Bug 432228 - Review Request: nettle - A low-level cryptographic library
Review Request: nettle - A low-level cryptographic library
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
Depends On:
Blocks: 833573
  Show dependency treegraph
Reported: 2008-02-10 00:43 EST by Ian Weller
Modified: 2012-06-23 15:51 EDT (History)
2 users (show)

See Also:
Fixed In Version: 1.15-3.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-02-20 21:53:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tibbs: fedora‑review+
kevin: fedora‑cvs+

Attachments (Terms of Use)

  None (edit)
Description Ian Weller 2008-02-10 00:43:37 EST
Spec URL: http://ianweller.fedorapeople.org/SRPMS/nettle/1.15-1/nettle.spec
SRPM URL: http://ianweller.fedorapeople.org/SRPMS/nettle/1.15-1/nettle-1.15-1.fc8.src.rpm

Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.
Comment 1 Jason Tibbitts 2008-02-16 18:06:50 EST
Builds fine and rpmlint is silent.

I believe the license is LGPLv2+, not GPLv2+ as you have.

There's no reason to have a build dependency on glibc-common; it's installed
by default.  I guess it doesn't hurt anything to have it there, though.

For the -devel description, it helps to say something about the package
including headers needed to compile programs using nettle.

I see you deleted the static library, but I wonder if that actually leaves any
point to this package.  After all, what use are the headers if there's nothing
to link against?  If all you have left are the three executables then I don't
think you can properly call this a library.

There's a test suite in the package which is easy to run, so this needs to be
done.  Just put "make check" in a %check section.

All of the documentation is duplicated between the main and -devel packages.
You need to decide which files are useful for development and which (like the
license) are needed in the main package.  But there's no point in installing
everything twice. 

* source files match upstream:
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
X license field does not match the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper (glibc-common is redundant)
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
   nettle = 1.15-1.fc9

   nettle-devel = 1.15-1.fc9
   nettle = 1.15-1.fc9

X %check is not present, but a test suite is present.
* no shared libraries are added to the regular linker search paths.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
X Many duplicated files.
* file permissions are appropriate.
* scriptlets are OK (install-info)
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* headers are in the -devel package.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.
Comment 3 Jason Tibbitts 2008-02-18 23:51:31 EST
OK, the license is OK and the test suites are called:
  All 39 tests passed
  All 3 tests passed

There's only one remaining issue that I can see.  The -devel package now
contains a static library, which is OK because this package doesn't build any
dynamic libraries.  However, in this case, you also need to have the -devel
package provide nettle-static so that packages which will link against it can
require the -static package and thus be easily tracked.  Please see the
"Packaging Static Libraries" section of

Since that's really just one line you need to add, I'll go ahead and approve
this and you can fix it when you check in.

Comment 4 Ian Weller 2008-02-19 00:09:33 EST
thanks jason.

New Package CVS Request
Package Name: nettle
Short Description: A low-level cryptographic library
Owners: ianweller
Branches: F-7 F-8
Cvsextras Commits: yes
Comment 5 Kevin Fenzi 2008-02-19 12:29:56 EST
cvs done.
Comment 6 Fedora Update System 2008-02-19 22:42:20 EST
nettle-1.15-3.fc7 has been submitted as an update for Fedora 7
Comment 7 Fedora Update System 2008-02-19 22:44:16 EST
nettle-1.15-3.fc8 has been submitted as an update for Fedora 8
Comment 8 Fedora Update System 2008-02-20 21:53:14 EST
nettle-1.15-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-02-20 21:57:06 EST
nettle-1.15-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Ian Weller 2008-03-19 18:49:02 EDT
Package Change Request
Package Name: nettle
New Branches: EL-4 EL-5
Comment 11 Kevin Fenzi 2008-03-19 22:48:09 EDT
cvs done.

Note You need to log in before you can comment on or make changes to this bug.