Spec URL: https://jjames.fedorapeople.org/json-schema-validator/json-schema-validator.spec SRPM URL: https://jjames.fedorapeople.org/json-schema-validator/json-schema-validator-2.4.0-1.fc45.src.rpm Fedora Account System Username: jjames Description: This is a C++ library for validating JSON documents based on a JSON Schema which itself should validate with draft-7 of JSON Schema Validation. I am willing to swap reviews.
Copr build: https://copr.fedorainfracloud.org/coprs/build/10461263 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2477712-json-schema-validator/fedora-rawhide-x86_64/10461263-json-schema-validator/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated This is a pretty straightforward C++ shared library project. It’s interesting that it has nlohman/ in the include path and nlohman_ in the library name when Niels Lohmann isn’t the author. I guess this functions as a sort of “schema validation extension for nlohmann_json,” and it makes sense that way. Because the https://src.fedoraproject.org/rpms/json dependency is a header-only library, guidelines require you to add a BuildRequires on json-static “for tracking purposes;” this could be in addition to cmake(nlohmann_json), which is otherwise a better way of writing the dependency. https://docs.fedoraproject.org/en-US/packaging-guidelines/#_packaging_header_only_libraries The other thing is that since we treat header-only libraries as a kind of static library, their licenses need to be included in the License fields for the binary packages. So something like this: # The entire source is MIT; the header-only json library dependency is # (MIT AND CC0-1.0), where the CC0-1.0 comes from bundled hedley. License: MIT AND CC0-1.0 (Note: hedley’s use of CC0-1.0 for code is covered by the exception for pre-existing files in Fedora, https://gitlab.com/fedora/legal/fedora-license-data/-/blob/a0b86d16c0b6e1cacdd67a1f06382a663b1530eb/data/CC0-1.0.toml#L11-L14. The json package bundles hedley, but we also have a standalone package https://src.fedoraproject.org/rpms/hedley.) Because the -devel package doesn’t include anything from the json dependency, it can have its own License field that is just: # The -devel subpackage does not include anything from dependencies License: MIT …and *if* you like to use the SourceLicense field, then that would of course still be just MIT. Other than all of that pedantry around header-only dependencies, this looks excellent. I had no idea we already had a declarative build system for CMake! I’ll be using that myself. You might consider packaging ChangeLog.md as documentation alongside README.md. You could also consider adding “%doc example/” to the -devel subpackage. ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "MIT License", "*No copyright* MIT License". 175 files have unknown license. Detailed output of licensecheck in /home/ben/fedora/review/2477712-json-schema- validator/licensecheck.txt License field matches the source license, but we need to account for “static” header-only dependencies. [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries or specifies bundled libraries with Provides: bundled(<libname>) if unbundling is not possible. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. Particularly, the arch-specific Requires on json-devel from the -devel subpackage is correct. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 11634 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. (Tests pass.) [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. https://koji.fedoraproject.org/koji/taskinfo?taskID=145553059 [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: json-schema-validator-2.4.0-1.fc45.x86_64.rpm json-schema-validator-devel-2.4.0-1.fc45.x86_64.rpm json-schema-validator-2.4.0-1.fc45.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpmi47bmzu')] checks: 32, packages: 3 json-schema-validator-devel.x86_64: W: no-documentation 3 packages and 0 specfiles checked; 0 errors, 1 warnings, 21 filtered, 0 badness; has taken 0.2 s Rpmlint (debuginfo) ------------------- Checking: json-schema-validator-debuginfo-2.4.0-1.fc45.x86_64.rpm ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpau4mk132')] checks: 32, packages: 1 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 5 filtered, 0 badness; has taken 0.2 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.9.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 3 json-schema-validator-devel.x86_64: W: no-documentation 3 packages and 0 specfiles checked; 0 errors, 1 warnings, 23 filtered, 0 badness; has taken 0.2 s Source checksums ---------------- https://github.com/pboettch/json-schema-validator/archive/2.4.0/json-schema-validator-2.4.0.tar.gz : CHECKSUM(SHA256) this package : 24cbb114609cc9b43d4018b8d03e082ff5d2f26f5dce8bd36538097267b63af9 CHECKSUM(SHA256) upstream package : 24cbb114609cc9b43d4018b8d03e082ff5d2f26f5dce8bd36538097267b63af9 Requires -------- json-schema-validator (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libm.so.6()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.9)(64bit) rtld(GNU_HASH) json-schema-validator-devel (rpmlib, GLIBC filtered): cmake-filesystem(x86-64) json-devel(x86-64) json-schema-validator(x86-64) libnlohmann_json_schema_validator.so.2()(64bit) Provides -------- json-schema-validator: json-schema-validator json-schema-validator(x86-64) libnlohmann_json_schema_validator.so.2()(64bit) json-schema-validator-devel: cmake(nlohmann_json_schema_validator) json-schema-validator-devel json-schema-validator-devel(x86-64) Generated by fedora-review 0.11.0 (05c5b26) last change: 2025-11-29 Command line :/usr/bin/fedora-review -b 2477712 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: Java, Ocaml, SugarActivity, R, Haskell, fonts, Python, PHP, Perl Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
Thanks for the review! I have taken all of your suggestions, and fixed the license field as indicated above. The URLs are the same as before, but let's get another scratch build.
[fedora-review-service-build]
Thanks! The package is APPROVED by inspection of the spec-file diff, below. All defects are corrected and suggestions are implemented, and neither fedora-review nor rpmlint indicates any new issues. --- ../../2477712-json-schema-validator/srpm-unpacked/json-schema-validator.spec 2026- 05-14 01:00:00.000000000 +0100 +++ srpm-unpacked/json-schema-validator.spec 2026-05-18 01:00:00.000000000 +0100 @@ -6,8 +6,12 @@ Release: %autorelease Summary: Modern C++ JSON schema validator -License: MIT +# The entire source is MIT; the header-only json library dependency is +# (MIT AND CC0-1.0), where the CC0-1.0 comes from bundled hedley. +License: MIT AND CC0-1.0 +SourceLicense: MIT URL: https://github.com/pboettch/json-schema-validator +VCS: git:%{url}.git Source: %{url}/archive/%{version}/%{name}-%{version}.tar.gz # See https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval @@ -15,8 +19,8 @@ BuildSystem: cmake BuildOption(conf): -DJSON_VALIDATOR_BUILD_EXAMPLES:BOOL=OFF -BuildRequires: cmake(nlohmann_json) BuildRequires: gcc-c++ +BuildRequires: json-static %description This is a C++ library for validating JSON documents based on a JSON Schema @@ -24,6 +28,7 @@ %package devel Summary: Development files for json-schema-validator +License: MIT Requires: %{name}%{?_isa} = %{version}-%{release} Requires: json-devel%{?_isa} @@ -35,11 +40,12 @@ %autosetup %files -%doc README.md +%doc ChangeLog.md README.md %license LICENSE %{_libdir}/libnlohmann_json_schema_validator.so.2{,.*} %files devel +%doc example/ %{_includedir}/nlohmann/json-schema.hpp %{_libdir}/cmake/nlohmann_json_schema_validator/ %{_libdir}/libnlohmann_json_schema_validator.so
Thank you!
The Pagure repository was created at https://src.fedoraproject.org/rpms/json-schema-validator Monitoring: Anitya project is accessible by this link `https://release-monitoring.org/project/21701` you can modify it manually. Package wasn't created in Anitya, reason: `Bad Request, some necessary arguments were not provided.`.
FEDORA-2026-88d7aba478 (json-schema-validator-2.4.0-2.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-88d7aba478
FEDORA-2026-88d7aba478 has been pushed to the Fedora 44 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-88d7aba478 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-88d7aba478 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-88d7aba478 (json-schema-validator-2.4.0-2.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report.