Bug 467395 (mingw32-openssl) - Review Request: mingw32-openssl - MinGW port of the OpenSSL toolkit
Summary: Review Request: mingw32-openssl - MinGW port of the OpenSSL toolkit
Alias: mingw32-openssl
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Levente Farkas
QA Contact: Fedora Extras Quality Assurance
Depends On: 454410 454416
Blocks: mingw32-opensc
TreeView+ depends on / blocked
Reported: 2008-10-17 10:17 UTC by Richard W.M. Jones
Modified: 2009-03-23 21:02 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-03-18 13:29:40 UTC
Type: ---
lfarkas: fedora-review+
kevin: fedora-cvs+

Attachments (Terms of Use)

Description Richard W.M. Jones 2008-10-17 10:17:04 UTC
Spec URL: http://hg.et.redhat.com/misc/fedora-mingw--devel/?cmd=manifest;manifest=82a0662b5376fe1a90612ed85628670c902a43d3;path=/openssl/
SRPM URL: http://www.annexia.org/tmp/mingw/fedora-9/src/SRPMS/mingw32-openssl-0.9.8g-1.fc9.src.rpm
Description: MinGW port of the OpenSSL toolkit

This is a not-very-straightforward port of the native Fedora
package, including a dozen or so patches from native, and 5
MinGW-specific patches.  The only major feature missing is
IPv6 support.

Approved MinGW guidelines are here:

Comment 1 Levente Farkas 2008-12-02 21:38:03 UTC
imho this is one of the most complicated mingw32 spec file. is this really that bad or it was just written too long ago?

a few comments:

do we build and run the tests or not? it seems to me not, but the BR
wine is still there. ie not %if %{with_tests}

is there any reason for this line?:
%{SOURCE1} > /dev/null

neither mingw32-openssl-0.9.8g-configure.patch nor the inline gcc script
has the -mms-bitfields set. anyway it'd be better to everywhere use the
%_mingw32_cflags not the hard coded ones. anyway is it a good trick to
use the inline gcc script?

wouldn't be better to use everywhere the %_mingw32_make macro (but i
don't see whether is has any effect?

this comment in the sepc:
 "Disable this thread test, because we don't have pthread on Windows"
still valid when we have mingw32-pthreads?

unfortunately it's makefiles and configure scripts are very hard coded
so we can't easily fix ar, ranlib etc. just patch the makefiles:-(
imho the best way in this case to run a successful build and look trough
the buildlog to find where and which commands are used.

Comment 2 Richard W.M. Jones 2008-12-10 16:30:02 UTC
In reply to comment 1 please see:

Comment 4 Levente Farkas 2009-02-02 21:52:25 UTC
rpmlint output:
mingw32-openssl.src:154: W: make-check-outside-check-section #patch33 is applied after make test
mingw32-openssl.src:262: W: rpm-buildroot-usage %build #    fips/fips_standalone_sha1 $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{version} >$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{version}.hmac \
mingw32-openssl.src:263: W: rpm-buildroot-usage %build #    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{soversion}.hmac \
mingw32-openssl.src: W: patch-not-applied Patch33: openssl-0.9.8j-ca-dir.patch
mingw32-openssl.src: W: strange-permission make-dummy-cert 0755
mingw32-openssl.src: W: strange-permission hobble-openssl 0755
all these output are the same as native package or commented out and can be ignored.

[+] rpmlint must be run on every package. The output should be posted in the
[+] MUST: The package must be named according to the Package Naming Guidelines
[+] MUST: The spec file name must match the base package %{name}, in the format
%{name}.spec unless your package has an exemption on Package Naming Guidelines
[+] MUST: The package must meet the Packaging Guidelines
[+] MUST: The package must be licensed with a Fedora approved license and meet
the Licensing Guidelines .
[+] MUST: The License field in the package spec file must match the actual
[+] MUST: If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of the
license(s) for the package must be included in %doc.
[+] MUST: The spec file must be written in American English.
[+] MUST: The spec file for the package MUST be legible.
[+] MUST: The sources used to build the package must match the upstream source,
as provided in the spec URL.
[+] MUST: The package must successfully compile and build into binary rpms on
at least one supported architecture.
[/] MUST: If the package does not successfully compile, build or work on an
architecture, then those architectures should be listed in the spec in
[+] MUST: All build dependencies must be listed in BuildRequires, except for
any that are listed in the exceptions section of the Packaging Guidelines;
inclusion of those as BuildRequires is optional.
[/] MUST: The spec file MUST handle locales properly. This is done by using the
%find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.
[*] MUST: Every binary RPM package which stores shared library files (not just
symlinks) in any of the dynamic linker's default paths, must call ldconfig in
%post and %postun. 
[/] MUST: If the package is designed to be relocatable, the packager must state
this fact in the request for review, along with the rationalization for
relocation of that specific package.
[+] MUST: A package must own all directories that it creates. 
[+] MUST: A package must not contain any duplicate files in the %files listing.
[+] MUST: Permissions on files must be set properly.
[+] MUST: Each package must have a %clean section, which contains rm -rf
%{buildroot} ( or $RPM_BUILD_ROOT ).
[+] MUST: Each package must consistently use macros, as described in the macros
section of Packaging Guidelines .
[+] MUST: The package must contain code, or permissable content.
[/] MUST: Large documentation files should go in a -doc subpackage.
[/] MUST: If a package includes something as %doc, it must not affect the
runtime of the application.
[*] MUST: Header files must be in a -devel package.
[/] MUST: Static libraries must be in a -static package.
[-] MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig'
(for directory ownership and usability).
[*] MUST: If a package contains library files with a suffix (e.g.
libfoo.so.1.1), then library files that end in .so (without suffix) must go in
a -devel package.
[*] MUST: In the vast majority of cases, devel packages must require the base
package using a fully versioned dependency: Requires: %{name} =
[*] MUST: Packages must NOT contain any .la libtool archives, these should be
removed in the spec.
[/] MUST: Packages containing GUI applications must include a %{name}.desktop
file, and that file must be properly installed with
desktop-file-install in the %install section.
[+] MUST: Packages must not own files or directories already owned by other
[+] MUST: At the beginning of %install, each package MUST run rm -rf
%{buildroot} ( or $RPM_BUILD_ROOT ). See Prepping BuildRoot For %i install for
[+] MUST: All filenames in rpm packages must be valid UTF-8.
[/] SHOULD: If the source package does not include license text(s) as a
separate file from upstream, the packager SHOULD query upstream to include it.
[/] SHOULD: The description and summary sections in the package spec file
should contain translations for supported Non-English languages, if available.
[+] SHOULD: The reviewer should test that the package builds in mock. See
MockTricks for details on how to do this.
[+] SHOULD: The package should compile and build into binary rpms on all
supported architectures.
[/] SHOULD: The reviewer should test that the package functions as described. A
package should not segfault instead of running, for example.
[/] SHOULD: If scriptlets are used, those scriptlets must be sane. This is
vague, and left up to the reviewers judgement to determine sanity.
[/] SHOULD: Usually, subpackages other than devel should require the base
package using a fully versioned dependency.
[*] SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and
this is usually for development purposes, so should be placed in a -devel pkg.
[/] SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin,
/usr/bin, or /usr/sbin consider requiring the package which provides the file
instead of the file itself.


 The package mingw32-openssl is approved by lfarkas


Comment 5 Richard W.M. Jones 2009-02-06 14:55:30 UTC
New Package CVS Request
Package Name: mingw32-openssl
Short Description: MinGW port of the OpenSSL toolkit
Owners: rjones berrange lfarkas
Branches: F-10 EL-5

Comment 6 Kevin Fenzi 2009-02-08 21:52:08 UTC
cvs done.

Comment 7 Wojciech Pilorz 2009-03-02 11:02:54 UTC
Is there any possibility that the mingw32 guidelines be changed
and static libraries be included (perhaps in separated packages *-static*.rpm)
rather than purged during build ?

I want static libraries because
I need to create a number of small tools running
on NT4 or XP machines and distributes over company 
WAN to several hundreds of servers, and I definitely
cannot make them depend of extra dlls.

Perhaps I am not the only one who would need mingw32* static libs.

Right now, to make standalone executable (not requiring any extra
dlls) with mingw32-gcc on Fedora10 which needs, say, just MD5 functions
from openssl, I need to recompile mingw32-openssl from source 
to get the static libraries.

If such change is possible, it would make mingw32* more usable 
out-of-the-box for me (and I would be happy to volunteer to make
patches for spec files of mingw32* if needed)

Comment 8 Richard W.M. Jones 2009-03-02 11:23:06 UTC
Please see this discussion:


In particular, the resolution here:


This bug is for the OpenSSL review.  Send any further
comments to the mailing list.

Comment 9 Michal Nowak 2009-03-18 13:24:00 UTC
I can see this in Rawhide, can we close?

Comment 10 Richard W.M. Jones 2009-03-18 13:29:40 UTC
Yes.  It's now in Fedora 10 too:


Note You need to log in before you can comment on or make changes to this bug.