Bug 245081 - Review Request: libp11 - a small library for dealing with PKCS#11 tokens
Review Request: libp11 - a small library for dealing with PKCS#11 tokens
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-06-20 17:52 EDT by Matt Anderson
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version: 0.2.2-5.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-02 22:41:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tibbs: fedora‑review+
wtogami: fedora‑cvs+

Attachments (Terms of Use)

  None (edit)
Description Matt Anderson 2007-06-20 17:52:27 EDT
Spec URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11.spec
SRPM URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11-0.2.2-1.src.rpm
Description: libp11 is part of the Open Smart Card project http://www.opensc-project.org/

This srpm has been found clean with rpmlint, and has been tested on i386 and x86_64.
Comment 1 Matt Anderson 2007-06-20 18:56:11 EDT
Corrected Group to be Development/Libraries

This is my first package, so I am in need of a sponsor.
Comment 2 Jason Tibbitts 2007-06-20 21:28:29 EDT
A few comments:

The scriptlets are a bit odd.  You probably just want to use
   %post -p /sbin/ldconfig
   %postun -p /sbin/ldconfig
and delete %preun entirely.  See the "Shared libraries" section of

You should use an actual ASCII dash in the changelog.  Not only is that mandated
by the packaging guidelines, but since the web server hosting the specfile
serves it as ISO-8859-1, it shows up as garbage.  Probably easiest to just avoid
the pain.

The SRPM is clean according to rpmlint, but the built package sure isn't.  I'll
address the complaints:

W: libp11 no-documentation
This is OK as long as there really is no documentation.  However, that sure
doesn't seem to be the case, with nice doc and examples directories in the
source tarball.  You should at least include README and Changelog files.  If you
have development documentation, you should include that in the -devel subpackage
(see below).

E: libp11 postun-without-ldconfig /usr/lib64/libp11.so.0.1.1
W: libp11 one-line-command-in-%post /sbin/ldconfig
W: libp11 empty-%preun
W: libp11 empty-%postun
Will go away if you call ldconfig properly and clean up the empty scriptlet as
detailed earlier.

W: libp11 devel-file-in-non-devel-package /usr/lib64/libp11.so
W: libp11 devel-file-in-non-devel-package /usr/lib64/pkgconfig/libp11.pc
W: libp11 devel-file-in-non-devel-package /usr/include/libp11.h
W: libp11 devel-file-in-non-devel-package /usr/lib64/libp11.a
These shouldn't be in the main package.  You need a libp11-devel subpackage to
hold the unversioned .so link, the .pc file and the headers.  You will need a
libp11-static subpackage to hold the static library.

E: libp11 explicit-lib-dependency libtool
I can't imagine how a runtime library could need libtool.  I don't even see how
the -devel subpackage could need it, although I could be wrong.  What's it for?

W: libp11 no-version-in-last-changelog
W: libp11-debuginfo no-version-in-last-changelog
Please version your changelog entries.  See the "Changelogs" section of
Comment 3 Matt Anderson 2007-06-21 12:34:55 EDT
Thanks for the suggestions, I've updated the spec file and built a
libp11-0.2.2-2.src.rpm that is in the same directory as before.

I took your advice and got rid of %prerun and used the suggested %post and
%postrun command format.

The dash is fixed, and I put version numbers in the changelog as per the guidelines.

I've added the html, README and ChangeLog files to the libp11 base package for

I also created a libp11-devel package like you suggested and added the doc/api
directory along with the examples directory for the documentation there.

I looked for an example of a -static package, and wasn't able to find any.
Searching on my system I found several .a files that were registered in the
-devel packages so for now I did not create a -static.  If anyone knows of an
example I could follow I will.

The libtool dependency should have really just been a BuildRequires
libtool-ltdl-devel since libp11 needs ltdl.h so I've removed it from Requires.

The libp11-0.2.2-2 rpm builds cleanly on x86_64 and i386.  This time all four
rpms {base,-devel,-debuginfo,src} have been checked with rpmlint with no
warnings or errors found.
Comment 4 Matt Anderson 2007-06-21 16:32:11 EDT
After some more reading I found that --disable-statics is preferred, along with
rpmdevtools' rpmdev-newspec template.  I've made those changes and posted
updated files:

Spec URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11.spec
SRPM URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11-0.2.2-3.fc7.src.rpm
Comment 5 Michael Schwendt 2007-06-27 07:52:44 EDT
> Summary:        LibP11 is a library for using PKCS#11 modules

Better is

Summary: Library for using PKCS#11 modules

Repeating the package/software name in the summary is considered
bad taste often, since in many package database interfaces it
usually results in displaying the package %{name} multiple times, e.g.:
libp11 - LibP11 is a library for using PKCS#11 modules

> BuildRequires:  openssl pkgconfig libtool-ltdl-devel

openssl-devel  not  openssl

> Requires:       openssl pkgconfig

A dependency on the openssl shared libs is automatically added by
rpmbuild. If not, then your package doesn't link against openssl
actually, and in that case you should add a comment in the spec file
as why it requires openssl.

The main package does NOT require pkgconfig. The -devel packages should.

> %package devel
> Summary:        LibP11-devel contains the static libraries
> and header files for libp11

Better is something like

  Summary: Files for developing with %{name}

since -devel packages usually contain files other than
"static libs and headers".

> %description devel
> Development libraries and header files for libp11.

The summary could be the same. ;)

> %configure --prefix=/usr --disable-static

--prefix=/usr is default. See:  rpm --eval %configure

> %files devel
> %{_libdir}/libp11.la

Better delete the libtool archive or %exclude it. It is not
needed at build/link-time.

> %{_libdir}/pkgconfig/*

The -devel package should add "Requires: pkgconfig"
Comment 6 Matt Anderson 2007-06-27 11:31:12 EDT
Thanks for the comments.

I've made all the suggested changes and posted a new version of the spec file
and srpm:
Spec URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11.spec
SRPM URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11-0.2.2-4.fc7.src.rpm

These have been checked with rpmlint and build correctly on i386 and x86_64.
Comment 7 Jason Tibbitts 2007-06-28 15:59:27 EDT
OK, here's what rpmlint gives me:

W: libp11 unused-direct-shlib-dependency /usr/lib64/libp11.so.0.1.1
W: libp11 unused-direct-shlib-dependency /usr/lib64/libp11.so.0.1.1
W: libp11 unused-direct-shlib-dependency /usr/lib64/libp11.so.0.1.1 /lib64/libz.so.1

What this means is that libp11.so is linked against those three libraries but
doesn't actually use anything from them.  (Either that or it means rpmlint is
broken, I guess.)  I think configure is just being overzealous:
  checking for OPENSSL_LIBS... -L/usr/kerberos/lib64 -lssl -lcrypto -ldl -lz
when the package just needs -lssl.

I don't think this is a particularly big deal; probably not worth hacking the
configure script over.

Source0: should contain a full URL to the upstream source if possible.  You
probably want something like: 

You must include the COPYING file as %doc in the main package.

That's about it as far as I can see.  While you're putting up an updated
package, go ahead and apply for cvsextras access and I'll click the necessary
button.  Instructions are in
http://fedoraproject.org/wiki/PackageMaintainers/Join down in the "Get A Fedora
Account" section.

* source files match upstream:
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
* license field matches the actual license.
* license is open source-compatible.
X license text included in tarball but not in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (development, x86_64).
* package installs properly
* debuginfo package looks complete.
* rpmlint has acceptable complaints.
* final provides and requires are sane:
   libp11 = 0.2.2-4.fc8

   libp11-devel = 0.2.2-4.fc8
   libp11 = 0.2.2-4.fc8
* %check is not present; no test suite upstream.
* shared libraries present; ldconfig called and unversioned .so files are in the 
   -devel package.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* scriptlets are OK (ldconfig).
* code, not content.
* documentation is small, so no -docs subpackage is necessary.
  Development documentation is in the -devel subpackage.
* %docs are not necessary for the proper functioning of the package.
* headers are in the -devel subpackage.
* pkgconfig files are in the -devel subpackage; pkgconfig dependency is there.
* no static libraries.
* no libtool .la files.
Comment 8 Matt Anderson 2007-06-28 18:27:47 EDT
I've made the changes you suggested and posted the updated files:

Spec URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11.spec
SRPM URL: http://free.linux.hp.com/~mra/rpms/libp11/libp11-0.2.2-5.fc7.src.rpm

I will also look into the dependency issue you found.  Instead of including a
patch in the rpm I will see about getting it upstream.  These seem to me to be
overly broad dependencies based on the package previously being part of a larger
OpenSC project.
Comment 9 Jason Tibbitts 2007-06-30 14:05:25 EDT
Hmm, the URL isn't actually correct; you're missing a "/files" after the
hostname.  It may be helpful for you to install the rpmdevtools package and run
  spectool -g *spec
which will expand the macros in the Source URLs and download them all.

But really, that's a minor issue; you can fix it when you check in.

Comment 10 Jason Tibbitts 2007-07-05 18:54:47 EDT
Were you going to make your CVS request and get this checked in and built?
Comment 11 Matt Anderson 2007-07-09 12:26:11 EDT
New Package CVS Request
Package Name: libp11
Short Description: Library for using PKCS#11 modules
Owners: mra@hp.com
Branches: F-7
InitialCC: tibbs@math.uh.edu
Comment 12 Fedora Update System 2007-07-11 11:17:51 EDT
libp11-0.2.2-5.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2007-08-02 22:41:33 EDT
libp11-0.2.2-5.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.