Spec URL: https://atim.fedorapeople.org/gnome-secrets.spec SRPM URL: https://atim.fedorapeople.org/gnome-secrets-5.1-1.fc35.src.rpm Description: Secrets is a password manager which integrates perfectly with the GNOME desktop and provides an easy and uncluttered interface for the management of password databases. Features: *⭐ Create or import KeePass safes *✨ Assign a color and additional attributes to entries *📎 Add attachments to your encrypted database *🎲 Generate cryptographically strong passwords *🛠 Change the password or keyfile of your database *🔎 Quickly search your favorite entries *🕐 Automatic database lock during inactivity *📲 Adaptive interface *⏱ Support for two-factor authentication Supported Encryption Algorithms: * AES 256-bit * Twofish 256-bit * ChaCha20 256-bit Supported Derivation algorithms: * Argon2 KDBX4 * AES-KDF KDBX 3.1 Fedora Account System Username: atim
This is a re-review request for a package rename of 'gnome-passwordsafe'.
I would rename it together with the upcoming 6.0 release, as this is how upstream seems to intend the renaming AFAICS.
(In reply to bjoern.daase from comment #2) OK, thanks for feedback. Let's keep old name for now and hold this RR. Get back to this when 6.0 will been released. Closing.
I think we ready for replacement. Currently only for Rawhide. Upstream already published v6 Beta version on Flathub. This is a rush job so i'll improve/fix something later. But any help and review is very welcome. https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03163371-secrets/secrets.spec https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03163371-secrets/secrets-6.0-0.1.beta.2.fc36.src.rpm
Hi, 1. I would drop this section from description: > Features: > ... > Supported Derivation algorithms: > * Argon2 KDBX4 > * AES-KDF KDBX 3.1 This section should be a short and concise description of the package without special unicodes. 2. We can probably also add %meson_test to %check instead ? It seems to check the same things: > 1/3 Validate desktop file OK 0.02s > 2/3 Validate metainfo file OK 0.05s > 3/3 Validate schema file OK 0.02s 3. Looking at: https://gitlab.gnome.org/World/secrets/-/blob/master/meson_options.txt We can tests with default option defined as false. We can include them by adding option to this macro: %meson -Dtests=true. Probably worth to use bcond for it.
*** Bug 2058689 has been marked as a duplicate of this bug. ***
@mkulik TY. 1. Dropped unicode symbols and simplified description. 2. Added %meson_test but IMO we should also leave current canonical fedora checks because there some minor differences beetwen these test even they are almost equal. 3. Added conditional tests. Now it compiles fines and all tests passed. SPEC: https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03580365-secrets/secrets.spec SRPM: https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03580365-secrets/secrets-6.2-1.fc37.src.rpm
Minor update: https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03637563-secrets/secrets.spec https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03637563-secrets/secrets-6.2-2.fc37.src.rpm
Strictly speaking, this package does require python3-pycryptodomex: ./secrets-6.2/gsecrets/utils.py:from Cryptodome.Cipher import AES ./secrets-6.2/gsecrets/utils.py:from Cryptodome.Random import get_random_bytes However, it's a transitive dependency via python3-pykeepass so it gets pulled in anyway. Might be better to include it though in case python3-pykeepass changes to a different crypto backend in the future.
(In reply to Paul Howarth from comment #9) I'll add it into next build. Thanks for tip.
Tests are still failing because of pyotp and it seems that python3-pyotp maintainer is not responsive. I would try to contact one of the maintainers of this package directly and ask to take a look at rebase. In case no one is responsive: https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_package_maintainers/#steps
New 6.3 version: https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03919567-secrets/secrets.spec https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/03919567-secrets/secrets-6.3-1.fc37.src.rpm
New 6.5 version: https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/04379829-secrets/secrets.spec https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/04379829-secrets/secrets-6.5-1.fc37.src.rpm python-pyotp updated so now we can package Secrets for >= f36: https://src.fedoraproject.org/rpms/python-pyotp/pull-request/2
Hello! This review request seems to have been forgotten about :P! Will take it. --- ``` Provides: %{name} = %{version}-%{release} ``` What is the purpose of this line? Are you sure you didn't mean: ``` Provides: %{oldname} = %{version}-%{release} ``` --- ``` Obsoletes: %{oldname} <= 5.1-1 ``` It should be updated to 5.1-6 since rebuilds happened (release at 5 + 1 to make sure the %{_dist} doesn't interfere as stated by the guidelines). --- Finally, is the main admin of gnome-passwordsafe (Paul Carroty) aware of this rename process (just to make sure no issue happen when it comes to retiring the package)?
@Lyes thanks for review. Finally! :) Fixed Provides. As for Obsoletes version 5.1-3 should correct according to Guidelines [1] (2+1). Paul Carroty inactive for a long time. But i've added Paul to CC list. [1]: https://docs.fedoraproject.org/en-US/packaging-guidelines/#renaming-or-replacing-existing-packages https://src.fedoraproject.org/rpms/gnome-passwordsafe --- https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/04688836-secrets/secrets.spec https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/04688836-secrets/secrets-6.5-1.fc37.src.rpm
Hello :)! > Fixed Provides. As for Obsoletes version 5.1-3 should correct according to Guidelines [1] (2+1). Yes, but, look at the specfile[1], python/mass rebuilds pushed that to 5.1-5. > Paul Carroty inactive for a long time. But i've added Paul to CC list. Ok! No problem. Was just worried he'd try to unorphan/unretire the package by mistake when you did orphan/retire it without him knowing. If he's inactive, there shouldn't be any issue. [1]: https://src.fedoraproject.org/rpms/gnome-passwordsafe/blob/rawhide/f/gnome-passwordsafe.spec
> Yes, but, look at the specfile[1], python/mass rebuilds pushed that to 5.1-5. You right, i'll fix this before importing. Thank you!!
Oh, there's a missing runtime dependency: python3-gobject (it fails to run without it when tested on toolbox).
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== Remarks ===== - Runtime dependency python3-gobject is missing. (MUST) - For some reasons, const.py has a shebang? It would be a good idea to point that out to upstream. (see rpmlint) - Unnecessary `-p1` in `%autosetup`. ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "GNU General Public License, Version 3", "*No copyright* GNU General Public License, Version 3". 126 files have unknown license. Detailed output of licensecheck in /home/lyes/Documents/reviews/review-secrets/licensecheck.txt [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/mime/packages, /usr/share/mime Note: When installing, shared-mime-info is pulled in as a dependency. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: The spec file handles locales properly. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [!]: Requires correct, justified where necessary. Note: runtime dependency python3-gobject missing. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package contains desktop file if it is a GUI application. [x]: Package installs a %{name}.desktop using desktop-file-install or desktop-file-validate if there is such a file. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [-]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 2 secrets.noarch: E: non-executable-script /usr/lib/python3.11/site-packages/gsecrets/const.py 644 /usr/bin/python3 secrets.noarch: W: no-manual-page-for-binary secrets Source checksums ---------------- https://gitlab.gnome.org/World/secrets/-/archive/6.5/secrets-6.5.tar.bz2 : CHECKSUM(SHA256) this package : b1b73479c5aad64f2078afbce60b6442f1e9abb498c8bf2d008af80256ffd18e CHECKSUM(SHA256) upstream package : b1b73479c5aad64f2078afbce60b6442f1e9abb498c8bf2d008af80256ffd18e Requires -------- secrets (rpmlib, GLIBC filtered): /usr/bin/python3 hicolor-icon-theme libadwaita python(abi) python3-pwquality python3-pykeepass python3-pyotp Provides -------- secrets: application() application(org.gnome.World.Secrets.desktop) gnome-passwordsafe metainfo() metainfo(org.gnome.World.Secrets.metainfo.xml) mimehandler(application/x-keepass2) secrets Generated by fedora-review 0.8.0 (e988316) last change: 2022-04-07 Command line :/usr/bin/fedora-review -n secrets Buildroot used: fedora-rawhide-x86_64 Active plugins: Python, Shell-api, Generic Disabled plugins: C/C++, Perl, fonts, SugarActivity, Java, Ocaml, Haskell, R, PHP Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
Still (see #2061745) fails to build on s390x: s390x: https://koji.fedoraproject.org/koji/taskinfo?taskID=90173601 ====== The Meson build system Version: 0.62.2 Source dir: /builddir/build/BUILD/secrets-6.5 Build dir: /builddir/build/BUILD/secrets-6.5/redhat-linux-build Build type: native build Project name: secrets Project version: 6.5 Host machine cpu family: s390x Host machine cpu: s390x Message: Looking for dependencies Program python3 (pykeepass, pyotp) found: NO modules: pyotp meson.build:30:0: ERROR: python3 is missing modules: pykeepass A full log can be found at /builddir/build/BUILD/secrets-6.5/redhat-linux-build/meson-logs/meson-log.txt x86_64: https://koji.fedoraproject.org/koji/taskinfo?taskID=90174866 ====== The Meson build system Version: 0.62.2 Source dir: /builddir/build/BUILD/secrets-6.5 Build dir: /builddir/build/BUILD/secrets-6.5/redhat-linux-build Build type: native build Project name: secrets Project version: 6.5 Host machine cpu family: x86_64 Host machine cpu: x86_64 Message: Looking for dependencies Program python3 (pykeepass, pyotp) found: YES (/usr/bin/python3) modules: pykeepass, pyotp Message: Found python3 binary Found pkg-config: /usr/bin/pkg-config (1.8.0) Run-time dependency glib-2.0 found: YES 2.73.2 Run-time dependency gio-2.0 found: YES 2.73.2 Run-time dependency gobject-introspection-1.0 found: YES 1.73.0 Run-time dependency gtk4 found: YES 4.7.1 Run-time dependency libadwaita-1 found: YES 1.2.alpha Run-time dependency pwquality found: YES 1.4.4 ...
https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/04689787-secrets/secrets.spec https://download.copr.fedorainfracloud.org/results/atim/for-review/fedora-rawhide-x86_64/04689787-secrets/secrets-6.5-1.fc37.src.rpm
Paul Howarth : Huh, that's very weird? I don't think this is blocking the review, since this does seem like more a bug or a missing dependency (which I think is then handled automatically?), but is there no clue on why this happens?
Package approved :D! You can now proceed with the rest of the package renaming process : https://docs.fedoraproject.org/en-US/package-maintainers/Package_Renaming_Process/ ! Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "GNU General Public License, Version 3", "*No copyright* GNU General Public License, Version 3". 126 files have unknown license. Detailed output of licensecheck in /home/lyes/Documents/reviews/2029547-secrets/licensecheck.txt [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/mime, /usr/share/mime/packages [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: The spec file handles locales properly. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [-]: Package is not known to require an ExcludeArch tag. Note: Fails to build on s390x, but since it's a noarch package, an ExcludeArch is incompatible. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package contains desktop file if it is a GUI application. [x]: Package installs a %{name}.desktop using desktop-file-install or desktop-file-validate if there is such a file. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [-]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 2 secrets.noarch: E: non-executable-script /usr/lib/python3.11/site-packages/gsecrets/const.py 644 /usr/bin/python3 secrets.noarch: W: no-manual-page-for-binary secrets Source checksums ---------------- https://gitlab.gnome.org/World/secrets/-/archive/6.5/secrets-6.5.tar.bz2 : CHECKSUM(SHA256) this package : b1b73479c5aad64f2078afbce60b6442f1e9abb498c8bf2d008af80256ffd18e CHECKSUM(SHA256) upstream package : b1b73479c5aad64f2078afbce60b6442f1e9abb498c8bf2d008af80256ffd18e Requires -------- secrets (rpmlib, GLIBC filtered): /usr/bin/python3 hicolor-icon-theme libadwaita python(abi) python3-gobject python3-pwquality python3-pykeepass python3-pyotp Provides -------- secrets: application() application(org.gnome.World.Secrets.desktop) gnome-passwordsafe metainfo() metainfo(org.gnome.World.Secrets.metainfo.xml) mimehandler(application/x-keepass2) secrets Generated by fedora-review 0.8.0 (e988316) last change: 2022-04-07 Command line :/usr/bin/fedora-review -b 2029547 Buildroot used: fedora-rawhide-x86_64 Active plugins: Python, Shell-api, Generic Disabled plugins: Haskell, Java, Ocaml, fonts, SugarActivity, R, Perl, C/C++, PHP Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
(In reply to Lyes Saadi from comment #22) > Paul Howarth : > Huh, that's very weird? I don't think this is blocking the review, since > this does seem like more a bug or a missing dependency (which I think is > then handled automatically?), but is there no clue on why this happens? No idea why it happens (possibly a pykeepass issue) but someone who understands the module detection code in meson should be able to figure it out. In the meantime, the packaging guidelines suggest adding an ExcludeArch: for s390x: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_architecture_support
Oh, I thought that it would be incompatible to use both, but that's good to know that such a use case is taken care of :)!
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/secrets
FEDORA-2022-318856f521 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-318856f521
FEDORA-2022-318856f521 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-318856f521 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-318856f521 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-318856f521 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.