Spec URL: https://jonathanspw.fedorapeople.org/basez.spec SRPM URL: https://jonathanspw.fedorapeople.org/basez-1.6.2-1.fc37.src.rpm Description: BaseZ encodes/decodes base16, base32, base32hex, base64 or base64url data stream per RFC 4648; MIME base64 Content-Transfer-Encoding per RFC 2045; or PEM Printable Encoding per RFC 1421. This binary package provides a list of commands: basez hex unhex base16 base32plain base32hex base64plain base64url base64mime base64pem base32/64 are OMITTED from this package since coreutils provides them. Fedora Account System Username: jonathanspw
Scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=90365627
THIS IS AN UNOFFICIAL REVIEW: The following will possibly need to be adressed Issues: ======= - Sources used to build the package match the upstream source, as provided in the spec URL. Note: Upstream MD5sum check error, diff is in /home/skbutt/review/review- basez/diff.txt See: https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ --- /home/skbutt/review/review-basez/upstream-unpacked/Source1/README 2022-08-01 21:32:40.020931501 -0400 +++ /home/skbutt/review/review-basez/srpm-unpacked/README-extract/README 2022-08-01 21:32:40.053931910 -0400 @@ -104,2 +104,3 @@ under the terms of the Creative Commons Attribution-ShareAlike 3.0 license, or a later version. Since the README already exists, you may need to Patch this as well. Hence the diff error. [!]: Spec file according to URL is the same as in SRPM. Note: Bad spec filename: /home/skbutt/review/review-basez/srpm- unpacked/basez.spec See: (this test has no URL)
Unoffical Review: It may also be helpful to update the license information in the spec file, since the README indicates: The BaseZ package: GPLv3+ Documentation files: GPLv3+ or CC-BY-SA-3.0+ Core files: 2-clause BSD
Thanks for the suggestions. Spec URL: https://jonathanspw.fedorapeople.org/basez.spec SRPM URL: https://jonathanspw.fedorapeople.org/basez-1.6.2-2.fc37.src.rpm Would one of you be so kind as to do an official review?
Since im not part of the Official Packagers Group i can only do an Unofficial Review. Hopefully this helps speed up the review process; someone should pick this up soon.
Now a packager. Thanks for your comments Salman. Review: Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "FSF All Permissive License", "Creative Commons Attribution- ShareAlike 3.0 GNU General Public License v3.0 or later", "BSD 2-Clause License Creative Commons Attribution-ShareAlike 3.0 GNU General Public License v3.0 or later", "GNU General Public License v3.0 or later", "Unknown or generated", "BSD 2-Clause License", "*No copyright* [generated file]", "*No copyright* GNU General Public License, Version 3". 26 files have unknown license. Detailed output of licensecheck in /home/FedoraPackaging/basez/2113075-basez/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 71680 bytes in 2 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [!]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- Cannot parse rpmlint output: Source checksums ---------------- http://www.quarkline.net/basez//download/README : CHECKSUM(SHA256) this package : eca6a59c53abc1402c3aa7a07bd431638dee87280147a1c024edacd6021e61e7 CHECKSUM(SHA256) upstream package : eca6a59c53abc1402c3aa7a07bd431638dee87280147a1c024edacd6021e61e7 http://www.quarkline.net/basez//download/basez-1.6.2.tar.gz : CHECKSUM(SHA256) this package : 2a9f821488791c2763ef0120c75c43dc83dd16567b7c416f30331889fd598937 CHECKSUM(SHA256) upstream package : 2a9f821488791c2763ef0120c75c43dc83dd16567b7c416f30331889fd598937 Requires -------- basez (rpmlib, GLIBC filtered): libc.so.6()(64bit) rtld(GNU_HASH) basez-debuginfo (rpmlib, GLIBC filtered): basez-debugsource (rpmlib, GLIBC filtered): Provides -------- basez: basez basez(x86-64) basez-debuginfo: basez-debuginfo basez-debuginfo(x86-64) debuginfo(build-id) basez-debugsource: basez-debugsource basez-debugsource(x86-64) Generated by fedora-review 0.8.0 (e988316) last change: 2022-04-07 Command line :/usr/bin/fedora-review -b 2113075 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, C/C++, Shell-api Disabled plugins: Java, Python, SugarActivity, Ocaml, PHP, R, Haskell, fonts, Perl Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH $ rpmlint basez-1.6.2-2.fc37.x86_64.rpm/ ============================ rpmlint session starts ============================ rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 0 packages and 0 specfiles checked; 0 errors, 0 warnings, 0 badness; has taken 0.2 s $ rpmlint basez-debuginfo-1.6.2-2.fc37.x86_64.rpm/ ============================ rpmlint session starts ============================ rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 0 packages and 0 specfiles checked; 0 errors, 0 warnings, 0 badness; has taken 0.1 s $ rpmlint basez-debugsource-1.6.2-2.fc37.x86_64.rpm/ ============================ rpmlint session starts ============================ rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 0 packages and 0 specfiles checked; 0 errors, 0 warnings, 0 badness; has taken 0.1 s Comments: a) Changelog is under FSFAP (https://spdx.org/licenses/FSFAP.html https://docs.fedoraproject.org/en-US/legal/allowed-licenses/), though this is not packaged. It may be helpful to package this in the documentation. b) Signature is available at http://www.quarkline.net/basez/download/
Fixed both items. Spec URL: https://jonathanspw.fedorapeople.org/basez.spec SRPM URL: https://jonathanspw.fedorapeople.org/basez-1.6.2-2.fc37.src.rpm
Thanks for the updates. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "FSF All Permissive License", "Creative Commons Attribution- ShareAlike 3.0 GNU General Public License v3.0 or later", "BSD 2-Clause License Creative Commons Attribution-ShareAlike 3.0 GNU General Public License v3.0 or later", "GNU General Public License v3.0 or later", "Unknown or generated", "BSD 2-Clause License", "*No copyright* [generated file]", "*No copyright* GNU General Public License, Version 3". 26 files have unknown license. Detailed output of licensecheck in /home/FedoraPackaging/basez/2113075-basez/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [!]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: Source 1 is not passed to gpgverify. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- Cannot parse rpmlint output: Source checksums ---------------- http://www.quarkline.net/basez//download/GPG-KEY : CHECKSUM(SHA256) this package : 5023ed12e3fd7e8393c171669cb921069ef11db15f683aaa0e191cea9225cbfb CHECKSUM(SHA256) upstream package : 5023ed12e3fd7e8393c171669cb921069ef11db15f683aaa0e191cea9225cbfb http://www.quarkline.net/basez//download/basez-1.6.2.tar.gz.sig : CHECKSUM(SHA256) this package : ca60e558a2ebfb47fe2063ea380ee958f8b8be65ef7d7bb0320586b6878575a7 CHECKSUM(SHA256) upstream package : ca60e558a2ebfb47fe2063ea380ee958f8b8be65ef7d7bb0320586b6878575a7 http://www.quarkline.net/basez//download/README : CHECKSUM(SHA256) this package : eca6a59c53abc1402c3aa7a07bd431638dee87280147a1c024edacd6021e61e7 CHECKSUM(SHA256) upstream package : eca6a59c53abc1402c3aa7a07bd431638dee87280147a1c024edacd6021e61e7 http://www.quarkline.net/basez//download/basez-1.6.2.tar.gz : CHECKSUM(SHA256) this package : 2a9f821488791c2763ef0120c75c43dc83dd16567b7c416f30331889fd598937 CHECKSUM(SHA256) upstream package : 2a9f821488791c2763ef0120c75c43dc83dd16567b7c416f30331889fd598937 Requires -------- basez (rpmlib, GLIBC filtered): libc.so.6()(64bit) rtld(GNU_HASH) basez-debuginfo (rpmlib, GLIBC filtered): basez-debugsource (rpmlib, GLIBC filtered): Provides -------- basez: basez basez(x86-64) basez-debuginfo: basez-debuginfo basez-debuginfo(x86-64) debuginfo(build-id) basez-debugsource: basez-debugsource basez-debugsource(x86-64) Generated by fedora-review 0.8.0 (e988316) last change: 2022-04-07 Command line :/usr/bin/fedora-review -b 2113075 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: R, Perl, PHP, Haskell, fonts, Ocaml, Python, SugarActivity, Java Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH $ rpmlint basez-1.6.2-2.fc37.src.rpm ========================================= rpmlint session starts ======================================== rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 basez.spec:37: E: rpm-buildroot-usage %prep mkdir -p %{buildroot}/%{_docdir}/%{name} basez.spec:38: E: rpm-buildroot-usage %prep cp -a ChangeLog %{buildroot}/%{_docdir}/%{name}/ basez.src: W: invalid-license GPL-3.0-or-later basez.src: W: invalid-license CC-BY-3.0-US basez.src: W: invalid-license BSD-2-Clause ========== 1 packages and 0 specfiles checked; 2 errors, 3 warnings, 2 badness; has taken 1.6 s ========= $ rpmlint basez-1.6.2-2.fc37.x86_64.rpm ========================================= rpmlint session starts ======================================== rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 basez.x86_64: W: invalid-license GPL-3.0-or-later basez.x86_64: W: invalid-license CC-BY-3.0-US basez.x86_64: W: invalid-license BSD-2-Clause ========= 1 packages and 0 specfiles checked; 0 errors, 3 warnings, 0 badness; has taken 12.1 s ========= $ rpmlint basez-debuginfo-1.6.2-2.fc37.x86_64.rpm ========================================= rpmlint session starts ======================================== rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 basez-debuginfo.x86_64: W: unstripped-binary-or-object /usr/lib/debug/usr/bin/basez-1.6.2-2.fc37.x86_64.debug basez-debuginfo.x86_64: E: shared-library-without-dependency-information /usr/lib/debug/usr/bin/basez-1.6.2-2.fc37.x86_64.debug basez-debuginfo.x86_64: W: no-documentation basez-debuginfo.x86_64: W: invalid-license GPL-3.0-or-later basez-debuginfo.x86_64: W: invalid-license CC-BY-3.0-US basez-debuginfo.x86_64: W: invalid-license BSD-2-Clause basez-debuginfo.x86_64: W: dangling-relative-symlink /usr/lib/debug/.build-id/b8/0284d50b79cde51e1efd9bf5fa9d3764d45bce ../../../.build-id/b8/0284d50b79cde51e1efd9bf5fa9d3764d45bce ========== 1 packages and 0 specfiles checked; 1 errors, 6 warnings, 1 badness; has taken 0.5 s ========= $ rpmlint basez-debugsource-1.6.2-2.fc37.x86_64.rpm ========================================= rpmlint session starts ======================================== rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 basez-debugsource.x86_64: W: no-documentation basez-debugsource.x86_64: W: invalid-license GPL-3.0-or-later basez-debugsource.x86_64: W: invalid-license CC-BY-3.0-US basez-debugsource.x86_64: W: invalid-license BSD-2-Clause ========== 1 packages and 0 specfiles checked; 0 errors, 4 warnings, 0 badness; has taken 0.4 s ========= Comments: a) Update last line of changelog 1.6.2-2 to 1.6.2-1 b) It may be helpful to also add a copy of the FSFAP license in the changelog to the licenses directory. c) Not sure why getting license identifiers errors, they seem to match https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ and https://spdx.org/licenses/ d) Are the lines mkdir -p %{buildroot}/%{_docdir}/%{name} cp -a ChangeLog %{buildroot}/%{_docdir}/%{name}/ install -p %{SOURCE1} -t %{buildroot}%{_datadir}/doc/%{name}/ required? What happens if you add %doc README ChangeLog e) Are the lines # sent this patch to upstream. patch built for 1.6.2. Patch0: add_disable_hex_opt.patch still required? f) Seemed to build with most of these changes https://copr.fedorainfracloud.org/coprs/fed500/basez/build/4717951/ g) Probably with above can approve - h) For my own knowledge, why use 2%{?dist} in the release field rather than 1%{?dist} - https://docs.fedoraproject.org/en-US/packaging-guidelines/DistTag/
License warnings occur for other packages as well https://bugzilla.redhat.com/show_bug.cgi?id=2112474
> a) Update last line of changelog 1.6.2-2 to 1.6.2-1 I'll build it using "-1" in the final build. I incremented here just to differentiate my changes. > b) It may be helpful to also add a copy of the FSFAP license in the > changelog to the licenses directory. The changelog is not currently installed anywhere. I'll package it and add FSFAP. > c) Not sure why getting license identifiers errors, they seem to match > https://docs.fedoraproject.org/en-US/packaging-guidelines/ > LicensingGuidelines/ and https://spdx.org/licenses/ The license checker flags all the SPDX licenses right now. > d) Are the lines > mkdir -p %{buildroot}/%{_docdir}/%{name} > cp -a ChangeLog %{buildroot}/%{_docdir}/%{name}/ > install -p %{SOURCE1} -t %{buildroot}%{_datadir}/doc/%{name}/ > required? > What happens if you add > %doc README ChangeLog It will yield duplicate file listings in rpmlint. That's the only reason I swapped to this method. ie: RPM build warnings: File listed twice: /usr/share/doc/basez Do you happen to know if it's preferable to ignore these warnings and use %doc ? > e) Are the lines > # sent this patch to upstream. patch built for 1.6.2. > Patch0: add_disable_hex_opt.patch > still required? Yes. This patch is what makes the `--disable-hex-command` build flag work. > f) Seemed to build with most of these changes > https://copr.fedorainfracloud.org/coprs/fed500/basez/build/4717951/ > g) Probably with above can approve - > h) For my own knowledge, why use 2%{?dist} in the release field rather than > 1%{?dist} - > https://docs.fedoraproject.org/en-US/packaging-guidelines/DistTag/ See above. Just for incrementing changes here in the review. Will be -1 in release.
Using %doc is a little clearer, this is an opinion though. The following seemed to work: https://download.copr.fedorainfracloud.org/results/fed500/basez/fedora-rawhide-x86_64/04725914-basez/basez.spec Let me know once final version is ready.
Spec URL: https://jonathanspw.fedorapeople.org/basez.spec SRPM URL: https://jonathanspw.fedorapeople.org/basez-1.6.2-2.fc37.src.rpm
Almost there. The spec file seems to have mkdir -p %{buildroot}/%{_docdir}/%{name} cp -a ChangeLog %{buildroot}/%{_docdir}/%{name}/ which are not required and give the following errors when running rpmlint: basez.spec:37: E: rpm-buildroot-usage %prep mkdir -p %{buildroot}/%{_docdir}/%{name} basez.spec:38: E: rpm-buildroot-usage %prep cp -a ChangeLog %{buildroot}/%{_docdir}/%{name}/ adding %doc ChangeLog README allows you to remove these Please also ensure that the same spec file is packaged with the srcrpm as you put online.
Spec URL: https://jonathanspw.fedorapeople.org/basez.spec SRPM URL: https://jonathanspw.fedorapeople.org/basez-1.6.2-2.fc38.src.rpm
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "FSF All Permissive License", "Creative Commons Attribution- ShareAlike 3.0 GNU General Public License v3.0 or later", "BSD 2-Clause License Creative Commons Attribution-ShareAlike 3.0 GNU General Public License v3.0 or later", "GNU General Public License v3.0 or later", "Unknown or generated", "BSD 2-Clause License", "*No copyright* [generated file]", "*No copyright* GNU General Public License, Version 3". 26 files have unknown license. Detailed output of licensecheck in /home/FedoraPackaging/basez/2113075-basez/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 2 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: Source 1 is not passed to gpgverify. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- Cannot parse rpmlint output: Source checksums ---------------- http://www.quarkline.net/basez//download/GPG-KEY : CHECKSUM(SHA256) this package : 5023ed12e3fd7e8393c171669cb921069ef11db15f683aaa0e191cea9225cbfb CHECKSUM(SHA256) upstream package : 5023ed12e3fd7e8393c171669cb921069ef11db15f683aaa0e191cea9225cbfb http://www.quarkline.net/basez//download/basez-1.6.2.tar.gz.sig : CHECKSUM(SHA256) this package : ca60e558a2ebfb47fe2063ea380ee958f8b8be65ef7d7bb0320586b6878575a7 CHECKSUM(SHA256) upstream package : ca60e558a2ebfb47fe2063ea380ee958f8b8be65ef7d7bb0320586b6878575a7 http://www.quarkline.net/basez//download/README : CHECKSUM(SHA256) this package : eca6a59c53abc1402c3aa7a07bd431638dee87280147a1c024edacd6021e61e7 CHECKSUM(SHA256) upstream package : eca6a59c53abc1402c3aa7a07bd431638dee87280147a1c024edacd6021e61e7 http://www.quarkline.net/basez//download/basez-1.6.2.tar.gz : CHECKSUM(SHA256) this package : 2a9f821488791c2763ef0120c75c43dc83dd16567b7c416f30331889fd598937 CHECKSUM(SHA256) upstream package : 2a9f821488791c2763ef0120c75c43dc83dd16567b7c416f30331889fd598937 Requires -------- basez (rpmlib, GLIBC filtered): libc.so.6()(64bit) rtld(GNU_HASH) basez-debuginfo (rpmlib, GLIBC filtered): basez-debugsource (rpmlib, GLIBC filtered): Provides -------- basez: basez basez(x86-64) basez-debuginfo: basez-debuginfo basez-debuginfo(x86-64) debuginfo(build-id) basez-debugsource: basez-debugsource basez-debugsource(x86-64) Generated by fedora-review 0.8.0 (e988316) last change: 2022-04-07 Command line :/usr/bin/fedora-review -b 2113075 Buildroot used: fedora-rawhide-x86_64 Active plugins: C/C++, Generic, Shell-api Disabled plugins: Python, PHP, Java, Haskell, R, Ocaml, fonts, Perl, SugarActivity Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH Comments: a) Approved
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/basez