Bug 494693 - Review Request: gloox - A rock-solid, full-featured Jabber/XMPP client library
Review Request: gloox - A rock-solid, full-featured Jabber/XMPP client library
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Lemenkov
Fedora Extras Quality Assurance
:
: 578483 (view as bug list)
Depends On:
Blocks: qutIM
  Show dependency treegraph
 
Reported: 2009-04-07 15:38 EDT by Pavel Alexeev
Modified: 2010-04-18 12:03 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-26 00:55:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
lemenkov: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Pavel Alexeev 2009-04-07 15:38:29 EDT
Spec URL: http://hubbitus.net.ru/rpm/Fedora9/gloox/gloox.spec
SRPM URL: http://hubbitus.net.ru/rpm/Fedora9/gloox/gloox-1.0-0.4.SVNr4003.fc9.src.rpm
Description: gloox is a rock-solid, full-featured Jabber/XMPP client library, written in C++. It makes writing spec-compliant clients easy and allows for hassle-free integration of Jabber/XMPP functionality into existing applications.
Comment 1 Pavel Alexeev 2009-04-07 17:24:07 EDT
Koji build successful https://koji.fedoraproject.org/koji/taskinfo?taskID=1282986
Comment 2 Peter Lemenkov 2009-04-08 00:21:53 EDT
I'll review it.
Comment 3 Peter Lemenkov 2009-04-09 13:59:00 EDT
REVIEW:

+ rpmlint is almost silent:

[petro@Sulaco ppc]$ rpmlint gloox-*
gloox-devel.ppc: W: no-documentation
3 packages and 0 specfiles checked; 0 errors, 1 warnings.
[petro@Sulaco ppc]$

[petro@Sulaco SRPMS]$ rpmlint gloox-*
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
[petro@Sulaco SRPMS]

+ The package is named according to the Package Naming Guidelines.
+ The spec file name matches the base package %{name}, in the format %{name}.spec.
+ The package meets the Packaging Guidelines.
+ The package is licensed with a Fedora approved license and meets the Licensing Guidelines .
+ The License field in the package spec file matches the actual license (GPLv2).
+ The file, containing the text of the license(s) for the package, is included in %doc.
+ The spec file is written in American English.
+ The spec file for the package is legible.
- The sources used to build the package must match the upstream source, as provided in the spec URL. However I failed to reproduce exact tarball using instructions in comments (it's a normal situation when creating tarball from SCM directly). 

[petro@Sulaco SOURCES]$ ll gloox-1.0-SVNr4003.tar.bz2*
-rw-rw-r-- 1 petro petro 644824 Апр  9 21:41 gloox-1.0-SVNr4003.tar.bz2
-rw-r--r-- 1 petro petro 621743 Апр  5 12:57 gloox-1.0-SVNr4003.tar.bz2.from_srpm
[petro@Sulaco SOURCES]$

I suggest you to consider rebasing patches against latest devel tarball ( http://camaya.net/download/gloox-1.0-beta8.tar.bz2 ) instead of fetching whole svn tree.

+ The package successfully compiles and builds into binary rpms on at least one primary architecture.
+ All build dependencies are listed in BuildRequires.
+ The package calls ldconfig in %post and %postun.
+ The package owns all directories that it creates.
+ The package does not list a file more than once in the spec file's %files listings.
+ Permissions on files are set properly.
+ The package has a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT).
+ The package consistently uses macros.
+ The package contains code, or permissable content.
+ No extremely large documentation files
+ Everything, the package includes as %doc, does not affect the runtime of the application.
+ Header files are in a -devel package.
+ No static libraries.
+ The sub-package containing pkgconfig(.pc) files has 'Requires: pkgconfig' directive.
+ The library file that ends in .so (without suffix) is placed in a -devel package.
+ The devel sub-package requires the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release}
+ The package does NOT contain any .la libtool archives.
+ Not a GUI application.
+ The package does not own files or directories already owned by other packages.
+ At the beginning of %install, the package runs rm -rf %{buildroot} (or $RPM_BUILD_ROOT).
+ All filenames in rpm packages are valid UTF-8.

So, finally, please consider using http://camaya.net/download/gloox-1.0-beta8.tar.bz2 instead of svn tree (just for simplifying the process of verifying sources) or write few words explaining why it's necessary to use trunk and I'll approve this package.
Comment 4 Pavel Alexeev 2009-04-10 01:16:06 EDT
(In reply to comment #3)
> [petro@Sulaco SOURCES]$ ll gloox-1.0-SVNr4003.tar.bz2*
> -rw-rw-r-- 1 petro petro 644824 Апр  9 21:41 gloox-1.0-SVNr4003.tar.bz2
> -rw-r--r-- 1 petro petro 621743 Апр  5 12:57
> gloox-1.0-SVNr4003.tar.bz2.from_srpm
Hm... It is big surprise for me. I now repeat this procedura and got again another results:
[pasha@x-www svn]$ ll gloox-1.0-SVNr4003.tar.bz2
-rw-r--r-- 1 pasha users 623149 Апр 10 08:39 gloox-1.0-SVNr4003.tar.bz2

How it can be at all with concrete single revision???

> I suggest you to consider rebasing patches against latest devel tarball (
> http://camaya.net/download/gloox-1.0-beta8.tar.bz2 ) instead of fetching whole
> svn tree.


> So, finally, please consider using
> http://camaya.net/download/gloox-1.0-beta8.tar.bz2 instead of svn tree (just
> for simplifying the process of verifying sources) or write few words explaining
> why it's necessary to use trunk and I'll approve this package.  

Hm. I see it is not released yet (accordingly offsite http://camaya.net/glooxdownload when last present beta7). And my bugreport is not closed which was promised in next beta - http://bugs.camaya.net/horde/whups/ticket/?id=137 .

Futhermore, the main reason why I get SVN checkout is absent some stuff (before rev 3873) required by qutIM (this review blocks it) also not present in beta8. If you interest in details ('grep "setServerImpl" gloox-1.0-beta8/src/socks5bytestream*' this present in my checkout, bot nor in beta8).

So, I really do not known what I may do in this situation...
Comment 5 Pavel Alexeev 2009-04-18 13:19:58 EDT
Meantime I think I resolve this trouble and source may be checked by hash.

http://hubbitus.net.ru/rpm/Fedora9/gloox/gloox-1.0-0.5.SVNr4003.fc9.src.rpm
Comment 6 Peter Lemenkov 2009-04-19 07:50:31 EDT
Ok, due to failure of attempts to create exact tarball, I'm continuing from where I stopped last time.
Comment 7 Peter Lemenkov 2009-04-19 08:47:44 EDT
+ MUST: rpmlint must be run on every package. The output should be posted in the review.[1]

[petro@Sulaco SPECS]$ rpmlint ../RPMS/ppc/gloox-*
gloox-devel.ppc: W: no-documentation
3 packages and 0 specfiles checked; 0 errors, 1 warnings.
[petro@Sulaco SPECS]$

This warning is safe to ignore.

+ MUST: The package must be named according to the Package Naming Guidelines .
+ MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [2] .
+ MUST: The package must meet the Packaging Guidelines .
+ MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines .
+ MUST: The License field in the package spec file must match the actual license. [3]
+ MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.[4]
+ MUST: The spec file must be written in American English. [5]
+ MUST: The spec file for the package MUST be legible. [6]
+ MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this.

Actually, we cannot simply use md5sum for verifying sources from VCS, but we can diff -ru them.

[petro@Sulaco SOURCES]$ tar xf gloox-1.0-SVNr4003.tar.bz2 
[petro@Sulaco SOURCES]$ svn export -r4003 svn://svn.camaya.net/gloox/trunk gloox-1.0.svn > /dev/null 
[petro@Sulaco SOURCES]$ diff -ru gloox-1.0 gloox-1.0.svn/
[petro@Sulaco SOURCES]$

+ MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture.
+ MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense.
+ MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [10]
+ MUST: A Fedora package must not list a file more than once in the spec file's %files listings. [13]
+ MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line. [14]
+ MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). [15]
+ MUST: Each package must consistently use macros. [16]
+ MUST: The package must contain code, or permissable content. [17]
+ MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [18]
+ MUST: Header files must be in a -devel package. [19]
+ MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig' (for directory ownership and usability). [21]
+ MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. [19]
+ MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} [22]
+ MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.[20]
+ MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [24]
+ MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT). [25]
+ MUST: All filenames in rpm packages must be valid UTF-8. [26]

APPROVED.
Comment 8 Pavel Alexeev 2009-04-19 10:08:51 EDT
Peter Lemenkov, thank you very much for the review.

New Package CVS Request
=======================
Package Name: gloox
Short Description: A rock-solid, full-featured Jabber/XMPP client library
Owners: hubbitus
Branches: F-9 F-10 F-11
InitialCC:
Comment 9 Kevin Fenzi 2009-04-21 16:01:11 EDT
cvs done.
Comment 10 Fedora Update System 2009-04-26 00:44:59 EDT
gloox-1.0-0.5.SVNr4003.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/gloox-1.0-0.5.SVNr4003.fc9
Comment 11 Fedora Update System 2009-04-26 00:45:29 EDT
gloox-1.0-0.5.SVNr4003.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/gloox-1.0-0.5.SVNr4003.fc10
Comment 12 Fedora Update System 2009-04-26 00:46:00 EDT
gloox-1.0-0.5.SVNr4003.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/gloox-1.0-0.5.SVNr4003.fc11
Comment 13 Fedora Update System 2009-05-18 21:58:57 EDT
gloox-1.0-0.5.SVNr4003.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2009-05-18 22:04:30 EDT
gloox-1.0-0.5.SVNr4003.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2009-05-26 03:51:39 EDT
gloox-1.0-0.5.SVNr4003.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Pavel Alexeev 2010-04-18 12:01:56 EDT
Package Change Request
======================
Package Name: gloox
New Branches: EL-5
Owners: hubbitus
Comment 17 Pavel Alexeev 2010-04-18 12:03:05 EDT
*** Bug 578483 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.