Spec URL: https://raw.githubusercontent.com/firefly-cpp/rpm-reviews/main/rubygem-ast-tdl.spec SRPM URL: https://github.com/firefly-cpp/rpm-reviews/raw/main/rubygem-ast-tdl-0.0.2-1.fc34.src.rpm Description: ast-dsl is a small DSL for practical definition and description of sports training that can be automatically or manually defined and used in conjunction with Artificial Sport Trainer. Fedora Account System Username: iztokf
I will finish looking at this over the next day or two… Ruby is not my wheelhouse, but I can read guidelines and it is a relatively simple package.
I apologize for the delay. I haven’t forgotten about this.
Unofficial Review: Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== Generic: [X]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 1 files have unknown license. Detailed output of licensecheck in /home/FedoraPackaging/rubygem-ast-tdl/2097267-rubygem- ast-tdl/licensecheck.txt [!]: License file installed when any subpackage combination is installed. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [?]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [?]: Package is not known to require an ExcludeArch tag. [?]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 0 bytes in 0 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [!]: Avoid bundling fonts in non-fonts packages. Note: Package contains font files [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [?]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [!]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: When checking ruby code, install the ruby plugin. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- Cannot parse rpmlint output: Source checksums ---------------- https://rubygems.org/gems/ast-tdl-0.0.2.gem : CHECKSUM(SHA256) this package : c923acd1b9c53da3067330162a085b50a0b89baaa0a1d67feb529f53d6453733 CHECKSUM(SHA256) upstream package : c923acd1b9c53da3067330162a085b50a0b89baaa0a1d67feb529f53d6453733 Requires -------- rubygem-ast-tdl (rpmlib, GLIBC filtered): ruby(rubygems) rubygem-ast-tdl-doc (rpmlib, GLIBC filtered): rubygem-ast-tdl Provides -------- rubygem-ast-tdl: rubygem(ast-tdl) rubygem-ast-tdl rubygem-ast-tdl-doc: rubygem-ast-tdl-doc Generated by fedora-review 0.8.0 (e988316) last change: 2022-04-07 Command line :/usr/bin/fedora-review -b 2097267 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api Disabled plugins: Perl, PHP, Ocaml, SugarActivity, C/C++, Python, Haskell, Java, R, fonts Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH Comments: 1) Can you check that this builds on Copr/Koji for at least x86_64,AARCH64 and ARM_hfp? 2) Possibly BuildRequires: ruby(release) should be changed to BuildRequires: ruby(release) >= 2.4.0 The gemspec of the latest version requires 2.6.0 3) Upstream recently added unit tests, if a new release will be made, maybe these can be added? See https://docs.fedoraproject.org/en-US/packaging-guidelines/Ruby/ 4) Packaged does not seem to preserve timestamps, but this maybe common with Rubygems 5) Add a %license line to the spec file, see for example https://src.fedoraproject.org/rpms/rubygem-mizuho/blob/rawhide/f/rubygem-mizuho.spec. Do also add the license file to the gemspec https://github.com/firefly-cpp/ast-tdl/blob/main/ast-tdl.gemspec so it is included 6) Fonts are installed with the html documentation generated by rdoc, in particular Lato-LightItalic.ttf Lato-RegularItalic.ttf SourceCodePro-Bold.ttf Lato-Light.ttf Lato-Regular.ttf SourceCodePro-Regular.ttf Are these necessary? Lato1 fonts are packaged https://src.fedoraproject.org/rpms/lato-fonts as are SourceCodePro fonts https://src.fedoraproject.org/rpms/adobe-source-code-pro-fonts the documentation also has javascript. ri files are also produced and probably should not be packaged. These might be due to my build, but maybe something different needs to be done for generating the documentation. 7) Adding the recently added examples to the documentation is also helpful
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== Issues ===== - According to https://docs.fedoraproject.org/en-US/packaging-guidelines/Ruby/#_rubygems, there should not be a BuildRequires: ruby(release) for a RubyGems package. It seems you can drop BuildRequires: ruby >= 2.4.0 too. If you do want to keep the minimum version specification (as discouraged by https://docs.fedoraproject.org/en-US/packaging-guidelines/#_package_dependencies but suggested by https://docs.fedoraproject.org/en-US/packaging-guidelines/Ruby/#_ruby_compatibility), consider replacing both lines with: BuildRequires: ruby(release) >= 2.4.0 Requires: ruby(release) >= 2.4.0 - The chosen MIT file requires its text to be included. Upstream PR https://github.com/firefly-cpp/ast-tdl/pull/10 would add the LICENSE file to the RubyGem, and it could then be added to the RPM. - The documentation subpackage contains bundled fonts and JavaScript. You could possibly handle the JavaScript in accordance with https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling, since it is not pre-minified, but this is difficult since it is controlled by the documentation generator and not by your package. The bundled fonts are absolutely forbidden by https://docs.fedoraproject.org/en-US/packaging-guidelines/FontsPolicy/. Unfortunately, it’s almost impossible to package any kind of generated HTML documentation in a way that’s compliant with the guidelines for fonts, JavaScript, and web assets. I would recommend just adding rm -rvf '%{buildroot}%{gem_docdir}/rdoc' to the end of %build. - Version 0.0.3 is available. Probably it will be best to merge https://github.com/firefly-cpp/ast-tdl/pull/10 and release and package version 0.0.4. - The file README.md should be adjusted from Windows-style CRLF line terminators: rubygem-ast-tdl-doc.noarch: W: wrong-file-end-of-line-encoding /usr/share/gems/gems/ast-tdl-0.0.2/README.md Add: BuildRequires: dos2unix and in %prep: dos2unix README.md (Or change it upstream, if you prefer.) - Once you update to 0.0.3 or later, there are tests upstream that you should ideally use; see https://docs.fedoraproject.org/en-US/packaging-guidelines/Ruby/#_test_suites_not_included_in_the_package. ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [-]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. No license file in the source package, but see Issues; some license text is required. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "*No copyright* MIT License", "Unknown or generated". 5 files have unknown license. Detailed output of licensecheck in /home/reviewer/2097267-rubygem-ast-tdl/licensecheck.txt [!]: License file installed when any subpackage combination is installed. MIT license requires the license text to be included. https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 0 bytes in 0 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [!]: Avoid bundling fonts in non-fonts packages. Note: Package contains font files [!]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. https://github.com/firefly-cpp/ast-tdl/pull/10 In this case, the presence of the license text in some form is mandatory. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [!]: Latest version is packaged. Version 0.0.3 is available. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. Upstream provides no tests. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: When checking ruby code, install the ruby plugin. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- Cannot parse rpmlint output: Source checksums ---------------- https://rubygems.org/gems/ast-tdl-0.0.2.gem : CHECKSUM(SHA256) this package : c923acd1b9c53da3067330162a085b50a0b89baaa0a1d67feb529f53d6453733 CHECKSUM(SHA256) upstream package : c923acd1b9c53da3067330162a085b50a0b89baaa0a1d67feb529f53d6453733 Requires -------- rubygem-ast-tdl (rpmlib, GLIBC filtered): ruby(rubygems) rubygem-ast-tdl-doc (rpmlib, GLIBC filtered): rubygem-ast-tdl Provides -------- rubygem-ast-tdl: rubygem(ast-tdl) rubygem-ast-tdl rubygem-ast-tdl-doc: rubygem-ast-tdl-doc Generated by fedora-review 0.8.0 (e988316) last change: 2022-04-07 Command line :/usr/bin/fedora-review -b 2097267 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic Disabled plugins: C/C++, Perl, R, SugarActivity, Python, Haskell, Java, PHP, fonts, Ocaml Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH ============================ rpmlint session starts ============================ rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 3 rubygem-ast-tdl-doc.noarch: W: wrong-file-end-of-line-encoding /usr/share/gems/gems/ast-tdl-0.0.2/README.md rubygem-ast-tdl.noarch: W: no-documentation 3 packages and 0 specfiles checked; 0 errors, 2 warnings, 0 badness; has taken 0.2 s
Benson, thank you for the preliminary review. It looks like we mostly found the same things. (In reply to Benson Muite from comment #3) > Unofficial Review: > > […] > > Comments: > 1) Can you check that this builds on Copr/Koji for at least x86_64,AARCH64 > and ARM_hfp? A scratch-build wouldn’t hurt, although it would be very unusual if there were any architecture-dependent issues in a noarch, pure-Ruby package. ARM_hfp is not required in general since https://fedoraproject.org/wiki/Changes/RetireARMv7. Arched packages targeting releases older than Rawhide will still need to be compatible or ExcludeArch, of course. Here is a scratch build for Rawhide that forces the package to build on all current architectures (rather than any arbitrary architecture, as would be normal for a noarch package): $ koji build --scratch --arch-override='x86_64 i686 ppc64le s390x aarch64' f37 rubygem-ast-tdl-0.0.2-1.fc34.src.rpm https://koji.fedoraproject.org/koji/taskinfo?taskID=88654518 Normally I wouldn’t ask for that on a noarch package review, although there are indeed some cases where it could find a problem. > 4) Packaged does not seem to preserve timestamps, but this maybe common with > Rubygems I didn’t notice this; thanks. Once the gem is built and %gem_installed in %build, the installation in %install uses “cp -a”, which does preserve timestamps—it’s just the original source timestamps were lost in %build. I think this is OK since the package follows the templates in the Ruby packaging guidelines.
> The documentation subpackage contains bundled fonts and JavaScript. You could possibly handle the JavaScript in accordance with <...snip..> I am afraid that that has been a known problem for some time: https://bugzilla.redhat.com/show_bug.cgi?id=1224715 In Ruby, we have opted for providing generated documentation at the expense of bundling fonts and JS, so please, don't remove documentation files from the package.
(In reply to Jarek Prokop from comment #6) > > The documentation subpackage contains bundled fonts and JavaScript. You could possibly handle the JavaScript in accordance with <...snip..> > > I am afraid that that has been a known problem for some time: > https://bugzilla.redhat.com/show_bug.cgi?id=1224715 > > In Ruby, we have opted for providing generated documentation at the expense > of bundling fonts and JS, so please, don't remove documentation files from > the package. At the same time, based on bug 2006555 and the linked “packaging” mailing list discussion, the latest consensus is that HTML documentation generated by Sphinx or Doxygen doesn’t appear to be suitable for packaging for similar reasons. A significant number of Fedora community members seem to feel quite strongly that these particular bundling rules should be inviolable, and supersede anything in language-specific guidelines that might seem to provide an exception. You can also see this in the discussion the last few times the NodeJS packaging guidelines have come up on the “devel” mailing list. I’m not personally committing to one side or the other at the moment, just pointing out that the matter is significantly controversial. At some point, I think we (Fedora) are going to have to clarify the situation, and either commit to an outright ban on this kind of documentation or explicitly approve a set of rules for handling it properly. However, I’m not really prepared to personally touch off that particular powder keg at the moment. Instead, with apologies, I’m going to elect to step back from this review.
Thanks for working on this. Some efforts are underway to improve the documentation generation for Ruby packages.
Ruby mailing list indicates some efforts underway to unbundle fonts.