Spec URL: https://petersen.fedorapeople.org/reviews/ostree-pin/ostree-pin.spec SRPM URL: https://petersen.fedorapeople.org/reviews/ostree-pin/ostree-pin-0.1.1-1.fc40.src.rpm Description: CLI tool to easily pin the current ostree deployment. Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=108320472
Copr build: https://copr.fedorainfracloud.org/coprs/build/6581918 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2247059-ostree-pin/fedora-rawhide-x86_64/06581918-ostree-pin/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
I'm currently not a packager. This is only an informal review. Note: I didn't know fedora-review has a Haskell plugin, so this was done without using the plugin. Remarks: There's no MUST violations so I think this package should be approved. 1. The License field matches the declaration in the README.md file but the Cabal file indicates the package might be GPL-3.0-only, as shown on the hackage page (https://hackage.haskell.org/package/ostree-pin) 2. The changelog should be generated automatically from git commit logs using the %autochangelog macro. 3. Missing manpage. Packages should contain them for all executables. 4. The executable name might conflict with ostree commands if ostree upstream ever switch to git style subcommands. 5. rpmlint W: position-independent-executable-suggested It seems GHC can build PIE binaries but I'm not familiar if this is normally applied to Fedora haskell packages. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [-]: Useful -debuginfo package or justification otherwise. Note: debuginfo is currently disabled for Haskell packages, because ghc’s Dwarf output is not very useful. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 1805 bytes in 2 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [?]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: ostree-pin-0.1.1-1.fc41.x86_64.rpm ostree-pin-0.1.1-1.fc41.src.rpm =============================================== rpmlint session starts =============================================== rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpxvqlrxv_')] checks: 32, packages: 2 ostree-pin.x86_64: W: position-independent-executable-suggested /usr/bin/ostree-pin ostree-pin.x86_64: W: no-manual-page-for-binary ostree-pin ========== 2 packages and 0 specfiles checked; 0 errors, 2 warnings, 8 filtered, 0 badness; has taken 0.4 s ========== Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 ostree-pin.x86_64: W: unused-direct-shlib-dependency /usr/bin/ostree-pin /lib64/libgirepository-1.0.so.1 ostree-pin.x86_64: W: unused-direct-shlib-dependency /usr/bin/ostree-pin /lib64/libz.so.1 ostree-pin.x86_64: W: position-independent-executable-suggested /usr/bin/ostree-pin ostree-pin.x86_64: W: no-manual-page-for-binary ostree-pin 1 packages and 0 specfiles checked; 0 errors, 4 warnings, 4 filtered, 0 badness; has taken 0.1 s Source checksums ---------------- https://hackage.haskell.org/package/ostree-pin-0.1.1/ostree-pin-0.1.1.tar.gz : CHECKSUM(SHA256) this package : cf724962efd12144dd89bf9655b74482e6b8dd76fdbbc3f7d5d2195f14b8650c CHECKSUM(SHA256) upstream package : cf724962efd12144dd89bf9655b74482e6b8dd76fdbbc3f7d5d2195f14b8650c Requires -------- ostree-pin (rpmlib, GLIBC filtered): libc.so.6()(64bit) libffi.so.8()(64bit) libffi.so.8(LIBFFI_BASE_8.0)(64bit) libgio-2.0.so.0()(64bit) libgirepository-1.0.so.1()(64bit) libglib-2.0.so.0()(64bit) libgmp.so.10()(64bit) libgobject-2.0.so.0()(64bit) libm.so.6()(64bit) libostree-1.so.1()(64bit) libostree-1.so.1(LIBOSTREE_2016.14)(64bit) libostree-1.so.1(LIBOSTREE_2016.3)(64bit) libostree-1.so.1(LIBOSTREE_2016.4)(64bit) libostree-1.so.1(LIBOSTREE_2016.5)(64bit) libostree-1.so.1(LIBOSTREE_2016.6)(64bit) libostree-1.so.1(LIBOSTREE_2016.7)(64bit) libostree-1.so.1(LIBOSTREE_2016.8)(64bit) libostree-1.so.1(LIBOSTREE_2017.1)(64bit) libostree-1.so.1(LIBOSTREE_2017.10)(64bit) libostree-1.so.1(LIBOSTREE_2017.12)(64bit) libostree-1.so.1(LIBOSTREE_2017.13)(64bit) libostree-1.so.1(LIBOSTREE_2017.15)(64bit) libostree-1.so.1(LIBOSTREE_2017.2)(64bit) libostree-1.so.1(LIBOSTREE_2017.4)(64bit) libostree-1.so.1(LIBOSTREE_2017.6)(64bit) libostree-1.so.1(LIBOSTREE_2017.7)(64bit) libostree-1.so.1(LIBOSTREE_2018.3)(64bit) libostree-1.so.1(LIBOSTREE_2018.5)(64bit) libostree-1.so.1(LIBOSTREE_2018.6)(64bit) libostree-1.so.1(LIBOSTREE_2018.7)(64bit) libostree-1.so.1(LIBOSTREE_2018.9)(64bit) libostree-1.so.1(LIBOSTREE_2019.2)(64bit) libostree-1.so.1(LIBOSTREE_2019.3)(64bit) libostree-1.so.1(LIBOSTREE_2019.4)(64bit) libostree-1.so.1(LIBOSTREE_2019.6)(64bit) libostree-1.so.1(LIBOSTREE_2020.1)(64bit) libostree-1.so.1(LIBOSTREE_2020.4)(64bit) libostree-1.so.1(LIBOSTREE_2020.7)(64bit) libostree-1.so.1(LIBOSTREE_2020.8)(64bit) libostree-1.so.1(LIBOSTREE_2021.1)(64bit) libostree-1.so.1(LIBOSTREE_2021.2)(64bit) libostree-1.so.1(LIBOSTREE_2021.3)(64bit) libostree-1.so.1(LIBOSTREE_2021.4)(64bit) libostree-1.so.1(LIBOSTREE_2021.5)(64bit) libostree-1.so.1(LIBOSTREE_2022.5)(64bit) libostree-1.so.1(LIBOSTREE_2022.7)(64bit) libostree-1.so.1(LIBOSTREE_2023.1)(64bit) libostree-1.so.1(LIBOSTREE_2023.4)(64bit) libostree-1.so.1(LIBOSTREE_2023.8)(64bit) libz.so.1()(64bit) rtld(GNU_HASH) Provides -------- ostree-pin: ostree-pin ostree-pin(x86-64) Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2247059 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api Disabled plugins: Java, fonts, Ocaml, Python, R, PHP, Perl, Haskell, SugarActivity, C/C++ Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
Thank you for looking at the package. (In reply to Kan-Ru Chen from comment #2) > 1. The License field matches the declaration in the README.md file but > the Cabal file indicates the package might be GPL-3.0-only, > as shown on the hackage page > (https://hackage.haskell.org/package/ostree-pin) Right this is a limitation of older Haskell Cabal: it doesn't distinguish GPLv3 and GPLv3+ etc But indeed the intent is what it is written in the readme file. I should probably just bite the bullet and move the .cabal file to newer Cabal which support SPDX tags. > 2. The changelog should be generated automatically from git > commit logs using the %autochangelog macro. Yes I can convert autospec after importing - it is more awkward during the review process. Hm would be good to improve that actually. > 3. Missing manpage. Packages should contain them for all executables. Okay I can generate a manpage from the --help output. > 5. rpmlint W: position-independent-executable-suggested > It seems GHC can build PIE binaries but I'm not familiar if this is > normally applied to Fedora haskell packages. Yeah I should update the Haskell Policy to mention this explicitly perhaps. Dynamic linking probably solves this, but currently we choose to link Haskell statically.
There's no MUST violations so I think this package can be approved.
Thank you for the review, Kan-Ru
The Pagure repository was created at https://src.fedoraproject.org/rpms/ostree-pin
FEDORA-2024-fec1b9c7a1 (ostree-pin-0.1.1-2.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-fec1b9c7a1
FEDORA-2024-7bd3940b59 (ostree-pin-0.1.1-2.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-7bd3940b59
https://pagure.io/releng/fedora-scm-requests/issue/61197
FEDORA-2024-fec1b9c7a1 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-fec1b9c7a1 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-fec1b9c7a1 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-7bd3940b59 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-7bd3940b59 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7bd3940b59 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-7bd3940b59 (ostree-pin-0.1.1-2.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-fec1b9c7a1 (ostree-pin-0.1.1-2.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.