Spec URL: https://github.com/cornelisnetworks/opa-fm/blob/opa-fm-v10.12.1.0.6/opa-fm.fedora.spec SRPM URL: https://github.com/cornelisnetworks/opa-fm/releases/download/opa-fm-v10.12.1.0.6/opa-fm-10.12.1.0.6-2.fc40.src.rpm Description: opa-fm contains Cornelis Networks Omni-Path fabric management applications. This includes: the Subnet Manager, Baseboard Manager, Performance Manager, Fabric Executive, and some fabric management tools. Fedora Account System Username: ddalessandro
Hi Folks, I took the srpm from RHEL and incorporated the 3 patches that were sitting there. I touched up the spec file and pushed the branch. Functionally this is no different otherwise than the existing package in RHEL. We have a new release that should be posted soon and I'll update at that point, but we can start the approval process now I suppose.
Copr build: https://copr.fedorainfracloud.org/coprs/build/8106209 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2316327-opa-fm/fedora-rawhide-x86_64/08106209-opa-fm/fedora-review/review.txt Found issues: - Not a valid SPDX expression 'GPLv2 or BSD'. It seems that you are using the old Fedora license abbreviations. Try `license-fedora2spdx' for converting it to SPDX. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 - Upstream MD5sum check error, diff is in /var/lib/copr-rpmbuild/results/opa-fm/diff.txt Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ - opa-fm.fedora.spec should be opa-fm.spec Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_spec_file_naming Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Link to spec file should be something that can be downloaded using wget or similar tool. spec: https://raw.githubusercontent.com/cornelisnetworks/opa-fm/refs/tags/opa-fm-v10.12.1.0.6/opa-fm.fedora.spec srpm: https://github.com/cornelisnetworks/opa-fm/releases/download/opa-fm-v10.12.1.0.6/opa-fm-10.12.1.0.6-2.fc40.src.rpm
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Package does not contain duplicates in %files. Note: warning: File listed twice: /etc/opa-fm/opafm.xml See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_duplicate_files - The License field must be a valid SPDX expression. Note: Not a valid SPDX expression 'GPLv2 or BSD'. It seems that you are using the old Fedora license abbreviations. Try `license-fedora2spdx' for converting it to SPDX. See: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 - Sources used to build the package match the upstream source, as provided in the spec URL. Note: Upstream MD5sum check error, diff is in /home/benson/Projects/FedoraPackaging/reviews/opa-fm/2316327-opa- fm.fedora/diff.txt See: https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ - Spec file name must match the spec package %{name}, in the format %{name}.spec. Note: opa-fm.fedora.spec should be opa-fm.spec See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_spec_file_naming ===== MUST items ===== C/C++: [ ]: Provides: bundled(gnulib) in place as required. Note: Sources not installed [ ]: Package does not contain kernel modules. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [ ]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [ ]: License field in the package spec file matches the actual license. Note: There is no build directory. Running licensecheck on vanilla upstream sources. No licenses found. Please check the source files for licenses manually. [ ]: License file installed when any subpackage combination is installed. [ ]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [ ]: Package requires other packages for directories it uses. Note: No known owner of /usr/share/opa-fm, /usr/lib/opa-fm/bin, /usr/lib/opa-fm, /usr/lib/opa-fm/runtime [!]: Package must own all directories that it creates. Note: Directories without known owners: /usr/lib/opa-fm, /usr/lib/opa- fm/runtime, /usr/share/opa-fm, /usr/lib/opa-fm/bin [ ]: %build honors applicable compiler flags or justifies otherwise. [ ]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [ ]: Sources contain only permissible code or content. [x]: Package contains desktop file if it is a GUI application. [ ]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [ ]: Package consistently uses macros (instead of hard-coded directory names). [ ]: Package is named according to the Package Naming Guidelines. [ ]: Package does not generate any conflict. [!]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [ ]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [ ]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [ ]: Package is not known to require an ExcludeArch tag. [ ]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: systemd_post is invoked in %post, systemd_preun in %preun, and systemd_postun in %postun for Systemd service files. Note: Systemd service file(s) in opa-fm [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 2268 bytes in 1 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [ ]: Package functions as described. [x]: Latest version is packaged. [ ]: Package does not include license text files separate from upstream. [ ]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [ ]: %check is present and all tests pass. [ ]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Bad spec filename: /home/FedoraPackaging/reviews/opa-fm/2316327-opa-fm.fedora/srpm- unpacked/opa-fm.fedora.spec See: (this test has no URL) [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- Cannot parse rpmlint output: Source checksums ---------------- https://github.com/cornelisnetworks/opa-fm/archive/refs/tags/opa-fm-v10.12.1.0.6.tar.gz : CHECKSUM(SHA256) this package : 83876fd6a3050bca7386626f0872c4080035c52915f48bf0e307687160d405c7 CHECKSUM(SHA256) upstream package : e30badce0c2ca03b369533369ff21143adf785346844a8affe7355fb24c68b6c diff -r also reports differences Requires -------- opa-fm (rpmlib, GLIBC filtered): /bin/sh /usr/bin/bash /usr/bin/sh config(opa-fm) libc.so.6()(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libexpat.so.1()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libgomp.so.1()(64bit) libgomp.so.1(GOMP_4.0)(64bit) libgomp.so.1(OMP_1.0)(64bit) libhfi1 libibumad.so.3()(64bit) libibumad.so.3(IBUMAD_1.0)(64bit) libibverbs.so.1()(64bit) libibverbs.so.1(IBVERBS_1.0)(64bit) libibverbs.so.1(IBVERBS_1.1)(64bit) libssl.so.3()(64bit) libssl.so.3(OPENSSL_3.0.0)(64bit) libz.so.1()(64bit) libz.so.1(ZLIB_1.2.0)(64bit) rtld(GNU_HASH) opa-fm-debuginfo (rpmlib, GLIBC filtered): opa-fm-debugsource (rpmlib, GLIBC filtered): Provides -------- opa-fm: config(opa-fm) opa-fm opa-fm(x86-64) opa-fm-debuginfo: debuginfo(build-id) opa-fm-debuginfo opa-fm-debuginfo(x86-64) opa-fm-debugsource: opa-fm-debugsource opa-fm-debugsource(x86-64) Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2316327 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: PHP, fonts, Haskell, SugarActivity, R, Ocaml, Java, Perl, Python Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH Comments: a) You will need to get sponsored into the packager group: https://docs.fedoraproject.org/en-US/fesco/Packager_sponsor_policy/ It helps to do a few preliminary reviews of other packages. b) Libraries should be installed in lib64 on 64 bit architectures not in lib c) Please use updated SPDX tags,GPL-3.0-or-later, GPL-3.0-only, BSD-3-Clause see: https://docs.fedoraproject.org/en-US/legal/license-field/ https://docs.fedoraproject.org/en-US/legal/spdx/ d) The BSD-3-Clause license seems to have an extra paragraph. If this is an advice to end users without legal implications, then it should not be part of the license file. e) The spec file also indicates GPLv2 as a possible license. If this is the case, a license file should be added to the repository as well as information as to whether it is GPL-2.0-only or GPL-2.0-or-later in the README and on all source files.
I think I fixed the part about not owning all directories. Strange that this is flagged since this spec file comes from a RedHat package. However, any insight as to what: [!]: Package obeys FHS, except libexecdir and /usr/target. means? We add directories to /usr/lib, /usr/sbin/, /usr/share, and /etc. Then this one: [!]: Spec file according to URL is the same as in SRPM. Note: Bad spec filename: /home/FedoraPackaging/reviews/opa-fm/2316327-opa-fm.fedora/srpm- unpacked/opa-fm.fedora.spec See: (this test has no URL) So this is saying we should NOT include the spec file in the SRPM? That means I can't check it into git and have github generate the "release" tarball. Where do other packages store their spec files?
You can manage the spec file in a git repository, but the name should just be opa-fm.spec not opa-fm.fedora.spec, perhaps put in a subdirectory packaging>fedora>opa-fm.spec For unowned directories see: https://docs.fedoraproject.org/en-US/packaging-guidelines/UnownedDirectories/#_forgetting_to_include_a_toplevel_directory For /usr/share/opa-fm add %dir %{_datadir}/opa-fm For /usr/lib/opa-fm/bin /usr/lib/opa-fm /usr/lib/opa-fm/runtime These should likely be in /usr/lib64 You would then add %dir %{_libdir}/opa-fm %dir %{_libdir}/opa-fm/bin %dir %{_libdir}/opa-fm/runtime Globbing is also generally best avoided: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_explicit_lists
Yeah I fixed the unowned directories. It wasn't clear to me if the FHS error was related to that or not. Ah for the name of the spec file easy fix. Will post a new version.
Updates: SRPM: https://github.com/cornelisnetworks/opa-fm/releases/download/opa-fm-v10.12.1.0.6-2/opa-fm-10.12.1.0.6-3.fc40.src.rpm SPEC: https://raw.githubusercontent.com/cornelisnetworks/opa-fm/refs/tags/opa-fm-v10.12.1.0.6-2/Packaging/Fedora/opa-fm.spec
Copr build: https://copr.fedorainfracloud.org/coprs/build/8127067 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2316327-opa-fm/fedora-rawhide-x86_64/08127067-opa-fm/fedora-review/review.txt Found issues: - Not a valid SPDX expression 'GPLv2 or BSD'. It seems that you are using the old Fedora license abbreviations. Try `license-fedora2spdx' for converting it to SPDX. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 - Upstream MD5sum check error, diff is in /var/lib/copr-rpmbuild/results/opa-fm/diff.txt Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Please change License: GPLv2 or BSD to License: (GPL-2.0-or-Later AND BSD-3-Clause) OR (BSD-2-Clause AND BSD-3-Clause) or License: (GPL-2.0-only AND BSD-3-Clause) OR (BSD-2-Clause AND BSD-3-Clause) see https://docs.fedoraproject.org/en-US/legal/spdx/#_spdx_matching_guidelines https://github.com/cornelisnetworks/opa-fm/blob/master/IbAccess/Common/Public/iquickmap.c Check on original sources for iquickmap.c to determine if it is GPL-2.0-only or GPL-2.0-or-later The main license file seems to just be BSD-3-Clause, perhaps also add a brief explanation of which files are under which license. Intel Open Source License also seems to be used (please check if it is only for build files, or also for applies to code in shipped binaries): https://download.copr.fedorainfracloud.org/results/%40fedora-review/fedora-review-2316327-opa-fm/fedora-rawhide-x86_64/08127067-opa-fm/fedora-review/licensecheck.txt Ideally, each of the licenses would have a license file in the repository, in addition to each file having an indication which license it is under. Is it possible to For the files listing, you want something like %license LICENSE %doc README.md %dir %{_sysconfdir}/opa-fm %{_sysconfdir}/opa-fm/dgs %{_sysconfdir}/opa-fm/*.xml %{_sysconfdir}/opa-fm/vfs %dir %{_libdir}/opa-fm %dir %{_libdir}/opa-fm/bin %{_libdir}/opa-fm/bin/config_check %{_libdir}/opa-fm/bin/config_convert %{_libdir}/opa-fm/bin/config_diff %{_libdir}/opa-fm/bin/config_generate %{_libdir}/opa-fm/bin/fm_capture %{_libdir}/opa-fm/bin/fm_cmd %{_libdir}/opa-fm/bin/fm_cmdall %{_libdir}/opa-fm/bin/opafm %{_libdir}/opa-fm/bin/opafmconfigpp %{_libdir}/opa-fm/bin/opafmctrl %{_libdir}/opa-fm/bin/opafmd %{_libdir}/opa-fm/bin/opafmvf %{_libdir}/opa-fm/bin/opafmxmlextract %{_libdir}/opa-fm/bin/opafmxmlfilter %{_libdir}/opa-fm/bin/smpoolsize %dir %{_libdir}/opa-fm/runtime %{_libdir}/opa-fm/runtime/fe %{_libdir}/opa-fm/runtime/sm %dir %{_libdir}/opa-fm/systemd %dir %{_libdir}/opa-fm/systemd/system %{_libdir}/opa-fm/systemd/system/opafm.service %dir %{_libdir}/opa-fm/systemd/system/sbin %{_libdir}/opa-fm/systemd/system/sbinopafmcmd %{_libdir}/opa-fm/systemd/system/sbin/opafmcmdall %{_libdir}/opa-fm/systemd/system/sbin/opafmconfigpp %{_libdir}/opa-fm/systemd/system/sbin/opafmvf %dir %{_docdir}/opa-fm %{_mandir}/man8/opafmcmd.* %{_mandir}/man8/opafmcmdall.* %{_mandir}/man8/opafmconfigpp.* %dir %{_datadir}/opa-fm %{_datadir}/opa-fm/*.xml %dir %{_datadir}/opa-fm/samples %{_datadir}/opa-fm/samples/*.cnf-sample Binary files and libraries should be explicitly listed, though and configuration files can be globbed The install script hard copies using lib, and it would be better to use lib64 on 64bit architectures: https://github.com/cornelisnetworks/opa-fm/blob/master/Esm/fm_install.sh#L43 Created a pull request to fix this: https://github.com/cornelisnetworks/opa-fm/pull/33
Looks like the iquickmap.c file is ancient and I'm not finding any current project with it so we will need to go based off of the content in the file which just indicates GPLv2. Doesn't say "or later". So I will go with: License: (GPL-2.0-only AND BSD-3-Clause) OR (BSD-2-Clause AND BSD-3-Clause) The Intel open source thing is just on README files not on any of the code. I don't think we need to worry about that do we?
(In reply to Denny Dalessandro from comment #11) > Looks like the iquickmap.c file is ancient and I'm not finding any current > project with it so we will need to go based off of the content in the file > which just indicates GPLv2. Doesn't say "or later". > > So I will go with: > License: (GPL-2.0-only AND BSD-3-Clause) OR (BSD-2-Clause AND BSD-3-Clause) > Ok. > The Intel open source thing is just on README files not on any of the code. > I don't think we need to worry about that do we? May want to check with egal, it is not o nthe allowed list https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ The export restriction modifies it from BSD-3-Clause
(In reply to Benson Muite from comment #12) > > May want to check with egal, it is not o nthe > allowed list > https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ > > The export restriction modifies it from BSD-3-Clause I took the "EXPORT LAWS" clause to be separate from the BSD license. Hmm. Not sure what do make of that. I see you made this Bug block 182235, can we expect a response there? I'm not sure how this works. We inherited all of this stuff when we spun out from Intel and I'm assuming no one ever noticed because this stuff has been in distros for years.
(In reply to Denny Dalessandro from comment #13) > (In reply to Benson Muite from comment #12) > > > > May want to check with egal, it is not o nthe > > allowed list > > https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ > > > > The export restriction modifies it from BSD-3-Clause > > I took the "EXPORT LAWS" clause to be separate from the BSD license. Hmm. > Not sure what do make of that. I see you made this Bug block 182235, can we > expect a response there? I'm not sure how this works. We inherited all of > this stuff when we spun out from Intel and I'm assuming no one ever noticed > because this stuff has been in distros for years. Can check for Fedora and follow up with legal team, see: https://docs.fedoraproject.org/en-US/packaging-guidelines/what-can-be-packaged/#_legal_issues https://docs.fedoraproject.org/en-US/legal/ Perhaps check with Cornelis Networks and/or Intel legal teams. Can the "EXPORT LAWS" clause be removed? Some cryptography packages have similar warnings, but usually this is for importing entities to check on their local regulations.
I have already started the process of contacting legal to ask about modifying the README files. Is it just the READMEs that are the issue though? There is a section of "Unknown or generated" that don't have particular licenses attached.
The assumption is that the READMEs describe restrictions on the code. GPL licenses are usually put at the top of every file, this helps in tracking things, but usually one reads the license files and any other documentation.
Getting back to this finally. Here is an update. SRPM: https://github.com/cornelisnetworks/opa-fm/releases/download/v10.14.4.0.20-1/opa-fm-10.14.4.0.20-1.fc40.src.rpm SPEC: https://raw.githubusercontent.com/cornelisnetworks/opa-fm/refs/tags/v10.14.4.0.20-1/Packaging/Fedora/opa-fm.spec
Created attachment 2077848 [details] The .spec file difference from Copr build 8127067 to 8699982
Copr build: https://copr.fedorainfracloud.org/coprs/build/8699982 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2316327-opa-fm/fedora-rawhide-x86_64/08699982-opa-fm/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
(In reply to Denny Dalessandro from comment #13) > (In reply to Benson Muite from comment #12) > > > > May want to check with egal, it is not o nthe > > allowed list > > https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ > > > > The export restriction modifies it from BSD-3-Clause > > I took the "EXPORT LAWS" clause to be separate from the BSD license. Hmm. > Not sure what do make of that. I see you made this Bug block 182235, can we > expect a response there? I'm not sure how this works. We inherited all of > this stuff when we spun out from Intel and I'm assuming no one ever noticed > because this stuff has been in distros for years. Benson is correct that this is not `BSD-3-Clause` given the export language, which is part of the license. This if I'm not mistaken is the Intel Open Source License (SPDX `Intel`), an OSI-approved license that Intel used in the early 2000s but Intel deprecated it not long afterwards; I believe it may have been among the first examples of a deprecated OSI-approved license. I don't know about the history of this project, but if people at Intel were using this license as recently as 2015 that was probably an error on their part. It appears that `Intel` has never been reviewed for Fedora so an issue needs to be opened at fedora-license-data. https://docs.fedoraproject.org/en-US/legal/license-review-process/
I believe it's not an issue here I just deleted those files that have that blurb since we don't need it. I've also been told we can probably just change the license text since we own it as part of our spin out from Intel. The operative word there being "probably", we need to confirm. This is also now being handled by Paul Davis' team. I will have him set up a BZ account and get on Cc here.