Bug 2279967 - Review Request: openpace - Cryptographic library for EAC version 2
Summary: Review Request: openpace - Cryptographic library for EAC version 2
Keywords:
Status: POST
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL: https://frankmorgner.github.io/openpace/
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-05-10 08:54 UTC by Veronika Hanulíková
Modified: 2024-06-17 09:29 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:
jjelen: fedora-review+


Attachments (Terms of Use)
The .spec file difference from Copr build 7434535 to 7434587 (1.27 KB, patch)
2024-05-10 13:34 UTC, Fedora Review Service
no flags Details | Diff
The .spec file difference from Copr build 7434587 to 7553264 (2.11 KB, patch)
2024-06-07 10:05 UTC, Fedora Review Service
no flags Details | Diff
The .spec file difference from Copr build 7553264 to 7608631 (1.96 KB, patch)
2024-06-12 12:00 UTC, Fedora Review Service
no flags Details | Diff

Description Veronika Hanulíková 2024-05-10 08:54:20 UTC
Spec URL: https://download.copr.fedorainfracloud.org/results/vhanulik/openpace/fedora-rawhide-x86_64/07434261-openpace/openpace.spec
SRPM URL: https://download.copr.fedorainfracloud.org/results/vhanulik/openpace/fedora-rawhide-x86_64/07434261-openpace/openpace-1.1.3-0.fc41.src.rpm
Description: Cryptographic library for Extended Access Control (EAC) version 2
Fedora Account System Username: vhanulik

Comment 1 Fedora Review Service 2024-05-10 12:47:48 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/7434535
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2279967-openpace/fedora-rawhide-x86_64/07434535-openpace/fedora-review/review.txt

Found issues:

- openpace : /usr/include/eac/ca.h openpace : /usr/include/eac/cv_cert.h openpace : /usr/include/eac/eac.h openpace : /usr/include/eac/objects.h openpace : /usr/include/eac/pace.h openpace : /usr/include/eac/ri.h openpace : /usr/include/eac/ta.h 
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_devel_packages
- Unversioned so-files directly in %_libdir.
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_devel_packages
- Using both %{buildroot} and $RPM_BUILD_ROOT
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_macros

Please know that there can be false-positives.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 3 Fedora Review Service 2024-05-10 13:34:52 UTC
Created attachment 2032499 [details]
The .spec file difference from Copr build 7434535 to 7434587

Comment 4 Fedora Review Service 2024-05-10 13:34:54 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/7434587
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2279967-openpace/fedora-rawhide-x86_64/07434587-openpace/fedora-review/review.txt

Please take a look if any issues were found.


---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 5 Jakub Jelen 2024-05-31 14:42:47 UTC
 * The created directories should be specified in %files section such as %dir %{_sysconfdir}/eac/ or %dir %{_includedir}/eac/ (there are more if I see right)
 * Requires: %{name}-libs%{?_isa} = %{version}-%{release} the subpaackage -libs does not exist. I think this should be just the dependency on the main package
 * Package should not use obsolete m4 macros: https://fedorahosted.org/FedoraReview/wiki/AutoTools -- there is problematic use of AC_PROG_LIBTOOL -- would be worth investigating if this could be changed (upstream first)
 * openpace.x86_64: W: non-conffile-in-etc /etc/eac/cvc/DECVCAEPASS00102 -- files in  /etc should be %config
 * Why did not you package the documentation?  openpace-devel.x86_64: W: no-documentation

Comment 7 Veronika Hanulíková 2024-06-07 09:37:30 UTC
Thanks for review, the comments should be fixed. The reported m4 macro is kept there for some compatibility, as the AC_PROG_LIBTOOL is used only when LT_INIT is not defined.

Comment 8 Fedora Review Service 2024-06-07 10:05:15 UTC
Created attachment 2036695 [details]
The .spec file difference from Copr build 7434587 to 7553264

Comment 9 Fedora Review Service 2024-06-07 10:05:17 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/7553264
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2279967-openpace/fedora-rawhide-x86_64/07553264-openpace/fedora-review/review.txt

Please take a look if any issues were found.


---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 10 Jakub Jelen 2024-06-11 11:21:09 UTC
Just a few notes and then I think we are good:

Wording:
- Development files with include files to develop applications
+ Development files with header files to develop applications


Duplicated files: 

openpace-doc.noarch: E: files-duplicated-waste 237297
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-2.3.2/img/glyphicons-halflings-white.png /usr/share/doc/openpace/_static/bootstrap-2.3.2/img/glyphicons-halflings-white.png
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-2.3.2/img/glyphicons-halflings.png /usr/share/doc/openpace/_static/bootstrap-2.3.2/img/glyphicons-halflings.png
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.eot /usr/share/doc/openpace/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.eot
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.svg /usr/share/doc/openpace/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.svg
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.ttf /usr/share/doc/openpace/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.ttf
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.woff /usr/share/doc/openpace/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.woff
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.woff2 /usr/share/doc/openpace/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.woff2

The fonts are packaged in Fedora separately so I would remove them (both occurrences) from the -doc package and add them as a dependency on the following package

https://src.fedoraproject.org/rpms/glyphicons-halflings-fonts

according to the guidelines:

https://docs.fedoraproject.org/en-US/packaging-guidelines/FontsPolicy/


For the autotools I opened an issue here: https://pagure.io/FedoraReview/issue/520


Regarding the spelling error

openpace.x86_64: E: spelling-error ('Cryptographic', 'Summary(en_US) Cryptographic -> Cryptography, Cryptographer, Crystallographic')

I would propose to add this exception to the rpmlintrc, similarly as we have it for example here: https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh.rpmlintrc
It will avoid going over the same error over and over again when we belive it is correctly spelled.


Last, in files, there are quite wide wildcards such as %{_mandir}/man1/cvc* or %{_libdir}/pkgconfig/*.pc -- I think we should be more specific at least in these cases to make sure we dont match anything else we do not want and we can notice possible changes.

Comment 12 Veronika Hanulíková 2024-06-12 11:50:07 UTC
Comments fixed, but regarding the duplicated files, I've removed font directories but left the png duplicates as it looks like they're used by both bootswatch and bootstrap.

Comment 13 Fedora Review Service 2024-06-12 12:00:41 UTC
Created attachment 2037071 [details]
The .spec file difference from Copr build 7553264 to 7608631

Comment 14 Fedora Review Service 2024-06-12 12:00:44 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/7608631
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2279967-openpace/fedora-rawhide-x86_64/07608631-openpace/fedora-review/review.txt

Please take a look if any issues were found.


---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 15 Jakub Jelen 2024-06-17 08:22:42 UTC
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: If your application is a C or C++ application you must list a
     BuildRequires against gcc, gcc-c++ or clang.
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig not called in %post and %postun for Fedora 28 and later.
[x]: Package does not contain any libtool archives (.la)
[x]: Package contains no static executables.
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Unknown or generated", "FSF Unlimited License (with License
     Retention) and/or GNU General Public License v2.0 or later [generated
     file]", "GNU General Public License v2.0 or later [generated file]",
     "GNU General Public License v3.0 or later", "FSF Unlimited License
     [generated file]", "X11 License [generated file]", "GNU General Public
     License v2.0 or later", "GNU General Public License, Version 2", "FSF
     Unlimited License (with License Retention) and/or GNU General Public
     License, Version 2", "FSF Unlimited License (with License Retention)",
     "*No copyright* GNU General Public License", "*No copyright* GNU
     General Public License, Version 3", "MIT License", "Apache License
     2.0". 202 files have unknown license. Detailed output of licensecheck
     in /tmp/2279967-openpace/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.
[x]: The License field must be a valid SPDX expression.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 0 bytes in 0 files.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[-]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: gpgverify is not used.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[x]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: The placement of pkgconfig(.pc) files are correct.
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Package should not use obsolete m4 macros
     Note: Some obsoleted macros found, see the attachment.
     See: https://fedorahosted.org/FedoraReview/wiki/AutoTools
      -- just compatibility macro -- not used
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: openpace-1.1.3-0.fc41.x86_64.rpm
          openpace-devel-1.1.3-0.fc41.x86_64.rpm
          openpace-doc-1.1.3-0.fc41.noarch.rpm
          openpace-debuginfo-1.1.3-0.fc41.x86_64.rpm
          openpace-debugsource-1.1.3-0.fc41.x86_64.rpm
          openpace-1.1.3-0.fc41.src.rpm
=============================================== rpmlint session starts ===============================================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
rpmlintrc: [PosixPath('/tmp/tmpyb6a68nl')]
checks: 32, packages: 6

openpace.src: E: spelling-error ('Cryptographic', 'Summary(en_US) Cryptographic -> Cryptography, Cryptographer, Crystallographic')
openpace.x86_64: E: spelling-error ('Cryptographic', 'Summary(en_US) Cryptographic -> Cryptography, Cryptographer, Crystallographic')
openpace-devel.x86_64: W: no-documentation
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-2.3.2/img/glyphicons-halflings-white.png /usr/share/doc/openpace/_static/bootstrap-2.3.2/img/glyphicons-halflings-white.png
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-2.3.2/img/glyphicons-halflings.png /usr/share/doc/openpace/_static/bootstrap-2.3.2/img/glyphicons-halflings.png
========= 6 packages and 0 specfiles checked; 2 errors, 3 warnings, 48 filtered, 2 badness; has taken 1.6 s ==========




Rpmlint (debuginfo)
-------------------
Checking: openpace-debuginfo-1.1.3-0.fc41.x86_64.rpm
=============================================== rpmlint session starts ===============================================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
rpmlintrc: [PosixPath('/tmp/tmpy_o100kh')]
checks: 32, packages: 1

========= 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 14 filtered, 0 badness; has taken 0.4 s ==========





Rpmlint (installed packages)
----------------------------
============================ rpmlint session starts ============================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
checks: 32, packages: 5

openpace.x86_64: E: spelling-error ('Cryptographic', 'Summary(en_US) Cryptographic -> Cryptography, Cryptographer, Crystallographic')
openpace-devel.x86_64: W: no-documentation
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-2.3.2/img/glyphicons-halflings-white.png /usr/share/doc/openpace/_static/bootstrap-2.3.2/img/glyphicons-halflings-white.png
openpace-doc.noarch: W: files-duplicate /usr/share/doc/openpace/_static/bootswatch-2.3.2/img/glyphicons-halflings.png /usr/share/doc/openpace/_static/bootstrap-2.3.2/img/glyphicons-halflings.png
 5 packages and 0 specfiles checked; 1 errors, 3 warnings, 47 filtered, 1 badness; has taken 1.6 s 



Source checksums
----------------
https://github.com/frankmorgner/openpace/releases/download/1.1.3/openpace-1.1.3.tar.gz :
  CHECKSUM(SHA256) this package     : ef82a172d82e8300b91b4ec08df282292ac841f9233188e00554f56e97c2c089
  CHECKSUM(SHA256) upstream package : ef82a172d82e8300b91b4ec08df282292ac841f9233188e00554f56e97c2c089


Requires
--------
openpace (rpmlib, GLIBC filtered):
    config(openpace)
    libc.so.6()(64bit)
    libcrypto.so.3()(64bit)
    libcrypto.so.3(OPENSSL_3.0.0)(64bit)
    libeac.so.3()(64bit)
    rtld(GNU_HASH)

openpace-devel (rpmlib, GLIBC filtered):
    /usr/bin/pkg-config
    libeac.so.3()(64bit)
    openpace(x86-64)
    pkgconfig(libcrypto)

openpace-doc (rpmlib, GLIBC filtered):
    openpace(x86-64)

openpace-debuginfo (rpmlib, GLIBC filtered):

openpace-debugsource (rpmlib, GLIBC filtered):



Provides
--------
openpace:
    config(openpace)
    libeac.so.3()(64bit)
    openpace
    openpace(x86-64)

openpace-devel:
    openpace-devel
    openpace-devel(x86-64)
    pkgconfig(libeac)

openpace-doc:
    openpace-doc

openpace-debuginfo:
    debuginfo(build-id)
    libeac.so.3.1.0-1.1.3-0.fc41.x86_64.debug()(64bit)
    openpace-debuginfo
    openpace-debuginfo(x86-64)

openpace-debugsource:
    openpace-debugsource
    openpace-debugsource(x86-64)



AutoTools: Obsoleted m4s found
------------------------------
  AC_PROG_LIBTOOL found in:
  openpace-1.1.3-build/openpace-1.1.3/configure.ac:26


Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24
Command line :/usr/bin/fedora-review -b 2279967
Buildroot used: fedora-rawhide-x86_64
Active plugins: C/C++, Shell-api, Generic
Disabled plugins: Python, SugarActivity, Haskell, R, Ocaml, Perl, fonts, Java, PHP
Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH

Comment 16 Fedora Admin user for bugzilla script actions 2024-06-17 09:29:37 UTC
The Pagure repository was created at https://src.fedoraproject.org/rpms/openpace


Note You need to log in before you can comment on or make changes to this bug.