Spec URL: https://pagure.io/perl-File-XDG/raw/main/f/perl-File-XDG.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/mavit/perlimports/fedora-rawhide-x86_64/07334170-perl-File-XDG/perl-File-XDG-1.02-1.fc41.src.rpm Description: Basic implementation of the XDG base directory specification Fedora Account System Username: mavit
Cannot find any valid SRPM URL for this ticket. Common causes are: - You didn't specify `SRPM URL: ...` in the ticket description or any of your comments - The URL schema isn't HTTP or HTTPS - The SRPM package linked in your URL doesn't match the package name specified in the ticket summary --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
SRPM URL: https://download.copr.fedorainfracloud.org/results/mavit/perlimports/fedora-rawhide-x86_64/07396226-perl-File-XDG/perl-File-XDG-1.02-1.fc41.src.rpm
In the SPEC, the license should be GPL-1.0-or-later OR Artistic 2.0 Please supply a new SPEC and SRPM.
https://metacpan.org/release/PLICEASE/File-XDG-1.02/source/LICENSE#L273 says Artistic License 1.0. Have you seen version 2.0 specified somewhere else?
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ only mentions Artistic-2.0.
The allowed licences list also contains GPL-1.0-or-later. Hence, this content is allowed in Fedora, since we can choose which licence we use.
When built, the %changelog contains bogus information. * Wed Aug 28 2024 John Doe <packager> - 1.02-1.fc39 - local build SPRM URL gives 404.
It's normal that %autochangelog will yield a useless changelog for local builds, since they have no access to the Git history. SRPM URL: https://download.copr.fedorainfracloud.org/results/mavit/perlimports/fedora-rawhide-x86_64/07705864-perl-File-XDG/perl-File-XDG-1.02-1.fc41.src.rpm
Copr build: https://copr.fedorainfracloud.org/coprs/build/7951005 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2276411-perl-file-xdg/fedora-rawhide-x86_64/07951005-perl-File-XDG/fedora-review/review.txt Found issues: - Not a valid SPDX expression 'GPL-1.0-or-later OR Artistic-1.0'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
I have raised https://pagure.io/copr/license-validate/issue/38 regarding the complaint about the licence.
The license is https://spdx.org/licenses/Artistic-1.0-Perl, which is allowed in compound form GPL-1.0-or-later OR Artistic-1.0-Perl
(In reply to Miroslav Suchý from comment #11) > The license is https://spdx.org/licenses/Artistic-1.0-Perl, Except, if you look at the LICENSE file included with File::XDG (https://metacpan.org/release/PLICEASE/File-XDG-1.02/source/LICENSE), it's not, it's https://spdx.org/licenses/Artistic-1.0. I've raised this upstream at https://github.com/uperl/File-XDG/issues/28.
Right. That makes this package not-allowed in Fedora. You can work with upstream (IMHO easier way) to change the license. Or open issue at https://gitlab.com/fedora/legal/fedora-license-data/-/issues Here is the original review of Artistic https://gitlab.com/fedora/legal/fedora-license-data/-/issues/254
If the LICENSE reads "GPL 1 or later" or "Artistic License" would it be okay to use "License: GPL-1.0-or-later"?
Also, the licence for package perl itself is "GPL-1.0-or-later OR Artistic-1.0-Perl".
$ license-validate -v "GPL-1.0-or-later OR Artistic-1.0-Perl" Approved license
It turns out that the LICENSE file is automatically generated each time upstream does a release, and there was a bug in the generator. In light of https://github.com/Perl-Toolchain-Gang/Software-License/issues/32#issuecomment-1554456899, I have updated `License:` in the .spec to `GPL-1.0-or-later OR Artistic-1.0-Perl`. I'm not sure if we also want to wait for upstream to do a release, to catch up; it seems a bit academic, given that it's the GPL-1.0-or-later part we're relying on. SRPM URL: https://download.copr.fedorainfracloud.org/results/mavit/perlimports/fedora-rawhide-x86_64/07952572-perl-File-XDG/perl-File-XDG-1.02-1.fc42.src.rpm
Created attachment 2045033 [details] The .spec file difference from Copr build 7951005 to 7953281
Copr build: https://copr.fedorainfracloud.org/coprs/build/7953281 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2276411-perl-file-xdg/fedora-rawhide-x86_64/07953281-perl-File-XDG/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Ok with me. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== Generic: [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. Note: Using prebuilt packages [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "GNU General Public License, Version 1 and/or The Perl 5 License". 23 files have unknown license. Detailed output of licensecheck in /var/lib/copr-rpmbuild/results/perl-File- XDG/licensecheck.txt [-]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 11223 bytes in 2 files. [x]: Package complies to the Packaging Guidelines [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Perl: [x]: Package contains the mandatory BuildRequires and Requires:. [x]: CPAN urls should be non-versioned. ===== SHOULD items ===== Generic: [x]: Reviewer should test that the package builds in mock. [ ]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. Rpmlint ------- Checking: perl-File-XDG-1.02-1.fc42.noarch.rpm perl-File-XDG-1.02-1.fc42.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpuactniqs')] checks: 32, packages: 2 2 packages and 0 specfiles checked; 0 errors, 0 warnings, 7 filtered, 0 badness; has taken 0.1 s Rpmlint (installed packages) ---------------------------- (none): E: there is no installed rpm "perl-File-XDG". There are no files to process nor additional arguments. Nothing to do, aborting. ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 0 packages and 0 specfiles checked; 0 errors, 0 warnings, 0 filtered, 0 badness; has taken 0.0 s Source checksums ---------------- https://cpan.metacpan.org/authors/id/P/PL/PLICEASE/File-XDG-1.02.tar.gz : CHECKSUM(SHA256) this package : 672d5aa2f828225a2ab3ee633fda846534a0d3b11b781f22a2ca5ddc2a0a8209 CHECKSUM(SHA256) upstream package : 672d5aa2f828225a2ab3ee633fda846534a0d3b11b781f22a2ca5ddc2a0a8209 Requires -------- perl-File-XDG (rpmlib, GLIBC filtered): perl(Carp) perl(Config) perl(Ref::Util) perl(if) perl(strict) perl(warnings) perl-libs Provides -------- perl-File-XDG: perl(File::XDG) perl-File-XDG Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/bin/fedora-review --no-colors --prebuilt --rpm-spec --name perl-File-XDG --mock-config /var/lib/copr-rpmbuild/results/configs/child.cfg Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Perl, Shell-api Disabled plugins: PHP, Haskell, Ocaml, SugarActivity, C/C++, fonts, Python, Java, R Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
The Pagure repository was created at https://src.fedoraproject.org/rpms/perl-File-XDG
Thanks for the review!
FEDORA-2024-129e520f72 (perl-File-XDG-1.03-3.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-129e520f72
FEDORA-2024-9b7c1dae7f (perl-File-XDG-1.03-3.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-9b7c1dae7f
FEDORA-2024-36f67ee46a (perl-File-XDG-1.03-3.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-36f67ee46a
FEDORA-2024-129e520f72 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-129e520f72 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-129e520f72 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-9b7c1dae7f has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-9b7c1dae7f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-9b7c1dae7f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-36f67ee46a has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-36f67ee46a \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-36f67ee46a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-129e520f72 (perl-File-XDG-1.03-3.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-9b7c1dae7f (perl-File-XDG-1.03-3.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-36f67ee46a (perl-File-XDG-1.03-3.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.