere in the review queue I'll try to come back and learn more about java packaging and try to help out here.
Vivek, since you're currently maintaining the tomcat5 rpm, do you think you could review this package? If you're too busy, just say so.
(In reply to comment #15) > Vivek, since you're currently maintaining the tomcat5 rpm, do you think you > could review this package? If you're too busy, just say so. If you can wait for a day or two I can certainly take a shot at reviewing.
That would be great, thanks Vivek!
This may be of interest: http://fedoraproject.org/wiki/Packaging/UsersAndGroups
A few general comments while I wait for the mock build to complete: - the license field is invalid according to new versions of rpmlint: $ rpmlint jetty5-5.1.12-1jpp.1.src.rpm W: jetty5 invalid-license Apache Software License - I don't understand this comment: # we need a shell to be able to use su - later Can it be expanded to justify why /bin/sh instead of /sbin/nologin? - I guess you'll add an entry in http://fedoraproject.org/wiki/PackageUserRegistry ? - does fedora-usermgmt make preun user deletion OK? I suppose the problems mentioned in http://fedoraproject.org/wiki/Packaging/UsersAndGroups are addressed by having the user registry + reserved address blocks? - Maybe elaborate on why excluding the demo package is more secure and why you don't just delete those sections of the spec file. - can the javadoc versioned directory be owned by the package? - why the manual removal of %{homedir}/extra/ext/*.jar. Can't they be owned by the package? An explanatory comment would be good.
rpmlint Comments ================ $ rpmlint jetty5-5.1.12-1jpp.1.fc8.i386.rpm | sort E: jetty5 non-standard-gid /var/cache/jetty5/temp jetty5 ... OK. rpmlint needs fedora-usermgmt support. E: jetty5 no-status-entry /etc/init.d/jetty5 Fix. I don't consider this release-critical but it should be fixed at some point. E: jetty5 zero-length /etc/jetty5/jetty.conf Fix. How about a comment header explaining this file? W: jetty5 dangling-symlink /usr/share/jetty5/ext/ant.jar /usr/share/java/ant.jar ... OK. All provided by requirements, except: W: jetty5 dangling-symlink /usr/share/jetty5/ext/jspapi.jar /usr/share/java/jspapi.jar Fix. Not provided by any required packages. Should: Requires: jsse be Requires: jsp ? W: jetty5 hidden-file-or-dir /usr/share/jetty5/.jettyrc Fix. Rename jettyrc. W: jetty5 invalid-license Apache Software License Fix. See new rpmlint -i output. W: jetty5 no-reload-entry /etc/init.d/jetty5 Fix. Again, not release critical. W: jetty5 spurious-executable-perm /etc/logrotate.d/jetty5 Fix. W: jetty5 symlink-should-be-relative /usr/share/jetty5/demo /var/lib/jetty5/demo ... Fix. Not release critical. $ rpmlint jetty5-javadoc-5.1.12-1jpp.1.fc8.i386.rpm | sort E: jetty5-javadoc zero-length /var/lib/jetty5/webapps/template/WEB-INF/lib/.keepme Fix. If this file's only purpose is to prevent CVS directory pruning then it should be removed in %build. W: jetty5-javadoc dangerous-command-in-%post ln Fix. See general comment above. W: jetty5-javadoc hidden-file-or-dir /var/lib/jetty5/webapps/template/WEB-INF/lib/.keepme Fix. W: jetty5-javadoc invalid-license Apache Software License Fix. W: jetty5-javadoc non-standard-group Development Fix. W: jetty5-javadoc wrong-file-end-of-line-encoding /usr/share/javadoc/jetty5-5.1.12/META-INF/MANIFEST.MF Fix. $ rpmlint jetty5-manual-5.1.12-1jpp.1.fc8.i386.rpm | sort E: jetty5-manual version-control-internal-file /usr/share/doc/jetty5-5.1.12/WEB-INF/.cvsignore Fix. W: jetty5-manual dangerous-command-in-%post ln Fix. W: jetty5-manual invalid-license Apache Software License Fix. W: jetty5-manual non-standard-group Development/Documentation Fix. $ rpmlint jetty5-debuginfo-5.1.12-1jpp.1.fc8.i386.rpm | sort W: jetty5-debuginfo invalid-license Apache Software License Fix. $ rpmlint jetty5-5.1.12-1jpp.1.fc8.src.rpm | sort W: jetty5 invalid-license Apache Software License Fix. Review Guidelines Comments ========================== MUST items: OK rpmlint OK naming OK spec filename FIX packaging guidelines see below FIX Fedora-approved license remove proprietary code to create modified source zip OK license field matches actual license FIX license file included in %doc include all license files as %doc, not just main LICENSE.TXT OK english OK legible FIX match upstream sources Source0 URL invalid OK package builds in x86 mock OK buildrequires OK no locale data OK no shared libraries OK not relocatable OK owns its directories FIX files listed twice warning: File listed twice: /usr/lib/gcj/jetty5 warning: File listed twice: /usr/lib/gcj/jetty5/jetty5-5.1.12.jar.db warning: File listed twice: /usr/lib/gcj/jetty5/jetty5-5.1.12.jar.so warning: File listed twice: /usr/lib/gcj/jetty5/jetty5-jmx-5.1.12.jar.db warning: File listed twice: /usr/lib/gcj/jetty5/jetty5-jmx-5.1.12.jar.so warning: File listed twice: /usr/lib/gcj/jetty5/jetty5-servlet-5.1.12.jar.db warning: File listed twice: /usr/lib/gcj/jetty5/jetty5-servlet-5.1.12.jar.so warning: File listed twice: /usr/lib/gcj/jetty5/start.jar.db warning: File listed twice: /usr/lib/gcj/jetty5/start.jar.so warning: File listed twice: /usr/lib/gcj/jetty5/stop.jar.db warning: File listed twice: /usr/lib/gcj/jetty5/stop.jar.so OK %clean OK consistent macros OK code vs content OK separate javadoc and manual subpackages OK proper operation not dependent on %doc files OK no header files OK no static libraries OK no pkgconfig files OK no .so files OK devel package requires base package OK no libtool archives OK no desktop entries OK doesn't own other packages' directories OK remove buildroot at start of %install OK UTF-8 filenames SHOULD items: OK project includes license file OK no translations available OK package builds in mock ?? didn't check all architectures OK jetty starts properly OK scriptlets sane FIX subpackages requiring base package remove '0:' epoch references in base package requires (extras and manual subpackages) javadoc subpackage doesn't require base which is fine OK placement of pkgconfig files OK package vs file requires
The main release-critical issues: 1) jetty includes many pre-built jars 2) two pre-built jars are licensed under the Binary Code License Agreement. 1) can be fixed by removing the pre-built jars at the start of %build. To fix 2) you'll need to modify the source zip file to remove the BCLA-licensed jars. Here are the relevant licenses, which are currently simply removed in the spec file: ./etc/LICENSE.javax.xml.html ./etc/LICENSE.jsse.txt
What are the BCLA-licensed jars?
Tom: I can't figure out what you mean by the licenses. $ for g in javax\\.servlet javax\\.xml jsse; do for f in `find -name \*.jar`; do unzip -l $f | grep $g; done; done Archive: ./lib/javax.servlet.jar 50 02-20-04 13:52 META-INF/services/javax.xml.parsers.DocumentBuilderFactory 44 02-20-04 13:52 META-INF/services/javax.xml.parsers.SAXParserFactory $ find -name javax.servlet.txt[toxic:jetty-5.1.12]$ find -name javax.xml.html $ find -name jsse.txt $
All jars are now removed from the zip. What additional license txt files are you referring to with regards to marking them as %doc. Rest of comments addressed in: http://www.vermillionskye.com/downloads/jetty5.spec http://www.vermillionskye.com/downloads/jetty5-5.1.12-1jpp.3.src.rpm
(In reply to comment #23) > Tom: I can't figure out what you mean by the licenses. I just meant that whatever code is licensed under those two BCLA license files must be removed from the tarball. It's hard to know exactly which jars are problematic because there could be some re-namespacing going on. I wondered about classes in the org.mortbay namespace, for example. But I didn't do in-depth forensics. Here are two specific examples of jars that need to be removed from the zip: ./ext/activation.jar ./ext/mail.jar activation.jar: http://java.sun.com/products/javabeans/jaf/downloads/index.html Look at META-INF/MANIFEST.MF: ... Implementation-Vendor: Sun Microsystems, Inc. Specification-Vendor: Sun Microsystems, Inc. ... mail.jar: http://java.sun.com/products/javamail/downloads/index.html Likewise, META-INF/MANIFEST.MF: ... Implementation-Vendor: Sun Microsystems, Inc. Specification-Vendor: Sun Microsystems, Inc. ... There may be more. It may be safest to just remove all jars to create a modified source zip.
Jeff actually did remove all jars: # Following source zip was originally taken from the following location: # http://mirrors.ibiblio.org/pub/mirrors/maven/jetty/jetty-5.1.12.zip # The zip file was modified by removing all jars and BCLA licenses. # unzip jetty-5.1.12.zip # pushd jetty-5.1.12 # find . -name *.jar -exec rm {} \; # rm ./etc/LICENSE.javax.xml.html ./etc/LICENSE.jsse.txt # popd # zip jetty-5.1.12.fedora.zip jetty-5.1.12/*
Yes, I see that now. My response to your comments collided with Jeff's new-URL comment.
Looks good. Just a few more points: - jetty.conf: by "comment header" I meant adding a comment to jetty.conf itself (rather than in the spec file, explaining its creation), e.g. indicating the purpose and maybe the format of the file, as well as a reference to documentation describing the use of the file. That would eliminate rpmlint's complaint about it being an empty file and it would be helpful to the would-be jetty administrator. - you added the jsp requirement rather than replacing the jsse requirement. Is jsse needed? (jsse is a virtual provide provided by the JDK packages, and represents a Java <= 1.4 concept, so it shouldn't be necessary if you're requiring Java >= 1.5). - I missed this the first time, but can %{demodir}/webapps just belong to the manual subpackage? If not, can you add a comment to the spec file explaining manual's post section?
Added a comment to jetty.conf with a # character to start the line. I could not find the format of the file as the references I found online pointed a non-existent web-site (see earlier comment regarding the URL in the spec file). I removed the jsse requirement and removed the manual post step. Updates can be found here: http://www.vermillionskye.com/downloads/jetty5.spec http://www.vermillionskye.com/downloads/jetty5-5.1.12-1jpp.4.src.rpm
Right, the URL comment brings up an interesting point: that Eclipse 3.3 will be depending on a project with a dead upstream. Longer term, I suppose either you will have to become the upstream (it would be nice if the URL field were made valid again) or Eclipse will have to be convinced to use some replacement for jetty5. For now though, jetty5 fills a need and it has been carefully packaged. Approved.
New Package CVS Request ======================= Package Name: jetty5 Short Description: Jetty webserver and servlet container Owners: jjohnstn Branches: F-8 InitialCC: overholt Cvsextras Commits: yes
If this is approved, please set the fedora-review flag to '+'. (It should be set to '?' while the package is being reviewed and to '+' once approval is given.)
Package Change Request ====================== Package Name: jetty5 Re-name package to jetty. Sorry, I know this was just approved and imported, but I should have brought this up during the review. I was thinking about having parallel-installable jetty's (5, 6, etc.) but we don't care about that. I'm an idiot, sorry :).
This appears to already be done. Please reset the flag if you need further cvs work done.
I'm closing this. It was imported some time ago.