Spec URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-x86_64/07477861-vaultwarden-web/vaultwarden-web.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-x86_64/07477861-vaultwarden-web/vaultwarden-web-2024.5.0-1.fc41.src.rpm Description: Static web files for vaultwarden Fedora Account System Username: jonathanspw This package is rather simple, all it does is put static web files in /usr/share/vaultwarden-web. It is its own package because it has its own versioning that isn't tied to vaultwarden releases, so putting them together would create issues.
Copr build: https://copr.fedorainfracloud.org/coprs/build/7477997 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2282767-vaultwarden-web/fedora-rawhide-x86_64/07477997-vaultwarden-web/fedora-review/review.txt Found issues: - License file 395.eef1cb8a52613ac828e0.js.LICENSE.txt is not marked as %license Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text - Upstream MD5sum check error, diff is in /var/lib/copr-rpmbuild/results/vaultwarden-web/diff.txt Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-aarch64/07478055-vaultwarden-web/vaultwarden-web.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-aarch64/07478055-vaultwarden-web/vaultwarden-web-2024.5.0-1.fc41.src.rpm
Created attachment 2034697 [details] The .spec file difference from Copr build 7477997 to 7478061
Copr build: https://copr.fedorainfracloud.org/coprs/build/7478061 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2282767-vaultwarden-web/fedora-rawhide-x86_64/07478061-vaultwarden-web/fedora-review/review.txt Found issues: - License file vendor.5fbde6cbb10a6f680a29.js.LICENSE.txt is not marked as %license Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text - Not a valid SPDX expression 'GPL-3.0-only AND MIT AND BSD-3-Clause AND (MIT or GPL-3.0-only)'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-aarch64/07478356-vaultwarden-web/vaultwarden-web.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-aarch64/07478356-vaultwarden-web/vaultwarden-web-2024.5.0-1.fc41.src.rpm
Created attachment 2034700 [details] The .spec file difference from Copr build 7478061 to 7478364
Copr build: https://copr.fedorainfracloud.org/coprs/build/7478364 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2282767-vaultwarden-web/fedora-rawhide-x86_64/07478364-vaultwarden-web/fedora-review/review.txt Found issues: - Not a valid SPDX expression 'GPL-3.0-only AND MIT AND BSD-3-Clause AND (MIT or GPL-3.0-only)'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
As best I can find "GPL-3.0-only AND MIT AND BSD-3-Clause AND (MIT or GPL-3.0-only)" is indeed a valid SPDX expression. I'm not sure why fedora-review doesn't like it.
(In reply to Jonathan Wright from comment #8) > As best I can find "GPL-3.0-only AND MIT AND BSD-3-Clause AND (MIT or > GPL-3.0-only)" is indeed a valid SPDX expression. I'm not sure why > fedora-review doesn't like it. It's complaining because fedora-review has not been updated to support lowercase operands for SPDX expressions yet. They're allowed, the tooling it uses doesn't know that yet. And you have mixed case operands, which confuses things. That said, I personally prefer and recommend using lowercase operands consistently. Or if you prefer all-uppercase operands, do that instead.
You are also missing bundled() Provides and license commentary for bundled JS dependencies.
COPR build started with the "provides" for the static js libs. --- # these are all included static js libs Provides: bundled(npm(buffer)) = 6.0.3 Provides: bundled(npm(jszip)) = 3.10.1 Provides: bundled(npm(papaparse)) = 5.4.1 Provides: bundled(npm(lunr)) = 2.3.9 Provides: bundled(npm(bootstrap) = 4.6.0 Provides: bundled(npm(jquery)) = 3.7.1 Provides: bundled(npm(ieee754)) Provides: bundled(npm(popper.js)) = 1.16.1 Provides: bundled(npm(qrious)) = 4.0.2 --- Anything else?
I would probably pick on the fact the Summary doesn't describe the package very well. Other than that, I just need to see refreshed SPEC and SRPM to confirm everything's gravy.
Spec URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-x86_64/07501153-vaultwarden-web/vaultwarden-web.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/fedora-rawhide-x86_64/07501153-vaultwarden-web/vaultwarden-web-2024.5.0-1.fc41.src.rpm I'll work on the summary a bit.
Is there a way we can actually run the build process in the packaging? A cleaned set of source tarballs to construct the environment to build the stuff is generally expected here.
Yes...ish. I didn't do it for a few reasons. vaultwarden-web is a patched version of bitwarden's web client (all licensing is solid on it) but it yields to some custom and wacky build scripts to build the web sources. The dep tree is also about 1.5G worth of node_modules. Further, nodejs-packaging-bundler cannot build the tarball for it because of some wacky things that bitwarden does in package.json that would have to be patched on every release, then using their custom build scripts to generate the node_modules to grab. I'm not even sure if feeding that node_modules into the build would be enough or if there's more weird stuff RPM would run into trying to build. I intend to keep researching this path but right now it's an unncessary blocker for building the main vaultwarden API server/package. While this is not ideal, it's the only solution I see right now.
Okay, I guess we'll go with it then, please put a comment about it in the spec and note the TODO. Otherwise... * Package builds and installs * Package licensing is correctly handled and recorded * No serious issues from fedora-review or rpmlint PACKAGE APPROVED.
Please archive the full sources (vendor tarball too) in the SRPM even though you don't use it, that way we have them.
The Pagure repository was created at https://src.fedoraproject.org/rpms/vaultwarden-web
FEDORA-2024-551cd69025 (vaultwarden-web-2024.5.0-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-551cd69025
FEDORA-2024-551cd69025 (vaultwarden-web-2024.5.0-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2024-bb5be9e16e (vaultwarden-web-2024.6.2b-1.el10_0) has been submitted as an update to Fedora EPEL 10.0. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-bb5be9e16e
FEDORA-EPEL-2024-bb5be9e16e (vaultwarden-web-2024.6.2b-1.el10_0) has been pushed to the Fedora EPEL 10.0 stable repository. If problem still persists, please make note of it in this bug report.