Spec URL: https://marcdeop.fedorapeople.org/kde-release-keyring.spec SRPM URL: https://marcdeop.fedorapeople.org/kde-release-keyring-0~git20250403.ae8f4d5-6.fc42.src.rpm Description: Includes all keys that have been used for releasing KDE software Fedora Account System Username: marcdeop
Copr build: https://copr.fedorainfracloud.org/coprs/build/8967583 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2362330-kde-release-keyring/fedora-rawhide-x86_64/08967583-kde-release-keyring/fedora-review/review.txt Found issues: - Not a valid SPDX expression 'License: CC0-1.0'. Read more: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Taking this review.
Spec review: > # Without this build fails with Empty %files file {..}/debugsourcefiles.list > %global debug_package %{nil} Set "BuildArch: noarch" instead in your spec file. There's no arch-specific content in here anyway. > Summary: Includes all keys that have been used for releasing KDE software Needs a tighter summary that explains what this is. Suggestion: "Keyring of signing keys from KDE community members" > Source0: https://invent.kde.org/sysadmin/%{base_name}/-/archive/%{commit}/%{base_name}-%{shortcommit}.tar.gz DRY: "%{url}/-/archive/%{commit}/%{base_name}-%{shortcommit}.tar.gz" > install -m644 -p -D %{base_name}.asc %{buildroot}%{_datadir}/kde/%{base_name}.asc No. This should be "%{_datadir}/%{name}/" instead of "%{_datadir}/kde/". We also should install all the individual keys that make up the keyring in a subfolder.
Legal review: > License: CC0-1.0 While permitted since this isn't code, you still need to install the license file.
Requested changes have been implemented
> * Fri Apr 25 2025 Marc Deop i Argemí <marcdeop> - 0.1.0?gitae8f4d5-3 The version-release needs to match the actual verrel of the package. Use something like "rpmdev-bumpspec" to generate the verrel if you don't want to construct it manually.
Updated!
release-keyring.asc shouldn't have the suffix ".asc" because it's not ASCII-armored. It's a keybox file, so the suffix should be ".kbx" (unless you drop that file and package only the separate key files). There may not be any software that cares about the suffix, but humans who see ".asc" will expect an ASCII-armored file.
You are right @Björn Persson Updated the spec file accordingly
Added additional fixes. Mostly versioning and changelogs adjustments
Review notes: * Package follows Fedora packaging guidelines * Package licensing is correct and license file is installed * Package builds and installs * No serious issues from rpmlint PACKAGE APPROVED.
The Pagure repository was created at https://src.fedoraproject.org/rpms/kde-release-keyring