Spec URL: https://mattia.fedorapeople.org/rpds-py/python-rpds-py.spec SRPM URL: https://mattia.fedorapeople.org/rpds-py/python-rpds-py-0.8.10-1.fc39.src.rpm Description: Python bindings to the Rust rpds crate Fedora Account System Username: mattia
Copr build: https://copr.fedorainfracloud.org/coprs/build/6166611 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2222367-python-rpds-py/fedora-rawhide-x86_64/06166611-python-rpds-py/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Quick comments from Rust point of view: - outdated BuildRequires: "BuildRequires: rust-packaging" is obsolete, that package no longer exists. Use "cargo-rpm-macros" instead (which Provides: "rust-packaging" now for backwards compatibility). - license information is generated but discarded You correctly collect license information for statically linked Rust components: > %cargo_license_summary > %{cargo_license} > LICENSES.dependencies But this information is then unused and discarded. The LICENSE(S).dependencies file should be marked as %license (not sure if the %pyproject_save_files thing recognises it, probably not), and the output of the %cargo_license_summary macro should also be used to full the value of the License tag of the "python3-rpds-py" sub-package (which is missing). You can take a look at rpm-sequoia for an example of what's currently considered "best practice": https://src.fedoraproject.org/rpms/rust-rpm-sequoia/blob/rawhide/f/rust-rpm-sequoia.spec#_25-38
(In reply to Fabio Valentini from comment #2) > Quick comments from Rust point of view: > > - outdated BuildRequires: > > "BuildRequires: rust-packaging" is obsolete, that package no longer exists. > Use "cargo-rpm-macros" instead (which Provides: "rust-packaging" now for > backwards compatibility). Fixed > > - license information is generated but discarded > > You correctly collect license information for statically linked Rust > components: > > > %cargo_license_summary > > %{cargo_license} > LICENSES.dependencies > > But this information is then unused and discarded. The > LICENSE(S).dependencies file should be marked as %license (not sure if the > %pyproject_save_files thing recognises it, probably not), and the output of > the %cargo_license_summary macro should also be used to full the value of > the License tag of the "python3-rpds-py" sub-package (which is missing). > > You can take a look at rpm-sequoia for an example of what's currently > considered "best practice": > https://src.fedoraproject.org/rpms/rust-rpm-sequoia/blob/rawhide/f/rust-rpm- > sequoia.spec#_25-38 The LICENSES.dependencies file is already added to the package by python macros in the same dir as the main license file. Is there a way to know it is correctly labeled with %license? Spec URL: https://mattia.fedorapeople.org/rpds-py/python-rpds-py.spec SRPM URL: https://mattia.fedorapeople.org/rpds-py/python-rpds-py-0.8.10-1.fc39.src.rpm
Created attachment 1975909 [details] The .spec file difference from Copr build 6166611 to 6174902
Copr build: https://copr.fedorainfracloud.org/coprs/build/6174902 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2222367-python-rpds-py/fedora-rawhide-x86_64/06174902-python-rpds-py/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
(In reply to Mattia Verga from comment #3) > The LICENSES.dependencies file is already added to the package by python > macros in the same dir as the main license file. Is there a way to know it > is correctly labeled with %license? $ rpm -qL -p /var/lib/mock/fedora-rawhide-x86_64/result/python3-rpds-py-0.8.10-1.fc39.x86_64.rpm [no output] Thus, there are no files marked with %license, not even the main LICENSE file. You’ll have to handle both license files manually. The ability of pyproject-rpm-macros/%{pyproject_files} to handle license files automatically depends on the build backend marking them in the wheel metadata according to draft PEP 639. For setuptools, files that match the patterns {'LICEN[CS]E*', 'COPYING*', 'NOTICE*', 'AUTHORS*'} are considered license files. For hatchling, license files are generally included (but not with the version of hatchling packaged in EPEL9); I forget the exact conditions for it to happen, though. For flit_core, poetry-core, and apparently maturin, it doesn’t ever happen. It’s *always* worth checking with “rpm -qL -p” at package review time and any time there are major changes to the upstream build system.
Ok, so I've updated the specfile by manually adding the license files with %license macro. This obviously will install duplicated license files, as %license macro copies files in the appropriate dir. Or should I now manually delete the license under the python metadata directory?
(In reply to Mattia Verga from comment #7) > Ok, so I've updated the specfile by manually adding the license files with > %license macro. > This obviously will install duplicated license files, as %license macro > copies files in the appropriate dir. Or should I now manually delete the > license under the python metadata directory? Removing the license files under the Python metadata directory would be wrong, in my opinion; they belong there, and they are there in the PyPI wheels. Trying to manually add %license to the absolute paths in the Python metadata directory could be technically workable, but is far too fussy in my opinion. Ignoring the duplicates is the usual approach, and is unproblematic. ---- I’m actually surprised this doesn’t work; given https://github.com/PyO3/maturin/pull/862, it looks like it’s supposed to. I’m not going to investigate right now, though...
(In reply to Ben Beasley from comment #8) > Ignoring the duplicates is the usual approach, and is unproblematic. By this, I don’t mean using %ignore, I just mean allowing the license files to be duplicated.
Looks OK from Rust POV now. I have not much experience with modern Python packaging ... Ben, do you want to finish the offial review, or should I do that?
Fabio, thanks for reviewing the Rust side of the package! I have a few quibbles, below, which I hope you will consider. I didn’t find anything that justified another round of revisions and review, though. The package is a APPROVED. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== Notes (no change required for approval) ===== - Any files copied from the source archive have CRLF (DOS/Windows style) line terminations. python3-rpds-py.x86_64: W: wrong-file-end-of-line-encoding /usr/share/doc/python3-rpds-py/README.rst Consider adding: BuildRequires: dos2unix and in %prep: dos2unix README* LICENSE* *.pyi (If you like, you could do this with sed instead of dos2unix, and you could do it after the files are installed instead of in %prep. There are many valid approaches. The one recommended above is really simple and is what I would do.) - Upstream has released several new versions; the latest is 0.9.2. Based on the source diff, https://github.com/crate-py/rpds/compare/v0.8.10...v0.9.2, there are no significant changes, except that upstream has officially declared support for Python 3.12. Please update; it looks like there are no changes that would affect the packaging. - The test dependency generation could be improved. %pyproject_buildrequires -t That brings in tox, but tox is not used as the test runner, and there is no tox.ini from which to generate dependencies, so the -t is unnecessary. On the other hand, the (actual, unpinned) test dependencies are listed in tests/requirements.in. It seems like the dependency on hypothesis is bogus/unused. Still, you can write %pyproject_buildrequires tests/requirements.in and then you can omit BuildRequires: python3dist(pytest) - I’ve come to believe that the %{srcname} and %{modname} macros don’t make Python package spec files more legible or reusable, and that it’s better just to write out the names wherever you need them. This is a matter of taste rather than of guidelines or correctness; you don’t have to agree with me or change anything. ===== MUST items ===== C/C++: [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. The sole unversioned .so file, /usr/lib64/python3.12/site-packages/rpds/rpds.cpython-312-x86_64-linux-gnu.so, is a correctly-installed Python extension and is not in the ld path. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "MIT License", "*No copyright* MIT License". 12 files have unknown license. Detailed output of licensecheck in /home/ben/Downloads/review/2222367-python-rpds- py/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: Package requires other packages for directories it uses. Note: No known owner of /usr/lib64/python3.12/site-packages, /usr/lib64/python3.12 I am not sure why this result is happening, but it appears spurious. The package requires “python(abi) = 3.12”; python3-libs-0:3.12.0~b4-1.fc39.x86_64 should own these directories. Maybe this is a dnf5 regression; I am using the fedora-review patch that Jerry James posted to the devel mailing list. [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/lib64/python3.12, /usr/lib64/python3.12/site-packages (See notes for the preceding point) [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [x]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [-]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in python3-rpds-py [x]: Package functions as described. (tests pass) [!]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. https://koji.fedoraproject.org/koji/taskinfo?taskID=103558582 [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) OK: rpmautospec changes only. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: python3-rpds-py-0.8.10-1.fc39.x86_64.rpm python-rpds-py-debugsource-0.8.10-1.fc39.x86_64.rpm python-rpds-py-0.8.10-1.fc39.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpkb9hzqu1')] checks: 31, packages: 3 python3-rpds-py.x86_64: W: wrong-file-end-of-line-encoding /usr/share/doc/python3-rpds-py/README.rst python-rpds-py.src: W: strange-permission python-rpds-py.spec 600 3 packages and 0 specfiles checked; 0 errors, 2 warnings, 0 badness; has taken 0.4 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 2 python3-rpds-py.x86_64: W: wrong-file-end-of-line-encoding /usr/share/doc/python3-rpds-py/README.rst 2 packages and 0 specfiles checked; 0 errors, 1 warnings, 0 badness; has taken 0.1 s Unversioned so-files -------------------- python3-rpds-py: /usr/lib64/python3.12/site-packages/rpds/rpds.cpython-312-x86_64-linux-gnu.so Source checksums ---------------- https://files.pythonhosted.org/packages/source/r/rpds_py/rpds_py-0.8.10.tar.gz : CHECKSUM(SHA256) this package : 13e643ce8ad502a0263397362fb887594b49cf84bf518d6038c16f235f2bcea4 CHECKSUM(SHA256) upstream package : 13e643ce8ad502a0263397362fb887594b49cf84bf518d6038c16f235f2bcea4 Requires -------- python3-rpds-py (rpmlib, GLIBC filtered): ld-linux-x86-64.so.2()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3)(64bit) libgcc_s.so.1(GCC_4.2.0)(64bit) python(abi) rtld(GNU_HASH) python-rpds-py-debugsource (rpmlib, GLIBC filtered): Provides -------- python3-rpds-py: python-rpds-py python3-rpds-py python3-rpds-py(x86-64) python3.12-rpds-py python3.12dist(rpds-py) python3dist(rpds-py) python-rpds-py-debugsource: python-rpds-py-debugsource python-rpds-py-debugsource(x86-64) Diff spec file in url and in SRPM --------------------------------- --- /home/ben/Downloads/review/2222367-python-rpds-py/srpm/python-rpds-py.spec 2023-07-18 14:19:52.579345945 -0400 +++ /home/ben/Downloads/review/2222367-python-rpds-py/srpm-unpacked/python-rpds-py.spec 2023-07-14 20:00:00.000000000 -0400 @@ -1,2 +1,12 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.3.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 1; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + %global srcname rpds-py %global modname rpds_py @@ -64,3 +74,4 @@ %changelog -%autochangelog +* Sat Jul 15 2023 John Doe <packager> - 0.8.10-1 +- Uncommitted changes Generated by fedora-review 0.9.0 (6761b6c) last change: 2022-08-23 Command line :/usr/bin/fedora-review -b 2222367 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic, Python Disabled plugins: Java, Haskell, C/C++, Perl, SugarActivity, Ocaml, fonts, PHP, R Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
Thanks, I'll apply the above suggestions in the final import.
The Pagure repository was created at https://src.fedoraproject.org/rpms/python-rpds-py
Just as a friendly reminder (I got used to doing this after approving packages): You might want to add the python-packagers-sig and / or rust-sig groups as co-maintainers of this package (like python-orjson or maturin). And don't forget to set up release-monitoring. :) === Thanks for finishing the Review, Ben!
FEDORA-2023-d6e7e42251 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d6e7e42251
FEDORA-2023-d6e7e42251 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.