Bug 235113 - Review Request: slf4j - Simple Logging Facade for Java
Review Request: slf4j - Simple Logging Facade for Java
Status: CLOSED DEFERRED
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nuno Santos
Fedora Package Reviews List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-03 15:54 EDT by Nuno Santos
Modified: 2013-09-12 18:09 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-07 12:31:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
guild log (31.21 KB, text/plain)
2007-04-11 05:14 EDT, Arnaud Simon
no flags Details

  None (edit)
Description Nuno Santos 2007-04-03 15:54:29 EDT
Spec URL: http://people.redhat.com/nsantos/fc7/slf4j.spec
SRPM URL: http://people.redhat.com/nsantos/fc7/slf4j-1.0-0.rc5.1jpp.src.rpm
Description: Simple Logging Facade for Java
Comment 1 Nuno Santos 2007-04-03 19:02:48 EDT
Updated specfile and SRPM:

Spec URL: http://people.redhat.com/nsantos/fc7/slf4j.spec
SRPM URL: http://people.redhat.com/nsantos/fc7/slf4j-1.0-0.rc5.1.fc7.src.rpm
Comment 2 Arnaud Simon 2007-04-04 05:58:27 EDT
slf4j-1.0-0.rc5.1jpp.src.rpm

Legend:
OK: passes criteria
NO: fails criteria (errors included between "--" markers)
NA: non applicable
??: unable to verify


MUST:
OK - package is named appropriately
?? * match upstream tarball or project name
?? * try to match previous incarnations in other distributions/packagers for
consistency

---> I am not sure about those 2 points as the latest available version is 1.3.0
(see http://www.slf4j.org/dist/) 

NO * specfile should be %{name}.spec

---> it is named: slf4j.spec but it should be slf4j-1.0-0.rc5.1jpp.spec

OK - non-numeric characters should only be used in Release (ie. cvs or
   something)
OK - for non-numerics (pre-release, CVS snapshots, etc.), see
   http://fedoraproject.org/wiki/Packaging/NamingGuidelines#PackageRelease
OK - if case sensitivity is requested by upstream or you feel it should be
   not just lowercase, do so; otherwise, use all lower case for the name
OK - is it legal for Fedora to distribute this?
?? * OSI-approved
OK - not a kernel module
OK - not shareware
?? * is it covered by patents?
OK - it *probably* shouldn't be an emulator
OK - no binary firmware
OK - license field matches the actual license.
OK - license is open source-compatible.
OK - use acronyms for licences where common
?? * verify source and patches (md5sum matches upstream, know what the patches do)
 - if upstream doesn't release source drops, put *clear* instructions on
   how to generate the the source drop; ie. 
  # svn export blah/tag blah
  # tar cjf blah-version-src.tar.bz2 blah
OK - skim the summary and description for typos, etc.
NO * correct buildroot should be:
   %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)


--> it is /slf4j-1.0-rc5/lib/ 


NA * if %{?dist} is used, it should be in that form (note the ? and %
locations)
NO * license text included in package and marked with %doc

--> included but not marked with %doc:


OK * keep old changelog entries; use judgement when removing (too old?
useless?)
NO * packages meets FHS (http://www.pathname.com/fhs/)

--> The rpm contains unwanted directories and files: 
/.svn/, /test/, /TODO.txt, /src/.svn etc with .svn directories 

NO * rpmlint on <this package>.srpm gives no output
 - justify warnings if you think they shouldn't be there

--> Cannot install source packages.
    No packages were given for installation.

OK - changelog should be in one of these formats:

  * Fri Jun 23 2006 Jesse Keating <jkeating@redhat.com> - 0.6-4
  - And fix the link syntax.

  * Fri Jun 23 2006 Jesse Keating <jkeating@redhat.com> 0.6-4
  - And fix the link syntax.

  * Fri Jun 23 2006 Jesse Keating <jkeating@redhat.com>
  - 0.6-4
  - And fix the link syntax.

OK * Packager tag should not be used
OK * Vendor tag should not be used
OK * use License and not Copyright 
OK * Summary tag should not end in a period
NA * if possible, replace PreReq with Requires(pre) and/or Requires(post)
NO * specfile is legible
 - this is largely subjective; use your judgement

--> Those fields must be changed
Name:           %{name}
Version:        %{version}
Release:        %{release}.1%{?dist}

?? * package successfully compiles and builds on at least x86
?? * BuildRequires are proper
 - builds in mock will flush out problems here
 - the following packages don't need to be listed in BuildRequires:
   bash
   bzip2
   coreutils
   cpio
   diffutils
   fedora-release (and/or redhat-release)
   gcc
   gcc-c++
   gzip
   make
   patch
   perl
   redhat-rpm-config
   rpm-build
   sed
   tar
   unzip
   which
OK - summary should be a short and concise description of the package
OK - description expands upon summary (don't include installation
instructions)
OK - make sure lines are <= 80 characters
OK - specfile written in American English
OK - make a -doc sub-package if necessary
 - see
http://fedoraproject.org/wiki/Packaging/Guidelines#head-9bbfa57478f0460c6160947a6bf795249488182b
NA - packages including libraries should exclude static libraries if possible
OK - don't use rpath
NA * config files should usually be marked with %config(noreplace)
NA * GUI apps should contain .desktop files
NA * should the package contain a -devel sub-package?

?? * use macros appropriately and consistently
 - ie. %{buildroot} and %{optflags} vs. $RPM_BUILD_ROOT and $RPM_OPT_FLAGS

OK * don't use %makeinstall
NA * locale data handling correct (find_lang)
 - if translations included, add BR: gettext and use %find_lang %{name} at the
   end of %install

?? * consider using cp -p to preserve timestamps

NA * split Requires(pre,post) into two separate lines
OK * package should probably not be relocatable
OK * package contains code
 - see http://fedoraproject.org/wiki/Packaging/Guidelines#CodeVsContent
 - in general, there should be no offensive content
OK * package should own all directories and files
OK * there should be no %files duplicates

?? * file permissions should be okay; %defattrs should be present

?? * %clean should be present

NA * %doc files should not affect runtime
NA * if it is a web apps, it should be in /usr/share/%{name} and *not* /var/www
?? * verify the final provides and requires of the binary RPMs
?? * run rpmlint on the binary RPMs

SHOULD:
NO * package should include license text in the package and mark it with %doc

--> included but not marked with %doc:


?? * package should build on i386
?? * package should build in mock
Comment 3 Nuno Santos 2007-04-04 12:17:22 EDT
> ?? * match upstream tarball or project name
> ?? * try to match previous incarnations in other distributions/packagers for
> consistency
---> I am not sure about those 2 points as the latest available version is 1.3.0

It's OK, we're repackaging from the jpackage project (see
http://mirrors.dotsrc.org/jpackage/1.7/generic/free/repodata/repoview/slf4j-0-1.0-0.rc5.1jpp.html
). Agreed it's not the latest version/release, but it's the release needed to
satisfy dependencies.

> NO * specfile should be %{name}.spec
---> it is named: slf4j.spec but it should be slf4j-1.0-0.rc5.1jpp.spec

This is OK, %name refers just to the package name. No version/release should be
included in the specfile name.

> ?? * OSI-approved

It's an X11 license, so it's OK (GPL compatible). See
http://www.gnu.org/philosophy/license-list.html#GPLCompatibleLicenses

> ?? * is it covered by patents?

Distributed under X11 license, no explicit references to patents, so to the
best of our knowledge it's OK.

> ?? * verify source and patches (md5sum matches upstream, know what the patches
> do)

To verify source/patches, follow instructions to obtain source and package it,
then run "md5sum" against the resulting tarfile, and compare to the tarfile
included in the srpm, they should match.
FWIW, md5sum on the tarfile in the srpm is in the specfile:
# md5sum: f34e95130cc3ae28095f31961427197d  slf4j-1.0-rc5.tar.gz

> NO * correct buildroot should be:
>   %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
--> it is /slf4j-1.0-rc5/lib/ 

This is OK, buildroot in specfile is (see line 51):
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

> NA * if %{?dist} is used

dist is being used (see line 41):
Release:        %{release}.1%{?dist}

> NO * license text included in package and marked with %doc
--> included but not marked with %doc:

It's marked with %doc, see line 132:
%doc LICENSE.txt

> NO * packages meets FHS (http://www.pathname.com/fhs/)
--> The rpm contains unwanted directories and files: 
/.svn/, /test/, /TODO.txt, /src/.svn etc with .svn directories 

Those are either included upstream (TODO.txt, /test) or are a result of grabbing
the source from svn. They do not violate the FHS, so should be OK.

> NO * rpmlint on <this package>.srpm gives no output
--> Cannot install source packages.

srpm doesn't need to be installed, just run rpmlint on it directly:
$ rpmlint slf4j-1.0-0.rc5.1.fc7.src.rpm 
W: slf4j non-standard-group System/Logging
W: slf4j invalid-license X11 License

Warnings are OK (see license info above)

> NO * specfile is legible
--> Those fields must be changed
> Name:           %{name}
> Version:        %{version}
> Release:        %{release}.1%{?dist}

Using the macros allows for name/version/release to be referred to later in the
specfile. And the definitions are grouped at the top of the specfile for clarity.

> ?? * package successfully compiles and builds on at least x86
> ?? * BuildRequires are proper

You'll have to setup mock and try to build the package there, to verify that it
builds.

> ?? * use macros appropriately and consistently

Usage is consistent to other packages that have been approved.

> ?? * consider using cp -p to preserve timestamps

It's used e.g. in line 127:
cp -pr docs/api/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}/

> ?? * file permissions should be okay; %defattrs should be present

defattrs present (see lines 131, 136):
%defattr(0644,root,root,0755)

> ?? * %clean should be present

Present (see lines 77/78):
%clean
rm -rf $RPM_BUILD_ROOT

> ?? * verify the final provides and requires of the binary RPMs
> ?? * run rpmlint on the binary RPMs
> ?? * package should build on i386
> ?? * package should build in mock

See comment above about setting up mock.

FWIW, here's the provides, requires, and rpmlint for the binary rpm:

$ rpm -qp slf4j-1.0-0.rc5.1.noarch.rpm --provides
slf4j = 0:1.0-0.rc5.1

$ rpm -qp slf4j-1.0-0.rc5.1.noarch.rpm --requires
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1

$ rpmlint  slf4j-1.0-0.rc5.1.noarch.rpm
W: slf4j non-standard-group System/Logging
W: slf4j invalid-license X11 License
Comment 4 Arnaud Simon 2007-04-11 05:05:29 EDT
 OK * match upstream tarball or project name
 OK * try to match previous incarnations in other distributions/packagers for
consistency
---> I agree with your comment 

 OK * specfile should be %{name}.spec
---> I agree with your comment

 OK * OSI-approved
---> I agree with your comment

 OK * is it covered by patents?

---> under  X11 license

 OK * verify source and patches (md5sum matches upstream, know what the patches
> do)

---> md5sum matches

 OK * correct buildroot should be:

 OK * if %{?dist} is used

 OK * license text included in package and marked with %doc

 OK * packages meets FHS (http://www.pathname.com/fhs/)
 ---> Could be nice to get rid of those unwanted directories and files: 
/.svn/, /test/, /TODO.txt, /src/.svn etc with .svn directories 

 OK * rpmlint on <this package>.srpm gives no output

 OK * specfile is legible

 OK * package successfully compiles and builds on at least x86

 OK * BuildRequires are proper
 ---> 8 warning though 

 OK * use macros appropriately and consistently

 OK * consider using cp -p to preserve timestamps

 OK * file permissions should be okay; %defattrs should be present

 OK * %clean should be present

 OK * verify the final provides and requires of the binary RPMs
 OK * run rpmlint on the binary RPMs
 OK * package should build on i386
 OK * package should build in mock
Comment 5 Arnaud Simon 2007-04-11 05:14:51 EDT
Created attachment 152258 [details]
guild log

This is the build log for reference

Note You need to log in before you can comment on or make changes to this bug.