Spec URL: https://pagure.io/vectorscan_rpm/raw/master/f/vectorscan.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/jlinton/vectorscan/srpm-builds/07005436/vectorscan-5.4.11-4.src.rpm Description: A fork of Intel's Hyperscan, modified to run on more platforms. Hyperscan is a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library, but is a standalone library with its own C API. Hyperscan uses hybrid automata techniques to allow simultaneous matching of large numbers (up to tens of thousands) of regular expressions and for the matching of regular expressions across streams of data. Hyperscan is typically used in a DPI library stack. Fedora Account System Username: jlinton
As noted in the description this is a hyperscan fork, of which there is already an x86_64 package. This package is building an x86 version as well as an aarch64 and ppc64 (and there exists AFAIK some riscv work too), but only the aarch64 and ppc64 versions "Provide" hyperscan. In the future, it may be useful to replace hyperscan with this package due to intel license/etc with upstream hyperscan. Hyperscan, for those who don't know is used in a number of places for intrusion detection/deep packet scanning applications, but given its perf characteristics is probably useful for general PCRE applications that need higher perf that provided by other regex libraries.
Copr build: https://copr.fedorainfracloud.org/coprs/build/7005490 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2263601-vectorscan/fedora-rawhide-x86_64/07005490-vectorscan/fedora-review/review.txt Found issues: - pcre-devel is deprecated, you must not depend on it. Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/ - Not a valid SPDX expression 'BSD'. It seems that you are using the old Fedora license abbreviations. Try `license-fedora2spdx' for converting it to SPDX. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://pagure.io/vectorscan_rpm/raw/master/f/vectorscan.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/jlinton/vectorscan/srpm-builds/07010537/vectorscan-5.4.11-5.src.rpm Fixed above issues.
Created attachment 2016551 [details] The .spec file difference from Copr build 7005490 to 7010719
Copr build: https://copr.fedorainfracloud.org/coprs/build/7010719 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2263601-vectorscan/fedora-rawhide-x86_64/07010719-vectorscan/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [-]: Provides: bundled(gnulib) in place as required. Note: Sources not installed [x]: Package does not contain kernel modules. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [ ]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "BSD 3-Clause License", "BSD 2-Clause License and/or BSD 3-Clause License", "Boost Software License 1.0". 124 files have unknown license. Detailed output of licensecheck in /home/fedora/2263601-vectorscan/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [!]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [!]: Package requires other packages for directories it uses. Note: No known owner of /usr/lib64/pkgconfig, /usr/share/doc/vectorscan/examples [!]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/doc/vectorscan/examples [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [!]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [ ]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 76901 bytes in 5 files. [ ]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in vectorscan-devel [ ]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [ ]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [ ]: Packages should try to preserve timestamps of original installed files. [!]: Spec use %global instead of %define unless justified. Note: %define requiring justification: %define _lto_cflags %{nil} [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: The placement of pkgconfig(.pc) files are correct. [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: vectorscan-5.4.11-5.fc40.x86_64.rpm vectorscan-devel-5.4.11-5.fc40.x86_64.rpm vectorscan-debuginfo-5.4.11-5.fc40.x86_64.rpm vectorscan-debugsource-5.4.11-5.fc40.x86_64.rpm vectorscan-5.4.11-5.fc40.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpeaivncln')] checks: 32, packages: 5 vectorscan.src: E: spelling-error ('hyperscan', 'Summary(en_US) hyperscan -> hyper scan, hyper-scan, hyperspace') vectorscan.src: E: spelling-error ('pcre', 'Summary(en_US) pcre -> pare, acre, pore') vectorscan.src: E: spelling-error ('libpcre', '%description -l en_US libpcre -> libretto') vectorscan.src: E: spelling-error ('automata', '%description -l en_US automata -> automate, automaton, automatic') vectorscan.x86_64: E: spelling-error ('hyperscan', 'Summary(en_US) hyperscan -> hyper scan, hyper-scan, hyperspace') vectorscan.x86_64: E: spelling-error ('pcre', 'Summary(en_US) pcre -> pare, acre, pore') vectorscan.x86_64: E: spelling-error ('libpcre', '%description -l en_US libpcre -> libretto') vectorscan.x86_64: E: spelling-error ('automata', '%description -l en_US automata -> automate, automaton, automatic') vectorscan.x86_64: W: incoherent-version-in-changelog 5.4.11-4 ['5.4.11-5.fc40', '5.4.11-5'] 5 packages and 0 specfiles checked; 8 errors, 1 warnings, 42 filtered, 8 badness; has taken 4.2 s Rpmlint (debuginfo) ------------------- Checking: vectorscan-debuginfo-5.4.11-5.fc40.x86_64.rpm ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpdb53arw8')] checks: 32, packages: 1 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 12 filtered, 0 badness; has taken 9.9 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 4 vectorscan.x86_64: E: spelling-error ('hyperscan', 'Summary(en_US) hyperscan -> hyper scan, hyper-scan, hyperspace') vectorscan.x86_64: E: spelling-error ('pcre', 'Summary(en_US) pcre -> pare, acre, pore') vectorscan.x86_64: E: spelling-error ('libpcre', '%description -l en_US libpcre -> libretto') vectorscan.x86_64: E: spelling-error ('automata', '%description -l en_US automata -> automate, automaton, automatic') vectorscan.x86_64: W: incoherent-version-in-changelog 5.4.11-4 ['5.4.11-5.fc40', '5.4.11-5'] 4 packages and 0 specfiles checked; 4 errors, 1 warnings, 39 filtered, 4 badness; has taken 5.7 s Source checksums ---------------- https://github.com/VectorCamp/vectorscan/archive/d29730e1cb9daaa66bda63426cdce83505d2c809.tar.gz : CHECKSUM(SHA256) this package : 0dbee953c3e6be732b8075e328a77b86049985b98af3b51923dbc03b34d950f5 CHECKSUM(SHA256) upstream package : 0dbee953c3e6be732b8075e328a77b86049985b98af3b51923dbc03b34d950f5 Requires -------- vectorscan (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libm.so.6()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.5)(64bit) libstdc++.so.6(CXXABI_1.3.8)(64bit) libstdc++.so.6(CXXABI_1.3.9)(64bit) rtld(GNU_HASH) vectorscan-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config libhs.so.5()(64bit) libhs_runtime.so.5()(64bit) vectorscan(x86-64) vectorscan-debuginfo (rpmlib, GLIBC filtered): vectorscan-debugsource (rpmlib, GLIBC filtered): Provides -------- vectorscan: libhs.so.5()(64bit) libhs_runtime.so.5()(64bit) vectorscan vectorscan(x86-64) vectorscan-devel: pkgconfig(libhs) vectorscan-devel vectorscan-devel(x86-64) vectorscan-debuginfo: debuginfo(build-id) libhs.so.5.4.11-5.4.11-5.fc40.x86_64.debug()(64bit) libhs_runtime.so.5.4.11-5.4.11-5.fc40.x86_64.debug()(64bit) vectorscan-debuginfo vectorscan-debuginfo(x86-64) vectorscan-debugsource: vectorscan-debugsource vectorscan-debugsource(x86-64) Diff spec file in url and in SRPM --------------------------------- --- /home/fedora/2263601-vectorscan/srpm/vectorscan.spec 2024-02-14 07:11:37.825899312 +0000 +++ /home/fedora/2263601-vectorscan/srpm-unpacked/vectorscan.spec 2024-02-09 00:00:00.000000000 +0000 @@ -103,7 +103,4 @@ #------------------------------------------------------------------------------ %changelog -* Mon Feb 12 2024 Jeremy Linton <jeremy.linton> - 5.4.11-5 -- Fix fedora review issues - * Fri Feb 9 2024 Jeremy Linton <jeremy.linton> - 5.4.11-4 - Make fedpkg lint happy Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2263601 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, C/C++, Generic Disabled plugins: Haskell, Python, Ocaml, PHP, SugarActivity, fonts, R, Java, Perl Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH Comments: a) May need to own: /usr/share/doc/vectorscan/examples b) A rough license breakdown in the spec file would be helpful c) Perhaps use: %global _lto_cflags %{nil} d) The hyperscan package also provides libhs.so and libhs_runtime.so maybe these should be two conflicting modules: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_conflicts e) To own all directories, consider adding: %dir %{_defaultdocdir}/%{name} %dir %{_defaultdocdir}/%{name}/examples to the spec file f) The documentation can probably be built. Add python3dist(sphinx) and doxygen to build requires. Modify the CMakeLists.txt and conf.py.in files to generate man pages rather than html. g) Seems not to build on s390x: https://koji.fedoraproject.org/koji/taskinfo?taskID=113491248
Hi, Thanks for the very detailed review! FYI: I have opened an upstream PR to fix the make file and tweak the resulting documentation. https://github.com/VectorCamp/vectorscan/pull/231 Per #d, I think the longer term place is probably to replace hyperscan, but not for a release at least. So I wasn't really sure what to do with conflict/obsolete/etc. I forgot about excludearching it because its been building as copr for so long (and some of this is the result of copy/pasting the hyperscan.spec a couple years back and forgetting about it, not bothering to go do a full review again). There is a BZ opened for that. Anyway, I have a another version, but lets see what upstream thinks about the PR before I check in a squashed commit/etc.
Check with maintainer for hyperscan on whether to obsolete or have them as separate modules.
Ok so, all the above are largely done, although this version is carrying a patch I'm not sure should be carried downstream since its modifying stuff that NEEDS to be upstream. For now x86 is just conflicting, rather than replacing hyperscan because in theory someone might want to install the latest binary from intel. Spec URL: https://pagure.io/vectorscan_rpm/raw/master/f/vectorscan.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/jlinton/vectorscan/srpm-builds/07062668/vectorscan-5.4.11-6.src.rpm
Put another way, its probably best to remove the doc/man page patch and the man page itself, until the copyright "all rights reserved" issues are cleared up.
Created attachment 2019064 [details] The .spec file difference from Copr build 7010719 to 7062828
Copr build: https://copr.fedorainfracloud.org/coprs/build/7062828 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2263601-vectorscan/fedora-rawhide-x86_64/07062828-vectorscan/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
WRT to obsoleting or having modules, I am not sure what the current best practice is, according to the docs I could find it seems like environment modules are the route to go though I am open to ideas since I haven't run into this before. https://docs.fedoraproject.org/en-US/packaging-guidelines/#_conflicts https://docs.fedoraproject.org/en-US/packaging-guidelines/Conflicts/ https://docs.fedoraproject.org/en-US/packaging-guidelines/EnvironmentModules/
Modules are used for MPI. See: https://src.fedoraproject.org/rpms/mpich/blob/rawhide/f/mpich.spec https://src.fedoraproject.org/rpms/openmpi/blob/rawhide/f/openmpi.spec
So, AFAIK modules are sorta on life support. But maybe at this point we can just depreciate hyperscan since that is probably the long term solution anyway due to the license change. Upstream has merged the general man/doc changes, so I feel comfortable carrying that as a patch until they cut another release.
If hyperscan will be maintained in Fedora, then modules seem the way to go, if not then obsoleting seems fine. Would need to check that vectorscan will be a drop in replacement for anything that depends on hyperscan that is packaged for Fedora.
I am fine with dropping hyperscan if trying to maintain both is too cumbersome. As Benson mentioned, we would just want to confirm that vectorscan works in fact as a drop in for the packages that require hyperscan but I am not entirely sure how to do that before I retire hyperscan.
So, now that F40 is done, I think its time to make this move. I've replaced the conflicts in the .spec with Obsoletes, and validated that both the existing rawhide suricata appears to work with the libhs from vectorscan as well as replaced the hyperscan-devel in the suricata.spec file with vectorscan-devel and built it with all the unit tests/checks and everything appears to be working. So AFAIK, we should be able to merge this and drop hyperscan and everything should continue to be happy.
Also, Jason, its probably easier if you are just added as a co-maintainer of vectorscan rather than trying to continue maintaining hyperscan.
I agree, good a time as any to move this forward. I will see what the package retirement/notification process is so I make sure everyone is notified that needs to be. Sounds good, more than happy to help with maintenance on vectorscan.
Here is the version with the obsolete's. I didn't bother to bump the build number for it, lets see if the bot will recheck it: Spec URL: https://pagure.io/vectorscan_rpm/raw/master/f/vectorscan.spec SRPM URL:https://download.copr.fedorainfracloud.org/results/jlinton/vectorscan/srpm-builds/07394773/vectorscan-5.4.11-6.src.rpm
Created attachment 2030674 [details] The .spec file difference from Copr build 7062828 to 7396499
Copr build: https://copr.fedorainfracloud.org/coprs/build/7396499 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2263601-vectorscan/fedora-rawhide-x86_64/07396499-vectorscan/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Seems ok to me. No replies on mailing list: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/UZD4BLRMHPQY27IMYQZ76TXCBULHALFJ/?sort=date Approved.
The Pagure repository was created at https://src.fedoraproject.org/rpms/vectorscan