Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/1/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/1/forgejo-10.0.1-1.fc43.src.rpm Description: Forgejo is a lightweight software forge. Fedora Account System Username: nphilipp
Copr build: https://copr.fedorainfracloud.org/coprs/build/8819488 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/08819488-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ - Not a valid SPDX expression 'Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-3.0-or-later AND ICU AND ISC AND LicenseRef-scancode-public-domain-disclaimer AND MIT AND MPL-2.0 AND (FTL OR GPL-2.0-or-later)'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Some notes (as a member of the Go SIG and author of go-vendor-tools) * LicenseRef-scancode-public-domain-disclaimer should be changed to LicenseRef-Fedora-Public-Domain. LicenseRef-scancode-public-domain-disclaimer is not a Fedora-approved license. You will need to depend on go-vendor-tools >= 0.7.0 (currently only available in rawhide, stable updated in progress) that performs this normalization automatically or add a manual license override in the config file. * CC0-1.0 is not allowed for code in Fedora anymore. HINT: Inspect the go_vendor_license report and figure out which library this license applies to. If it is available as a golang-*-devel package, you can probably cite the "Existing uses of CC0-1.0 on code files in Fedora packages prior to 2022-08-01" exception as a specfile comment. * This does not currently pass %gobuild_ldflags (the Go linker flags) to the Makefile. You can look at how moby-engine does this (and the source code comments in https://pagure.io/go-rpm-macros/blob/master/f/rpm/macros.d/macros.go-compilers-golang) or just use the %gobuild macro which is probably a lot easier. * You should use the Fedora compiler flags and disable static linking instead of turning off debug_package. * The scancode-toolkit package is broken on s390x on Fedora releases other than rawhide. Working on fixing this. * Note that the go-vendor-tools project is still in beta and mainly intended for testing by members of the Go SIG. See https://fedora.gitlab.io/sigs/go/go-vendor-tools/#stability. Work towards a final release is making good progress, though!
> * Note that the go-vendor-tools project is still in beta and mainly intended for testing by members of the Go SIG. Side note: those working on Forgejo integration in Fedora are welcome to join the Go SIG! If you're using g-v-t, at least joining the mailing list and Matrix room as noted in the stability section is recommended.
This should have git and git-lfs as Requires. forgejo also depends on either sqlite, mysql, or postgres, but I don't recall if sqlite3 actually needs to be installed for the default deployment to work.
(In reply to Maxwell G from comment #2) > Some notes (as a member of the Go SIG and author of go-vendor-tools) Thanks! > * LicenseRef-scancode-public-domain-disclaimer should be changed to > LicenseRef-Fedora-Public-Domain. > LicenseRef-scancode-public-domain-disclaimer is not a Fedora-approved > license. You will need to depend on go-vendor-tools >= 0.7.0 (currently only > available in rawhide, stable updated in progress) that performs this > normalization automatically … I updated to the package from Koji and it doesn’t 😬: --- 8< --- $ go_vendor_license --version 0.7.0 $ go_vendor_license -c ../../go-vendor-tools.toml report all | grep scancode Using detector: scancode vendor/github.com/xi2/xz/LICENSE: LicenseRef-scancode-public-domain-disclaimer --- >8 --- > … or add a manual license override in the config > file. I’ll do that. > * CC0-1.0 is not allowed for code in Fedora anymore. HINT: Inspect the > go_vendor_license report and figure out which library this license applies > to. If it is available as a golang-*-devel package, you can probably cite > the "Existing uses of CC0-1.0 on code files in Fedora packages prior to > 2022-08-01" exception as a specfile comment. Thanks for the info, I’ll add this to the spec file to clarify: --- 8< --- # CC0-1.0 is normally not permissible for code in Fedora. Because the vendored Go package # github.com/zeebo/blake3 it applies to has been available in Fedora as golang-github-zeebo-blake3 # since before the cutoff date 2022-08-01, the exception to use it also applies here. License: … --- >8 --- > * This does not currently pass %gobuild_ldflags (the Go linker flags) to the > Makefile. You can look at how moby-engine does this (and the source code > comments in > https://pagure.io/go-rpm-macros/blob/master/f/rpm/macros.d/macros.go- > compilers-golang) … This breaks with: --- 8< --- … CGO_CFLAGS="-O2 -g -DSQLITE_MAX_VARIABLE_NUMBER=32766" /usr/lib/golang/bin/go build -v -buildmode pie -compiler gc -mod=vendor -tags 'rpm_crashtraceback bindata timetzdata sqlite sqlite_unlock_notify' -ldflags '-s -w -B 0x2bdce1ae78ced2c1250cb26e7a622c07ffe249b9 -compressdwarf=false -linkmode=external -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' -X "code.gitea.io/gitea/modules/setting.CustomPath=/etc/forgejo" -X "code.gitea.io/gitea/modules/setting.CustomConf=/etc/forgejo/conf/app.ini" -X "code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/forgejo" -X "main.Version=10.0.1" -X "main.ReleaseVersion=10.0.1" -X "main.MakeVersion=GNU Make 4.4.1" -X "main.Version=10.0.1" -X "main.Tags=rpm_crashtraceback bindata timetzdata sqlite sqlite_unlock_notify" -X "main.ForgejoVersion=10.0.1"' -o gitea flag provided but not defined: -Wl,--as-needed usage: go build [-o output] [build flags] [packages] Run 'go help build' for details. make: *** [Makefile:858: gitea] Error 2 --- >8 --- I’ve searched up and down the net for what this type of error means, but wasn’t successful. > … or just use the %gobuild macro which is probably a lot > easier. This yields me a lot of these errors, it doesn’t seem to find the main package …: --- 8< --- main.go:13:2: cannot find package "code.gitea.io/gitea/cmd" in any of: /usr/lib/golang/src/code.gitea.io/gitea/cmd (from $GOROOT) /builddir/go/src/code.gitea.io/gitea/cmd (from $GOPATH) main.go:14:2: cannot find package "code.gitea.io/gitea/modules/log" in any of: /usr/lib/golang/src/code.gitea.io/gitea/modules/log (from $GOROOT) /builddir/go/src/code.gitea.io/gitea/modules/log (from $GOPATH) --- >8 --- … even though it’s declared in top-level go.mod: --- 8< --- module code.gitea.io/gitea … --- >8 --- I”ve tried adding the source tree to GOPATH before, to no avail. > * You should use the Fedora compiler flags and disable static linking > instead of turning off debug_package. Agreed. > * The scancode-toolkit package is broken on s390x on Fedora releases other > than rawhide. Working on fixing this. Should I filter this arch for the time being? > * Note that the go-vendor-tools project is still in beta and mainly intended > for testing by members of the Go SIG. See > https://fedora.gitlab.io/sigs/go/go-vendor-tools/#stability. Work towards a > final release is making good progress, though! Heh, I’ll take beta versions (and keeping my sanity) over keeping track of licenses in 250+ vendored packages 😉. (In reply to Scott Williams from comment #4) > This should have git and git-lfs as Requires. forgejo also depends on > either sqlite, mysql, or postgres, but I don't recall if sqlite3 actually > needs to be installed for the default deployment to work. Good catch!
(In reply to Nils Philippsen from comment #5) > (In reply to Maxwell G from comment #2) > > Some notes (as a member of the Go SIG and author of go-vendor-tools) > > Thanks! > > > * LicenseRef-scancode-public-domain-disclaimer should be changed to > > LicenseRef-Fedora-Public-Domain. > > LicenseRef-scancode-public-domain-disclaimer is not a Fedora-approved > > license. You will need to depend on go-vendor-tools >= 0.7.0 (currently only > > available in rawhide, stable updated in progress) that performs this > > normalization automatically … > > I updated to the package from Koji and it doesn’t 😬: > > --- 8< --- > $ go_vendor_license --version > 0.7.0 > $ go_vendor_license -c ../../go-vendor-tools.toml report all | grep scancode > Using detector: scancode > vendor/github.com/xi2/xz/LICENSE: > LicenseRef-scancode-public-domain-disclaimer > --- >8 --- > One a file-by-file basis, the expressions are not normalized, but the final expression generated at the end should now normalize LicenseRef-scancode-public-domain-disclaimer to the Fedora version. > > * CC0-1.0 is not allowed for code in Fedora anymore. HINT: Inspect the > > go_vendor_license report and figure out which library this license applies > > to. If it is available as a golang-*-devel package, you can probably cite > > the "Existing uses of CC0-1.0 on code files in Fedora packages prior to > > 2022-08-01" exception as a specfile comment. > > Thanks for the info, I’ll add this to the spec file to clarify: > > --- 8< --- > # CC0-1.0 is normally not permissible for code in Fedora. Because the > vendored Go package > # github.com/zeebo/blake3 it applies to has been available in Fedora as > golang-github-zeebo-blake3 > # since before the cutoff date 2022-08-01, the exception to use it also > applies here. > License: … > --- >8 --- Cool. > > > * This does not currently pass %gobuild_ldflags (the Go linker flags) to the > > Makefile. You can look at how moby-engine does this (and the source code > > comments in > > https://pagure.io/go-rpm-macros/blob/master/f/rpm/macros.d/macros.go- > > compilers-golang) … > > This breaks with: > > --- 8< --- > … > CGO_CFLAGS="-O2 -g -DSQLITE_MAX_VARIABLE_NUMBER=32766" > /usr/lib/golang/bin/go build -v -buildmode pie -compiler gc -mod=vendor > -tags 'rpm_crashtraceback bindata timetzdata sqlite sqlite_unlock_notify' > -ldflags '-s -w -B 0x2bdce1ae78ced2c1250cb26e7a622c07ffe249b9 > -compressdwarf=false -linkmode=external -extldflags '-Wl,-z,relro > -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now > -specs=/usr/lib/rpm/redhat/redhat-hardened-ld > -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 > -specs=/usr/lib/rpm/redhat/redhat-package-notes ' -X > "code.gitea.io/gitea/modules/setting.CustomPath=/etc/forgejo" -X > "code.gitea.io/gitea/modules/setting.CustomConf=/etc/forgejo/conf/app.ini" > -X "code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/forgejo" -X > "main.Version=10.0.1" -X "main.ReleaseVersion=10.0.1" -X > "main.MakeVersion=GNU Make 4.4.1" -X "main.Version=10.0.1" -X > "main.Tags=rpm_crashtraceback bindata timetzdata sqlite > sqlite_unlock_notify" -X "main.ForgejoVersion=10.0.1"' -o gitea > flag provided but not defined: -Wl,--as-needed > usage: go build [-o output] [build flags] [packages] > Run 'go help build' for details. > make: *** [Makefile:858: gitea] Error 2 > --- >8 --- > > I’ve searched up and down the net for what this type of error means, but > wasn’t successful. > What exactly did you try? It's possible there's a quoting issue in the specfile or the Makefile. > > … or just use the %gobuild macro which is probably a lot > > easier. > > This yields me a lot of these errors, it doesn’t seem to find the main > package …: > > --- 8< --- > main.go:13:2: cannot find package "code.gitea.io/gitea/cmd" in any of: > /usr/lib/golang/src/code.gitea.io/gitea/cmd (from $GOROOT) > /builddir/go/src/code.gitea.io/gitea/cmd (from $GOPATH) > main.go:14:2: cannot find package "code.gitea.io/gitea/modules/log" in any > of: > /usr/lib/golang/src/code.gitea.io/gitea/modules/log (from $GOROOT) > /builddir/go/src/code.gitea.io/gitea/modules/log (from $GOPATH) > --- >8 --- > > … even though it’s declared in top-level go.mod: > > --- 8< --- > module code.gitea.io/gitea > … > --- >8 --- > > I”ve tried adding the source tree to GOPATH before, to no avail. This is normally handled by the `%goprep` macro. You can try setting "%global gomodulesmode GO111MODULE=on" which will cause %gobuild to operate in modules mode and then it should honor the go.mod. > > * You should use the Fedora compiler flags and disable static linking > > instead of turning off debug_package. > > Agreed. > > > * The scancode-toolkit package is broken on s390x on Fedora releases other > > than rawhide. Working on fixing this. > > Should I filter this arch for the time being? The scancode updates for stable releases are all in testing now, so probably not. Another note, can you update to the latest forgejo patch release?
Also, you can get rid of the bootstrap bcond. This was added to the go2rpm template for non-vendored packages, but it serves no purpose here. The check bcond isn't used either, because the unit tests aren't run here, but that would be fine to keep if they were run.
install -p -D app.ini.tmpl %{buildroot}%{_sysconfdir}/%{name}/conf/app.ini.tmpl install -p -D %{S:4} %{buildroot}%{_sysconfdir}/%{name}/public/robots.txt install -p -D %{name}.complete %{buildroot}%{_datadir}/bash-completion/completions/%{name} install -p -D %{S:5} %{buildroot}%{_unitdir}/%{name}.service install -p -D %{S:6} %{buildroot}%{_sysusersdir}/%{name}.conf 'install' unfortunately defaults to mode +x, and this needs to be overridden with -m 0644 in all cases where a non-executable file is installed. The scriptlet that creates the config must be moved out to a separate service, see https://docs.fedoraproject.org/en-US/packaging-guidelines/Initial_Service_Setup/. "Any action that must be performed on the system where the service will be run whose output is not identical for all systems running that service." The operation here clearly falls under this definition. > %{?sysusers_requires_compat} > > %pre > %sysusers_create_compat %{S:6} This is only needed in F41-. It's a noop in rawhide now. Please consider dropping it in the rawhide branch. %description is very short. It'd be nice to mention that this package is used (or will be used) for src.fedoraproject.org. > %attr(0640,-,%{name}) %{_sysconfdir}/%{name}/conf/app.ini.tmpl Does the template really need to be owned by the user? (And if not, then the mode can be relaxed too.) The service: 1. Can the service be socket-activated? 2. Type=simple is not great. There is no notification of readinesss. Type=exec is marginally better. There might be some missing upstream functionality, but ideally Type=notify or Type=notify-reload would be used. 3. There is a little bit of sandboxing, but I think more could be added. Does the service make *outgoing* connections? If not, maybe it could be run with PrivateNetwork=yes. Those issues do not need to be handled during the review, but it'd be good to improve the service before we actually deploy this. I'd be happy to help with crafting of the service file.
> -X \"main.Version=%{version}\" \ This should be set to "%{version}-%{release}" so that future patching of the package will be expressed in the burned in version.
(In reply to Maxwell G from comment #6) > (In reply to Nils Philippsen from comment #5) > > (In reply to Maxwell G from comment #2) ... > > --- 8< --- > > $ go_vendor_license --version > > 0.7.0 > > $ go_vendor_license -c ../../go-vendor-tools.toml report all | grep scancode > > Using detector: scancode > > vendor/github.com/xi2/xz/LICENSE: > > LicenseRef-scancode-public-domain-disclaimer > > --- >8 --- > > > > One a file-by-file basis, the expressions are not normalized, but the final > expression generated at the end should now normalize > LicenseRef-scancode-public-domain-disclaimer to the Fedora version. 👍 > > > * This does not currently pass %gobuild_ldflags (the Go linker flags) to the > > > Makefile. You can look at how moby-engine does this (and the source code > > > comments in > > > https://pagure.io/go-rpm-macros/blob/master/f/rpm/macros.d/macros.go- > > > compilers-golang) … > > > > This breaks with: > > > > --- 8< --- > > … > > CGO_CFLAGS="-O2 -g -DSQLITE_MAX_VARIABLE_NUMBER=32766" > > /usr/lib/golang/bin/go build -v -buildmode pie -compiler gc -mod=vendor > > -tags 'rpm_crashtraceback bindata timetzdata sqlite sqlite_unlock_notify' > > -ldflags '-s -w -B 0x2bdce1ae78ced2c1250cb26e7a622c07ffe249b9 > > -compressdwarf=false -linkmode=external -extldflags '-Wl,-z,relro > > -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now > > -specs=/usr/lib/rpm/redhat/redhat-hardened-ld > > -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 > > -specs=/usr/lib/rpm/redhat/redhat-package-notes ' -X > > "code.gitea.io/gitea/modules/setting.CustomPath=/etc/forgejo" -X > > "code.gitea.io/gitea/modules/setting.CustomConf=/etc/forgejo/conf/app.ini" > > -X "code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/forgejo" -X > > "main.Version=10.0.1" -X "main.ReleaseVersion=10.0.1" -X > > "main.MakeVersion=GNU Make 4.4.1" -X "main.Version=10.0.1" -X > > "main.Tags=rpm_crashtraceback bindata timetzdata sqlite > > sqlite_unlock_notify" -X "main.ForgejoVersion=10.0.1"' -o gitea > > flag provided but not defined: -Wl,--as-needed > > usage: go build [-o output] [build flags] [packages] > > Run 'go help build' for details. > > make: *** [Makefile:858: gitea] Error 2 > > --- >8 --- > > > > I’ve searched up and down the net for what this type of error means, but > > wasn’t successful. > > > > What exactly did you try? It's possible there's a quoting issue in the > specfile or the Makefile. I’ll look into it. > > > … or just use the %gobuild macro which is probably a lot > > > easier. > > > > This yields me a lot of these errors, it doesn’t seem to find the main > > package …: > > > > --- 8< --- > > main.go:13:2: cannot find package "code.gitea.io/gitea/cmd" in any of: > > /usr/lib/golang/src/code.gitea.io/gitea/cmd (from $GOROOT) > > /builddir/go/src/code.gitea.io/gitea/cmd (from $GOPATH) > > main.go:14:2: cannot find package "code.gitea.io/gitea/modules/log" in any > > of: > > /usr/lib/golang/src/code.gitea.io/gitea/modules/log (from $GOROOT) > > /builddir/go/src/code.gitea.io/gitea/modules/log (from $GOPATH) > > --- >8 --- > > > > … even though it’s declared in top-level go.mod: > > > > --- 8< --- > > module code.gitea.io/gitea > > … > > --- >8 --- > > > > I”ve tried adding the source tree to GOPATH before, to no avail. > > This is normally handled by the `%goprep` macro. You can try setting > "%global gomodulesmode GO111MODULE=on" which will cause %gobuild to operate > in modules mode and then it should honor the go.mod. I’ll try that as well. I’ve tried both using the Makefile and using Go macros to build with various levels of success, but never 100% 😬. Unfortunately, I didn’t take notes… > Another note, can you update to the latest forgejo patch release? Will do.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #8) > install -p -D app.ini.tmpl > %{buildroot}%{_sysconfdir}/%{name}/conf/app.ini.tmpl > install -p -D %{S:4} %{buildroot}%{_sysconfdir}/%{name}/public/robots.txt > install -p -D %{name}.complete > %{buildroot}%{_datadir}/bash-completion/completions/%{name} > install -p -D %{S:5} %{buildroot}%{_unitdir}/%{name}.service > install -p -D %{S:6} %{buildroot}%{_sysusersdir}/%{name}.conf > > 'install' unfortunately defaults to mode +x, and this needs to be overridden > with -m 0644 > in all cases where a non-executable file is installed. Oops. I’ll fix that. > The scriptlet that creates the config must be moved out to a separate > service, > see > https://docs.fedoraproject.org/en-US/packaging-guidelines/ > Initial_Service_Setup/. Good to know, I’ll change that, too. > "Any action that must be performed on the system where the service will be > run whose > output is not identical for all systems running that service." > The operation here clearly falls under this definition. > > > %{?sysusers_requires_compat} > > > > %pre > > %sysusers_create_compat %{S:6} > This is only needed in F41-. It's a noop in rawhide now. Please consider > dropping > it in the rawhide branch. Right now I’m targeting not just Rawhide, and I usually keep the branches idential, i.e. differentiate using conditionals (for better or worse), which the macro does already. I could wrap it in another conditional, but that would be pointless, wouldn’t it? > %description is very short. It'd be nice to mention that this package is used > (or will be used) for src.fedoraproject.org. I agree that the description is terse, but I don’t think that our specific use case belongs there – Forgejo itself isn’t Fedora specific and generally useful for our users to run, too. I’ll try to find a snippet on the project website that doesn’t sound too marketing-cringey 😉. > > %attr(0640,-,%{name}) %{_sysconfdir}/%{name}/conf/app.ini.tmpl > Does the template really need to be owned by the user? (And if not, > then the mode can be relaxed too.) Yeah, could be 0644, root, root. > The service: > 1. Can the service be socket-activated? > 2. Type=simple is not great. There is no notification of readinesss. > Type=exec is marginally better. There might be some missing upstream > functionality, but ideally Type=notify or Type=notify-reload would be used. I have to research this. > 3. There is a little bit of sandboxing, but I think more could be added. > Does the service make *outgoing* connections? If not, maybe it could be run > with PrivateNetwork=yes. I need to look if it supports calling web-hooks (which wouldn’t work in this case).
(In reply to Neal Gompa from comment #9) > > -X \"main.Version=%{version}\" \ > > This should be set to "%{version}-%{release}" so that future patching of the > package will be expressed in the burned in version. Good catch, will fix.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/2/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/2/forgejo-10.0.3-1.fc43.src.rpm Still to do: - Figure out how to build with global linker flags, with (misquoting?) Makefile or %go* macros - Evaluate other service types - Move secret generation to systemd service: https://docs.fedoraproject.org/en-US/packaging-guidelines/Initial_Service_Setup/ Done: - Update to latest release 10.0.3 - Require git and git-lfs - Get rid of %bootstrap bcond - Set file modes with install - Make description longer - Encode version and release in built executable
Created attachment 2082956 [details] The .spec file difference from Copr build 8819488 to 8844933
Copr build: https://copr.fedorainfracloud.org/coprs/build/8844933 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/08844933-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ - Not a valid SPDX expression 'Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-3.0-or-later AND ICU AND ISC AND LicenseRef-scancode-public-domain-disclaimer AND MIT AND MPL-2.0 AND (FTL OR GPL-2.0-or-later)'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/3/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/3/forgejo-10.0.3-1.fc43.src.rpm Done: - Fix license spec - Add go-vendor-tools+scancode build dependency - Move secret generation to systemd service - Evaluate other service types Still to do: - Figure out how to build with global linker flags, with (misquoting?) Makefile or %go* macros
(In reply to Nils Philippsen from comment #16) ... > Done: ... > - Evaluate other service types This means it’s of Type=notify now BTW 😉.
Created attachment 2083113 [details] The .spec file difference from Copr build 8844933 to 8852998
Copr build: https://copr.fedorainfracloud.org/coprs/build/8852998 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/08852998-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/4/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/4/forgejo-11.0.0-1.fc43.src.rpm This updates forgejo to 11.0.0 which was released last week.
Created attachment 2086368 [details] The .spec file difference from Copr build 8852998 to 8951257
Copr build: https://copr.fedorainfracloud.org/coprs/build/8951257 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/08951257-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
> # The binaries are all statically linked. > %global debug_package %{nil} This is a misunderstanding. Whether binaries are statically linked is not related to debuginfo data. The debuginfo data is missing because the build process strips the binaries. Thus, drop those two lines and instead add STRIP=0 to the %make_build line. BTW, I see 'build' and 'forgejo' are listed as targets. The 'build' target also lists 'forgejo' as a dependency, so the second arg doesn't seem to be needed. > -X \"code.gitea.io/gitea/modules/setting.CustomConf=%{_sysconfdir}/%{name}/conf/app.ini\" > -X \"code.gitea.io/gitea/modules/setting.AppWorkPath=%{_sharedstatedir}/%{name}\" The nested quoting could just use '' to avoid escaping. But since those are standarized paths that cannot contain any shell-special characters, the quoting could just be dropped to simplify things. > < contrib/autocompletion/bash_autocomplete \ > > %{name}.complete '>' and '<' are here used as unary operators. Adding whitespace after the operator makes it look like a binary operator, which is misleading. Please drop.
I'll get around to another full review, but I just noticed — this is missing `%license vendor/modules.txt` in the files list. You need this so the dependency generator will generate bundled() Provides for the vendored libraries.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #23) > > # The binaries are all statically linked. > > %global debug_package %{nil} > > This is a misunderstanding. Whether binaries are statically linked is not > related to debuginfo data. The debuginfo data is missing because the build > process strips the binaries. Thus, drop those two lines and instead add > STRIP=0 to the %make_build line. > > BTW, I see 'build' and 'forgejo' are listed as targets. The 'build' target > also lists 'forgejo' as a dependency, so the second arg doesn't seem to be > needed. > > > -X \"code.gitea.io/gitea/modules/setting.CustomConf=%{_sysconfdir}/%{name}/conf/app.ini\" > > -X \"code.gitea.io/gitea/modules/setting.AppWorkPath=%{_sharedstatedir}/%{name}\" > > The nested quoting could just use '' to avoid escaping. But since those are > standarized paths that cannot contain any shell-special characters, the > quoting could just be dropped to simplify things. I think that the Makefile – with how it quotes variables passed in via the command line or environment – doesn’t lend itself well to inject global linker flags. So I’ll run the steps manually using %go* macros instead (even if it’s cumbersome). This will implicitly not pass in flags which would strip the binary and avoid make-related issues. I’ll retain quotes even if it’s not strictly necessary. > > < contrib/autocompletion/bash_autocomplete \ > > > %{name}.complete > > '>' and '<' are here used as unary operators. Adding whitespace after the > operator makes it look like a binary operator, which is misleading. Please > drop. Ahh no, I like it that way 😉. I’m used to spaces around operators, regardless of if they’re unary or binary, it makes things more readable in my eyes.
(In reply to Maxwell G from comment #24) > I'll get around to another full review, but I just noticed — this is missing > `%license vendor/modules.txt` in the files list. You need this so the > dependency generator will generate bundled() Provides for the vendored > libraries. Thanks! This is helpful to know.
> I think that the Makefile – with how it quotes variables passed in via the command line or environment – doesn’t lend itself well to inject global linker flags. STRIP=0 is enough…
(In reply to Zbigniew Jędrzejewski-Szmek from comment #27) > > I think that the Makefile – with how it quotes variables passed in via the command line or environment – doesn’t lend itself well to inject global linker flags. > > STRIP=0 is enough… Not to (successfully) inject the build/linker flags defined in the respective macros… 🤷
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/5/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/5/forgejo-11.0.0-1.fc43.src.rpm This switches back to building things manually (bypassing the Makefile), it uses the globally defined build and linker flags. That checks off the last outstanding issue, right?
Created attachment 2086900 [details] The .spec file difference from Copr build 8951257 to 8962981
Copr build: https://copr.fedorainfracloud.org/coprs/build/8962981 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/08962981-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
LGTM.
> -X \"main.ReleaseVersion=%{version}-%{release}\" \ > -X \"main.Version=%{version}-%{release}\" \ What does "ReleaseVersion" do? How is it used?
> Requires: git Do we really need *all* of the git subpackages? Or can we specify a subset (and potentially not drag in Perl as a runtime dependency)?
(In reply to Neal Gompa from comment #33) > > -X \"main.ReleaseVersion=%{version}-%{release}\" \ > > -X \"main.Version=%{version}-%{release}\" \ > > What does "ReleaseVersion" do? How is it used? TBH, I’m puzzled what the difference is between Version, ForgejoVersion, ReleaseVersion – I’m just following what the Makefile sets. (In reply to Neal Gompa from comment #34) > > Requires: git > > Do we really need *all* of the git subpackages? Or can we specify a subset > (and potentially not drag in Perl as a runtime dependency)? Not sure, the documentation I read keeps shtum about this – I can change it to git-core and we can see if that causes any issues.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/6/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/6/forgejo-11.0.0-1.fc43.src.rpm This only requires git-core.
Created attachment 2087219 [details] The .spec file difference from Copr build 8962981 to 8967258
Copr build: https://copr.fedorainfracloud.org/coprs/build/8967258 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/08967258-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/7/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/7/forgejo-11.0.0-1.fc43.src.rpm This update fixes this here (which I overlooked before): (In reply to Maxwell G from comment #24) > I'll get around to another full review, but I just noticed — this is missing > `%license vendor/modules.txt` in the files list. You need this so the > dependency generator will generate bundled() Provides for the vendored > libraries.
I'm sorry; I'm very busy this week. Could Neal or Zbyszek give the final approval? The only potential remaining issue is licensing or bundled() Provides for any web assets; I'm not sure about the current Guidelines for web assets (I believe FESCo/FPC agreed to loosen them again relatively recently) and haven't confirmed whether these do exist in the source (but I assume so). Other small things: - Is the nodejs BR used? - Please remove the manual go-vendor-tools+scancode BuildRequires. This is already handled by %go_vendor_license_buildrequires. - Is the robots.txt that disallows every single crawler (User-agent: * and Disallow: /) something we want to ship in the package? That seems pretty opinionated.
We do need the bundled provides for nodejs stuff too.
> # We don’t use go macros to build, but this is what they do to prevent binutils-style-ld flags to > # mess things up for the Go linker. > %undefine _auto_set_build_flags This shouldn't be needed anymore either.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/8/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/8/forgejo-11.0.1-1.fc43.src.rpm This updates to version 11.0.1. (In reply to Maxwell G from comment #40) > I'm sorry; I'm very busy this week. Could Neal or Zbyszek give the final > approval? The only potential remaining issue is licensing or bundled() > Provides for any web assets; I'm not sure about the current Guidelines for > web assets (I believe FESCo/FPC agreed to loosen them again relatively > recently) and haven't confirmed whether these do exist in the source (but I > assume so). Other small things: > > - Is the nodejs BR used? > - Please remove the manual go-vendor-tools+scancode BuildRequires. This is > already handled by %go_vendor_license_buildrequires. I’ve removed both. > - Is the robots.txt that disallows every single crawler (User-agent: * and > Disallow: /) something we want to ship in the package? That seems pretty > opinionated. It is opinionated, but it’s also a safe default (that users can change) if a system is inadvertently exposed. (In reply to Neal Gompa from comment #42) > > # We don’t use go macros to build, but this is what they do to prevent binutils-style-ld flags to > > # mess things up for the Go linker. > > %undefine _auto_set_build_flags > > This shouldn't be needed anymore either. I’ve removed this, too. (In reply to Neal Gompa from comment #41) > We do need the bundled provides for nodejs stuff too. I’m trying to find out how to do this (and %license …) sensibly, would nodejs-packaging-bundler do that normally? Anyway, the source tarball doesn’t seem to have the structure of a nodejs package expected by it. 😬 Do we have tooling that would help me there? I‘m also not sure if we should rather rebuild the vendorized node sources rather than take the pre-build (minified etc.) files from the tarball.
Created attachment 2088500 [details] The .spec file difference from Copr build 8967258 to 8997812
Copr build: https://copr.fedorainfracloud.org/coprs/build/8997812 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/08997812-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/9/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/9/forgejo-11.0.1-1.fc43.src.rpm This adds bundled(nodejs-*) provides and licensing information for the vendorized node modules, but doesn’t build minified JS code from its sources (which would need node tools not available in Fedora).
Created attachment 2088852 [details] The .spec file difference from Copr build 8997812 to 9008129
Copr build: https://copr.fedorainfracloud.org/coprs/build/9008129 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09008129-forgejo/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
The previous build failure is fixed with 7zip >= 24.09-3.fc43
Correction (and sorry for stepping on toes 😬), this is fixed with python-extractcode-7z >= 21.5.31-7.fc43.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/10/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/10/forgejo-11.0.1-1.fc43.src.rpm This reverts back to using the auto-generated archive to avoid inadvertently using files pre-built from vendorized sources when upstream created the official tarball. Instead, pack the nodejs_modules/ directory as described in the Nodejs packaging guidelines and run `npx webpack` on them (which crashes in mock roots currently, I have to figure out why and how to fix it).
Created attachment 2091013 [details] The .spec file difference from Copr build 9008129 to 9069256
Copr build: https://copr.fedorainfracloud.org/coprs/build/9069256 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09069256-forgejo/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/11/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/11/forgejo-11.0.1-1.fc43.src.rpm This works around `npx webpack` crashing in mock roots.
Created attachment 2092107 [details] The .spec file difference from Copr build 9069256 to 9100127
Copr build: https://copr.fedorainfracloud.org/coprs/build/9100127 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09100127-forgejo/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/12/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/12/forgejo-11.0.1-1.fc43.src.rpm This configures go-vendor-tools to ignore node module licenses and should fix the build.
Created attachment 2092767 [details] The .spec file difference from Copr build 9100127 to 9111597
Copr build: https://copr.fedorainfracloud.org/coprs/build/9111597 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09111597-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ - Not a valid SPDX expression 'MIT AND GPL-3.0-or-later AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-3.0-or-later AND ICU AND ISC AND LicenseRef-Fedora-Public-Domain AND MIT AND MPL-2.0 AND (FTL OR GPL-2.0-or-later) AND (BSD-2-Clause OR MIT OR Apache-2.0) AND (MIT AND CC-BY-3.0) AND (MIT OR Apache-2.0) AND (MIT OR CC0-1.0) AND (MPL-2.0 OR Apache-2.0) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC0-1.0 AND ISC AND LGPL-3.0-only AND MIT AND MIT-0 AND MPL-2.0 AND Python-2.0 AND Unlicense'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
(In reply to Fedora Review Service from comment #59) > Found issues: > > - No gcc, gcc-c++ or clang found in BuildRequires Well, yeah… 🤷 > - Not a valid SPDX expression 'MIT AND GPL-3.0-or-later AND Apache-2.0 AND > BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-3.0-or-later AND ICU AND > ISC AND LicenseRef-Fedora-Public-Domain AND MIT AND MPL-2.0 AND (FTL OR > GPL-2.0-or-later) AND (BSD-2-Clause OR MIT OR Apache-2.0) AND (MIT AND > CC-BY-3.0) AND (MIT OR Apache-2.0) AND (MIT OR CC0-1.0) AND (MPL-2.0 OR > Apache-2.0) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND > BlueOak-1.0.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC0-1.0 AND ISC AND > LGPL-3.0-only AND MIT AND MIT-0 AND MPL-2.0 AND Python-2.0 AND Unlicense'. > Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 > > Please know that there can be false-positives. This looks like it trips over "LicenseRef-Fedora-Public-Domain" which isn’t an official SPDX expression (go-vendor-tools would generate "LicenseRef-scancode-public-domain" without the custom configuration the pkg uses).
There is a few errors in the fedora-review output: forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/data 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/log 750 forgejo.x86_64: E: non-readable /etc/forgejo/conf/app.ini 640 forgejo.x86_64: E: non-readable /etc/sysconfig/forgejo 640 forgejo.x86_64: E: non-executable-script /usr/share/bash-completion/completions/forgejo 644 /bin/bash forgejo.x86_64: E: description-line-too-long
(In reply to Tomas Hrcka from comment #61) > There is a few errors in the fedora-review output: > > forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo 750 > forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/data 750 > forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/log 750 These directories contain data which not everybody should be able to access (logs for the obvious reasons, data without going through Forgejo’s permission checking). > forgejo.x86_64: E: non-readable /etc/forgejo/conf/app.ini 640 > forgejo.x86_64: E: non-readable /etc/sysconfig/forgejo 640 These files potentially contain secrets. > forgejo.x86_64: E: non-executable-script > /usr/share/bash-completion/completions/forgejo 644 /bin/bash Yeah, that’s not a script, it’s sourced by bash. > forgejo.x86_64: E: description-line-too-long Will fix.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/13/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/13/forgejo-11.0.1-1.fc43.src.rpm This fixes the overly long description line.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/14/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/14/forgejo-11.0.1-1.fc43.src.rpm This normalizes a misidentified `Python-2.0` license to `PSF-2.0`.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/15/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/15/forgejo-11.0.1-1.fc43.src.rpm … and this removes the shebang from the bash autocompletion file so rpmlint shouldn’t report this: > forgejo.x86_64: E: non-executable-script /usr/share/bash-completion/completions/forgejo 644 /bin/bash
Copr build: https://copr.fedorainfracloud.org/coprs/build/9150061 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09150061-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ - Not a valid SPDX expression 'MIT AND GPL-3.0-or-later AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-3.0-or-later AND ICU AND ISC AND LicenseRef-Fedora-Public-Domain AND MIT AND MPL-2.0 AND (FTL OR GPL-2.0-or-later) AND (BSD-2-Clause OR MIT OR Apache-2.0) AND (MIT AND CC-BY-3.0) AND (MIT OR Apache-2.0) AND (MIT OR CC0-1.0) AND (MPL-2.0 OR Apache-2.0) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC0-1.0 AND ISC AND LGPL-3.0-only AND MIT AND MIT-0 AND MPL-2.0 AND Python-2.0 AND Unlicense'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Copr build: https://copr.fedorainfracloud.org/coprs/build/9150059 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09150059-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ - Not a valid SPDX expression 'MIT AND GPL-3.0-or-later AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-3.0-or-later AND ICU AND ISC AND LicenseRef-Fedora-Public-Domain AND MIT AND MPL-2.0 AND (FTL OR GPL-2.0-or-later) AND (BSD-2-Clause OR MIT OR Apache-2.0) AND (MIT AND CC-BY-3.0) AND (MIT OR Apache-2.0) AND (MIT OR CC0-1.0) AND (MPL-2.0 OR Apache-2.0) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC0-1.0 AND ISC AND LGPL-3.0-only AND MIT AND MIT-0 AND MPL-2.0 AND Python-2.0 AND Unlicense'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Created attachment 2093556 [details] The .spec file difference from Copr build 9150061 to 9150232
Copr build: https://copr.fedorainfracloud.org/coprs/build/9150232 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09150232-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
I would also suggest switching to the askalono go-vendor-tools backend. scancode will likely take some time to get working with Python 3.14. Here is a patch you can apply to your go-vendor-tools to switch the backend. I used the new go-vendor-tools --autofill feature (see --autofill in https://fedora.gitlab.io/sigs/go/go-vendor-tools/man/go_vendor_license/#options_1; the feature is not yet in a release) to add manual license entries to go-vendor-tools.toml for licenses that askalono cannot detect but scancode could.
Created attachment 2093584 [details] go-vendor-tools.toml.diff
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/16/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/16/forgejo-11.0.1-1.fc43.src.rpm This changes the license checker backend to askalono.
Created attachment 2093656 [details] The .spec file difference from Copr build 9150232 to 9152678
Copr build: https://copr.fedorainfracloud.org/coprs/build/9152678 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354888-forgejo/fedora-rawhide-x86_64/09152678-forgejo/fedora-review/review.txt Found issues: - No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/17/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/17/forgejo-11.0.1-1.fc43.src.rpm This includes pronunciation hints in the package description, cheers!
This is a review *template*. Besides handling the [ ]-marked tests you are also supposed to fix the template before pasting into bugzilla: - Add issues you find to the list of issues on top. If there isn't such a list, create one. - Add your own remarks to the template checks. - Add new lines marked [!] or [?] when you discover new things not listed by fedora-review. - Change or remove any text in the template which is plain wrong. In this case you could also file a bug against fedora-review - Remove the "[ ] Manual check required", you will not have any such lines in what you paste. - Remove attachments which you deem not really useful (the rpmlint ones are mandatory, though) - Remove this text Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. Note: No gcc, gcc-c++ or clang found in BuildRequires See: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/ ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "BSD 2-Clause License", "*No copyright* GNU General Public License, Version 3 and/or MIT License", "MIT License", "*No copyright* Apache License 2.0 and/or ISC License and/or MIT License", "Apache License 2.0 and/or GNU General Public License v3.0 or later and/or MIT License", "*No copyright* Apache License 2.0 and/or MIT License", "*No copyright* MIT License", "GNU General Public License, Version 3", "MIT License [generated file]", "Apache License 2.0", "ISC License and/or MIT License", "*No copyright* ISC License", "ISC License", "*No copyright* GNU General Public License", "*No copyright* Python License 2.0", "*No copyright* Apache License 2.0", "Apache License 2.0 and/or MIT License", "*No copyright* Mozilla Public License 2.0", "Mozilla Public License 2.0", "*No copyright* Creative Commons Attribution 4.0", "*No copyright* BSD 2-Clause License", "BSD 3-Clause License", "*No copyright* BSD 3-Clause License", "Apache License 2.0 and/or ISC License", "Apache License 2.0 and/or BSD 2-Clause License", "*No copyright* GNU Lesser General Public License, Version 3", "*No copyright* The Unlicense", "*No copyright* BSD 0-Clause License", "BSD 3-Clause License and/or MIT License", "*No copyright* Creative Commons CC0 1.0", "BSD 0-Clause License", "MIT No Attribution", "*No copyright* MIT License and/or MIT No Attribution", "BSD 2-clause FreeBSD License", "Creative Commons Attribution 3.0", "*No copyright* Creative Commons Attribution 3.0", "*No copyright* BSD 2-Clause License and/or BSD 3-Clause License and/or GNU Lesser General Public License, Version 2.1 and/or MIT License", "*No copyright* Creative Commons Attribution 3.0 and/or MIT License", "BSD 2-Clause with views sentence", "*No copyright* GNU Lesser General Public License", "GNU Lesser General Public License and/or MIT License", "*No copyright* GNU General Public License, Version 2 [obsolete FSF postal address (Temple Place)]", "Attribution Assurance License", "Amazon Digital Services License", "Academic Free License v1.1", "Academic Free License v1.2", "Academic Free License v2.0", "Academic Free License v2.1", "Academic Free License v3.0", "Affero General Public License v1.0", "GNU Affero General Public License v3.0", "AMD's plpa_map.c License", "Apple MIT License", "Academy of Motion Picture Arts and Sciences BSD", "*No copyright* ANTLR Software Rights Notice", "ANTLR Software Rights Notice", "Adobe Postscript AFM License", "Adaptive Public License 1.0", "Apple Public Source License 1.0", "Apple Public Source License 1.1", "*No copyright* Apple Public Source License 1.2", "Apple Public Source License 2.0", "Abstyles License", "Adobe Systems Incorporated Source Code License Agreement", "Adobe Glyph List License", "Afmparse License", "Aladdin Free Public License, Version 8", "Apache License 1.0", "Apache License 1.1", "*No copyright* Artistic License 1.0", "*No copyright* Artistic License 1.0 (Perl)", "*No copyright* Artistic-1.0-cl8", "*No copyright* BSD 1-Clause License", "*No copyright* BSD 2-Clause Plus Patent License", "*No copyright* BSD 2-Clause with views sentence", "*No copyright* Apache License 1.0 and/or BSD 3-Clause License", "BSD 3-Clause License and/or Lawrence Berkeley National Labs BSD variant license", "*No copyright* BSD 3-Clause Modification", "*No copyright* BSD 3-Clause No Military License", "BSD 3-Clause No Nuclear License", "BSD 3-Clause No Nuclear Warranty", "*No copyright* BSD 4-Clause License", "BSD-4-Clause (University of California-Specific)", "NTP License", "Apache License 1.0 and/or BSD 4-Clause License", "Apache License 1.0 and/or BSD 3-Clause License", "BSD 4-Clause License", "*No copyright* BSD Protection License and/or GNU General Public License", "*No copyright* Boost Software License 1.0", "Bahyph License", "*No copyright* Barr License", "*No copyright* Beerware License", "*No copyright* BitTorrent Open Source License v1.0", "*No copyright* BitTorrent Open Source License v1.1", "*No copyright* Boehm GC License", "Borceux license", "CMU License and/or GNU General Public License", "*No copyright* Cryptographic Autonomy License 1.0", "Computer Associates Trusted Open Source License 1.1", "Creative Commons Attribution 1.0 Generic", "*No copyright* Creative Commons Attribution 2.0", "*No copyright* Creative Commons Attribution 2.5", "Creative Commons Attribution 4.0", "Creative Commons Attribution-NonCommercial 1.0", "*No copyright* Creative Commons Attribution-NonCommercial 2.0", "*No copyright* Creative Commons Attribution-NonCommercial 2.5", "Creative Commons Attribution-NonCommercial 4.0", "Creative Commons Attribution- NoDerivs-NonCommercial 1.0", "*No copyright* Creative Commons Attribution-NonCommercial-NoDerivs 2.0", "*No copyright* Creative Commons Attribution-NonCommercial-NoDerivs 2.5", "Creative Commons Attribution-NonCommercial-NoDerivatives 4.0", "Creative Commons Attribution-NonCommercial-ShareAlike 1.0", "*No copyright* Creative Commons Attribution-NonCommercial-ShareAlike 2.0", "*No copyright* Creative Commons Attribution-NonCommercial-ShareAlike 2.5", "Creative Commons Attribution-NonCommercial-ShareAlike 4.0", "Creative Commons Attribution-NoDerivs 1.0", "*No copyright* Creative Commons Attribution-NoDerivs 2.0", "*No copyright* Creative Commons Attribution-NoDerivs 2.5", "Creative Commons Attribution-NoDerivatives 4.0", "Creative Commons Attribution-ShareAlike 1.0", "*No copyright* Creative Commons Attribution-ShareAlike 2.0", "*No copyright* Creative Commons Attribution-ShareAlike 2.5", "Creative Commons Attribution- ShareAlike 4.0", "Creative Commons Public Domain Dedication and Certification and/or Public domain", "*No copyright* CeCILL Free Software License Agreement v1.0", "*No copyright* CeCILL Free Software License Agreement v1.1", "*No copyright* CeCILL Free Software License Agreement v2.0", "*No copyright* CeCILL Free Software License Agreement v2.1", "*No copyright* CeCILL-B Free Software License Agreement v1.0", "*No copyright* CeCILL-C Free Software License Agreement v1.0", "GNU General Public License, Version 2", "CNRI Jython License", "*No copyright* CNRI Python License", "CNRI Python Open Source GPL Compatible License Agreement", "*No copyright* Common Public Attribution License 1.0", "Common Public License 1.0", "*No copyright* Code Project Open License 1.02", "*No copyright* CUA Office Public License v1.0", "Caldera License", "Freetype Project License", "*No copyright* Clarified Artistic License", "*No copyright* MIT No Attribution", "Condor Public License v1.1", "Cube License", "Deutsche Freie Software Lizenz 1.0", "DSDP License", "*No copyright* Educational Community License, Version 1.0", "*No copyright* Educational Community License, Version 2.0", "*No copyright* Eiffel Forum License v1.0", "*No copyright* Eiffel Forum License v2.0", "Eclipse Public License 1.0", "Eclipse Public License 2.0", "EU DataGrid Software License", "European Union Public License, Version 1.0", "European Union Public License, Version 1.1", "European Union Public License, Version 1.2", "Apache License 1.1 and/or Entessa Public License v1.0", "*No copyright* Erlang Public License v1.1", "Eurosym License", "*No copyright* FSF All Permissive License", "FSF All Permissive License", "FSF Unlimited License", "FSF Unlimited License (with License Retention)", "*No copyright* Fair License", "GNU General Public License", "Frameworx Open License 1.0", "*No copyright* Public domain", "GNU Free Documentation License v1.1", "GNU Free Documentation License v1.2", "GNU Free Documentation License v1.3", "*No copyright* OpenSSL License", "3dfx Glide License", "mit_osf", "*No copyright* NTP License (legal disclaimer)", "Kevlin Henney License", "*No copyright* NTP License", "Historical Permission Notice and Disclaimer - sell variant", "MIT Open Group variant", "*No copyright* MIT Open Group variant", "*No copyright* libpng License", "IBM PowerPC Initialization and Boot Software", "ICU License", "*No copyright* IPA Font License", "*No copyright* IBM Public License v1.0", "*No copyright* Imlib2 License and/or enna License", "Intel Open Source License", "JSON License and/or MIT License", "GNU Library General Public License, Version 2.0", "GNU Lesser General Public License, Version 2.1", "GNU Lesser General Public License, Version 3", "GNU Lesser General Public License", "*No copyright* GNU General Public License, Version 2", "Historical Permission Notice and Disclaimer and/or NTP License", "Lucent Public License Version 1.0", "Lucent Public License v1.02", "LaTeX Project Public License 1", "LaTeX Project Public License 1.1", "LaTeX Project Public License 1.2", "LaTeX Project Public License 1.3a", "LaTeX Project Public License 1.3c", "*No copyright* Common Public License 1.0", "Leptonica License", "*No copyright* Licence Libre du Québec – Permissive version 1.1", "*No copyright* Licence Libre du Québec – Réciprocité version 1.1", "*No copyright* Licence Libre du Québec – Réciprocité forte version 1.1", "libpng License", "*No copyright* Festival", "Khronos License", "*No copyright* MIT (old)", "Enlightenment License (e16)", "enna License", "*No copyright* feh License", "*No copyright* Mozilla Public License 1.0", "*No copyright* Mozilla Public License 1.1", "Microsoft Public License", "Microsoft Reciprocal License", "*No copyright* Apache License 1.1", "*No copyright* The MirOS License", "*No copyright* Motosoto License", "Mulan Permissive Software License, Version 1", "*No copyright* Mulan Permissive Software License, Version 2", "Multics License", "NASA Open Source Agreement 1.3", "Net Boolean Public License v1", "*No copyright* University of Illinois/NCSA Open Source License", "Nethack General Public License", "Public domain", "*No copyright* Netizen Open Source License 1.0", "*No copyright* Netscape Public License v1.0", "Mozilla Public License 1.1 and/or Netscape Public License v1.1", "Non-Profit Open Software License 3.0", "Naumen Public License", "BSD 3-Clause License and/or CMU License", "*No copyright* Nokia Open Source License", "OCLC Research Public License 2.0", "*No copyright* Open Data Commons Attribution License v1.0", "ODC Open Database License v1.0", "*No copyright* SIL Open Font License 1.0", "*No copyright* SIL Open Font License 1.1", "*No copyright* OGC Software License, Version 1.0", "*No copyright* Open Group Test Suite License", "Open LDAP Public License v1.1", "Open LDAP Public License v1.2", "Open LDAP Public License v1.3", "Open LDAP Public License v1.4", "Open LDAP Public License v2", "Open LDAP Public License v2.0.1", "Open LDAP Public License v2.1", "Open LDAP Public License v2.2", "Open LDAP Public License v2.2.1", "Open LDAP Public License 2.2.2", "Open LDAP Public License v2.3", "Open LDAP Public License v2.4", "Open LDAP Public License v2.5", "Open LDAP Public License v2.6", "Open LDAP Public License v2.7", "Open LDAP Public License v2.8", "*No copyright* Open Public License v1.0", "OSET Public License version 2.1", "Open Software License 1.0", "Open Software License 1.1", "Open Software License 2.0", "Open Software License 2.1", "Open Software License 3.0", "OpenSSL License and/or SSLeay", "OpenSSL License", "mit_openvision", "PHP License v3.0", "PHP License v3.01", "Peer Production License", "*No copyright* GNU Affero General Public License v3.0", "Python Software Foundation License 2.0", "PostgreSQL License", "Python License 2.0", "Q Public License 1.0", "*No copyright* Red Hat eCos Public License v1.1", "Reciprocal Public License 1.1", "Reciprocal Public License 1.5", "RealNetworks Public Source License v1.0", "Ricoh Source Code Public License", "*No copyright* Ruby License", "Public domain and/or Sax Public Domain Notice", "SGI Free Software License B v1.0", "*No copyright* SGI Free Software License B v1.1", "SGI Free Software License B v2.0", "Apache License", "*No copyright* Sun Industry Standards Source License v1.1", "*No copyright* Sun Industry Standards Source License v1.2", "Standard ML of New Jersey License", "*No copyright* Sun Public License v1.0", "SSLeay", "*No copyright* Simple Public License 2.0", "BSD 3-Clause License and/or Sleepycat License", "*No copyright* SugarCRM Public License v1.1.3", "Trusster Open Source License", "*No copyright* GNU General Public License v2.0 or later", "Upstream Compatibility License v. 1.0", "Universal Permissive License v1.0", "Unicode License Agreement - Data Files and Software (2016)", "Unicode License Agreement - Data Files and Software (2015)", "Unicode Terms of Use", "mit_unixcrypt", "BSD 3-Clause License and/or Vovida Software License v1.0", "*No copyright* W3C Software Notice and License (2002-12-31)", "W3C Software Notice and License (1998-07-20)", "*No copyright* W3C Software and Document Notice and License (2015-05-13)", "Do What The Fuck You Want To Public License, Version 2", "Sybase Open Watcom Public License 1.0", "mit_widget", "X11 License", "University of Illinois/NCSA Open Source License and/or XFree86 License 1.1", "*No copyright* mit_xfig", "MIT License and/or X.Net License", "Zope Public License 2.0", "*No copyright* Zope Public License 2.1", "Zed License", "Zend License v2.0", "*No copyright* Zimbra Public License v1.3", "*No copyright* Zimbra Public License v1.4", "*No copyright* zlib License", "bzip2 and libbzip2 License v1.0.6", "curl License", "*No copyright* GNU General Public License and/or eCos license version 2.0", "*No copyright* gSOAP Public License v1.3b", "libtiff License", "*No copyright* mpich2 License", "zlib/libpng License with Acknowledgement", "*No copyright* ISC License and/or MIT License", "Apache License 2.0 and/or MIT License and/or SIL Open Font License 1.1 [generated file]", "Apache License 2.0 [generated file]", "BSD 1-Clause License", "BSD 0-Clause License and/or MIT License", "SIL Open Font License 1.1", "Apache License 2.0 and/or BSD 3-Clause License", "BSD 2-Clause License and/or ISC License", "Apache License 2.0 and/or Creative Commons Attribution 4.0", "Apache License 2.0 and/or MIT License [generated file]", "BSD 3-Clause License and/or ISC License", "*No copyright* MIT License [generated file]". 48207 files have unknown license. Detailed output of licensecheck in /home/humaton/2354888-forgejo/licensecheck.txt [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [ ]: Package requires other packages for directories it uses. Note: No known owner of /usr/share/licenses/forgejo/public, /usr/share/licenses/forgejo/public/assets [ ]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/licenses/forgejo/public, /usr/share/licenses/forgejo/public/assets [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [x]: %config files are marked noreplace or the reason is justified. Note: No (noreplace) in %config(noreplace,missingok) /etc/sysconfig/forgejo [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 406521 bytes in 4 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: systemd_post is invoked in %post, systemd_preun in %preun, and systemd_postun in %postun for Systemd service files. Note: Systemd service file(s) in forgejo [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [!]: Uses parallel make %{?_smp_mflags} macro. [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: SourceX tarball generation or download is documented. Note: Package contains tarball without URL, check comments [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [!]: Sources can be downloaded from URI in Source: tag [!]: SourceX is a working URL. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [-]: Large data in /usr/share should live in a noarch subpackage if package is arched. Note: Arch-ed rpms have a total of 4024320 bytes in /usr/share [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). Rpmlint ------- Checking: forgejo-11.0.1-1.fc43.x86_64.rpm forgejo-11.0.1-1.fc43.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpc_5wad3u')] checks: 32, packages: 2 forgejo.src: E: spelling-error ('forˈd͡ʒe', '%description -l en_US forˈd͡ʒe -> foreword') forgejo.x86_64: E: spelling-error ('forˈd͡ʒe', '%description -l en_US forˈd͡ʒe -> foreword') forgejo.spec: W: patch-not-applied Patch0: forgejo-10.0.1-app.ini.tmpl.patch forgejo.x86_64: W: non-standard-uid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/log forgejo forgejo.x86_64: W: non-standard-gid /etc/forgejo/conf/app.ini forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/log forgejo forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/data 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/log 750 forgejo.x86_64: E: non-readable /etc/sysconfig/forgejo 640 forgejo.x86_64: W: non-conffile-in-etc /etc/forgejo/conf/app.ini.tmpl forgejo.x86_64: W: no-manual-page-for-binary forgejo forgejo.spec: W: invalid-url Source2: forgejo-11.0.1-nodejs-vendor.tar.xz forgejo.spec: W: invalid-url Source1: forgejo-11.0.1-go-vendor.tar.bz2 forgejo.x86_64: E: files-duplicated-waste 506021 forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/go.uber.org/mock/LICENSE /usr/share/licenses/forgejo/vendor/cloud.google.com/go/compute/metadata/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/geo/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/bradfitz/gomemcache/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/go-openapi/jsonpointer/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/go-openapi/jsonreference/LICENSE:(and 11 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/session/LICENSE /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/binding/LICENSE:/usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/cache/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/minio/md5-simd/LICENSE.Golang /usr/share/licenses/forgejo/vendor/filippo.io/edwards25519/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/ProtonMail/go-crypto/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/go-fed/httpsig/LICENSE /usr/share/licenses/forgejo/vendor/github.com/42wim/httpsig/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/prometheus/procfs/LICENSE /usr/share/licenses/forgejo/vendor/github.com/42wim/sshsig/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/mholt/acmez/v3/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/modern-go/concurrent/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/modern-go/reflect2/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/prometheus/client_golang/LICENSE:(and 2 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/google.golang.org/protobuf/PATENTS /usr/share/licenses/forgejo/vendor/github.com/ProtonMail/go-crypto/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/crypto/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/image/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/mod/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/net/PATENTS:(and 5 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/mschoch/smat/LICENSE /usr/share/licenses/forgejo/vendor/github.com/blevesearch/bleve/v2/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/bleve_index_api/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/scorch_segment_api/v2/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/segment/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/upsidedown_store_api/LICENSE:(and 8 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/gitlab.com/gitlab-org/api/client-go/LICENSE /usr/share/licenses/forgejo/vendor/github.com/caddyserver/certmagic/LICENSE.txt:/usr/share/licenses/forgejo/vendor/github.com/skeema/knownhosts/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt /usr/share/licenses/forgejo/vendor/github.com/cespare/xxhash/v2/LICENSE.txt forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/djherbis/nio/v3/LICENSE.txt /usr/share/licenses/forgejo/vendor/github.com/djherbis/buffer/LICENSE.txt forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/gopkg.in/ini.v1/LICENSE /usr/share/licenses/forgejo/vendor/github.com/go-ini/ini/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/golang-jwt/jwt/v5/LICENSE /usr/share/licenses/forgejo/vendor/github.com/golang-jwt/jwt/v4/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/klauspost/compress/internal/snapref/LICENSE /usr/share/licenses/forgejo/vendor/github.com/golang/snappy/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/gorilla/feeds/LICENSE /usr/share/licenses/forgejo/vendor/github.com/gorilla/css/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/gorilla/securecookie/LICENSE /usr/share/licenses/forgejo/vendor/github.com/gorilla/mux/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/markbates/goth/LICENSE.txt /usr/share/licenses/forgejo/vendor/github.com/markbates/going/LICENSE.txt forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/mattn/go-runewidth/LICENSE /usr/share/licenses/forgejo/vendor/github.com/mattn/go-colorable/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/shurcooL/vfsgen/LICENSE /usr/share/licenses/forgejo/vendor/github.com/shurcooL/httpfs/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/yuin/goldmark/LICENSE /usr/share/licenses/forgejo/vendor/github.com/yuin/goldmark-highlighting/v2/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/golang.org/x/tools/LICENSE /usr/share/licenses/forgejo/vendor/golang.org/x/crypto/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/image/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/mod/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/net/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/oauth2/LICENSE:(and 4 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/gopkg.in/gomail.v2/LICENSE /usr/share/licenses/forgejo/vendor/gopkg.in/alexcesaro/quotedprintable.v3/LICENSE forgejo.x86_64: W: empty-%pre forgejo.x86_64: W: conffile-without-noreplace-flag /etc/forgejo/conf/app.ini 2 packages and 0 specfiles checked; 7 errors, 35 warnings, 7 filtered, 7 badness; has taken 3.7 s Rpmlint (debuginfo) ------------------- Checking: forgejo-debuginfo-11.0.1-1.fc43.x86_64.rpm ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpgs8ygdry')] checks: 32, packages: 1 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 5 filtered, 0 badness; has taken 2.3 s Rpmlint (installed packages) ---------------------------- /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 2 forgejo.x86_64: W: unused-direct-shlib-dependency /usr/bin/forgejo /lib64/libresolv.so.2 forgejo.x86_64: E: spelling-error ('forˈd͡ʒe', '%description -l en_US forˈd͡ʒe -> foreword') forgejo.x86_64: W: non-standard-uid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/log forgejo forgejo.x86_64: W: non-standard-gid /etc/forgejo/conf/app.ini forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/log forgejo forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/data 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/log 750 forgejo.x86_64: E: non-readable /etc/sysconfig/forgejo 640 forgejo.x86_64: W: non-conffile-in-etc /etc/forgejo/conf/app.ini.tmpl forgejo.x86_64: W: no-manual-page-for-binary forgejo forgejo.x86_64: E: files-duplicated-waste 506021 forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/go.uber.org/mock/LICENSE /usr/share/licenses/forgejo/vendor/cloud.google.com/go/compute/metadata/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/geo/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/bradfitz/gomemcache/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/go-openapi/jsonpointer/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/go-openapi/jsonreference/LICENSE:(and 11 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/session/LICENSE /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/binding/LICENSE:/usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/cache/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/minio/md5-simd/LICENSE.Golang /usr/share/licenses/forgejo/vendor/filippo.io/edwards25519/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/ProtonMail/go-crypto/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/go-fed/httpsig/LICENSE /usr/share/licenses/forgejo/vendor/github.com/42wim/httpsig/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/prometheus/procfs/LICENSE /usr/share/licenses/forgejo/vendor/github.com/42wim/sshsig/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/mholt/acmez/v3/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/modern-go/concurrent/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/modern-go/reflect2/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/prometheus/client_golang/LICENSE:(and 2 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/google.golang.org/protobuf/PATENTS /usr/share/licenses/forgejo/vendor/github.com/ProtonMail/go-crypto/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/crypto/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/image/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/mod/PATENTS:/usr/share/licenses/forgejo/vendor/golang.org/x/net/PATENTS:(and 5 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/mschoch/smat/LICENSE /usr/share/licenses/forgejo/vendor/github.com/blevesearch/bleve/v2/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/bleve_index_api/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/scorch_segment_api/v2/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/segment/LICENSE:/usr/share/licenses/forgejo/vendor/github.com/blevesearch/upsidedown_store_api/LICENSE:(and 8 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/gitlab.com/gitlab-org/api/client-go/LICENSE /usr/share/licenses/forgejo/vendor/github.com/caddyserver/certmagic/LICENSE.txt:/usr/share/licenses/forgejo/vendor/github.com/skeema/knownhosts/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt /usr/share/licenses/forgejo/vendor/github.com/cespare/xxhash/v2/LICENSE.txt forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/djherbis/nio/v3/LICENSE.txt /usr/share/licenses/forgejo/vendor/github.com/djherbis/buffer/LICENSE.txt forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/gopkg.in/ini.v1/LICENSE /usr/share/licenses/forgejo/vendor/github.com/go-ini/ini/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/golang-jwt/jwt/v5/LICENSE /usr/share/licenses/forgejo/vendor/github.com/golang-jwt/jwt/v4/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/klauspost/compress/internal/snapref/LICENSE /usr/share/licenses/forgejo/vendor/github.com/golang/snappy/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/gorilla/feeds/LICENSE /usr/share/licenses/forgejo/vendor/github.com/gorilla/css/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/gorilla/securecookie/LICENSE /usr/share/licenses/forgejo/vendor/github.com/gorilla/mux/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/markbates/goth/LICENSE.txt /usr/share/licenses/forgejo/vendor/github.com/markbates/going/LICENSE.txt forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/mattn/go-runewidth/LICENSE /usr/share/licenses/forgejo/vendor/github.com/mattn/go-colorable/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/shurcooL/vfsgen/LICENSE /usr/share/licenses/forgejo/vendor/github.com/shurcooL/httpfs/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/github.com/yuin/goldmark/LICENSE /usr/share/licenses/forgejo/vendor/github.com/yuin/goldmark-highlighting/v2/LICENSE forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/golang.org/x/tools/LICENSE /usr/share/licenses/forgejo/vendor/golang.org/x/crypto/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/image/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/mod/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/net/LICENSE:/usr/share/licenses/forgejo/vendor/golang.org/x/oauth2/LICENSE:(and 4 more) forgejo.x86_64: W: files-duplicate /usr/share/licenses/forgejo/vendor/gopkg.in/gomail.v2/LICENSE /usr/share/licenses/forgejo/vendor/gopkg.in/alexcesaro/quotedprintable.v3/LICENSE forgejo.x86_64: W: empty-%pre forgejo.x86_64: W: conffile-without-noreplace-flag /etc/forgejo/conf/app.ini 2 packages and 0 specfiles checked; 6 errors, 33 warnings, 9 filtered, 6 badness; has taken 0.6 s Source checksums ---------------- https://codeberg.org/forgejo/forgejo/archive/v11.0.1.tar.gz#/forgejo-11.0.1.tar.gz : CHECKSUM(SHA256) this package : ca1a6dddbf142a5338f803b24832dec0f9bb23b40e3f88aa5970f5dd69eb5dfb CHECKSUM(SHA256) upstream package : ca1a6dddbf142a5338f803b24832dec0f9bb23b40e3f88aa5970f5dd69eb5dfb Requires -------- forgejo (rpmlib, GLIBC filtered): /bin/sh /usr/bin/bash bash config(forgejo) coreutils git-core git-lfs group(forgejo) libc.so.6()(64bit) libresolv.so.2()(64bit) rtld(GNU_HASH) sed user(forgejo) Provides -------- forgejo: bundled(golang(cloud.google.com/go/compute/metadata)) bundled(golang(code.forgejo.org/f3/gof3/v3)) bundled(golang(code.forgejo.org/forgejo-contrib/go-libravatar)) bundled(golang(code.forgejo.org/forgejo/act)) bundled(golang(code.forgejo.org/forgejo/archiver/v3)) bundled(golang(code.forgejo.org/forgejo/go-xsd-duration)) bundled(golang(code.forgejo.org/forgejo/levelqueue)) bundled(golang(code.forgejo.org/forgejo/reply)) bundled(golang(code.forgejo.org/forgejo/ssh)) bundled(golang(code.forgejo.org/go-chi/binding)) bundled(golang(code.forgejo.org/go-chi/cache)) bundled(golang(code.forgejo.org/go-chi/captcha)) bundled(golang(code.forgejo.org/go-chi/session)) bundled(golang(code.gitea.io/actions-proto-go)) bundled(golang(code.gitea.io/sdk/gitea)) bundled(golang(codeberg.org/gusted/mcaptcha)) bundled(golang(connectrpc.com/connect)) bundled(golang(dario.cat/mergo)) bundled(golang(filippo.io/edwards25519)) bundled(golang(github.com/42wim/httpsig)) bundled(golang(github.com/42wim/sshsig)) bundled(golang(github.com/6543/go-version)) bundled(golang(github.com/Azure/go-ntlmssp)) bundled(golang(github.com/DataDog/zstd)) bundled(golang(github.com/Microsoft/go-winio)) bundled(golang(github.com/ProtonMail/go-crypto)) bundled(golang(github.com/PuerkitoBio/goquery)) bundled(golang(github.com/RoaringBitmap/roaring)) bundled(golang(github.com/SaveTheRbtz/zstd-seekable-format-go/pkg)) bundled(golang(github.com/alecthomas/chroma/v2)) bundled(golang(github.com/andybalholm/brotli)) bundled(golang(github.com/andybalholm/cascadia)) bundled(golang(github.com/anmitsu/go-shlex)) bundled(golang(github.com/aymerick/douceur)) bundled(golang(github.com/beorn7/perks)) bundled(golang(github.com/bits-and-blooms/bitset)) bundled(golang(github.com/blakesmith/ar)) bundled(golang(github.com/blevesearch/bleve/v2)) bundled(golang(github.com/blevesearch/bleve_index_api)) bundled(golang(github.com/blevesearch/geo)) bundled(golang(github.com/blevesearch/go-faiss)) bundled(golang(github.com/blevesearch/go-porterstemmer)) bundled(golang(github.com/blevesearch/gtreap)) bundled(golang(github.com/blevesearch/mmap-go)) bundled(golang(github.com/blevesearch/scorch_segment_api/v2)) bundled(golang(github.com/blevesearch/segment)) bundled(golang(github.com/blevesearch/snowballstem)) bundled(golang(github.com/blevesearch/upsidedown_store_api)) bundled(golang(github.com/blevesearch/vellum)) bundled(golang(github.com/blevesearch/zapx/v11)) bundled(golang(github.com/blevesearch/zapx/v12)) bundled(golang(github.com/blevesearch/zapx/v13)) bundled(golang(github.com/blevesearch/zapx/v14)) bundled(golang(github.com/blevesearch/zapx/v15)) bundled(golang(github.com/blevesearch/zapx/v16)) bundled(golang(github.com/boombuler/barcode)) bundled(golang(github.com/bradfitz/gomemcache)) bundled(golang(github.com/buildkite/terminal-to-html/v3)) bundled(golang(github.com/caddyserver/certmagic)) bundled(golang(github.com/caddyserver/zerossl)) bundled(golang(github.com/cention-sany/utf7)) bundled(golang(github.com/cespare/xxhash/v2)) bundled(golang(github.com/chi-middleware/proxy)) bundled(golang(github.com/cloudflare/circl)) bundled(golang(github.com/cpuguy83/go-md2man/v2)) bundled(golang(github.com/cyphar/filepath-securejoin)) bundled(golang(github.com/davecgh/go-spew)) bundled(golang(github.com/davidmz/go-pageant)) bundled(golang(github.com/dgryski/go-rendezvous)) bundled(golang(github.com/djherbis/buffer)) bundled(golang(github.com/djherbis/nio/v3)) bundled(golang(github.com/dlclark/regexp2)) bundled(golang(github.com/dsnet/compress)) bundled(golang(github.com/dustin/go-humanize)) bundled(golang(github.com/editorconfig/editorconfig-core-go/v2)) bundled(golang(github.com/emersion/go-imap)) bundled(golang(github.com/emersion/go-sasl)) bundled(golang(github.com/emirpasic/gods)) bundled(golang(github.com/fatih/color)) bundled(golang(github.com/felixge/fgprof)) bundled(golang(github.com/fsnotify/fsnotify)) bundled(golang(github.com/fxamacker/cbor/v2)) bundled(golang(github.com/go-ap/activitypub)) bundled(golang(github.com/go-ap/errors)) bundled(golang(github.com/go-ap/jsonld)) bundled(golang(github.com/go-asn1-ber/asn1-ber)) bundled(golang(github.com/go-chi/chi/v5)) bundled(golang(github.com/go-chi/cors)) bundled(golang(github.com/go-co-op/gocron)) bundled(golang(github.com/go-enry/go-enry/v2)) bundled(golang(github.com/go-enry/go-oniguruma)) bundled(golang(github.com/go-fed/httpsig)) bundled(golang(github.com/go-git/gcfg)) bundled(golang(github.com/go-git/go-billy/v5)) bundled(golang(github.com/go-git/go-git/v5)) bundled(golang(github.com/go-ini/ini)) bundled(golang(github.com/go-ldap/ldap/v3)) bundled(golang(github.com/go-openapi/jsonpointer)) bundled(golang(github.com/go-openapi/jsonreference)) bundled(golang(github.com/go-openapi/spec)) bundled(golang(github.com/go-openapi/swag)) bundled(golang(github.com/go-sql-driver/mysql)) bundled(golang(github.com/go-webauthn/webauthn)) bundled(golang(github.com/go-webauthn/x)) bundled(golang(github.com/gobwas/glob)) bundled(golang(github.com/goccy/go-json)) bundled(golang(github.com/gogs/chardet)) bundled(golang(github.com/gogs/go-gogs-client)) bundled(golang(github.com/golang-jwt/jwt/v4)) bundled(golang(github.com/golang-jwt/jwt/v5)) bundled(golang(github.com/golang/freetype)) bundled(golang(github.com/golang/geo)) bundled(golang(github.com/golang/groupcache)) bundled(golang(github.com/golang/protobuf)) bundled(golang(github.com/golang/snappy)) bundled(golang(github.com/google/btree)) bundled(golang(github.com/google/go-cmp)) bundled(golang(github.com/google/go-github/v64)) bundled(golang(github.com/google/go-querystring)) bundled(golang(github.com/google/go-tpm)) bundled(golang(github.com/google/pprof)) bundled(golang(github.com/google/uuid)) bundled(golang(github.com/gorilla/css)) bundled(golang(github.com/gorilla/feeds)) bundled(golang(github.com/gorilla/mux)) bundled(golang(github.com/gorilla/securecookie)) bundled(golang(github.com/gorilla/sessions)) bundled(golang(github.com/hashicorp/go-cleanhttp)) bundled(golang(github.com/hashicorp/go-retryablehttp)) bundled(golang(github.com/hashicorp/golang-lru/v2)) bundled(golang(github.com/huandu/xstrings)) bundled(golang(github.com/jaytaylor/html2text)) bundled(golang(github.com/jbenet/go-context)) bundled(golang(github.com/jhillyerd/enmime/v2)) bundled(golang(github.com/josharian/intern)) bundled(golang(github.com/json-iterator/go)) bundled(golang(github.com/kballard/go-shellquote)) bundled(golang(github.com/kevinburke/ssh_config)) bundled(golang(github.com/klauspost/compress)) bundled(golang(github.com/klauspost/cpuid/v2)) bundled(golang(github.com/klauspost/pgzip)) bundled(golang(github.com/lib/pq)) bundled(golang(github.com/libdns/libdns)) bundled(golang(github.com/lunny/vfsgen)) bundled(golang(github.com/mailru/easyjson)) bundled(golang(github.com/markbates/going)) bundled(golang(github.com/markbates/goth)) bundled(golang(github.com/mattn/go-colorable)) bundled(golang(github.com/mattn/go-isatty)) bundled(golang(github.com/mattn/go-runewidth)) bundled(golang(github.com/mattn/go-sqlite3)) bundled(golang(github.com/meilisearch/meilisearch-go)) bundled(golang(github.com/mholt/acmez/v3)) bundled(golang(github.com/microcosm-cc/bluemonday)) bundled(golang(github.com/miekg/dns)) bundled(golang(github.com/minio/crc64nvme)) bundled(golang(github.com/minio/md5-simd)) bundled(golang(github.com/minio/minio-go/v7)) bundled(golang(github.com/mitchellh/mapstructure)) bundled(golang(github.com/modern-go/concurrent)) bundled(golang(github.com/modern-go/reflect2)) bundled(golang(github.com/mrjones/oauth)) bundled(golang(github.com/mschoch/smat)) bundled(golang(github.com/msteinert/pam/v2)) bundled(golang(github.com/munnerz/goautoneg)) bundled(golang(github.com/niklasfasching/go-org)) bundled(golang(github.com/nwaples/rardecode)) bundled(golang(github.com/olekukonko/tablewriter)) bundled(golang(github.com/olivere/elastic/v7)) bundled(golang(github.com/onsi/ginkgo)) bundled(golang(github.com/opencontainers/go-digest)) bundled(golang(github.com/opencontainers/image-spec)) bundled(golang(github.com/pierrec/lz4/v4)) bundled(golang(github.com/pjbgf/sha1cd)) bundled(golang(github.com/pkg/errors)) bundled(golang(github.com/pmezard/go-difflib)) bundled(golang(github.com/pquerna/otp)) bundled(golang(github.com/prometheus/client_golang)) bundled(golang(github.com/prometheus/client_model)) bundled(golang(github.com/prometheus/common)) bundled(golang(github.com/prometheus/procfs)) bundled(golang(github.com/redis/go-redis/v9)) bundled(golang(github.com/rhysd/actionlint)) bundled(golang(github.com/rivo/uniseg)) bundled(golang(github.com/robfig/cron/v3)) bundled(golang(github.com/rogpeppe/go-internal)) bundled(golang(github.com/rs/xid)) bundled(golang(github.com/russross/blackfriday/v2)) bundled(golang(github.com/santhosh-tekuri/jsonschema/v6)) bundled(golang(github.com/sassoftware/go-rpmutils)) bundled(golang(github.com/sergi/go-diff)) bundled(golang(github.com/shurcooL/httpfs)) bundled(golang(github.com/sirupsen/logrus)) bundled(golang(github.com/skeema/knownhosts)) bundled(golang(github.com/ssor/bom)) bundled(golang(github.com/stretchr/testify)) bundled(golang(github.com/syndtr/goleveldb)) bundled(golang(github.com/ulikunitz/xz)) bundled(golang(github.com/urfave/cli/v2)) bundled(golang(github.com/valyala/fastjson)) bundled(golang(github.com/x448/float16)) bundled(golang(github.com/xanzy/ssh-agent)) bundled(golang(github.com/xi2/xz)) bundled(golang(github.com/xrash/smetrics)) bundled(golang(github.com/yohcop/openid-go)) bundled(golang(github.com/yuin/goldmark)) bundled(golang(github.com/yuin/goldmark-highlighting/v2)) bundled(golang(github.com/zeebo/assert)) bundled(golang(github.com/zeebo/blake3)) bundled(golang(gitlab.com/gitlab-org/api/client-go)) bundled(golang(go.etcd.io/bbolt)) bundled(golang(go.uber.org/atomic)) bundled(golang(go.uber.org/mock)) bundled(golang(go.uber.org/multierr)) bundled(golang(go.uber.org/zap)) bundled(golang(go.uber.org/zap/exp)) bundled(golang(golang.org/x/crypto)) bundled(golang(golang.org/x/image)) bundled(golang(golang.org/x/mod)) bundled(golang(golang.org/x/net)) bundled(golang(golang.org/x/oauth2)) bundled(golang(golang.org/x/sync)) bundled(golang(golang.org/x/sys)) bundled(golang(golang.org/x/text)) bundled(golang(golang.org/x/time)) bundled(golang(golang.org/x/tools)) bundled(golang(google.golang.org/protobuf)) bundled(golang(gopkg.in/alexcesaro/quotedprintable.v3)) bundled(golang(gopkg.in/gomail.v2)) bundled(golang(gopkg.in/ini.v1)) bundled(golang(gopkg.in/warnings.v0)) bundled(golang(gopkg.in/yaml.v3)) bundled(golang(mvdan.cc/xurls/v2)) bundled(golang(xorm.io/builder)) bundled(golang(xorm.io/xorm)) config(forgejo) forgejo forgejo(x86-64) group(forgejo) user(forgejo) Diff spec file in url and in SRPM --------------------------------- --- /home/humaton/2354888-forgejo/srpm/forgejo.spec 2025-06-25 11:14:33.972479999 +0200 +++ /home/humaton/2354888-forgejo/srpm-unpacked/forgejo.spec 2025-06-18 02:00:00.000000000 +0200 @@ -1,2 +1,12 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.8.1) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 1; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + %bcond check 1 @@ -208,3 +218,6 @@ %changelog -%autochangelog +## START: Generated by rpmautospec +* Wed Jun 18 2025 Nils Philippsen <nils> - 11.0.1-1 +- Uncommitted changes +## END: Generated by rpmautospec Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2354888 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: R, Ocaml, Haskell, SugarActivity, PHP, fonts, Python, Java, Perl, Ruby Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH There are 2 errors that I am not sure about: No known owner of /usr/share/licenses/forgejo/public, /usr/share/licenses/forgejo/public/assets and forgejo.x86_64: E: files-duplicated-waste 506021 They seem like false positives, but I am not sure. The ownership error is a false positive.
I’ll address rpmlint errors and warnings, for completeness sake. (In reply to Tomas Hrcka from comment #76) > … > ===== SHOULD items ===== > > Generic: > [!]: Uses parallel make %{?_smp_mflags} macro. Not sure if it helps much the way we use make (piece-meal), but will do anyway. > Generic: > [!]: Spec file according to URL is the same as in SRPM. > Note: Spec file as given by url is not the same as in SRPM (see > attached diff). > See: (this test has no URL) This is because of using rpmautospec features, the generated SRPM has the preprocessed spec file. > [-]: Large data in /usr/share should live in a noarch subpackage if package > is arched. > Note: Arch-ed rpms have a total of 4024320 bytes in /usr/share I assume this is due to the license files, which should go down a bit after hardlinking identical copies. > forgejo.src: E: spelling-error ('forˈd͡ʒe', '%description -l en_US forˈd͡ʒe > -> foreword') > forgejo.x86_64: E: spelling-error ('forˈd͡ʒe', '%description -l en_US > forˈd͡ʒe -> foreword') False positive. > forgejo.spec: W: patch-not-applied Patch0: forgejo-10.0.1-app.ini.tmpl.patch Same, we need more control over how the patch is applied not given by the %patch macro. > forgejo.x86_64: W: non-standard-uid /var/lib/forgejo forgejo > forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/data forgejo > forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/log forgejo > forgejo.x86_64: W: non-standard-gid /etc/forgejo/conf/app.ini forgejo > forgejo.x86_64: W: non-standard-gid /var/lib/forgejo forgejo > forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/data forgejo > forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/log forgejo These are owned by the (created) forgejo user. > forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo 750 > forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/data 750 > forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/log 750 > forgejo.x86_64: E: non-readable /etc/sysconfig/forgejo 640 Addressed above (i.e. intentional). > forgejo.x86_64: W: non-conffile-in-etc /etc/forgejo/conf/app.ini.tmpl Also intentional. > forgejo.x86_64: W: no-manual-page-for-binary forgejo Yeah… I’m happy to include it but I won’t write it. 😁 > forgejo.spec: W: invalid-url Source2: forgejo-11.0.1-nodejs-vendor.tar.xz > forgejo.spec: W: invalid-url Source1: forgejo-11.0.1-go-vendor.tar.bz2 Not a URL. > forgejo.x86_64: E: files-duplicated-waste 506021 > forgejo.x86_64: W: files-duplicate > … Will be addressed by hardlinking identical copies of license files. > forgejo.x86_64: W: empty-%pre This is due to the %sysusers_create_compat macro, which expands empty in newer releases. > forgejo.x86_64: W: conffile-without-noreplace-flag /etc/forgejo/conf/app.ini This file is also %ghost-ed but I’ll mark it noreplace regardless. > … > forgejo.x86_64: W: unused-direct-shlib-dependency /usr/bin/forgejo > /lib64/libresolv.so.2 No idea why this is linked in, but looks harmless. > … > There are 2 errors that I am not sure about: > No known owner of /usr/share/licenses/forgejo/public, > /usr/share/licenses/forgejo/public/assets Will fix. > > and > > forgejo.x86_64: E: files-duplicated-waste 506021 Will run hardlinks on the many identical copies of license texts (for the bundled Go modules). > They seem like false positives, but I am not sure. > > The ownership error is a false positive.
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/18/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/18/forgejo-11.0.1-1.fc43.src.rpm Changes: - Own all license directories - rpmlint: Mark ghosted config file as noreplace - Hardlink many copies of the same (license) files - Use parallel build flags for invoking make
Spec URL: https://nphilipp.fedorapeople.org/review/forgejo/19/forgejo.spec SRPM URL: https://nphilipp.fedorapeople.org/review/forgejo/19/forgejo-11.0.2-1.fc43.src.rpm This updates the package to the current version, 11.0.2.
===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. </snip the license string because of BZ coomment lenght limitations, content is the same as previous run> [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [x]: %config files are marked noreplace or the reason is justified. Note: No (noreplace) in %config(noreplace,missingok) /etc/sysconfig/forgejo [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 406521 bytes in 4 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: systemd_post is invoked in %post, systemd_preun in %preun, and systemd_postun in %postun for Systemd service files. Note: Systemd service file(s) in forgejo [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: SourceX tarball generation or download is documented. Note: Package contains tarball without URL, check comments [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Uses parallel make %{?_smp_mflags} macro. [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Note: Arch-ed rpms have a total of 3502080 bytes in /usr/share [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). Rpmlint ------- Checking: forgejo-11.0.2-1.fc43.x86_64.rpm forgejo-11.0.2-1.fc43.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp2bft4mdu')] checks: 32, packages: 2 forgejo.src: E: spelling-error ('forˈd͡ʒe', '%description -l en_US forˈd͡ʒe -> foreword') forgejo.x86_64: E: spelling-error ('forˈd͡ʒe', '%description -l en_US forˈd͡ʒe -> foreword') forgejo.spec: W: patch-not-applied Patch0: forgejo-10.0.1-app.ini.tmpl.patch forgejo.x86_64: W: non-standard-uid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/log forgejo forgejo.x86_64: W: non-standard-gid /etc/forgejo/conf/app.ini forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/log forgejo forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/data 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/log 750 forgejo.x86_64: E: non-readable /etc/sysconfig/forgejo 640 forgejo.x86_64: W: non-conffile-in-etc /etc/forgejo/conf/app.ini.tmpl forgejo.x86_64: W: no-manual-page-for-binary forgejo forgejo.spec: W: invalid-url Source2: forgejo-11.0.2-nodejs-vendor.tar.xz forgejo.spec: W: invalid-url Source1: forgejo-11.0.2-go-vendor.tar.bz2 forgejo.x86_64: W: empty-%pre forgejo.x86_64: W: cross-directory-hard-link /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/cache/LICENSE /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/binding/LICENSE </snip there is another 300+ warning with similar content, this is the result of hardlinking the licences, cutting it out because of BZ coomment lenght limitations> 2 packages and 0 specfiles checked; 6 errors, 374 warnings, 7 filtered, 6 badness; has taken 3.8 s Rpmlint (debuginfo) ------------------- Checking: forgejo-debuginfo-11.0.2-1.fc43.x86_64.rpm ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpb0nxroo1')] checks: 32, packages: 1 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 5 filtered, 0 badness; has taken 2.3 s Rpmlint (installed packages) ---------------------------- /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 2 forgejo.x86_64: W: unused-direct-shlib-dependency /usr/bin/forgejo /lib64/libresolv.so.2 forgejo.x86_64: E: spelling-error ('forˈd͡ʒe', '%description -l en_US forˈd͡ʒe -> foreword') forgejo.x86_64: W: non-standard-uid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-uid /var/lib/forgejo/log forgejo forgejo.x86_64: W: non-standard-gid /etc/forgejo/conf/app.ini forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/data forgejo forgejo.x86_64: W: non-standard-gid /var/lib/forgejo/log forgejo forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/data 750 forgejo.x86_64: E: non-standard-dir-perm /var/lib/forgejo/log 750 forgejo.x86_64: E: non-readable /etc/sysconfig/forgejo 640 forgejo.x86_64: W: non-conffile-in-etc /etc/forgejo/conf/app.ini.tmpl forgejo.x86_64: W: no-manual-page-for-binary forgejo forgejo.x86_64: W: empty-%pre forgejo.x86_64: W: cross-directory-hard-link /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/cache/LICENSE /usr/share/licenses/forgejo/vendor/code.forgejo.org/go-chi/binding/LICENSE forgejo.x86_64: W: cross-directory-hard-link /usr/share/licenses/forgejo/vendor/gopkg.in/ini.v1/LICENSE /usr/share/licenses/forgejo/vendor/github.com/go-ini/ini/LICENSE </snip there is another 300+ warning with similar content, this is the result of hardlinking the licences, cutting it out because of BZ coomment lenght limitations> 2 packages and 0 specfiles checked; 5 errors, 372 warnings, 9 filtered, 5 badness; has taken 0.7 s Source checksums ---------------- https://codeberg.org/forgejo/forgejo/archive/v11.0.2.tar.gz#/forgejo-11.0.2.tar.gz : CHECKSUM(SHA256) this package : d9e73f14908491f98ebf97203dd716c80e0866b39f3964ce7a7c909b45364749 CHECKSUM(SHA256) upstream package : d9e73f14908491f98ebf97203dd716c80e0866b39f3964ce7a7c909b45364749 Requires -------- forgejo (rpmlib, GLIBC filtered): /bin/sh /usr/bin/bash bash config(forgejo) coreutils git-core git-lfs group(forgejo) libc.so.6()(64bit) libresolv.so.2()(64bit) rtld(GNU_HASH) sed user(forgejo) Provides -------- forgejo: bundled(golang(cloud.google.com/go/compute/metadata)) bundled(golang(code.forgejo.org/f3/gof3/v3)) bundled(golang(code.forgejo.org/forgejo-contrib/go-libravatar)) bundled(golang(code.forgejo.org/forgejo/act)) bundled(golang(code.forgejo.org/forgejo/archiver/v3)) bundled(golang(code.forgejo.org/forgejo/go-xsd-duration)) bundled(golang(code.forgejo.org/forgejo/levelqueue)) bundled(golang(code.forgejo.org/forgejo/reply)) bundled(golang(code.forgejo.org/forgejo/ssh)) bundled(golang(code.forgejo.org/go-chi/binding)) bundled(golang(code.forgejo.org/go-chi/cache)) bundled(golang(code.forgejo.org/go-chi/captcha)) bundled(golang(code.forgejo.org/go-chi/session)) bundled(golang(code.gitea.io/actions-proto-go)) bundled(golang(code.gitea.io/sdk/gitea)) bundled(golang(codeberg.org/gusted/mcaptcha)) bundled(golang(connectrpc.com/connect)) bundled(golang(dario.cat/mergo)) bundled(golang(filippo.io/edwards25519)) bundled(golang(github.com/42wim/httpsig)) bundled(golang(github.com/42wim/sshsig)) bundled(golang(github.com/6543/go-version)) bundled(golang(github.com/Azure/go-ntlmssp)) bundled(golang(github.com/DataDog/zstd)) bundled(golang(github.com/Microsoft/go-winio)) bundled(golang(github.com/ProtonMail/go-crypto)) bundled(golang(github.com/PuerkitoBio/goquery)) bundled(golang(github.com/RoaringBitmap/roaring/v2)) bundled(golang(github.com/SaveTheRbtz/zstd-seekable-format-go/pkg)) bundled(golang(github.com/alecthomas/chroma/v2)) bundled(golang(github.com/andybalholm/brotli)) bundled(golang(github.com/andybalholm/cascadia)) bundled(golang(github.com/anmitsu/go-shlex)) bundled(golang(github.com/aymerick/douceur)) bundled(golang(github.com/beorn7/perks)) bundled(golang(github.com/bits-and-blooms/bitset)) bundled(golang(github.com/blakesmith/ar)) bundled(golang(github.com/blevesearch/bleve/v2)) bundled(golang(github.com/blevesearch/bleve_index_api)) bundled(golang(github.com/blevesearch/geo)) bundled(golang(github.com/blevesearch/go-faiss)) bundled(golang(github.com/blevesearch/go-porterstemmer)) bundled(golang(github.com/blevesearch/gtreap)) bundled(golang(github.com/blevesearch/mmap-go)) bundled(golang(github.com/blevesearch/scorch_segment_api/v2)) bundled(golang(github.com/blevesearch/segment)) bundled(golang(github.com/blevesearch/snowballstem)) bundled(golang(github.com/blevesearch/upsidedown_store_api)) bundled(golang(github.com/blevesearch/vellum)) bundled(golang(github.com/blevesearch/zapx/v11)) bundled(golang(github.com/blevesearch/zapx/v12)) bundled(golang(github.com/blevesearch/zapx/v13)) bundled(golang(github.com/blevesearch/zapx/v14)) bundled(golang(github.com/blevesearch/zapx/v15)) bundled(golang(github.com/blevesearch/zapx/v16)) bundled(golang(github.com/boombuler/barcode)) bundled(golang(github.com/bradfitz/gomemcache)) bundled(golang(github.com/buildkite/terminal-to-html/v3)) bundled(golang(github.com/caddyserver/certmagic)) bundled(golang(github.com/caddyserver/zerossl)) bundled(golang(github.com/cention-sany/utf7)) bundled(golang(github.com/cespare/xxhash/v2)) bundled(golang(github.com/chi-middleware/proxy)) bundled(golang(github.com/cloudflare/circl)) bundled(golang(github.com/cpuguy83/go-md2man/v2)) bundled(golang(github.com/cyphar/filepath-securejoin)) bundled(golang(github.com/davecgh/go-spew)) bundled(golang(github.com/davidmz/go-pageant)) bundled(golang(github.com/dgryski/go-rendezvous)) bundled(golang(github.com/djherbis/buffer)) bundled(golang(github.com/djherbis/nio/v3)) bundled(golang(github.com/dlclark/regexp2)) bundled(golang(github.com/dsnet/compress)) bundled(golang(github.com/dustin/go-humanize)) bundled(golang(github.com/editorconfig/editorconfig-core-go/v2)) bundled(golang(github.com/emersion/go-imap)) bundled(golang(github.com/emersion/go-sasl)) bundled(golang(github.com/emirpasic/gods)) bundled(golang(github.com/fatih/color)) bundled(golang(github.com/felixge/fgprof)) bundled(golang(github.com/fsnotify/fsnotify)) bundled(golang(github.com/fxamacker/cbor/v2)) bundled(golang(github.com/go-ap/activitypub)) bundled(golang(github.com/go-ap/errors)) bundled(golang(github.com/go-ap/jsonld)) bundled(golang(github.com/go-asn1-ber/asn1-ber)) bundled(golang(github.com/go-chi/chi/v5)) bundled(golang(github.com/go-chi/cors)) bundled(golang(github.com/go-co-op/gocron)) bundled(golang(github.com/go-enry/go-enry/v2)) bundled(golang(github.com/go-enry/go-oniguruma)) bundled(golang(github.com/go-fed/httpsig)) bundled(golang(github.com/go-git/gcfg)) bundled(golang(github.com/go-git/go-billy/v5)) bundled(golang(github.com/go-git/go-git/v5)) bundled(golang(github.com/go-ini/ini)) bundled(golang(github.com/go-ldap/ldap/v3)) bundled(golang(github.com/go-openapi/jsonpointer)) bundled(golang(github.com/go-openapi/jsonreference)) bundled(golang(github.com/go-openapi/spec)) bundled(golang(github.com/go-openapi/swag)) bundled(golang(github.com/go-sql-driver/mysql)) bundled(golang(github.com/go-webauthn/webauthn)) bundled(golang(github.com/go-webauthn/x)) bundled(golang(github.com/gobwas/glob)) bundled(golang(github.com/goccy/go-json)) bundled(golang(github.com/gogs/chardet)) bundled(golang(github.com/gogs/go-gogs-client)) bundled(golang(github.com/golang-jwt/jwt/v4)) bundled(golang(github.com/golang-jwt/jwt/v5)) bundled(golang(github.com/golang/freetype)) bundled(golang(github.com/golang/groupcache)) bundled(golang(github.com/golang/protobuf)) bundled(golang(github.com/golang/snappy)) bundled(golang(github.com/google/btree)) bundled(golang(github.com/google/go-cmp)) bundled(golang(github.com/google/go-github/v64)) bundled(golang(github.com/google/go-querystring)) bundled(golang(github.com/google/go-tpm)) bundled(golang(github.com/google/pprof)) bundled(golang(github.com/google/uuid)) bundled(golang(github.com/gorilla/css)) bundled(golang(github.com/gorilla/feeds)) bundled(golang(github.com/gorilla/mux)) bundled(golang(github.com/gorilla/securecookie)) bundled(golang(github.com/gorilla/sessions)) bundled(golang(github.com/hashicorp/go-cleanhttp)) bundled(golang(github.com/hashicorp/go-retryablehttp)) bundled(golang(github.com/hashicorp/golang-lru/v2)) bundled(golang(github.com/huandu/xstrings)) bundled(golang(github.com/jaytaylor/html2text)) bundled(golang(github.com/jbenet/go-context)) bundled(golang(github.com/jhillyerd/enmime/v2)) bundled(golang(github.com/josharian/intern)) bundled(golang(github.com/json-iterator/go)) bundled(golang(github.com/kballard/go-shellquote)) bundled(golang(github.com/kevinburke/ssh_config)) bundled(golang(github.com/klauspost/compress)) bundled(golang(github.com/klauspost/cpuid/v2)) bundled(golang(github.com/klauspost/pgzip)) bundled(golang(github.com/lib/pq)) bundled(golang(github.com/libdns/libdns)) bundled(golang(github.com/lunny/vfsgen)) bundled(golang(github.com/mailru/easyjson)) bundled(golang(github.com/markbates/going)) bundled(golang(github.com/markbates/goth)) bundled(golang(github.com/mattn/go-colorable)) bundled(golang(github.com/mattn/go-isatty)) bundled(golang(github.com/mattn/go-runewidth)) bundled(golang(github.com/mattn/go-sqlite3)) bundled(golang(github.com/meilisearch/meilisearch-go)) bundled(golang(github.com/mholt/acmez/v3)) bundled(golang(github.com/microcosm-cc/bluemonday)) bundled(golang(github.com/miekg/dns)) bundled(golang(github.com/minio/crc64nvme)) bundled(golang(github.com/minio/md5-simd)) bundled(golang(github.com/minio/minio-go/v7)) bundled(golang(github.com/mitchellh/mapstructure)) bundled(golang(github.com/modern-go/concurrent)) bundled(golang(github.com/modern-go/reflect2)) bundled(golang(github.com/mrjones/oauth)) bundled(golang(github.com/mschoch/smat)) bundled(golang(github.com/msteinert/pam/v2)) bundled(golang(github.com/munnerz/goautoneg)) bundled(golang(github.com/niklasfasching/go-org)) bundled(golang(github.com/nwaples/rardecode)) bundled(golang(github.com/olekukonko/tablewriter)) bundled(golang(github.com/olivere/elastic/v7)) bundled(golang(github.com/onsi/ginkgo)) bundled(golang(github.com/opencontainers/go-digest)) bundled(golang(github.com/opencontainers/image-spec)) bundled(golang(github.com/pierrec/lz4/v4)) bundled(golang(github.com/pjbgf/sha1cd)) bundled(golang(github.com/pkg/errors)) bundled(golang(github.com/pmezard/go-difflib)) bundled(golang(github.com/pquerna/otp)) bundled(golang(github.com/prometheus/client_golang)) bundled(golang(github.com/prometheus/client_model)) bundled(golang(github.com/prometheus/common)) bundled(golang(github.com/prometheus/procfs)) bundled(golang(github.com/redis/go-redis/v9)) bundled(golang(github.com/rhysd/actionlint)) bundled(golang(github.com/rivo/uniseg)) bundled(golang(github.com/robfig/cron/v3)) bundled(golang(github.com/rogpeppe/go-internal)) bundled(golang(github.com/rs/xid)) bundled(golang(github.com/russross/blackfriday/v2)) bundled(golang(github.com/santhosh-tekuri/jsonschema/v6)) bundled(golang(github.com/sassoftware/go-rpmutils)) bundled(golang(github.com/sergi/go-diff)) bundled(golang(github.com/shurcooL/httpfs)) bundled(golang(github.com/sirupsen/logrus)) bundled(golang(github.com/skeema/knownhosts)) bundled(golang(github.com/ssor/bom)) bundled(golang(github.com/stretchr/testify)) bundled(golang(github.com/syndtr/goleveldb)) bundled(golang(github.com/ulikunitz/xz)) bundled(golang(github.com/urfave/cli/v2)) bundled(golang(github.com/valyala/fastjson)) bundled(golang(github.com/x448/float16)) bundled(golang(github.com/xanzy/ssh-agent)) bundled(golang(github.com/xi2/xz)) bundled(golang(github.com/xrash/smetrics)) bundled(golang(github.com/yohcop/openid-go)) bundled(golang(github.com/yuin/goldmark)) bundled(golang(github.com/yuin/goldmark-highlighting/v2)) bundled(golang(github.com/zeebo/assert)) bundled(golang(github.com/zeebo/blake3)) bundled(golang(gitlab.com/gitlab-org/api/client-go)) bundled(golang(go.etcd.io/bbolt)) bundled(golang(go.uber.org/atomic)) bundled(golang(go.uber.org/mock)) bundled(golang(go.uber.org/multierr)) bundled(golang(go.uber.org/zap)) bundled(golang(go.uber.org/zap/exp)) bundled(golang(golang.org/x/crypto)) bundled(golang(golang.org/x/image)) bundled(golang(golang.org/x/mod)) bundled(golang(golang.org/x/net)) bundled(golang(golang.org/x/oauth2)) bundled(golang(golang.org/x/sync)) bundled(golang(golang.org/x/sys)) bundled(golang(golang.org/x/text)) bundled(golang(golang.org/x/time)) bundled(golang(golang.org/x/tools)) bundled(golang(google.golang.org/protobuf)) bundled(golang(gopkg.in/alexcesaro/quotedprintable.v3)) bundled(golang(gopkg.in/gomail.v2)) bundled(golang(gopkg.in/ini.v1)) bundled(golang(gopkg.in/warnings.v0)) bundled(golang(gopkg.in/yaml.v3)) bundled(golang(mvdan.cc/xurls/v2)) bundled(golang(xorm.io/builder)) bundled(golang(xorm.io/xorm)) config(forgejo) forgejo forgejo(x86-64) group(forgejo) user(forgejo) Diff spec file in url and in SRPM --------------------------------- --- /home/humaton/2354888-forgejo/srpm/forgejo.spec 2025-06-25 13:47:30.364456613 +0200 +++ /home/humaton/2354888-forgejo/srpm-unpacked/forgejo.spec 2025-06-25 02:00:00.000000000 +0200 @@ -1,2 +1,12 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.8.1) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 1; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + %bcond check 1 @@ -214,3 +224,6 @@ %changelog -%autochangelog +## START: Generated by rpmautospec +* Wed Jun 25 2025 Nils Philippsen <nils> - 11.0.2-1 +- Uncommitted changes +## END: Generated by rpmautospec Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2354888 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, C/C++, Shell-api Disabled plugins: Java, Ruby, Ocaml, Python, Haskell, SugarActivity, fonts, Perl, R, PHP Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH With some warnings and fixes the package is APPROVED.
The Pagure repository was created at https://src.fedoraproject.org/rpms/forgejo