Spec URL: https://belegdol.fedorapeople.org/keepass.spec SRPM URL: https://belegdol.fedorapeople.org/keepass-2.55-2.fc40.src.rpm Description: KeePass is a free open source password manager, which helps you to remember your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. You only have to remember one single master password or select the key file to unlock the whole database. Fedora Account System Username: belegdol This is a re-review resulting from intention to unretire the package.
Following is the result of my review. See below for details. The most important stuff is: 1. The package should be of the noarch architecture because it doesn't contain any binaries (rpmlint error) What do you think? ------- MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. rpmlint /home/bubeck/rpmbuild/SRPMS/keepass-2.55-2.fc37.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 1 keepass.src: W: strange-permission keepass.spec 600 keepass.spec: W: invalid-url Source0: keepass-2.55.tar.xz 1 packages and 0 specfiles checked; 0 errors, 2 warnings, 0 badness; has taken 0.1 s rpmlint /home/bubeck/rpmbuild/RPMS/x86_64/keepass-2.55-2.fc37.x86_64.rpm ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 1 keepass.x86_64: W: only-non-binary-in-usr-lib keepass.x86_64: E: no-binary 1 packages and 0 specfiles checked; 1 errors, 1 warnings, 1 badness; has taken 0.1 s MUST: The package must be named according to the Package Naming Guidelines . Reviewed, OK. MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. Reviewed, OK. MUST: The package must meet the Packaging Guidelines . Reviewed, OK. MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . Reviewed, OK. MUST: The License field in the package spec file must match the actual license. Reviewed, OK. MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %license. Contains License file and is in %license. OK MUST: The spec file must be written in American English. Reviewed, OK. MUST: The spec file for the package MUST be legible. Reviewed, OK. MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. Kind of, but OK. There are instructions in the SPEC file on how to download, verify and build the source.tar, as it is not directly downlodable. MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. Reviewed, OK. MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. footnote:[Packaging Guidelines: Architecture Build Failures] Reviewed, OK. MUST: All build dependencies must be listed in BuildRequires. Reviewed, OK. MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. Reviewed, OK. MUST: Packages must NOT bundle copies of system libraries. Reviewed, OK. MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. Reviewed, OK. MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. Reviewed, OK. MUST: A Fedora package must not list a file more than once in the spec file’s %files listings. (Notable exception: license texts in specific situations) Reviewed, OK. MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Reviewed, OK. MUST: Each package must consistently use macros. Reviewed, OK. MUST: The package must contain code, or permissible content. Reviewed, OK. MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager’s best judgement, but is not restricted to size. Large can refer to either size or quantity). Reviewed, OK. MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. footnote:[Packaging Guidelines: Documentation] Reviewed, OK. Only History.txt is %doc MUST: Static libraries must be in a -static package. Reviewed, OK. No static libraries MUST: Development files must be in a -devel package. Reviewed, OK. No -devel stuff in here MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} Reviewed, OK. No -devel stuff here MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. Reviewed, OK. No libraries MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. Reviewed, OK. .desktop is provided MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. Reviewed, OK. MUST: All filenames in rpm packages must be valid UTF-8. Reviewed, OK. MUST: Packages being added to the distribution MUST NOT depend on any packages which have been marked as being deprecated. Reviewed, OK.
> Kind of, but OK. There are instructions in the SPEC file on how to > download, verify and build the source.tar, as it is not directly > downlodable. I think it should be doable if you do: ``` Source: https://downloads.sourceforge.net/project/keepass/KeePass%202.x/$version/KeePass-$version-Source.zip Source1: https://keepass.info/integrity/v2/KeePass-$version-Source.zip.asc ... %prep cp -v %{SOURCE1} . # Not sure about the paths here but I think you know what I mean gpg2 --verify KeePass-$version-Source.zip.asc KeePass-$version-Source.zip ```
Spec URL: https://belegdol.fedorapeople.org/keepass.spec SRPM URL: https://belegdol.fedorapeople.org/keepass-2.55-3.fc40.src.rpm Changes: - Use upstream source archive directly and verify it during %%prep Regarding noarch: according to mono packaging guidelines [1], this must not be done: Also, even though we consider mono packages to be architecture independent, they must not be marked as "noarch". Although the assemblies are the same, the files may differ due to strings referring to the build architecture. [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/Mono/
OK to %%prep OK to not noarch However, https://belegdol.fedorapeople.org/keepass-2.55-3.fc40.src.rpm has a problem on build: rpmbuild -ra keepass-2.55-3.fc40.src.rpm [...] + desktop-file-validate /home/bubeck/rpmbuild/BUILDROOT/keepass-2.55-3.fc37.x86_64/usr/share/applications/keepass.desktop + appstream-util validate-relax --nonet '/home/bubeck/rpmbuild/BUILDROOT/keepass-2.55-3.fc37.x86_64//usr/share/appdata/*.appdata.xml' /home/bubeck/rpmbuild/BUILDROOT/keepass-2.55-3.fc37.x86_64//usr/share/appdata/*.appdata.xml: /home/bubeck/rpmbuild/BUILDROOT/keepass-2.55-3.fc37.x86_64//usr/share/appdata/*.appdata.xml could not be read: Failed to open file ?/home/bubeck/rpmbuild/BUILDROOT/keepass-2.55-3.fc37.x86_64//usr/share/appdata/*.appdata.xml?: No such file or directory Fehler: Fehler-Status beim Beenden von /var/tmp/rpm-tmp.XbIhBz (%check)
Whoops, sorry about that. Spec URL: https://belegdol.fedorapeople.org/keepass.spec SRPM URL: https://belegdol.fedorapeople.org/keepass-2.55-4.fc40.src.rpm Changes: - Fix build error
Copr build: https://copr.fedorainfracloud.org/coprs/build/6714446 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2250816-keepass/fedora-rawhide-x86_64/06714446-keepass/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Thanks for maintaing this package! all perfect now. ACCEPT
Thanks for the review!