Spec URL: https://gist.githubusercontent.com/xanderlent/45dc71b697bc10fb7b6fdc72b60f3f4a/raw/18ef6617fe2fa19fbe43886ec372ee493f1e58fb/python-safetensors.spec SRPM URL: https://gist.github.com/xanderlent/45dc71b697bc10fb7b6fdc72b60f3f4a/raw/18ef6617fe2fa19fbe43886ec372ee493f1e58fb/python-safetensors-0.5.2-1.fc41.src.rpm Description: This library implements a new simple format for storing tensors safely (as opposed to pickle) and that is still fast (zero-copy). Fedora Account System Username: xanderlent While the Rust core of the safetensors library is already packaged as rust-safetensors, this package adds the Python bindings which are a popular way to interface with the library, and are a common dependency for future AI/ML Python packages. This is my first package proposal for Fedora, and I will need to find a sponsor into the packagers group should the package be approved.
Copr build: https://copr.fedorainfracloud.org/coprs/build/8717732 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2349303-python-safetensors/fedora-rawhide-x86_64/08717732-python-safetensors/fedora-review/review.txt Found issues: - python3-pytest7 is deprecated, you must not depend on it. Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
This is a very good package, an impressive start on packaging. Could this be folded into the safetensors package ?
(In reply to Tom.Rix from comment #2) > This is a very good package, an impressive start on packaging. > Could this be folded into the safetensors package ? I mean the rust-safetensors package.
Thanks for asking about combining the packages. I think it's an interesting idea that might reduce issues with version mismatches, but the Rust SIG folks had recommended split packages for policy reasons. I put the question to the Rust SIG folks on matrix who had recommended the split approach, and they cite the Rust packaging guidelines on the subject: https://docs.fedoraproject.org/en-US/packaging-guidelines/Rust/#_package_sources Namely, their guidelines effectively require that all rust-somepackage packages come from the crates.io sources for somepackage, for consistency and ease of maintenance on the Rust side. Additionally, the argument was made that the Python bindings are not so tightly integrated: since they *can* be patched to depend on the Rust package instead of using bundled sources, they *must* be so patched, per the bundled sources packaging guidelines: https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling I think both of these arguments are reasonable in terms of maintainability, with the burden mostly falling on the maintainer (presumably myself) of python-safetensors to keep the version in sync, and the Rust folks continuing to maintain the rust-safetensors package with their procedures.
This is a review *template*. Besides handling the [ ]-marked tests you are also supposed to fix the template before pasting into bugzilla: - Add issues you find to the list of issues on top. If there isn't such a list, create one. - Add your own remarks to the template checks. - Add new lines marked [!] or [?] when you discover new things not listed by fedora-review. - Change or remove any text in the template which is plain wrong. In this case you could also file a bug against fedora-review - Remove the "[ ] Manual check required", you will not have any such lines in what you paste. - Remove attachments which you deem not really useful (the rpmlint ones are mandatory, though) - Remove this text Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Package must not depend on deprecated() packages. Note: python3-pytest7 is deprecated, you must not depend on it. See: https://docs.fedoraproject.org/en-US/packaging- guidelines/deprecating-packages/ ===== MUST items ===== C/C++: [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [ ]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "*No copyright* Apache License", "Unknown or generated", "*No copyright* Apache License 2.0". 44 files have unknown license. Detailed output of licensecheck in /sfs/fedora-review/review-python- safetensors/licensecheck.txt # Results of the Cargo License Check # # Apache-2.0 # Apache-2.0 OR BSL-1.0 # Apache-2.0 OR MIT # MIT # MIT OR Apache-2.0 # Unlicense OR MIT License: Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND MIT AND (MIT OR Apache-2.0) AND (Unlicense OR MIT) SourceLicense: Apache-2.0 # The PyPI package lives at https://pypi.org/project/safetensors/ # But the GitHub URL encompasses the entire project including the separately-packaged Rust crate Why isn't this just ? License: Apache-2.0 I do not think it is necessary include %license bindings/python/LICENSE.dependencies As you are not bundling these packages [x]: License file installed when any subpackage combination is installed. [-]: Package must own all directories that it creates. Note: Directories without known owners: /usr/lib64/python3.13, /usr/lib64/python3.13/site-packages [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [x]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 852 bytes in 1 files. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [x]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [ ]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [ ]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in python3-safetensors , python3-safetensors+numpy , python3-safetensors+torch [x]: Package functions as described. [!]: Latest version is packaged. 0.5.3 [ ]: Package does not include license text files separate from upstream. [-]: Patches link to upstream bugs/comments/lists or are otherwise justified. [ ]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: python3-safetensors-0.5.2-1.fc43.x86_64.rpm python3-safetensors+numpy-0.5.2-1.fc43.x86_64.rpm python3-safetensors+torch-0.5.2-1.fc43.x86_64.rpm python-safetensors-0.5.2-1.fc43.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpesa110cb')] checks: 32, packages: 4 python3-safetensors+numpy.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+torch.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+numpy.x86_64: W: no-documentation python3-safetensors+torch.x86_64: W: no-documentation 4 packages and 0 specfiles checked; 2 errors, 2 warnings, 41 filtered, 2 badness; has taken 0.5 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 3 python3-safetensors+numpy.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+torch.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+numpy.x86_64: W: no-documentation python3-safetensors+torch.x86_64: W: no-documentation 3 packages and 0 specfiles checked; 2 errors, 2 warnings, 37 filtered, 2 badness; has taken 0.1 s Unversioned so-files -------------------- python3-safetensors: /usr/lib64/python3.13/site-packages/safetensors/_safetensors_rust.abi3.so Source checksums ---------------- https://files.pythonhosted.org/packages/source/s/safetensors/safetensors-0.5.2.tar.gz : CHECKSUM(SHA256) this package : cb4a8d98ba12fa016f4241932b1fc5e702e5143f5374bba0bbcf7ddc1c4cf2b8 CHECKSUM(SHA256) upstream package : cb4a8d98ba12fa016f4241932b1fc5e702e5143f5374bba0bbcf7ddc1c4cf2b8 Requires -------- python3-safetensors (rpmlib, GLIBC filtered): ld-linux-x86-64.so.2()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3)(64bit) libgcc_s.so.1(GCC_4.2.0)(64bit) python(abi) rtld(GNU_HASH) python3-safetensors+numpy (rpmlib, GLIBC filtered): python(abi) python3-safetensors python3.13dist(numpy) python3-safetensors+torch (rpmlib, GLIBC filtered): python(abi) python3-safetensors python3.13dist(safetensors) python3.13dist(safetensors[numpy]) python3.13dist(torch) Provides -------- python3-safetensors: python-safetensors python3-safetensors python3-safetensors(x86-64) python3.13-safetensors python3.13dist(safetensors) python3dist(safetensors) python3-safetensors+numpy: python-safetensors+numpy python3-safetensors+numpy python3-safetensors+numpy(x86-64) python3.13-safetensors+numpy python3.13dist(safetensors[numpy]) python3dist(safetensors[numpy]) python3-safetensors+torch: python-safetensors+torch python3-safetensors+torch python3-safetensors+torch(x86-64) python3.13-safetensors+torch python3.13dist(safetensors[torch]) python3dist(safetensors[torch]) Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -n python-safetensors Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Python, Shell-api Disabled plugins: Ocaml, PHP, fonts, SugarActivity, Java, Haskell, Perl, C/C++, R Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH Notes: python3-safetensors+numpy: python3-safetensors+torch: These I think are overkill, reduce to just python3-safetensors, even if it means needed to manually add Requires: python3dist(numby) Requires: python3dist(torch)
I haven’t read through the whole package or the whole review, but just a couple of contributions: (In reply to Tom.Rix from comment #5) > Why isn't this just ? > > License: Apache-2.0 > > I do not think it is necessary include > > %license bindings/python/LICENSE.dependencies > > As you are not bundling these packages Rust dependencies are statically linked, so their licenses (based on the output of %{cargo_license_summary} during a build) MUST be included in the License tags of the binary RPMs: https://docs.fedoraproject.org/en-US/packaging-guidelines/Rust/#_license_tags > python3-safetensors+numpy: > python3-safetensors+torch: > > These I think are overkill, reduce to just python3-safetensors, even if it > means > needed to manually add > > Requires: python3dist(numby) > Requires: python3dist(torch) These extras matapackages are the right way to package Python extras: https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_handling_extras Simply adding the dependencies as extra Requires has some issues: - Things that don’t require the optional functionality associated with the extra would then bring in unnecessary dependencies – and python3-torch is HUGE. - This would *not* be able to satisfy Python dependencies that actually require the extras, like python3dist(safetensors[numpy]). Only the metapackages furnish the appropriate Provides.
Hi Tom, my comments on the review items follow: (for the two areas addressed by comment #6, I have tried to answer in my own words) (In reply to Tom.Rix from comment #5) > [ ]: License field in the package spec file matches the actual license. > Note: Checking patched sources after %prep for licenses. Licenses > found: "*No copyright* Apache License", "Unknown or generated", "*No > copyright* Apache License 2.0". 44 files have unknown license. > Detailed output of licensecheck in /sfs/fedora-review/review-python- > safetensors/licensecheck.txt This should be addressed by the SourceLicense line; The srpm contains only Apache-2.0 code and the spec (licensed by the FPCA). While upstream doesn't use SPDX annotations on all files it does ship a conspicuous LICENSE file. (If you think it's important I can file a bug upstream for SPDX annotations.) > > # Results of the Cargo License Check > # > # Apache-2.0 > # Apache-2.0 OR BSL-1.0 > # Apache-2.0 OR MIT > # MIT > # MIT OR Apache-2.0 > # Unlicense OR MIT > License: Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND > MIT AND (MIT OR Apache-2.0) AND (Unlicense OR MIT) > SourceLicense: Apache-2.0 > # The PyPI package lives at https://pypi.org/project/safetensors/ > # But the GitHub URL encompasses the entire project including the > separately-packaged Rust crate > > Why isn't this just ? > > License: Apache-2.0 > > I do not think it is necessary include > > %license bindings/python/LICENSE.dependencies > > As you are not bundling these packages The standard behavior for Rust dependencies is static linking, so we *are* bundling Rust dependencies in the binary packages. The relevant guidelines say that the license summary and license concatenation should be used. See: https://docs.fedoraproject.org/en-US/packaging-guidelines/Rust/#_python_projects https://docs.fedoraproject.org/en-US/packaging-guidelines/Rust/#_license_tags > [-]: Package must own all directories that it creates. > Note: Directories without known owners: /usr/lib64/python3.13, > /usr/lib64/python3.13/site-packages My understanding is that other packages should own these files. > [ ]: If the source package does not include license text(s) as a separate > file from upstream, the packager SHOULD query upstream to include it. It already does, though due to how the PyPI sources are generated, the LICENSE file is in the crate subfolder. > [ ]: Fully versioned dependency in subpackages if applicable. > Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in > python3-safetensors , python3-safetensors+numpy , > python3-safetensors+torch This seems to be a result of using the pyproject extras macros. Strangely the guidelines seem to require it but the extras macro (generated by pyp2spec) doesn't do it: "A package that provides a Python extra MUST require the extra’s main package with exact NEVR." https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_handling_extras > [!]: Latest version is packaged. > > 0.5.3 > Packaging the latest version is blocked on bug 2348381. > [ ]: Package does not include license text files separate from upstream. Should be good on this one. > [-]: Patches link to upstream bugs/comments/lists or are otherwise > justified. The only patch swaps the bundled crate (which we purge in %prep) for the exact version of the safetensors crate as a dependency. > [ ]: Sources are verified with gpgverify first in %prep if upstream > publishes signatures. > Note: gpgverify is not used. I know the PyPA is moving to a different signature scheme/system for verifying published sources for Python packages. If/When we have support for that, I would be happy to set up verification of the sources. > > python3-safetensors+numpy.x86_64: E: spelling-error ('Metapackage', > 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') > python3-safetensors+torch.x86_64: E: spelling-error ('Metapackage', > 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') > python3-safetensors+numpy.x86_64: W: no-documentation > python3-safetensors+torch.x86_64: W: no-documentation > 4 packages and 0 specfiles checked; 2 errors, 2 warnings, 41 filtered, 2 > badness; has taken 0.5 s I think it's normal for extras packages to lack Documentation. The spelling error is being generated by the Python RPM Macros. Do you think it's worth filing a bug against those for the rpmlint fail in "Metapackage" vs "Meta-package"? > Unversioned so-files > -------------------- > python3-safetensors: > /usr/lib64/python3.13/site-packages/safetensors/_safetensors_rust.abi3.so I believe that this is normal for compiled code in Python site-packages. > > Notes: > > python3-safetensors+numpy: > python3-safetensors+torch: > > These I think are overkill, reduce to just python3-safetensors, even if it > means > needed to manually add > > Requires: python3dist(numby) > Requires: python3dist(torch) The Python extra packages exist to provide their metadata to the distro package system; without them automatic dependency resolution won't work for future packages that depend on the extras. For example, a future package might have a requirement on safetensors[torch] (in the python syntax) which the pyproject_buildrequires macro will translate into python3dist(safetensors[torch]), which will pull in the extra package, consequentially pulling in torch and numpy, but only for dependencies that need them. The guidelines note that if we want to Recommends/Suggests the extras by default for a good experience, we can do so. See here for more info: https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_handling_extras
(In reply to Alexander Lent from comment #7) > > [-]: Package must own all directories that it creates. > > Note: Directories without known owners: /usr/lib64/python3.13, > > /usr/lib64/python3.13/site-packages > > My understanding is that other packages should own these files. These two directories in particular are a frequent fedora-review glitch. They are owned by python3-libs, which this package will require, so all is well here. > > [ ]: If the source package does not include license text(s) as a separate > > file from upstream, the packager SHOULD query upstream to include it. > > It already does, though due to how the PyPI sources are generated, the > LICENSE file is in the crate subfolder. See also https://github.com/pydantic/jiter/issues/187, where the project is similarly organized and a similar quirk occurs in the PyPI distributions; we’re having a hard time figuring out exactly how to fix it upstream. > > [ ]: Fully versioned dependency in subpackages if applicable. > > Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in > > python3-safetensors , python3-safetensors+numpy , > > python3-safetensors+torch > > This seems to be a result of using the pyproject extras macros. > Strangely the guidelines seem to require it but the extras macro (generated > by pyp2spec) doesn't do it: > "A package that provides a Python extra MUST require the extra’s main > package with exact NEVR." > https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/ > #_handling_extras The macro *does* require the exact NEVR, e.g. $ rpm -E '%pyproject_extras_subpkg -n python3-foo bar' %package -n python3-foo+bar Summary: Metapackage for python3-foo: bar extras Requires: python3-foo = %{version}-%{release} %description -n python3-foo+bar This is a metapackage bringing in bar extras requires for python3-foo. It makes sure the dependencies are installed. %files -n python3-foo+bar -f /home/ben/rpmbuild/BUILD/%{name}-%{version}-%{release}.x86_64-pyproject-ghost-distinfo but it does *not* do so in an arch-specific way as would normally be required. This is a known and accepted limitation of macro helpers for Python extras, remarked on in the original Change (search for "Technically," in https://fedoraproject.org/wiki/Changes/PythonExtras). In short, the dependency produced by %pyproject_extras_subpkg, which is exact-NEVR but not arch-specific, should be “good enough,” and if there is a problem with it not being arch-specific, then that problem would affect hundreds of packages throughout the distribution. > > [!]: Latest version is packaged. > > > > 0.5.3 > > > > Packaging the latest version is blocked on bug 2348381. PR opened: https://src.fedoraproject.org/rpms/rust-safetensors/pull-request/2 The primary maintainer hasn’t been active for several months, so I’ll go ahead and merge and build the PR as a rust-sig member once the CI finishes. > > python3-safetensors+numpy.x86_64: E: spelling-error ('Metapackage', > > 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') > > python3-safetensors+torch.x86_64: E: spelling-error ('Metapackage', > > 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') > > python3-safetensors+numpy.x86_64: W: no-documentation > > python3-safetensors+torch.x86_64: W: no-documentation > > 4 packages and 0 specfiles checked; 2 errors, 2 warnings, 41 filtered, 2 > > badness; has taken 0.5 s > > I think it's normal for extras packages to lack Documentation. > The spelling error is being generated by the Python RPM Macros. > Do you think it's worth filing a bug against those for the rpmlint fail in > "Metapackage" vs "Meta-package"? These should be fixed by https://src.fedoraproject.org/rpms/rpmlint/pull-request/38 (shipped with rpmlint 2.6.1 in Fedora 41) and https://src.fedoraproject.org/rpms/rpmlint/pull-request/42 (not yet merged). > > > Unversioned so-files > > -------------------- > > python3-safetensors: > > /usr/lib64/python3.13/site-packages/safetensors/_safetensors_rust.abi3.so > > I believe that this is normal for compiled code in Python site-packages. Agreed, this is a correctly-installed Python extension module that meets the conditions for an unversioned shared object, https://docs.fedoraproject.org/en-US/packaging-guidelines/Unversioned_shared_objects/#_when_are_unversioned_dynamic_shared_objects_acceptable.
Hi folks, I've updated this to the latest version. The specfile is unchanged except for the removal of a spurious comment, the use of %autorelease, and (of course) the change of version. Spec URL: https://gist.githubusercontent.com/xanderlent/45dc71b697bc10fb7b6fdc72b60f3f4a/raw/5e1b74cf51ac933ec5c417f515f99f33d053ce97/python-safetensors.spec SRPM URL: https://gist.github.com/xanderlent/45dc71b697bc10fb7b6fdc72b60f3f4a/raw/adef80713c0f957fbe4f7a18550b86ad8b8ba878/python-safetensors-0.5.3-1.fc43.src.rpm [fedora-review-service-build]
Created attachment 2081176 [details] The .spec file difference from Copr build 8717732 to 8799857
Copr build: https://copr.fedorainfracloud.org/coprs/build/8799857 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2349303-python-safetensors/fedora-rawhide-x86_64/08799857-python-safetensors/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Looks good to me. This is a review *template*. Besides handling the [ ]-marked tests you are also supposed to fix the template before pasting into bugzilla: - Add issues you find to the list of issues on top. If there isn't such a list, create one. - Add your own remarks to the template checks. - Add new lines marked [!] or [?] when you discover new things not listed by fedora-review. - Change or remove any text in the template which is plain wrong. In this case you could also file a bug against fedora-review - Remove the "[ ] Manual check required", you will not have any such lines in what you paste. - Remove attachments which you deem not really useful (the rpmlint ones are mandatory, though) - Remove this text Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "*No copyright* Apache License", "Unknown or generated", "*No copyright* Apache License 2.0". 44 files have unknown license. Detailed output of licensecheck in /sfs/fedora-review/review-python- safetensors/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/lib64/python3.13/site- packages, /usr/lib64/python3.13 [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 852 bytes in 1 files. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [x]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in python3-safetensors , python3-safetensors+numpy , python3-safetensors+torch [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: python3-safetensors-0.5.3-1.fc43.x86_64.rpm python3-safetensors+numpy-0.5.3-1.fc43.x86_64.rpm python3-safetensors+torch-0.5.3-1.fc43.x86_64.rpm python-safetensors-0.5.3-1.fc43.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpx7rm3ezi')] checks: 32, packages: 4 python3-safetensors+numpy.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+torch.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+numpy.x86_64: W: no-documentation python3-safetensors+torch.x86_64: W: no-documentation 4 packages and 0 specfiles checked; 2 errors, 2 warnings, 41 filtered, 2 badness; has taken 0.4 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 3 python3-safetensors+numpy.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+torch.x86_64: E: spelling-error ('Metapackage', 'Summary(en_US) Metapackage -> Meta package, Meta-package, Prepackage') python3-safetensors+numpy.x86_64: W: no-documentation python3-safetensors+torch.x86_64: W: no-documentation 3 packages and 0 specfiles checked; 2 errors, 2 warnings, 37 filtered, 2 badness; has taken 0.1 s Unversioned so-files -------------------- python3-safetensors: /usr/lib64/python3.13/site-packages/safetensors/_safetensors_rust.abi3.so Source checksums ---------------- https://files.pythonhosted.org/packages/source/s/safetensors/safetensors-0.5.3.tar.gz : CHECKSUM(SHA256) this package : b6b0d6ecacec39a4fdd99cc19f4576f5219ce858e6fd8dbe7609df0b8dc56965 CHECKSUM(SHA256) upstream package : b6b0d6ecacec39a4fdd99cc19f4576f5219ce858e6fd8dbe7609df0b8dc56965 Requires -------- python3-safetensors (rpmlib, GLIBC filtered): ld-linux-x86-64.so.2()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3)(64bit) libgcc_s.so.1(GCC_4.2.0)(64bit) python(abi) rtld(GNU_HASH) python3-safetensors+numpy (rpmlib, GLIBC filtered): python(abi) python3-safetensors python3.13dist(numpy) python3-safetensors+torch (rpmlib, GLIBC filtered): python(abi) python3-safetensors python3.13dist(safetensors) python3.13dist(safetensors[numpy]) python3.13dist(torch) Provides -------- python3-safetensors: python-safetensors python3-safetensors python3-safetensors(x86-64) python3.13-safetensors python3.13dist(safetensors) python3dist(safetensors) python3-safetensors+numpy: python-safetensors+numpy python3-safetensors+numpy python3-safetensors+numpy(x86-64) python3.13-safetensors+numpy python3.13dist(safetensors[numpy]) python3dist(safetensors[numpy]) python3-safetensors+torch: python-safetensors+torch python3-safetensors+torch python3-safetensors+torch(x86-64) python3.13-safetensors+torch python3.13dist(safetensors[torch]) python3dist(safetensors[torch]) Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -n python-safetensors Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Python, Generic Disabled plugins: PHP, Perl, Java, fonts, C/C++, Ocaml, Haskell, R, SugarActivity Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
The Pagure repository was created at https://src.fedoraproject.org/rpms/python-safetensors
FEDORA-2025-bbbcb0a087 (python-safetensors-0.5.3-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-bbbcb0a087
FEDORA-2025-bbbcb0a087 (python-safetensors-0.5.3-1.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.