Bug 455380 - Review Request: tqsllib - The TrustedQSL library
Review Request: tqsllib - The TrustedQSL library
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 455396
  Show dependency treegraph
 
Reported: 2008-07-15 04:58 EDT by Lucian Langa
Modified: 2008-09-10 03:09 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-24 06:28:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tibbs: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Lucian Langa 2008-07-15 04:58:22 EDT
Spec URL: http://lucilanga.fedorapeople.org/tqsllib.spec
SRPM URL: http://lucilanga.fedorapeople.org/tqsllib-2.0-1.fc9.src.rpm
Description: The TrustedQSL library is used for generating digitally signed
QSO records (records of Amateur Radio contacts). This package
contains the library and configuration files needed to run
TrustedQSL applications.
Comment 1 Jason Tibbitts 2008-08-20 18:28:56 EDT
Just a few comments:

Builds OK; rpmlint just says:
  tqsllib-devel.x86_64: W: unused-direct-shlib-dependency 
   /usr/lib64/libtqsllib.so.1.0.0 /lib64/libm.so.6
which indicates that the library is linked against libm without actually calling any functions in it.  This isn't a significant issue, but if it concerns you then there's a workaround at http://fedoraproject.org/wiki/PackageMaintainers/CommonRpmlintIssues#unused-direct-shlib-dependency

The source URL seems to be wrong; sourceforge just endlessly redirects me.

/usr/lib64/libtqsllib.so.1 and /usr/lib64/libtqsllib.so.1.0.0 are duplicated between the main and -devel packages.

There shouldn't be any reason to run ldconfig on the -devel package.

If you really want to package the static library you can, but it needs to be in a separate -static subpackage.
Comment 2 Lucian Langa 2008-08-21 08:39:26 EDT
> Builds OK; rpmlint just says:
>   tqsllib-devel.x86_64: W: unused-direct-shlib-dependency 
>    /usr/lib64/libtqsllib.so.1.0.0 /lib64/libm.so.6
> which indicates that the library is linked against libm without actually
> calling any functions in it.  This isn't a significant issue, but if it
> concerns you then there's a workaround at
> http://fedoraproject.org/wiki/PackageMaintainers/CommonRpmlintIssues#unused-direct-shlib-dependency

I've fixed this.
But I did not get this complain from rpmlint. What rpmlint version do you use ?



> The source URL seems to be wrong; sourceforge just endlessly redirects me.
Fixed.


> /usr/lib64/libtqsllib.so.1 and /usr/lib64/libtqsllib.so.1.0.0 are duplicated
> between the main and -devel packages.
Fixed.


> There shouldn't be any reason to run ldconfig on the -devel package.
Fixed.

... and finally bump ...

http://lucilanga.fedorapeople.org/tqsllib.spec
http://lucilanga.fedorapeople.org/tqsllib-2.0-2.fc9.src.rpm
Comment 3 Jason Tibbitts 2008-08-21 08:47:59 EDT
I build and test everything in current rawhide, although I don't think you need a particularly new rpmlint to show this complaint.

To get full rpmlint output, you must:
  Run rpmlint on the src.rpm
  Build the packages and run rpmlint on the resulting binary rpms.
  Install the built package and run "rpmlint packagename".

Building the -2 package, I see that rpmlint is indeed silent now, the Source: URL is correct (source sha256sum is:
  083c4405455c5b5a711e82275fe2b7106266bfc1edbd1a78ef542244e25909dc  
  tqsllib-2.0.tar.gz
which matches what's in the package), duplicated library issues and ldconfig are indeed fixed.

The only remaining issue is the static library.  As I wrote earlier, you can package this if you really want to (although packages in Fedora can't make use of it without FESCo approval) but it must be in a separate -static package.  See https://fedoraproject.org/wiki/Packaging/Guidelines#Exclusion_of_Static_Libraries  and the following couple of sections.
Comment 4 Lucian Langa 2008-08-21 09:23:59 EDT
>   Install the built package and run "rpmlint packagename".
I think I've missed this step.
Thanks.


> The only remaining issue is the static library.  As I wrote earlier, you can
> package this if you really want to (although packages in Fedora can't make use
> of it without FESCo approval) but it must be in a separate -static package. 
> See
> https://fedoraproject.org/wiki/Packaging/Guidelines#Exclusion_of_Static_Libraries
>  and the following couple of sections.
dropped static

...

http://lucilanga.fedorapeople.org/tqsllib.spec
http://lucilanga.fedorapeople.org/tqsllib-2.0-3.fc9.src.rpm
Comment 5 Jason Tibbitts 2008-08-21 12:38:12 EDT
Thanks.  For some reason I thought I had run through my checklist already, but I hadn't.  It usually helps to uncover some additional issues:

I note that the compiler flags are a litle weird; the makefile supplies "-g3 -O -Wall" and then the spec provides the usual Fedora set.  I've verified that gcc will use the ones specified later on the command line, so there's no real problem but you might consider patching the extra ones out.

This package should own /usr/share/tqsl, I think.

Since that's the only real issue, I'll go ahead and approve this and you can fix it when you check in.

* source files match upstream:
   083c4405455c5b5a711e82275fe2b7106266bfc1edbd1a78ef542244e25909dc  
   tqsllib-2.0.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
* license field matches the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
  tqsllib-2.0-3.fc10.x86_64.rpm
   libtqsllib.so.1()(64bit)
   tqsllib = 2.0-3.fc10
   tqsllib(x86-64) = 2.0-3.fc10
  =
   /sbin/ldconfig
   libcrypto.so.7()(64bit)
   libexpat.so.1()(64bit)
   libgcc_s.so.1()(64bit)
   libgcc_s.so.1(GCC_3.0)(64bit)
   libstdc++.so.6()(64bit)
   libstdc++.so.6(CXXABI_1.3)(64bit)
   libstdc++.so.6(GLIBCXX_3.4)(64bit)
   libstdc++.so.6(GLIBCXX_3.4.9)(64bit)
   libtqsllib.so.1()(64bit)
   libz.so.1()(64bit)

  tqsllib-devel-2.0-3.fc10.x86_64.rpm
   tqsllib-devel = 2.0-3.fc10
   tqsllib-devel(x86-64) = 2.0-3.fc10
  =
   libtqsllib.so.1()(64bit)
   tqsllib = 2.0-3.fc10

* %check is not present; no test suite included.  I have no idea how to test 
   this software.
* a shared library is installed:
   ldconfig called properly.
   unversioned .so link is in the -devel package.
X fails to own /usr/share/tqsl.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* scriptlets are OK (ldconfig).
* code, not content.
* %docs are not necessary for the proper functioning of the package.
* headers are in the -devel package.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.

APPROVED
Comment 6 Lucian Langa 2008-08-21 13:17:20 EDT
> This package should own /usr/share/tqsl, I think.
I do not think it is necessary as config.xml won't be modified.


> 
> * %check is not present; no test suite included.  I have no idea how to test 
>    this software.
This bring me to another question: shouldn't the reporter submit a minimum test scenario when %check is missing ? this usualy helps undercover additional issues.
tqsllib is the library required to run TrustedQSL application. A more appropriate test can only be done when running TrustedQSL.
Comment 7 Lucian Langa 2008-08-21 13:20:13 EDT
New Package CVS Request
=======================
Package Name: tqsllib
Short Description: The TrustedQSL library
Owners: lucilanga
Branches: F-8 F-9 EL-5
InitialCC: 
Cvsextras Commits: yes
Comment 8 Jason Tibbitts 2008-08-21 13:31:31 EDT
APPROVAL REVOKED

(In reply to comment #6)
> > This package should own /usr/share/tqsl, I think.
> I do not think it is necessary as config.xml won't be modified.

Then I have no choice but to revoke my approval.  Modification isn't the issue; if this package doesn't own /usr/share/tqsl, then no package will own it and that is a blocker.  Unless you can convince me I'm wrong, I can't approve this package.

It is of course a good idea to test all software, but automated test suites are not always possible.  I am trusting that you have either tested this software or tested the software which depends on it, and that you will respond to bug reports related to this software in an appropriate manner.  The reviewer isn't really the QA agent; when I know how, I will try to run software when possible to make sure that it at least does something but when a ticket sits around in the queue for over a month I figure that nobody with the necessary expertise is going to turn up.
Comment 9 Lucian Langa 2008-08-21 14:00:44 EDT
> 
> Then I have no choice but to revoke my approval.  Modification isn't the issue;
> if this package doesn't own /usr/share/tqsl, then no package will own it and
> that is a blocker.  Unless you can convince me I'm wrong, I can't approve this
> package.

I'm sorry,
here's the updated version ...

http://lucilanga.fedorapeople.org/tqsllib.spec
http://lucilanga.fedorapeople.org/tqsllib-2.0-4.fc9.src.rpm
Comment 10 Jason Tibbitts 2008-08-21 15:48:37 EDT
Looks good now; thanks.

APPROVED (for real this time)
Comment 11 Lucian Langa 2008-08-21 17:05:24 EDT
Thank you.
Comment 12 Kevin Fenzi 2008-08-23 13:57:46 EDT
cvs done.
Comment 13 Fedora Update System 2008-08-24 06:20:21 EDT
tqsllib-2.0-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/tqsllib-2.0-4.fc9
Comment 14 Fedora Update System 2008-08-24 06:21:29 EDT
tqsllib-2.0-4.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/tqsllib-2.0-4.fc8
Comment 15 Fedora Update System 2008-09-10 02:33:07 EDT
tqsllib-2.0-4.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2008-09-10 03:09:38 EDT
tqsllib-2.0-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.