Bug 463903 - Source URL in spec file is wrong
Source URL in spec file is wrong
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libjpeg (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tom Lane
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-25 04:30 EDT by Richard W.M. Jones
Modified: 2013-07-02 23:20 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-25 08:56:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard W.M. Jones 2008-09-25 04:30:20 EDT
The spec file contains this source URL:
  Source0: ftp://ftp.uu.net/graphics/jpeg/jpegsrc.v6b.tar.bz2
However, this file is missing.  It appears the extension should
be '.gz' instead.
Comment 1 Tom Lane 2008-09-25 08:00:01 EDT
Well, the reason it says bz2 is that some previous maintainer of the package decided to repack gz to bz2, I suppose to make the SRPM smaller.  Doesn't really seem worth changing it to me ...
Comment 2 Daniel Berrange 2008-09-25 08:13:29 EDT
The bz2 is not an official upstream source archive though - its some custom re-spin job by the original RHL maintainer. All Fedora packages should be using the pristine upstream source unless there's specific code we need to remove for legal reasons.

  http://fedoraproject.org/wiki/Packaging/ReviewGuidelines

"- MUST: The sources used to build the package must match the upstream source, 
   as provided in the spec URL. Reviewers should use md5sum for this task. If no 
   upstream URL can be specified for this package, please see the  Source URL 
   Guidelines for how to deal with this."


The specific reason why we noticed this problem is that we run automated tools on MinGW packages to verify that their contents match the corresponding native packages. MinGW libjpeg source matches upstream, and hence our integrity reports flagged up this problem in native package of not using a verifiable upstream source.
Comment 3 Richard W.M. Jones 2008-09-25 08:14:40 EDT
It's kind of important for MinGW, because we are basing our
mingw32-libjpeg package off this one, using automated tools
to routinely compare the differences in the specfiles.

Either our tools will warn about this bug, or we'll get
a Source-URL bug filed against our package too.

I don't mind making the change if I have commit access.
Comment 4 Tom Lane 2008-09-25 08:56:44 EDT
OK, done in HEAD.
Comment 5 Matthias Saou 2008-12-22 16:52:44 EST
Note that I had already fixed this a long time ago in bug #226032 (the merge review). I'm updating the patch in that report right now, and I'd appreciate if the current libjpeg maintainer could have a quick look at it.

Note You need to log in before you can comment on or make changes to this bug.