Bug 225655 - Merge Review: coreutils
Merge Review: coreutils
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Patrice Dumas
Fedora Package Reviews List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-31 12:51 EST by Nobody's working on this, feel free to take it
Modified: 2007-11-30 17:11 EST (History)
5 users (show)

See Also:
Fixed In Version: 6.9-6.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-04 04:54:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
pertusus: fedora‑review+


Attachments (Terms of Use)

  None (edit)
Description Nobody's working on this, feel free to take it 2007-01-31 12:51:56 EST
Fedora Merge Review: coreutils

http://cvs.fedora.redhat.com/viewcvs/devel/coreutils/
Initial Owner: twaugh@redhat.com
Comment 1 Michael Stahnke 2007-02-13 00:37:19 EST
rpmlint output is below
Package named correctly
Spec file matches package name
GPL license confirmed, however actual text not included in package
Spec is in English
Spec file is readable
md5sums from upstream match source in SRPM
builds on i386
all build dependencies listed
SHOULD: The description and summary sections in the package spec file should
contain translations for supported Non-English languages, if available.  --
since this a key package, this might be good
Spec file does not use macros for bin, sbin and what not throughout.
Use of prereq, which isn't seen much anymore. Usually, the PreReq tag should be
replaced by plain Requires. 

[builder@rawhide i386]$ rpmlint coreutils-6.7-3.i386.rpm
E: coreutils setuid-binary /bin/su root 04755
E: coreutils non-standard-executable-perm /bin/su 04755
E: coreutils executable-marked-as-config-file /etc/profile.d/colorls.sh
E: coreutils executable-sourced-script /etc/profile.d/colorls.sh 0755
E: coreutils executable-marked-as-config-file /etc/profile.d/colorls.csh
E: coreutils executable-sourced-script /etc/profile.d/colorls.csh 0755
W: coreutils dangerous-command-in-%pre rm
W: coreutils dangerous-command-in-%post mv

[builder@rawhide SRPMS]$ rpmlint coreutils-6.7-3.src.rpm
W: coreutils strange-permission colorls.sh 0775
W: coreutils strange-permission colorls.csh 0775
W: coreutils prereq-use /sbin/install-info
W: coreutils prereq-use grep, findutils
W: coreutils unversioned-explicit-provides stat
W: coreutils unversioned-explicit-obsoletes fileutils
W: coreutils unversioned-explicit-obsoletes sh-utils
W: coreutils unversioned-explicit-obsoletes stat
W: coreutils unversioned-explicit-obsoletes textutils
W: coreutils make-check-outside-check-section make check
W: coreutils mixed-use-of-spaces-and-tabs (spaces: line 2, tab: line 13)


Comment 2 Tim Waugh 2007-02-13 05:27:02 EST
Thanks.

> SHOULD: The description and summary sections in the package spec file
> should contain translations for supported Non-English languages, if available.

Historically coreutils.spec has kept its translations in the specspo package, as
other Core packages have done.  What needs to happen now?

> Spec file does not use macros for bin, sbin and what not throughout.

I didn't see any missed bin/sbin macros (note that _bindir is /usr/bin, not
/bin, and similarly for _sbindir), but the %pre scriptlet was missing _datadir
and _infodir.

New package tagged and built as 6.7-4.fc7.
Comment 3 Michael Stahnke 2007-02-13 10:03:08 EST
>I didn't see any missed bin/sbin macros (note that _bindir is /usr/bin, not
/bin, and similarly for _sbindir), but the %pre scriptlet was missing _datadir
and _infodir.

My fault.  I was thinking that bindir was /bin and not /usr/bin.  Sorry.

Looks good. 
I would mark is as complete, but this is my first review, and I am still
learning.  I will have somebody else confirm everything is correct and mark it
complete. 
Comment 4 Kevin Fenzi 2007-02-13 21:52:27 EST
Hey Michael. Thanks for helping out reviewing. :)

I typically use a template to check things, just to make sure I don't miss
anything. Feel free to use my template at: 
http://www.fedoraproject.org/wiki/KevinFenzi/ReviewTemplate

You might also want to look at: 
http://www.fedoraproject.org/wiki/WarrenTogami/ReviewWithFlags
Which is the current review method we are using for these reviews. 

A few things that jump out at me looking at this: 

1. %makeinstall is used. Can 'make DESTDIR=$RPM_BUILD_ROOT install' be used
instead? See the wiki for reasons why %makeinstall is bad. 

2. Does the: 
# Remove these old glibc files on upgrade (bug #84090).
still apply? I can't read that bug, so its hard to tell. 

3. Minor: The Source files should really have 'coreutils-' in front of them. If
you install this src.rpm and want to gather the files from SOURCES it's anoying
to do so. 

4. Is it worth trying to fix bug
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211615
To fix the loop between pam and coreutils as part of this cleanup/review?
Comment 5 Robert Scheck 2007-02-14 04:20:51 EST
(In reply to comment #2)
> Historically coreutils.spec has kept its translations in the specspo package, 
> as other Core packages have done.  What needs to happen now?

Tim, please DON'T put any translation into coreutils.spec, there's specspo as 
you mentioned and I only know a few packages in Extras which break the typical 
defacto-standard of specspo and include some translations into the spec. Maybe 
these abusing lines within that specs should be killed soon, too...
Comment 6 Tim Waugh 2007-02-14 07:37:25 EST
In reply to comment #1:
1. Fixed, thanks.
2. Applies for upgrades from 6.2 without updates, so I suppose it can go now.
3. Fixed, thanks.
4. Needs further testing and I'm low on spare time this time round :-(

Tagged and built as 6.7-5.fc7.
Comment 7 Kevin Fenzi 2007-02-15 15:35:30 EST
In reply to comment #6: 

Thanks. Those 4 items all look good. 

Michael: Could you go over the latest version from cvs once more 
with the checklist and see if there is anything else that needs attention?

Comment 8 Michael Stahnke 2007-02-15 22:22:22 EST
Sure, but again, I still don't have access to FedoraBugs group.  Oh well. 
Everything looks good.  Rpmlint does show some output, but it is understandable
when profile* is in /etc.  

 OK - Package meets naming and packaging guidelines
 OK - Spec file matches base package name.
 OK - Spec has consistant macro usage.
 OK - Meets Packaging Guidelines.
 OK - License
 OK - License field in spec matches
 OK - License file included in package
 OK - Spec in American English
 OK - Spec is legible.
 OK - Sources match upstream md5sum:
 OK - BuildRequires correct
 OK - Spec handles locales/find_lang
 OK - Package has %defattr and permissions on files is good.
 OK - Package has a correct %clean section.
 OK - Package has correct buildroot
      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 OK - Package is code or permissible content.
 OK - Doc subpackage needed/used.
 OK - Packages %doc files don't affect runtime.
 OK - Package compiles and builds on at least one arch.
 OK - Package has no duplicate files in %files.
 OK - Package doesn't own any directories other packages own.
 OK - Package owns all the directories it creates.
 XX - No rpmlint output.  (Not a blocker IMO, I understand and agree with output)
 [builder@rawhide i386]$ rpmlint coreutils-6.7-5.i386.rpm
 E: coreutils setuid-binary /bin/su root 04755
 E: coreutils non-standard-executable-perm /bin/su 04755
 E: coreutils executable-marked-as-config-file /etc/profile.d/colorls.sh
 E: coreutils executable-sourced-script /etc/profile.d/colorls.sh 0755
 E: coreutils executable-marked-as-config-file /etc/profile.d/colorls.csh
 E: coreutils executable-sourced-script /etc/profile.d/colorls.csh 0755
 W: coreutils dangerous-command-in-%post mv

SHOULD Items:

 OK - Should build in mock.
 OK- Should function as described.
 OK - Should have sane scriptlets.
 OK - Should have dist tag
 OK - Should package latest version
 

Comment 9 Michael Stahnke 2007-02-15 22:24:12 EST
Forgot rpmlint on the SRPM.  The explicit provide of stat could have version.


[builder@rawhide SRPMS]$ rpmlint coreutils-6.7-5.src.rpm
W: coreutils strange-permission coreutils-colorls.sh 0775
W: coreutils strange-permission coreutils-colorls.csh 0775
W: coreutils unversioned-explicit-provides stat
W: coreutils unversioned-explicit-obsoletes stat
Comment 10 Patrice Dumas 2007-02-16 01:55:56 EST
(In reply to comment #8)
>  E: coreutils executable-marked-as-config-file /etc/profile.d/colorls.sh
>  E: coreutils executable-sourced-script /etc/profile.d/colorls.sh 0755
>  E: coreutils executable-marked-as-config-file /etc/profile.d/colorls.csh
>  E: coreutils executable-sourced-script /etc/profile.d/colorls.csh 0755

(In reply to comment #9)
> W: coreutils strange-permission coreutils-colorls.sh 0775
> W: coreutils strange-permission coreutils-colorls.csh 0775

The perms should be fixed. There is no need for sourced files to
be executable.
Comment 11 Tim Waugh 2007-02-16 07:03:50 EST
Tagged and built as 6.7-6.fc7.
Comment 12 Patrice Dumas 2007-02-16 13:16:31 EST
Missing
Requires(pre): /sbin/install-info
Requires(preun): /sbin/install-info
Requires(post): grep, /sbin/install-info, coreutils
I am not sure that coreutils in Requires(post) makes sense...

Is 
Requires: grep, findutils
really right?

The versions are certainly wrong in Obsoletes. The latest packaged
version (and versions below) should be obsoleted. The Provides also seems
wrong to me. First of all I guess it should be %{version}-%{release}.
But I am not sure that the current package version should be used 
for the Provides since it is a merge of packages that certainly had 
their own version.

I think it is a bit strange to depend on itself and other packages that
also depends on coreutils and are not really required, that is, anything
else than the shell, gcc and make since there is a bootstrapping issue
otherwise. But I guess that it is impossible to avoid that bootstraping
issue (except by doing complicated things like using busybox...).
I also guess that this issue is also there for gcc, make and bash, so...

There is a huge amount of patches. Many could be submitted (even the pam
one), or have they been submitted and rejected?

/etc, /var and /usr/bin are hardcoded in the spec file, maybe they could
be changed to macros.

It may be relevant to to use -p for files installed, like DIR_COLORS, 
colorls.* ... pam files, since the files are certainly not changed often 
and the timestamp carry some information.

sed could be used instead of
perl -pi -e 's/basic-1//g' tests/stty/Makefile*
and
perl -pi -e 's,/etc/utmp,/var/run/utmp,g;s,/etc/wtmp,/var/run/wtmp,g'
doc/coreutils.texi


Suggestions:

Add a comment above
bzip2 -f9 old/*/C* || :
to explain what it does

Don't use -f for some rm invocations (like rm -f
$RPM_BUILD_ROOT{%_bindir/$i,%_mandir/man1/$i.1}), don't add || : after
bzip2 -f9 old/*/C* || :, and also do bzip2 -9f ChangeLog unconditionally
such that they fail if something changes upstream. At the same time
short-circuit should still work, so care should be taken.

Maybe
[[ -f ChangeLog && -f ChangeLog.bz2  ]] || bzip2 -9f ChangeLog
should be in %install

In the info scriptlets, I suggest removing the .gz from preun and
post, and replace .bz2 by something appropriate. Maybe *, but care
should be taken that it doesn't expands to more than one file.

replace %defattr(-,root,root) by %defattr(-,root,root,-)
Comment 13 Tim Waugh 2007-02-19 08:50:08 EST
Requires(...): fixed
No, doesn't make sense to require coreutils so I haven't added that.

Versioning: fixed

Depending on itself: Er.. can you be more specific?  Which line are you looking at?

Huge amount of patches: there are just 13 patches, and work is being done
upstream to integrate several of them.  Others will never get upstream.

FHS macros: this was addressed in comment #2.

install -p: fixed

sed instead of perl: no need to change this

bzip2 comment: added

rm -f: fixed

||: : fixed

conditional bzip2: fixed

bzip2 moved to %install: fixed

The .bz2 in %pre: this is for legacy upgrades.
The .gz in %preun/%post: fixed

%defattr: fixed
Comment 14 Patrice Dumas 2007-02-19 18:08:13 EST
(In reply to comment #13)

> Depending on itself: Er.. can you be more specific?  Which line are you
looking at?

The build is depending on coreutils commands, like mkdir, install, cp,
mv. It also depends on find (in find_lang), bzip2, m4 (through autoconf),
perl. Build dependency on bzip2 and perl could be avoided, but in any
case I can't see how depending on coreutils could avoioded completely. 
It would depend through make, gcc and certainly some libs anyway.

> Huge amount of patches: there are just 13 patches, and work is being done
> upstream to integrate several of them.  Others will never get upstream.

13 patches is a lot, for a package which has an active upstream, 
and patches are not related with integration to fedora. Anyway I 
guess you know much better what to do than me, still it may be worth 
retrying patch submission after time has gone by and things evolved.

> FHS macros: this was addressed in comment #2.

No, it wasn't. I said
  /etc, /var and /usr/bin are hardcoded in the spec file, maybe they could
  be changed to macros.
in comment #2, there is mention of /sbin and /bin. In fact for /etc and
/var it is in fact a bad idea since it is a substitution in a doc file, 
it is better to leave them as is, so you can forget about /etc and
/var, sorry for the noise.

There is still one /usr/bin:
for i in env cut; do ln -sf ../../bin/$i $RPM_BUILD_ROOT/usr/bin; done


Suggestion:
remove / in RPM_BUILD_ROOT/%{_datadir}

> sed instead of perl: no need to change this

This is more a suggestion, but it may be worth trying to avoid unnedeed
build dependency in the hope to reduce further the build base; in my
opinion it would be nice not to have perl in every build.
Comment 15 Patrice Dumas 2007-02-19 18:33:41 EST
Also I don't think that /etc/profile.d/ content should be 
(noreplace) and I even think that making it %(config) is dubious.
Comment 16 Tim Waugh 2007-02-20 06:31:50 EST
> > > Requires(post): grep, /sbin/install-info, coreutils
> > > I am not sure that coreutils in Requires(post) makes sense...
> > Depending on itself: Er.. can you be more specific?
> The build is depending on coreutils commands, like mkdir

Are we talking about BuildRequires tags or Requires tags?  Please be specific
with the changes you'd like me to make -- also it would help if you number them. :-)

> There is still one /usr/bin:
> for i in env cut; do ln -sf ../../bin/$i $RPM_BUILD_ROOT/usr/bin; done

Take a look at the wider picture there: we are making compatibility symlinks for
binaries that used to be in /usr/bin but are now in /bin.  We explicitly know
from the history of the packages where these binaries used to be.  Changing a
variable is not going to change that.  Changing /usr/bin here to be %{_bindir}
would be incorrect.

> remove / in RPM_BUILD_ROOT/%{_datadir}

Fixed.

> Also I don't think that /etc/profile.d/ content should be
> (noreplace) and I even think that making it %(config) is dubious.

Fixed.

Tagged and built as 6.7-8.fc7.
Comment 17 Patrice Dumas 2007-02-21 18:20:09 EST
(In reply to comment #16)

> > > Depending on itself: Er.. can you be more specific?
> > The build is depending on coreutils commands, like mkdir
> 
> Are we talking about BuildRequires tags or Requires tags?  Please be specific
> with the changes you'd like me to make -- also it would help if you number
them. :-)

I am talking about BuildRequires, and I don't really want that you
do changes, since it seems impossible to me to remove those bootstrapping
issues. But I'd like something like your opinion on that subject.

> > There is still one /usr/bin:
> > for i in env cut; do ln -sf ../../bin/$i $RPM_BUILD_ROOT/usr/bin; done
> 
> Take a look at the wider picture there: we are making compatibility symlinks for
> binaries that used to be in /usr/bin but are now in /bin.  We explicitly know
> from the history of the packages where these binaries used to be.  Changing a
> variable is not going to change that.  Changing /usr/bin here to be %{_bindir}
> would be incorrect.

I wouldn't say incorrect, but not using a macro seems correct.


A suggestions: use the install-info scriptlets from the guidelines, they
are simpler. So replace, in %preun
    [ -f %{_infodir}/%{name}.info.gz ] && \
      /sbin/install-info --delete %{_infodir}/%{name}.info* \
                         %{_infodir}/dir || :
with
    /sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || :

and, in %post
[ -f %{_infodir}/%{name}.info* ] && \
  /sbin/install-info %{_infodir}/%{name}.info* %{_infodir}/dir || :
with
/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || :

I find it very strange to use perl to do simple substitutions when a 
sed call does exactly the same.



I don't have any other remark.
Comment 18 Tim Waugh 2007-02-22 05:05:47 EST
BuildRequires: yes, coreutils necessarily poses a bootstrapping problem.  There
isn't really anything that can be done about that.

install-info: okay, done

sed: alright, I've done this too.

Tagged and built as 6.7-9.fc7.
Comment 19 Patrice Dumas 2007-02-23 17:09:30 EST
A last comment on spec file, linked with
W: coreutils strange-permission coreutils-colorls.sh 0775
W: coreutils strange-permission coreutils-colorls.csh 0775

you should consider removing the exec perms from those files
in the srpm.

The other rpmlint comments seem good to me.



I have noticed that a test fails, on a fedora devel with a lot of things
installed:

make[4]: Entering directory
`/home/dumas/src/fc-cvs/coreutils/devel/coreutils-6.7/tests/mv'
....
XPASS: acl
....
==============================================================
1 of 36 tests did not behave as expected (1 unexpected passes)
(1 tests were not run)
Please report to bug-coreutils@gnu.org
==============================================================
Comment 20 Patrice Dumas 2007-02-24 08:21:34 EST
the source match upstream, but the timestamp is not the same.
Comment 21 Tim Waugh 2007-02-26 08:25:00 EST
> you should consider removing the exec perms from those files
> in the srpm.

I don't seem to have any control over this.  I tried removing those files from
CVS and then adding them back in with fixed permissions, but it didn't work.

> XPASS: acl

This is fine; we patch in ACL support.  When ACL support isn't present the test
is skipped anyway so I think this is something that should be fixed upstream.

> the source match upstream, but the timestamp is not the same.

Next time I update I'll try to remember to use curl -OR.
Comment 22 Patrice Dumas 2007-02-26 08:34:29 EST
(In reply to comment #21)
> > you should consider removing the exec perms from those files
> > in the srpm.
> 
> I don't seem to have any control over this.  I tried removing those files from
> CVS and then adding them back in with fixed permissions, but it didn't work.

Ok. Maybe you'll be able to do that after the merge? In any case it
is not a big deal.

> > XPASS: acl
> 
> This is fine; we patch in ACL support.  When ACL support isn't present the test
> is skipped anyway so I think this is something that should be fixed upstream.

Maybe, but this stops the build... Maybe I am wrong and this is not this
test that stops the build?

> Next time I update I'll try to remember to use curl -OR.

Right.
Comment 23 Tim Waugh 2007-02-26 09:03:12 EST
Oh, didn't realise it was stopping the build.  I'll investigate further.
Comment 24 Tim Waugh 2007-02-27 12:46:28 EST
Okay, this has already been fixed in 6.8 which I hope to include in Fedora 7. 
Is that sufficient, or do you need to see the backport (or a coreutils-6.8
package..)?
Comment 25 Patrice Dumas 2007-02-27 13:21:54 EST
(In reply to comment #24)
> Okay, this has already been fixed in 6.8 which I hope to include in Fedora 7. 
> Is that sufficient, or do you need to see the backport (or a coreutils-6.8
> package..)?

Do as you like. In case you keep things as is, please comment out
the %check with a comment stating that it should be fixed in 6.8.
Comment 26 Patrice Dumas 2007-03-03 04:58:24 EST
coreutils-6.7.tar.bz2.sig should certainly be changed.

It seems to me that the install-info call with * is unsafe
because (from the info page) install-info only takes one file.
So if a file is split it will fail. For the delete of legacy 
sh-utils textutils fileutils it is fine since I guess we can
assume that there is only one file. For the other scriptlets
I think it would be safer without * (install-info should be
able to figure out if the files are compressed).

new rpmlint warning (ignorable in my opinion):
W: coreutils no-version-in-last-changelog
Comment 27 Tim Waugh 2007-03-09 04:39:44 EST
Fixed in CVS.  Will update signature and build when 6.9 is available, and will
also add a comment here when that is done.
Comment 28 Patrice Dumas 2007-08-28 08:58:54 EDT
Seems to me that everything is right (except the license tag
which is still the old GPL one), this is not a blocker for 
me.

I reassign to me and set feodra review to +, Michael or Kevin
you can reassign to you if you want to, I didn't do most of the 
review.
Comment 29 Patrice Dumas 2007-10-04 04:12:43 EDT
Shouldn't this bug be closed?

Note You need to log in before you can comment on or make changes to this bug.