Spec URL: https://git.remirepo.net/cgit/rpms/lib/rnp.git/plain/rnp.spec?id=2b474395f763f9e6e6f2cc4aa254c5456f7cb0cf SRPM URL: https://rpms.remirepo.net/SRPMS/rnp-0.16.2-2.remi.src.rpm Description: RNP is a set of OpenPGP (RFC4880) tools. Fedora Account System Username: remi
Spec: https://git.remirepo.net/cgit/rpms/lib/rnp.git/plain/rnp.spec SRPM: https://rpms.remirepo.net/SRPMS/rnp-0.16.2-2.remi.src.rpm
Scratch builds: Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=93523776 EPEL-9: https://koji.fedoraproject.org/koji/taskinfo?taskID=93523743
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [?]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [?]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "BSD 2-Clause License", "*No copyright* Public domain", "BSD 2-clause NetBSD License BSD 2-Clause License", "Boost Software License 1.0", "BSD 2-Clause License Apache License 2.0", "MIT License". 635 files have unknown license. Detailed output of licensecheck in /home/FedoraPackaging/reviews/rnp/review-rnp/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [!]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [?]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [?]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [?]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [?]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 1 files. [?]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [!]: Sources can be downloaded from URI in Source: tag Note: Could not download Source0: https://github.com/rnpgp/rnp/archive/refs/tags/v0.16.2.tar.gz See: https://docs.fedoraproject.org/en-US/packaging- guidelines/SourceURL/ [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in librnp [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [ ]: SourceX tarball generation or download is documented. Note: Package contains tarball without URL, check comments [!]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [?]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 5 rnp.x86_64: W: no-manual-page-for-binary rnp rnp.x86_64: W: no-manual-page-for-binary rnpkeys rnp.x86_64: W: no-documentation 5 packages and 0 specfiles checked; 0 errors, 3 warnings, 0 badness; has taken 4.5 s Requires -------- rnp (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libjson-c.so.5()(64bit) libjson-c.so.5(JSONC_0.14)(64bit) librnp(x86-64) librnp.so.0()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.5)(64bit) rtld(GNU_HASH) librnp (rpmlib, GLIBC filtered): libbotan-2.so.19()(64bit) libbz2.so.1()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libjson-c.so.5()(64bit) libjson-c.so.5(JSONC_0.14)(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libz.so.1()(64bit) rtld(GNU_HASH) librnp-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config cmake-filesystem(x86-64) librnp(x86-64) librnp.so.0()(64bit) rnp-debuginfo (rpmlib, GLIBC filtered): rnp-debugsource (rpmlib, GLIBC filtered): Provides -------- rnp: rnp rnp(x86-64) librnp: librnp librnp(x86-64) librnp.so.0()(64bit) librnp-devel: cmake(rnp) librnp-devel librnp-devel(x86-64) pkgconfig(librnp) rnp-debuginfo: debuginfo(build-id) rnp-debuginfo rnp-debuginfo(x86-64) rnp-debugsource: rnp-debugsource rnp-debugsource(x86-64) Generated by fedora-review 0.9.0 (6761b6c) last change: 2022-08-23 Command line :/usr/bin/fedora-review -n rnp Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic, C/C++ Disabled plugins: Java, Python, fonts, Ocaml, Perl, PHP, Ruby, R, Haskell, SugarActivity Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH Comments: a) Signatures and sha256sum are available upstream: https://github.com/rnpgp/rnp/releases Can they be used for verification? b) Please add a license breakdown in the spec file c) The license for OCB use probably needs a check from legal d) Perhaps change: Source0: https://github.com/rnpgp/rnp/archive/refs/tags/v%{version}.tar.gz to Source0: %{url}/archive//v%{version}/%{name}-%{version}.tar.gz e) There is https://packages.fedoraproject.org/pkgs/thunderbird/thunderbird-librnp-rnp/ could this be replaced by the librnp built here?
> a) Signatures and sha256sum are available upstream: Done > b) Please add a license breakdown in the spec file This is a mess, and don't want to list all "files" per license A simple ref to LICENSE.md should be enough > d) Perhaps change: github URI are the worst thing I ever see... terrible mess Definitively I hate github (and will never understand why using it.... not serious...) Changes done in https://git.remirepo.net/cgit/rpms/lib/rnp.git/commit/?id=27243de3f527870861632096d49c676daa64f5fe Will wait for legal answer about https://github.com/rnpgp/rnp/blob/master/LICENSE-OCB.md
License breakdown obtained from Fedora Review is below. Removed some CMake files which would not be packaged. Other files which are not packaged and not used in the build can be removed from the listing. Possibly the examples can be packaged as documentation with the devel package? *No copyright* Public domain ---------------------------- rnp-0.16.2/LICENSE-OCB.md BSD 2-Clause License -------------------- rnp-0.16.2/include/rekey/rnp_key_store.h rnp-0.16.2/include/repgp/repgp_def.h rnp-0.16.2/include/rnp.h rnp-0.16.2/include/rnp/rnp.h rnp-0.16.2/include/rnp/rnp_def.h rnp-0.16.2/include/rnp/rnp_err.h rnp-0.16.2/src/common/file-utils.cpp rnp-0.16.2/src/common/file-utils.h rnp-0.16.2/src/common/getoptwin.h rnp-0.16.2/src/common/str-utils.cpp rnp-0.16.2/src/common/str-utils.h rnp-0.16.2/src/common/time-utils.cpp rnp-0.16.2/src/common/time-utils.h rnp-0.16.2/src/common/uniwin.h rnp-0.16.2/src/examples/CMakeLists.txt rnp-0.16.2/src/examples/decrypt.c rnp-0.16.2/src/examples/dump.c rnp-0.16.2/src/examples/encrypt.c rnp-0.16.2/src/examples/generate.c rnp-0.16.2/src/examples/sign.c rnp-0.16.2/src/examples/verify.c rnp-0.16.2/src/fuzzing/CMakeLists.txt rnp-0.16.2/src/fuzzing/dump.c rnp-0.16.2/src/fuzzing/keyimport.c rnp-0.16.2/src/fuzzing/keyring.c rnp-0.16.2/src/fuzzing/keyring_g10.cpp rnp-0.16.2/src/fuzzing/keyring_kbx.c rnp-0.16.2/src/fuzzing/sigimport.c rnp-0.16.2/src/fuzzing/verify.c rnp-0.16.2/src/fuzzing/verify_detached.c rnp-0.16.2/src/lib/CMakeLists.txt rnp-0.16.2/src/lib/config.h.in rnp-0.16.2/src/lib/crypto/backend_version.cpp rnp-0.16.2/src/lib/crypto/backend_version.h rnp-0.16.2/src/lib/crypto/bn.cpp rnp-0.16.2/src/lib/crypto/bn.h rnp-0.16.2/src/lib/crypto/bn_ossl.cpp rnp-0.16.2/src/lib/crypto/cipher.cpp rnp-0.16.2/src/lib/crypto/cipher.hpp rnp-0.16.2/src/lib/crypto/cipher_botan.cpp rnp-0.16.2/src/lib/crypto/cipher_botan.hpp rnp-0.16.2/src/lib/crypto/cipher_ossl.cpp rnp-0.16.2/src/lib/crypto/cipher_ossl.hpp rnp-0.16.2/src/lib/crypto/common.h rnp-0.16.2/src/lib/crypto/dl_ossl.cpp rnp-0.16.2/src/lib/crypto/dl_ossl.h rnp-0.16.2/src/lib/crypto/dsa.h rnp-0.16.2/src/lib/crypto/dsa_ossl.cpp rnp-0.16.2/src/lib/crypto/ec.cpp rnp-0.16.2/src/lib/crypto/ec.h rnp-0.16.2/src/lib/crypto/ec_curves.cpp rnp-0.16.2/src/lib/crypto/ec_ossl.cpp rnp-0.16.2/src/lib/crypto/ec_ossl.h rnp-0.16.2/src/lib/crypto/ecdh.cpp rnp-0.16.2/src/lib/crypto/ecdh.h rnp-0.16.2/src/lib/crypto/ecdh_ossl.cpp rnp-0.16.2/src/lib/crypto/ecdh_utils.cpp rnp-0.16.2/src/lib/crypto/ecdh_utils.h rnp-0.16.2/src/lib/crypto/ecdsa.cpp rnp-0.16.2/src/lib/crypto/ecdsa.h rnp-0.16.2/src/lib/crypto/ecdsa_ossl.cpp rnp-0.16.2/src/lib/crypto/eddsa.cpp rnp-0.16.2/src/lib/crypto/eddsa.h rnp-0.16.2/src/lib/crypto/eddsa_ossl.cpp rnp-0.16.2/src/lib/crypto/elgamal.cpp rnp-0.16.2/src/lib/crypto/elgamal.h rnp-0.16.2/src/lib/crypto/elgamal_ossl.cpp rnp-0.16.2/src/lib/crypto/hash.cpp rnp-0.16.2/src/lib/crypto/hash.hpp rnp-0.16.2/src/lib/crypto/hash_botan.hpp rnp-0.16.2/src/lib/crypto/hash_common.cpp rnp-0.16.2/src/lib/crypto/hash_crc24.cpp rnp-0.16.2/src/lib/crypto/hash_crc24.hpp rnp-0.16.2/src/lib/crypto/hash_ossl.cpp rnp-0.16.2/src/lib/crypto/hash_ossl.hpp rnp-0.16.2/src/lib/crypto/hash_sha1cd.cpp rnp-0.16.2/src/lib/crypto/hash_sha1cd.hpp rnp-0.16.2/src/lib/crypto/mem.cpp rnp-0.16.2/src/lib/crypto/mem.h rnp-0.16.2/src/lib/crypto/mem_ossl.cpp rnp-0.16.2/src/lib/crypto/mpi.cpp rnp-0.16.2/src/lib/crypto/mpi.h rnp-0.16.2/src/lib/crypto/ossl_common.h rnp-0.16.2/src/lib/crypto/rng.cpp rnp-0.16.2/src/lib/crypto/rng.h rnp-0.16.2/src/lib/crypto/rng_ossl.cpp rnp-0.16.2/src/lib/crypto/rsa.h rnp-0.16.2/src/lib/crypto/rsa_ossl.cpp rnp-0.16.2/src/lib/crypto/s2k.cpp rnp-0.16.2/src/lib/crypto/s2k.h rnp-0.16.2/src/lib/crypto/s2k_ossl.cpp rnp-0.16.2/src/lib/crypto/signatures.cpp rnp-0.16.2/src/lib/crypto/signatures.h rnp-0.16.2/src/lib/crypto/sm2.cpp rnp-0.16.2/src/lib/crypto/sm2.h rnp-0.16.2/src/lib/crypto/sm2_ossl.cpp rnp-0.16.2/src/lib/crypto/symmetric_ossl.cpp rnp-0.16.2/src/lib/defaults.h rnp-0.16.2/src/lib/ffi-priv-types.h rnp-0.16.2/src/lib/fingerprint.cpp rnp-0.16.2/src/lib/fingerprint.h rnp-0.16.2/src/lib/generate-key.cpp rnp-0.16.2/src/lib/json-utils.cpp rnp-0.16.2/src/lib/json-utils.h rnp-0.16.2/src/lib/key-provider.cpp rnp-0.16.2/src/lib/key-provider.h rnp-0.16.2/src/lib/logging.cpp rnp-0.16.2/src/lib/logging.h rnp-0.16.2/src/lib/pass-provider.cpp rnp-0.16.2/src/lib/pass-provider.h rnp-0.16.2/src/lib/rnp.cpp rnp-0.16.2/src/lib/sec_profile.cpp rnp-0.16.2/src/lib/sec_profile.hpp rnp-0.16.2/src/lib/utils.cpp rnp-0.16.2/src/lib/utils.h rnp-0.16.2/src/lib/version.h.in rnp-0.16.2/src/librekey/g10_sexp.hpp rnp-0.16.2/src/librekey/kbx_blob.hpp rnp-0.16.2/src/librekey/key_store_g10.cpp rnp-0.16.2/src/librekey/key_store_g10.h rnp-0.16.2/src/librekey/key_store_kbx.cpp rnp-0.16.2/src/librekey/key_store_kbx.h rnp-0.16.2/src/librekey/rnp_key_store.cpp rnp-0.16.2/src/librepgp/stream-armor.cpp rnp-0.16.2/src/librepgp/stream-armor.h rnp-0.16.2/src/librepgp/stream-common.cpp rnp-0.16.2/src/librepgp/stream-common.h rnp-0.16.2/src/librepgp/stream-ctx.cpp rnp-0.16.2/src/librepgp/stream-ctx.h rnp-0.16.2/src/librepgp/stream-def.h rnp-0.16.2/src/librepgp/stream-dump.cpp rnp-0.16.2/src/librepgp/stream-dump.h rnp-0.16.2/src/librepgp/stream-key.cpp rnp-0.16.2/src/librepgp/stream-key.h rnp-0.16.2/src/librepgp/stream-packet.cpp rnp-0.16.2/src/librepgp/stream-packet.h rnp-0.16.2/src/librepgp/stream-parse.cpp rnp-0.16.2/src/librepgp/stream-parse.h rnp-0.16.2/src/librepgp/stream-sig.cpp rnp-0.16.2/src/librepgp/stream-sig.h rnp-0.16.2/src/librepgp/stream-write.cpp rnp-0.16.2/src/librepgp/stream-write.h rnp-0.16.2/src/rnp/CMakeLists.txt rnp-0.16.2/src/rnp/fficli.cpp rnp-0.16.2/src/rnp/fficli.h rnp-0.16.2/src/rnp/rnp.cpp rnp-0.16.2/src/rnp/rnpcfg.cpp rnp-0.16.2/src/rnp/rnpcfg.h rnp-0.16.2/src/rnpkeys/CMakeLists.txt rnp-0.16.2/src/rnpkeys/main.cpp rnp-0.16.2/src/rnpkeys/rnpkeys.cpp rnp-0.16.2/src/rnpkeys/tui.cpp BSD 2-Clause License Apache License 2.0 --------------------------------------- rnp-0.16.2/src/lib/crypto.cpp rnp-0.16.2/src/lib/crypto.h rnp-0.16.2/src/lib/crypto/symmetric.cpp rnp-0.16.2/src/lib/crypto/symmetric.h rnp-0.16.2/src/lib/pgp-key.cpp rnp-0.16.2/src/lib/pgp-key.h rnp-0.16.2/src/lib/types.h rnp-0.16.2/src/librekey/key_store_pgp.cpp rnp-0.16.2/src/librekey/key_store_pgp.h BSD 2-clause NetBSD License BSD 2-Clause License ------------------------------------------------ rnp-0.16.2/LICENSE.md rnp-0.16.2/src/lib/crypto/dsa.cpp rnp-0.16.2/src/lib/crypto/rsa.cpp Boost Software License 1.0 -------------------------- rnp-0.16.2/cmake/Modules/FindWindowsSDK.cmake MIT License ----------- rnp-0.16.2/src/lib/crypto/sha1cd/sha1.c rnp-0.16.2/src/lib/crypto/sha1cd/sha1.h rnp-0.16.2/src/lib/crypto/sha1cd/ubc_check.c rnp-0.16.2/src/lib/crypto/sha1cd/ubc_check.h
Related issue: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/92
(In reply to Remi Collet from comment #4) > Will wait for legal answer about > https://github.com/rnpgp/rnp/blob/master/LICENSE-OCB.md https://gitlab.com/fedora/legal/fedora-license-data/-/issues/92#note_1153084097
Licensing seems ok. Might it be possible to also add: BuildRequires: rubygem-asciidoctor this will build documentation as man pages
A heartfelt thank you @fedora @benson_muite @rfontana from the RNP team. We would be more than happy to incorporate any recommendations or suggestions directly upstream so as to simplify unnecessary processing. The LICENSE-OCB.md file used to provide documentation for users who had concerns with using OCB mode which was (back then) a patented mechanism, however, the OCB patents have since been abandoned. The patent owner Prof. Rogaway has stated here (https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/) that OCB patents are now in the public domain. The file now acts more of an acknowledgement for Prof. Rogaway's kindness early on to make OCB available for RNP users.
- add files by license list in package sources - open https://github.com/rnpgp/rnp/issues/1932 missing MIT - add man pages - check archive signature See https://git.remirepo.net/cgit/rpms/lib/rnp.git/commit/?id=2e8ddcff90582a97f7d427e799ae5ad706ae54b9 Spec URL: https://git.remirepo.net/cgit/rpms/lib/rnp.git/plain/rnp.spec?id=2e8ddcff90582a97f7d427e799ae5ad706ae54b9 SRPM URL: https://rpms.remirepo.net/SRPMS/rnp-0.16.2-3.remi.src.rpm
(In reply to Benson Muite from comment #3) > e) There is > https://packages.fedoraproject.org/pkgs/thunderbird/thunderbird-librnp-rnp/ > could this be replaced by the librnp built here? As of Thunderbird 107beta and the inclusion of rnp-0.16.2, this should work. Build Thunderbird using `--with-system-librnp`. The build system will not compile librnp or its dependencies. (If that fails, a bug should be filed.) Thunderbird will pick up librnp.so.0 from the system library directory.
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "BSD 2-Clause License", "*No copyright* Public domain", "BSD 2-clause NetBSD License BSD 2-Clause License", "Boost Software License 1.0", "BSD 2-Clause License Apache License 2.0", "MIT License". 635 files have unknown license. Detailed output of licensecheck in /home/FedoraPackaging/reviews/rnp/2138353-rnp/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [?]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 20480 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in librnp [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not the first command in %prep. Source 3 is not passed to gpgverify. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: The placement of pkgconfig(.pc) files are correct. [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 5 5 packages and 0 specfiles checked; 0 errors, 0 warnings, 0 badness; has taken 3.0 s Source checksums ---------------- https://github.com/rnpgp/rnp/releases/download/v0.16.2/v0.16.2.tar.gz.asc : CHECKSUM(SHA256) this package : 6ff1c1a9314fd24609e518896666d276c1aa76cb20500e8375e6554ff06f6268 CHECKSUM(SHA256) upstream package : 6ff1c1a9314fd24609e518896666d276c1aa76cb20500e8375e6554ff06f6268 https://github.com/rnpgp/rnp/archive/v0.16.2/rnp-0.16.2.tar.gz : CHECKSUM(SHA256) this package : 742f2d64755633bf794be2e4a953106b9f8fb38caf785f6a2306cc23f8164346 CHECKSUM(SHA256) upstream package : 742f2d64755633bf794be2e4a953106b9f8fb38caf785f6a2306cc23f8164346 Requires -------- rnp (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libjson-c.so.5()(64bit) libjson-c.so.5(JSONC_0.14)(64bit) librnp(x86-64) librnp.so.0()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.5)(64bit) rtld(GNU_HASH) librnp (rpmlib, GLIBC filtered): libbotan-2.so.19()(64bit) libbz2.so.1()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libjson-c.so.5()(64bit) libjson-c.so.5(JSONC_0.14)(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libz.so.1()(64bit) rtld(GNU_HASH) librnp-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config cmake-filesystem(x86-64) librnp(x86-64) librnp.so.0()(64bit) rnp-debuginfo (rpmlib, GLIBC filtered): rnp-debugsource (rpmlib, GLIBC filtered): Provides -------- rnp: rnp rnp(x86-64) librnp: librnp librnp(x86-64) librnp.so.0()(64bit) librnp-devel: cmake(rnp) librnp-devel librnp-devel(x86-64) pkgconfig(librnp) rnp-debuginfo: debuginfo(build-id) rnp-debuginfo rnp-debuginfo(x86-64) rnp-debugsource: rnp-debugsource rnp-debugsource(x86-64) Generated by fedora-review 0.9.0 (6761b6c) last change: 2022-08-23 Command line :/usr/bin/fedora-review -b 2138353 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, C/C++, Shell-api Disabled plugins: Ruby, Ocaml, PHP, fonts, R, Perl, Java, Haskell, Python, SugarActivity Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH Comments: a) Maybe a comment is needed in the spec file that the patents are no longer enforced? b) Correct functionality assumed based on tests c) rpmlint seems to be ok d) Should obsoletes thunderbird-librnp-rnp be indicated? e) Other than that seems ok.
> a) Maybe a comment is needed in the spec file that the patents are no longer enforced? I don't think it make sense to document the past ;) I also think there is a bug confusion between patent and license on this algo and "patent" are not allowed in Fedora But if you think this is a blocker I can add something > d) Should obsoletes thunderbird-librnp-rnp be indicated? Not needed (both can be installed) Rather to be obsoleted by thinderbird if they choice to use it
>> a) Maybe a comment is needed in the spec file that the patents are no longer enforced? > I don't think it make sense to document the past ;) > I also think there is a bug confusion between patent and license on this algo > and "patent" are not allowed in Fedora > But if you think this is a blocker I can add something The file LICENSE-OCB.md is packaged, but based on explanation here and on GitHub, the correct situation is that that particular block encryption algorithm is no longer patented, so the information in LICENSE-OCB.md is inaccurate. Upstream will probably change something in how this is documented. It is not a blocker, but some comment may remind one to do an appropriate update on the next release. Probably the file should be named PREVIOUS-PATENT-OCB.md rather than LICENSE-OCB.md, but unclear what the upstream project will do. >> d) Should obsoletes thunderbird-librnp-rnp be indicated? > Not needed (both can be installed) > Rather to be obsoleted by thinderbird if they choice to use it Ok. Great it does not conflict.
About thunderbird, also see https://bugzilla.redhat.com/show_bug.cgi?id=2139681#c1
We have made the following PRs in the upstream repository, that will be merged in a few hours: * "Add MIT license for sha1 collision detection code" https://github.com/rnpgp/rnp/pull/1933 * "Clarify status of OCB license" https://github.com/rnpgp/rnp/pull/1936
Thanks for the updates.
The following PRs in the upstream repository have been merged: * "Add MIT license for sha1 collision detection code" https://github.com/rnpgp/rnp/pull/1933 * "Clarify status of OCB license" https://github.com/rnpgp/rnp/pull/1936
add upstream fix to clarify license and abandoned patent: https://git.remirepo.net/cgit/rpms/lib/rnp.git/commit/?id=5ee7f90484d55caf2f13072b701b35498322da09 Spec URL: https://git.remirepo.net/cgit/rpms/lib/rnp.git/plain/rnp.spec?id=5ee7f90484d55caf2f13072b701b35498322da09 SRPM URL: https://rpms.remirepo.net/SRPMS/rnp-0.16.2-4.remi.src.rpm I hope everything is clarified.
Thanks. Approved.
Thanks for the review! SCM requests https://pagure.io/releng/fedora-scm-requests/issue/48886 Rawhide https://pagure.io/releng/fedora-scm-requests/issue/48887 F37 https://pagure.io/releng/fedora-scm-requests/issue/48888 F36 https://pagure.io/releng/fedora-scm-requests/issue/48889 EPEL9 https://pagure.io/releng/fedora-scm-requests/issue/48890 EPEL8
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/rnp
Welcome. Your repositories have been extremely helpful. If EdDSA is used, may consider asking for the implementations in OpenSSL and Botan to be improved so that they are similar in quality to those in libsodium.
FEDORA-EPEL-2022-d559f68df8 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d559f68df8
FEDORA-2022-9325194c36 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-9325194c36
FEDORA-EPEL-2022-26ea155e33 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-26ea155e33
FEDORA-2022-7e9df7ab36 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-7e9df7ab36
FEDORA-2022-9325194c36 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-9325194c36 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-9325194c36 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-7e9df7ab36 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-7e9df7ab36 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-7e9df7ab36 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2022-26ea155e33 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-26ea155e33 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2022-d559f68df8 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d559f68df8 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Lifting FE-Legal.
FEDORA-2022-7e9df7ab36 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-9325194c36 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2022-26ea155e33 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2022-d559f68df8 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.