Spec URL: https://jjelen.fedorapeople.org/python-tpm2-pytss.spec SRPM URL: https://jjelen.fedorapeople.org/python-tpm2-pytss-1.2.0-1.fc38.src.rpm Description: TPM 2.0 TSS Bindings for Python Fedora Account System Username: jjelen
There is a copr repository with the builds for all fedora versions: https://copr.fedorainfracloud.org/coprs/jjelen/python-tpm2-pytss/monitor/ This is my first python package so any guidance would be welcomed.
> License: BSD New packages are required to sue the SPDX license identifiers. See https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ > This is my first python package so any guidance would be welcomed. Any chance you created it with pyp2rpm? it has much-outdated badness that seems to be very much like pyp2rpm. Any chance you could start at https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_example_spec_file instead? Anyway, here they are: > Source0: %{pypi_source} > Patch0: python-tpm2-pytss-1.2.0-openssl.patch In Fedora, there is no reason to number the patches and sources. The spec also mixes tabs and spaces here. The %{pypi_source} macro without the name argument is deprecated. > %{?python_provide:%python_provide python3-%{pypi_name}} This macro is deprecated and SHOULD not be used. > Requires: python3-asn1crypto > Requires: python3-cffi > Requires: python3-cryptography > Requires: python3-pkgconfig Python runtime dependencies are autogenerated and MUST not be repeated manually. The package already requires: python3.11dist(asn1crypto) python3.11dist(cffi) >= 1 python3.11dist(cryptography) >= 3 python3.11dist(packaging) python3.11dist(pyyaml) > Requires: %{name}%{?_isa} = %{version}-%{release} This is a dependency on a package that is not built, but it is met by the very same package, as it provides python-tpm2-pytss = 1.2.0-1.fc38. In other words, this is entirely redundant and a bit obfuscated slefdependency. > # Remove bundled egg-info > rm -rf %{pypi_name}.egg-info This is not needed. > %pyproject_wheel This macro is not supported without %pyproject_buildrequires. > # tests are very dependent on the python/openssl versions and fail at various places All of them? ------ Personal opinions: I recommend using %pyproject_save_files a lot -- it allows you to use %{pyproject_files} in %files, and %pyproject_check_import. I consider the %pypi_name, %_name and %name combo really hard to read. have you considered not defining such macros and literally spelling the name in the spec where needed? Same for %pypi_version which is defined and only used once to define %version.
s/sue/use/
> BuildRequires: python3-codecov > BuildRequires: python3-coverage > BuildRequires: python3-pytest-cov Such dependencies are highly discouraged, see https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_linters Many fo the other BuildRequires seem like they are only required for tests, but tests do not run in %check, hence they might not be needed.
(In reply to Miro Hrončok from comment #2) > > License: BSD > > New packages are required to sue the SPDX license identifiers. See > https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ Thanks! Its some time since I was creating a new package so I probably missed the announcement. > > This is my first python package so any guidance would be welcomed. > > Any chance you created it with pyp2rpm? it has much-outdated badness that > seems to be very much like pyp2rpm. Any chance you could start at > https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/ > #_example_spec_file instead? I started from the copr build that was probably created by that tool some time ago: https://bugzilla.redhat.com/show_bug.cgi?id=2064490#c4 > Anyway, here they are: > > > Source0: %{pypi_source} > > Patch0: python-tpm2-pytss-1.2.0-openssl.patch > > In Fedora, there is no reason to number the patches and sources. > The spec also mixes tabs and spaces here. > The %{pypi_source} macro without the name argument is deprecated. Thanks, fixed. > > %{?python_provide:%python_provide python3-%{pypi_name}} > > This macro is deprecated and SHOULD not be used. Thanks, removed. > > Requires: python3-asn1crypto > > Requires: python3-cffi > > Requires: python3-cryptography > > Requires: python3-pkgconfig > > Python runtime dependencies are autogenerated and MUST not be repeated > manually. > The package already requires: > > python3.11dist(asn1crypto) > python3.11dist(cffi) >= 1 > python3.11dist(cryptography) >= 3 > python3.11dist(packaging) > python3.11dist(pyyaml) Thanks, removed. > > Requires: %{name}%{?_isa} = %{version}-%{release} > > This is a dependency on a package that is not built, but it is met by the > very same package, as it provides python-tpm2-pytss = 1.2.0-1.fc38. In other > words, this is entirely redundant and a bit obfuscated slefdependency. Removed as well. > > # Remove bundled egg-info > > rm -rf %{pypi_name}.egg-info > > This is not needed. Removed as well. > > %pyproject_wheel > > This macro is not supported without %pyproject_buildrequires. Added. > > # tests are very dependent on the python/openssl versions and fail at various places > > All of them? Yeah, that was just me being too lazy to exclude them properly after seeing different results on Fedora 35 and rawhide as they take 15 minutes to execute. It looks good now on Fedora 36, but rawhide still fails. I will try to investigate it again. > ------ > > Personal opinions: > > I recommend using %pyproject_save_files a lot -- it allows you to use > %{pyproject_files} in %files, and %pyproject_check_import. Thanks. This looks like it makes the stuff simpler. > I consider the %pypi_name, %_name and %name combo really hard to read. have > you considered not defining such macros and literally spelling the name in > the spec where needed? Same for %pypi_version which is defined and only used > once to define %version. Thanks. I removed the %pypi_version. I still find the names useful as they need to be written on several places and it is super-easy to swap them. > > BuildRequires: python3-codecov > > BuildRequires: python3-coverage > > BuildRequires: python3-pytest-cov > > Such dependencies are highly discouraged, see https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_linters Thanks. Removed that too. > Many fo the other BuildRequires seem like they are only required for tests, but tests do not run in %check, hence they might not be needed. I will try to enable the tests. Anyway, updated the spec file and SRPM in here: Spec URL: https://jjelen.fedorapeople.org/python-tpm2-pytss.spec SRPM URL: https://jjelen.fedorapeople.org/python-tpm2-pytss-1.2.0-1.fc38.src.rpm
Is it possible to do? %py3_check_import %{_name} -> %pyproject_check_import It's simpler and it also imports all "public" submodules. About the BuildRequuires: The following runtime requirements are now generated by %pyproject_buildrequires and MUST not be repeated manually: BuildRequires: python3-asn1crypto BuildRequires: python3-cffi >= 1 BuildRequires: python3-cryptography The following build requirements are now generated by %pyproject_buildrequires and MUST not be repeated manually: BuildRequires: python3-pkgconfig BuildRequires: python3-setuptools_scm BuildRequires: python3-wheel BuildRequires: python3-pip BuildRequires: python3-setuptools BuildRequires: python3-setuptools_scm+toml The following BuildRequires seem like they are needed to build the docs, which you don't (and I don't recommend doing it anyway), so they are most likely redundant: BuildRequires: python3-docutils BuildRequires: python3-myst-parser BuildRequires: python3-sphinx The following BuildRequires seem odd, why are they needed?: BuildRequires: python3-build The following BuildRequires are justified for tests but are definitively not needed unless you use %tox, which you don't: BuildRequires: python3-tox-current-env And if you want to use %tox, add -t to %pyproject_buildrequires instead, please.
Thanks for comments. Updated the links above with new spec file and sprms: Spec URL: https://jjelen.fedorapeople.org/python-tpm2-pytss.spec SRPM URL: https://jjelen.fedorapeople.org/python-tpm2-pytss-1.2.0-1.fc38.src.rpm the current version is also built in the copr: https://copr.fedorainfracloud.org/coprs/jjelen/python-tpm2-pytss/monitor/
One more thing that crossed my mind is that this requires pytest-xdist, but does not run tests in parallel. The tests seem to run for a while, have you considered adding -n %{_smp_build_ncpus} to %pytest? Does it work that way, does it make the tests run faster? Anyway, that is a cosmetic thing, not a blocker. Running Fedora-Review now.
Package Review ============== Package APPROVED. Please consider adding -n %{_smp_build_ncpus} to %pytest, if it helps. Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== MUST items ===== C/C++: [-]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files are Python extension modules, not traditional libraries. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* BSD 2-Clause License", "*No copyright* [generated file]", "BSD 2-Clause License". [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [x]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [-]: Fully versioned dependency in subpackages if applicable. [?]: Package functions as described. [?]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [?]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [?]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- ============================ rpmlint session starts ============================ rpmlint: 2.2.0 configuration: /usr/lib/python3.10/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 3 2 packages and 1 specfiles checked; 0 errors, 0 warnings, 0 badness; has taken 1.5 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 2 python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so _Py_NoneStruct (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyObject_CallMethod (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyEval_RestoreThread (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so _Py_Dealloc (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyObject_Malloc (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyObject_Free (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyLong_FromLong (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyLong_FromVoidPtr (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyArg_UnpackTuple (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyErr_Occurred (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyImport_ImportModule (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) python3-tpm2-pytss.x86_64: W: undefined-non-weak-symbol /usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so PyEval_SaveThread (/usr/lib64/python3.11/site-packages/tpm2_pytss/_libtpm2_pytss.abi3.so) 2 packages and 0 specfiles checked; 0 errors, 12 warnings, 0 badness; has taken 0.3 s This looks like a false positive, related to https://github.com/rpm-software-management/rpmlint/issues/864 but the fix in rpmlint does not work for the abi3 suffix. Source checksums ---------------- https://files.pythonhosted.org/packages/source/t/tpm2-pytss/tpm2-pytss-1.2.0.tar.gz : CHECKSUM(SHA256) this package : 3a05964e3723dd0778752682c18f9fb914292d2167e3ef68d7590f47d9fc6b9e CHECKSUM(SHA256) upstream package : 3a05964e3723dd0778752682c18f9fb914292d2167e3ef68d7590f47d9fc6b9e BuildRequires ------------- (python3dist(toml) if python3-devel < 3.11) gcc pyproject-rpm-macros python3-devel python3-pytest python3-pytest-xdist python3dist(asn1crypto) python3dist(cffi) >= 1 python3dist(cryptography) >= 3 python3dist(packaging) python3dist(pip) >= 19 python3dist(pkgconfig) python3dist(pycparser) python3dist(pyyaml) python3dist(setuptools) >= 44 python3dist(setuptools-scm) >= 3.4.3 python3dist(setuptools-scm[toml]) >= 3.4.3 python3dist(wheel) swtpm tpm2-tools tpm2-tss-devel >= 2.0.0 Requires -------- python3-tpm2-pytss (rpmlib, GLIBC filtered): libc.so.6()(64bit) libtss2-esys.so.0()(64bit) libtss2-fapi.so.1()(64bit) libtss2-mu.so.0()(64bit) libtss2-rc.so.0()(64bit) libtss2-tctildr.so.0()(64bit) python(abi) = 3.11 python3.11dist(asn1crypto) python3.11dist(cffi) >= 1 python3.11dist(cryptography) >= 3 python3.11dist(packaging) python3.11dist(pyyaml) rtld(GNU_HASH) Provides -------- python3-tpm2-pytss: python-tpm2-pytss = 1.2.0-1.fc38 python3-tpm2-pytss = 1.2.0-1.fc38 python3-tpm2-pytss(x86-64) = 1.2.0-1.fc38 python3.11-tpm2-pytss = 1.2.0-1.fc38 python3.11dist(tpm2-pytss) = 1.2 python3dist(tpm2-pytss) = 1.2 Generated by fedora-review 0.7.0 (fed5495) last change: 2019-03-17 Command line :try-fedora-review -b 2135713 -m fedora-rawhide-x86_64 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, Python Disabled plugins: Haskell, R, Java, SugarActivity, Perl, Ruby, Ocaml, PHP, C/C++, fonts Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
> Package APPROVED. Please consider adding -n %{_smp_build_ncpus} to %pytest, if it helps. Thanks for suggestion. It improves the test time significantly and does not look like causing any issues so I will use that: > ================== 513 passed, 7 skipped in 116.64s (0:01:56) ==================
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/python-tpm2-pytss
FEDORA-2022-8454806c89 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-8454806c89
FEDORA-2022-8454806c89 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-8454806c89 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-8454806c89 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-8454806c89 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.