Spec URL: https://peter.fedorapeople.org/packages/solidity.spec SRPM URL: https://peter.fedorapeople.org/packages/solidity-0.8.26-1.fc40.src.rpm Description: Solidity is an object-oriented, high-level language for implementing smart contracts. Smart contracts are programs which govern the behaviour of accounts within the Ethereum state. Fedora Account System Username: peter This package is intended only for Fedora 40 and later. It's very demanding about fmt versions and Fedora 39 and older have a slightly old fmt version which I am not going to fix since F39 is few months from being EOLed. Koji scratch builf for Rawhide (fmt ver .11.0.2) * https://koji.fedoraproject.org/koji/taskinfo?taskID=121860519 Koji scratch builf for F-40 (fmt ver. 10.2.1) * https://koji.fedoraproject.org/koji/taskinfo?taskID=121858108
I will take this review. If you aren't sick of GAP packages, would you mind doing one more? Bug 2277899 needs a review. As the maintainer of the cvc5 and z3 packages, I'm interested to see a package that uses both!
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= - Regarding the license, libstdlib/src/stub.sol has an Apache-2.0 comment at the top. Are the contents of libstdlib included in the binary rpm? - The declared license is GPL-3.0-only, but most source files contain the "any later version" language, for example: - liblangutil/Common.h - libsolc/libsolc.h - solc/main.cpp - Some source files are derived from V8 and carry a BSD-3-Clause declaration, in addition to the GPL-3.0-or-later declaration: - liblangutil/CharStream.{cpp,h} - liblangutil/Scanner.{cpp,h} - liblangutil/Token.{cpp,h} - Also, libsolutil/picosha2.h has an MIT declaration - Not necessarily an issue, but I want to make sure you know that upstream overrides the Fedora choice of -O2, adding -O3 to the build flags - I don't know how seriously we take the "American English" thing, but I will note that "behaviour" in %description is the British English spelling. We lazy Americans drop the "u": "behavior". (See the spelling-error rpmlint warning below.) - Is there any hope of doing something useful in %check; e.g., run the binary with some simple input just to verify that it doesn't crash? - Please consider generating man pages with help2man (see the no-manual-page-for-binary warning below) ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* MIT License", "GNU General Public License v3.0 or later", "*No copyright* GNU General Public License, Version 3", "MIT License", "*No copyright* GNU General Public License v3.0 or later", "BSD 3-Clause License and/or GNU General Public License v3.0 or later", "*No copyright* GNU General Public License v3.0 or later [generated file]", "GNU General Public License, Version 3 and/or MIT License", "*No copyright* Apache License 2.0", "GNU General Public License v3.0 or later and/or MIT License", "Apache License 2.0", "*No copyright* Boost Software License 1.0", "*No copyright* GNU General Public License, Version 2", "GNU General Public License, Version 3", "*No copyright* Creative Commons CC0 1.0", "*No copyright* GNU General Public License, Version 3 and/or MIT License", "*No copyright* Do What The Fuck You Want To Public License, Version 2". 9147 files have unknown license. Detailed output of licensecheck in /home/jamesjer/2304209-solidity/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 6814 bytes in 2 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- ================================================ rpmlint session starts ================================================ rpmlint: 2.5.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 solidity.x86_64: E: spelling-error ('behaviour', '%description -l en_US behaviour -> behavior') solidity.x86_64: W: no-manual-page-for-binary solc solidity.x86_64: W: no-manual-page-for-binary yul-phaser =========== 1 packages and 0 specfiles checked; 1 errors, 2 warnings, 3 filtered, 1 badness; has taken 0.1 s =========== Source checksums ---------------- https://github.com/ethereum/solidity/archive/v0.8.26/solidity-0.8.26.tar.gz : CHECKSUM(SHA256) this package : 5ffa31a4eae8770962e9f2941dd83578f033005109db2ffbba1ce7e10392fafc CHECKSUM(SHA256) upstream package : 5ffa31a4eae8770962e9f2941dd83578f033005109db2ffbba1ce7e10392fafc Requires -------- solidity (rpmlib, GLIBC filtered): cvc5 libboost_filesystem.so.1.83.0()(64bit) libboost_program_options.so.1.83.0()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libm.so.6()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.13)(64bit) libstdc++.so.6(CXXABI_1.3.15)(64bit) libstdc++.so.6(CXXABI_1.3.3)(64bit) libstdc++.so.6(CXXABI_1.3.5)(64bit) libstdc++.so.6(CXXABI_1.3.9)(64bit) libz3.so.4.13()(64bit) rtld(GNU_HASH) solidity-debuginfo (rpmlib, GLIBC filtered): solidity-debugsource (rpmlib, GLIBC filtered): Provides -------- solidity: solidity solidity(x86-64) solidity-debuginfo: debuginfo(build-id) solidity-debuginfo solidity-debuginfo(x86-64) solidity-debugsource: solidity-debugsource solidity-debugsource(x86-64) Diff spec file in url and in SRPM --------------------------------- --- /home/jamesjer/2304209-solidity/srpm/solidity.spec 2024-08-16 14:30:33.811171381 -0600 +++ /home/jamesjer/2304209-solidity/srpm-unpacked/solidity.spec 2024-08-11 18:00:00.000000000 -0600 @@ -1,3 +1,5 @@ +# Git hash of a tagged commit %global git_hash 8a97fa7a1db1ec509221ead6fea6802c684ee887 +#%%undefine _package_note_file Summary: Object-oriented, high-level language for implementing smart contracts Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2304209 -m fedora-rawhide-x86_64 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, C/C++, Generic Disabled plugins: PHP, Java, SugarActivity, Haskell, Python, Perl, Ocaml, fonts, Ruby, R Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
(In reply to Jerry James from comment #2) > Package Review > ============== Thank you! > Issues: > ======= > - Regarding the license, libstdlib/src/stub.sol has an Apache-2.0 comment at > the top. Are the contents of libstdlib included in the binary rpm? > > - The declared license is GPL-3.0-only, but most source files contain the > "any later version" language, for example: > - liblangutil/Common.h > - libsolc/libsolc.h > - solc/main.cpp I've started discussing licensing tags and terms with upstream (https://github.com/ethereum/solidity/issues/15353). Meanwhile I've changed License tag to "GPL-3.0-or-later and MIT". > - Some source files are derived from V8 and carry a BSD-3-Clause declaration, > in addition to the GPL-3.0-or-later declaration: > - liblangutil/CharStream.{cpp,h} > - liblangutil/Scanner.{cpp,h} > - liblangutil/Token.{cpp,h} These ones looks like relicensed to GPL-3.0-or-later. > - Also, libsolutil/picosha2.h has an MIT declaration Yes, I've added MIT to the license field. > - Not necessarily an issue, but I want to make sure you know that upstream > overrides the Fedora choice of -O2, adding -O3 to the build flags Fixed it. Will discuss it with upstream later. > - I don't know how seriously we take the "American English" thing, but I will > note that "behaviour" in %description is the British English spelling. We > lazy Americans drop the "u": "behavior". (See the spelling-error rpmlint > warning below.) Done. > - Is there any hope of doing something useful in %check; e.g., run the binary > with some simple input just to verify that it doesn't crash? Unfortunately not now. > - Please consider generating man pages with help2man (see the > no-manual-page-for-binary warning below) Done. The same links: Spec URL: https://peter.fedorapeople.org/packages/solidity.spec SRPM URL: https://peter.fedorapeople.org/packages/solidity-0.8.26-1.fc40.src.rpm Koji scratch build for Rawhide: * https://koji.fedoraproject.org/koji/taskinfo?taskID=122281998
(In reply to Peter Lemenkov from comment #3) > (In reply to Jerry James from comment #2) > > - Is there any hope of doing something useful in %check; e.g., run the binary > > with some simple input just to verify that it doesn't crash? > > Unfortunately not now. Ohh, sorry - pressed enter too fast. Right now I really don't know hpow to hook up a test-suite properly. I'll discuss it with upstream.
Copr build: https://copr.fedorainfracloud.org/coprs/build/7932594 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2304209-solidity/fedora-rawhide-x86_64/07932594-solidity/fedora-review/review.txt Found issues: - License file license.h is not marked as %license Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Okay, that looks good. This package is APPROVED.
(In reply to Jerry James from comment #6) > Okay, that looks good. This package is APPROVED. Thank you!
The Pagure repository was created at https://src.fedoraproject.org/rpms/solidity
FEDORA-2024-2f084672aa (solidity-0.8.26-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-2f084672aa
FEDORA-2024-2f084672aa has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-2f084672aa \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-2f084672aa See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-2f084672aa (solidity-0.8.26-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.