Spec URL: https://pnemade.fedorapeople.org/rust-read-fonts.spec SRPM URL: https://pnemade.fedorapeople.org/rust-read-fonts-0.38.0-1.fc44.src.rpm Upstream URL: https://crates.io/crates/read-fonts Description: Reading OpenType font files. Fedora Account System Username: pnemade
This package built on koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=144037250
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated The spec file is generated by rust2rpm, simplifying the review. The submission is slightly outdated compared to upstream; 0.38.0, where upstream is at 0.39.1. Unless you strictly require version 0.38 as a dependency for something you are planning to package, consider updating to the current release. When you update to 0.39 (now or later), be aware of the new agl feature (“Support for mapping glyph names <-> unicode via the Adobe glyph list”): https://diff.rs/read-fonts/0.38.0/0.39.1/Cargo.toml.orig. This feature relies on “code” (really, just a data table in Rust source form, data/generated/generated_agl.rs) generated from data/glyphlist.xt, the “Adobe Glyph List,” which is licensed BSD-3-Clause. This would seem to require the license expression in Cargo.toml to be patched from “MIT OR Apache-2.0” to “(MIT OR Apache-2.0) AND BSD-3-Clause”. You might consider hiding experimental features that do not respect SemVer, at least until and unless something packaged actually requires them. In rust2rpm.toml, this could look something like: [features] hide = [ # Experimental features that don’t promise to respect SemVer "experimental_traverse", "ift", "spec_next", ] See the cautions about using features.hide vs. patching out features in the rust2rpm.toml man page. The codegen_test and scaler_test features don’t look like they are useful for external use, although there’s probably little harm in exposing them as metapackage. Please document why the tests are disabled, something like (in rust2rpm.toml): [tests] run = false comments = [ "Tests requires the font_test_data crate, not packaged", ] I do think it’s reasonable to want to avoid a rust-font_test_data package. On the other hand, it seems like it would be easy to package, and I didn’t see any obvious license issues at a glance, so maybe it’s worth adding it later and enabling the tests. Here’s the awkward part. Most of this crate is generated code, and according to https://docs.fedoraproject.org/en-US/packaging-guidelines/what-can-be-packaged/#pregenerated-code, “It is required that the original source files from which the code was generated be included in the source package. Generally these files are part of the source archive supplied by upstream, but it may be necessary to fetch those files from an upstream source repository and include them in the source package as separate Source: entries.” The easiest way to satisfy this is probably to add an archive of the upstream git repository as an additional source: [[package.extra-sources]] number = 10 file = "https://github.com/googlefonts/fontations/archive/read-fonts-v%{version}/fontation-read-fonts-v%{version}.tar.gz" comments = [ "Most of the crate is generated code.", "This archive contains the original sources.", "We must include these even though we do not use them to build binary RPMs.", "https://docs.fedoraproject.org/en-US/packaging-guidelines/what-can-be-packaged/#pregenerated-code", ] I took a quick look through this archive and it seemed like everything had acceptable licenses, but you should double-check it too. If you like, you could study the codegen pipeline (https://github.com/googlefonts/fontations/blob/main/docs/codegen-tour.md, https://github.com/googlefonts/fontations/blob/main/font-codegen/README.md), and just make an archive that contains the codegen inputs and codegen utilities, but it seems like this would be unpleasantly fussy, and the complete archive is big (~13M) but not *huge*. Issues: ======= - Package does not contain duplicates in %files. Note: warning: File listed twice: /usr/share/cargo/registry/read- fonts-0.38.0/LICENSE-APACHE See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_duplicate_files - You might consider hiding features that don’t respect SemVer; see notes above. - If you disable the tests, you should add a comment explaining why; see notes above. - You must include the original source files for pre-generated code; see notes above. ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "Apache License 2.0", "MIT License". 170 files have unknown license. Detailed output of licensecheck in /home/ben/fedora/review/2455091-rust-read-fonts/licensecheck.txt (See notes in the narrative discussion above about BSD-3-Clause portions in version 0.39, however.) [x]: License file installed when any subpackage combination is installed. [-]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries or specifies bundled libraries with Provides: bundled(<libname>) if unbundling is not possible. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 0 bytes in 0 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. The package compiles successfully. [!]: Latest version is packaged. Version 0.39.1 is available. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. https://koji.fedoraproject.org/koji/taskinfo?taskID=144667602 [!]: %check is present and all tests pass. Tests are disabled to avoid packaging the font_test_data crate. This is acceptable, but should be documented in the spec file. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Spec file according to URL is the same as in SRPM. fonts: [!]: Run fc-query on all fonts in package. Note: Cannot find fc-query command, install fontconfig package to make a comprehensive font review. See: url: undefined [!]: Run repo-font-audit on all fonts in package. Note: Cannot find repo-font-audit, install fontpackages-tools package to make a comprehensive font review. See: url: undefined Rpmlint ------- Checking: rust-read-fonts-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+default-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+codegen_test-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+experimental_traverse-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+ift-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+libm-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+scaler_test-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+serde-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+spec_next-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts+std-devel-0.38.0-1.fc45.noarch.rpm rust-read-fonts-0.38.0-1.fc45.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmps711j058')] checks: 32, packages: 11 11 packages and 0 specfiles checked; 0 errors, 0 warnings, 62 filtered, 0 badness; has taken 0.4 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.9.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 10 10 packages and 0 specfiles checked; 0 errors, 0 warnings, 57 filtered, 0 badness; has taken 0.1 s Source checksums ---------------- https://crates.io/api/v1/crates/read-fonts/0.38.0/download#/read-fonts-0.38.0.crate : CHECKSUM(SHA256) this package : 70eac20eeee8bd51247a0c2f349f657563fffd19d041cd12988cc2801ec2ebef CHECKSUM(SHA256) upstream package : 70eac20eeee8bd51247a0c2f349f657563fffd19d041cd12988cc2801ec2ebef Requires -------- rust-read-fonts-devel (rpmlib, GLIBC filtered): (crate(bytemuck/default) >= 1.13.1 with crate(bytemuck/default) < 2.0.0~) (crate(font-types/bytemuck) >= 0.11.1 with crate(font-types/bytemuck) < 0.12.0~) (crate(font-types/default) >= 0.11.1 with crate(font-types/default) < 0.12.0~) cargo rust rust-read-fonts+default-devel (rpmlib, GLIBC filtered): cargo crate(read-fonts) crate(read-fonts/std) rust-read-fonts+codegen_test-devel (rpmlib, GLIBC filtered): cargo crate(read-fonts) rust-read-fonts+experimental_traverse-devel (rpmlib, GLIBC filtered): cargo crate(read-fonts) crate(read-fonts/std) rust-read-fonts+ift-devel (rpmlib, GLIBC filtered): cargo crate(read-fonts) rust-read-fonts+libm-devel (rpmlib, GLIBC filtered): (crate(core_maths/default) >= 0.1.0 with crate(core_maths/default) < 0.2.0~) cargo crate(read-fonts) rust-read-fonts+scaler_test-devel (rpmlib, GLIBC filtered): cargo crate(read-fonts) rust-read-fonts+serde-devel (rpmlib, GLIBC filtered): (crate(font-types/serde) >= 0.11.1 with crate(font-types/serde) < 0.12.0~) (crate(serde/default) >= 1.0.0 with crate(serde/default) < 2.0.0~) (crate(serde/derive) >= 1.0.0 with crate(serde/derive) < 2.0.0~) cargo crate(read-fonts) rust-read-fonts+spec_next-devel (rpmlib, GLIBC filtered): cargo crate(read-fonts) rust-read-fonts+std-devel (rpmlib, GLIBC filtered): (crate(font-types/std) >= 0.11.1 with crate(font-types/std) < 0.12.0~) cargo crate(read-fonts) Provides -------- rust-read-fonts-devel: crate(read-fonts) rust-read-fonts-devel rust-read-fonts+default-devel: crate(read-fonts/default) rust-read-fonts+default-devel rust-read-fonts+codegen_test-devel: crate(read-fonts/codegen_test) rust-read-fonts+codegen_test-devel rust-read-fonts+experimental_traverse-devel: crate(read-fonts/experimental_traverse) rust-read-fonts+experimental_traverse-devel rust-read-fonts+ift-devel: crate(read-fonts/ift) rust-read-fonts+ift-devel rust-read-fonts+libm-devel: crate(read-fonts/libm) rust-read-fonts+libm-devel rust-read-fonts+scaler_test-devel: crate(read-fonts/scaler_test) rust-read-fonts+scaler_test-devel rust-read-fonts+serde-devel: crate(read-fonts/serde) rust-read-fonts+serde-devel rust-read-fonts+spec_next-devel: crate(read-fonts/spec_next) rust-read-fonts+spec_next-devel rust-read-fonts+std-devel: crate(read-fonts/std) rust-read-fonts+std-devel Generated by fedora-review 0.11.0 (05c5b26) last change: 2025-11-29 Command line :/usr/bin/fedora-review -b 2455091 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic, fonts Disabled plugins: SugarActivity, Perl, Java, PHP, C/C++, Python, R, Haskell, Ocaml Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH