Bug 2228346 - Review Request: rust-shellcheck-sarif - Convert shellcheck output to SARIF
Summary: Review Request: rust-shellcheck-sarif - Convert shellcheck output to SARIF
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fabio Valentini
QA Contact: Fedora Extras Quality Assurance
URL: https://crates.io/crates/shellcheck-s...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-02 06:50 UTC by Jan Macku
Modified: 2023-08-22 17:35 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-22 17:16:19 UTC
Type: ---
Embargoed:
decathorpe: fedora-review+


Attachments (Terms of Use)

Comment 1 Fedora Review Service 2023-08-02 07:01:15 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/6233601
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2228346-rust-shellcheck-sarif/fedora-rawhide-x86_64/06233601-rust-shellcheck-sarif/fedora-review/review.txt

Please take a look if any issues were found.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 2 Fabio Valentini 2023-08-06 08:45:19 UTC
This package ships a statically linked binary, you will need to add a license tag to the subpackage:
https://docs.fedoraproject.org/en-US/legal/license-field/#_rust_packages

There are two macros that help with this task (%cargo_license and %cargo_license_summary).
The current best practice is to call these macros in %build and use their output.

You can take a look at git-delta for an example:
https://src.fedoraproject.org/rpms/rust-git-delta/blob/rawhide/f/rust-git-delta.spec

1. using the macros in %build:
https://src.fedoraproject.org/rpms/rust-git-delta/blob/rawhide/f/rust-git-delta.spec#_74-75

2. pasting the output of %cargo_license_summary from the build log and determining the License tag:
https://src.fedoraproject.org/rpms/rust-git-delta/blob/rawhide/f/rust-git-delta.spec#_31-47

3. attaching the the generated license list / BOM to the built package:
https://src.fedoraproject.org/rpms/rust-git-delta/blob/rawhide/f/rust-git-delta.spec#_53

===

Note that the nest version of rust2rpm will likely automate at least *some* of these steps with an updated spec template:
https://pagure.io/fedora-rust/rust2rpm/issue/246

Comment 3 Jan Macku 2023-08-07 07:57:34 UTC
Thank you for a great review. I have updated the spec file and srpm.

Comment 4 Jan Macku 2023-08-14 07:10:32 UTC
Fabio, could you please have another look? Thank you.

Comment 6 Fabio Valentini 2023-08-14 10:10:06 UTC
Thanks for the update!

===

Package was generated with rust2rpm, simplifying the review.

- package builds and installs without errors on rawhide
- test suite is run and all unit tests pass
- latest version of the crate is packaged
- license matches upstream specification (MIT) and is acceptable for Fedora
- license file is included with %license in %files
- license tag for binary subpackage present and correct
- package complies with Rust Packaging Guidelines

Package APPROVED.

===

Recommended post-import rust-sig tasks:

- set up package on release-monitoring.org:
  project: $crate
  homepage: https://crates.io/crates/$crate
  backend: crates.io
  version scheme: semantic
  version filter: alpha;beta;rc;pre
  distro: Fedora
  Package: rust-$crate

- add @rust-sig with "commit" access as package co-maintainer
  (should happen automatically)

- set bugzilla assignee overrides to @rust-sig (optional)

- track package in koschei for all built branches
  (should happen automatically once rust-sig is co-maintainer)

===

Note that "(Apache-2.0 OR MIT)" and "(MIT OR Apache-2.0)" are the same (i.e. the SPDX-OR operator is commutative), you could drop the second occurrence from the License tag.

Comment 7 Fedora Admin user for bugzilla script actions 2023-08-14 11:06:47 UTC
The Pagure repository was created at https://src.fedoraproject.org/rpms/rust-shellcheck-sarif

Comment 8 Fedora Update System 2023-08-14 12:36:16 UTC
FEDORA-2023-6142290b36 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-6142290b36

Comment 9 Fedora Update System 2023-08-14 12:37:10 UTC
FEDORA-2023-7c83734661 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c83734661

Comment 10 Fedora Update System 2023-08-15 01:18:21 UTC
FEDORA-2023-6142290b36 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-6142290b36 \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-6142290b36

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2023-08-15 01:32:38 UTC
FEDORA-2023-7c83734661 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-7c83734661 \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c83734661

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2023-08-22 17:16:19 UTC
FEDORA-2023-7c83734661 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Fedora Update System 2023-08-22 17:35:09 UTC
FEDORA-2023-6142290b36 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.