Spec URL: http://people.redhat.com/~rafaels/specs/python-qmf.spec SRPM URL: http://people.redhat.com/~rafaels/srpms/python-qmf-0.7.917557-2.el5.src.rpm Description: Python QMF library for Apache Qpid
Updated SRPM here: http://people.redhat.com/~rafaels/srpms/python-qmf-0.7.917557-3.el5.src.rpm
Just a few comments for now: - %global and not %define https://fedoraproject.org/wiki/Packaging/Guidelines#.25global_preferred_over_.25define - please move python_sitelib + version to the top (in any other specs I saw, there are on the top. So part of a 'unwritten convention'. - BR/R on python is unneeded. BR on python-devel adds anything else. - version naming wrong: https://fedoraproject.org/wiki/Packaging:NamingGuidelines#NonNumericRelease It should be something like 0.7-0.1.$DATEsvn -> It's a prerelease of 0.7 checked out of svn on $DATE. Example from link above: kismet-0-0.1.20040110svn (this is a pre-release, svn checkout of kismet) kismet-0-0.2.20040110svn (this is a bugfix to the previous package) kismet-0-0.3.20040204svn (this is a new svn checkout, note the increment of %{X}) kismet-1.0-1 (this is the formal release of kismet 1.0)
Does 0.7.917557 actually count as a non numeric release? I only ask because all the other qpid packages already in fedora are versioned this way, e.g. qpid-cpp, python-qpid, etc. This is also how upstream versions development releases: 0.<odd>.<svnrev>. Non development versions are 0.<even>[.<minor>], so I believe the version numbers will always compare correctly, even between development and official versions. If this is still a problem I presume we'll have to update all the other qpid packages as well?
I'd say, your naming is sane and would be ok to accept, but that's not what the guidelines say atm... This means, you need to change the version numbering to 0.<num>-0.X.$DATEsvn$REL if it's a prerelease (like a svn checkout) or you can use 0.<num>-X, when it's an official relase. (Note: release 0.X for checkouts and X for official relases.) __________________________________________________________________ I believe, it would be the easiest to upload an official development release as a tarball, you could use your version numbering, but not for manual svn checkouts...
Thomas: I'd just like to point out that there is precedent in all the other qpid-related packages already in Fedora (amqp, qpidc/qpid-cpp, python-qpid, ruby-qpid) to use this style of version numbering, since it comes straight from upstream. The present package is actually a "spin-off" from other packages, due to a code tree reorganization upstream which allows for more sensible packaging, so I believe it should be allowed to keep the same numbering scheme.
IMO it is perfectly fine to go with that numbering scheme. I don't think it is necessary to apply our own very static guidelines to this package, if the naming scheme is used/know by upstream and their community.
I've picked up this review, since the process seems to have stalled. I reviewed the updated srpm posted above, python-qmf-0.7.917557-3.el5.src.rpm * MUST: rpmlint must be run on every package. The output should be posted in the review. OK $ mock -r fedora-rawhide-i386 ~/Download/python-qmf-0.7.917557-3.el5.src.rpm INFO: mock.py version 1.0.5 starting... State Changed: init plugins State Changed: start INFO: Start(/home/nsantos/Download/python-qmf-0.7.917557-3.el5.src.rpm) Config(fedora-rawhide-i386) State Changed: lock buildroot State Changed: clean State Changed: init State Changed: lock buildroot Mock Version: 1.0.5 INFO: Mock Version: 1.0.5 INFO: enabled root cache INFO: enabled yum cache State Changed: cleaning yum metadata INFO: enabled ccache State Changed: running yum State Changed: creating cache State Changed: setup State Changed: build INFO: Done(/home/nsantos/Download/python-qmf-0.7.917557-3.el5.src.rpm) Config(fedora-rawhide-i386) 2 minutes 14 seconds INFO: Results and/or logs in: /var/lib/mock/fedora-rawhide-i386/result INFO: Running createrepo on binary rpms in resultdir $ ls -alF /var/lib/mock/fedora-rawhide-i386/result total 304 drwxrwsr-x. 3 nsantos mock 4096 2010-03-30 09:04 ./ drwxrwsr-x. 4 root mock 4096 2010-03-30 09:02 ../ -rw-rw-r--. 1 nsantos mock 11284 2010-03-30 09:04 build.log -rw-r--r--. 1 nsantos mock 157944 2010-03-30 09:04 python-qmf-0.7.917557-3.fc14.noarch.rpm -rw-r--r--. 1 nsantos mock 77945 2010-03-30 09:04 python-qmf-0.7.917557-3.fc14.src.rpm drwxr-sr-x. 2 root mock 4096 2010-03-30 09:04 repodata/ -rw-rw-r--. 1 nsantos mock 39602 2010-03-30 09:04 root.log -rw-rw-r--. 1 nsantos mock 312 2010-03-30 09:04 state.log $ rpmlint /var/lib/mock/fedora-rawhide-i386/result/*.rpm python-qmf.noarch: W: non-standard-group Development/Python python-qmf.noarch: W: no-documentation python-qmf.src: W: non-standard-group Development/Python 2 packages and 0 specfiles checked; 0 errors, 3 warnings. (warning regarding no-docs would be eliminated by including at least the LICENSE file, if available upstream; see below) * MUST: The package must be named according to the Package Naming Guidelines . OK * MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. OK * MUST: The package must meet the Packaging Guidelines . OK (version numbering has precedent upstream and also in other qpid-related packages already in Fedora) * MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . OK (ASL 2.0) * MUST: The License field in the package spec file must match the actual license. OK * MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. N/A * MUST: The spec file must be written in American English. OK * MUST: The spec file for the package MUST be legible. OK * MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. OK (but no md5sum provided) * MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. OK (see mock output above) * MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. N/A * MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. OK * MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. N/A * MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. N/A * MUST: Packages must NOT bundle copies of system libraries. OK * MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. N/A * MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. OK * MUST: A Fedora package must not list a file more than once in the spec file's %files listings. OK * MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line. OK * MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). OK * MUST: Each package must consistently use macros. OK * MUST: The package must contain code, or permissable content. OK * MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). N/A * MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. N/A * MUST: Header files must be in a -devel package. N/A * MUST: Static libraries must be in a -static package. N/A * MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig' (for directory ownership and usability). N/A * MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. N/A * MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} N/A * MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. N/A * MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. N/A * MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. OK * MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT). OK * MUST: All filenames in rpm packages must be valid UTF-8. OK * SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. NO * SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. N/A * SHOULD: The reviewer should test that the package builds in mock. OK (see output above) * SHOULD: The package should compile and build into binary rpms on all supported architectures. OK (see output above) * SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. OK * SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. N/A * SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. N/A * SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. N/A * SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. N/A Rafi: the package looks good, the only thing I'd like to see is a LICENSE file included in the rpm, if available upstream. That would take care of the no-docs warning, as well as addressing one of the "SHOULD" items.
Thomas is correct when he says we must follow the Naming Guidelines WRT snapshot packages and the version/release string. The problem is that in the end we don't have any control over upstream so there's several ways that constructing the version numbers in this manner can go wrong: * Upstream changes how it constructs releases. If upstream does something like this we'd be okay: 0.7.917557 => 0.7.917557-1 0.8beta1 => 0.8-0.1.beta1 0.8 => 0.8-1 But what if upstream decides to change their release practices and do something like this this time: 0.7.917557 => 0.7.917557-1 0.7beta1 => 0.7-0.1.beta1 !! Oops, update path broken !! 0.8 => 0.8-1 Or: 0.7.917557 => 0.7.917557-1 0.7beta1 => 0.7-0.1.beta1 !! Update path broken !! 0.7 => 0.7-1 !! Update path even more broken !! * Upstream switches version control systems: 0.7.917557 => 0.7.917557-1 # Upstream switches to git 0.7.87AF2E => 0.7.87AF2E-1 !! Update path broken !! 0.8 => 0.8-1 One note, since these snapshot packages appear to be post-release snapshots rather than pre-release, the versioning should probably be: 0.7-1.917557 If upstream's next stable release is 0.8, this becomes: 0.8-1 If upstream's next stable release were to be 0.7, this becomes: 0.7-2 If upstream switches to git, the order would be preserved by doing this: 0.7-1.917557 0.7-2.87AF2E 0.7-3 (or 0.8-1) The Package Naming Guidelines were written to be robust in cases where upstreams make such changes in their practices. They must be followed here. The other qpidd packages should be changed to conform to the Package Naming Guidelines when their versions can be corrected without breaking the update path. For instance, we might do this:: 0.5.819819-1 # Current 0.5.987654-1 # Still a snapshot with non-conforming version 0.6-1 # versioning corrected since it does not break the update path 0.6-1.998765 # First snapshot with conforming version
One correction to what I wrote earlier -- Thomas is correct that we still want release to include ${DATE}svn${REV} rather than simply ${REV}. This was chosen to be meaningful in case upstream switches version control systems. Here's an example: 0.7.917557 # first svn snapshot 0.7.987654 # second svn snapshot 0.7.87AF2E # first git snapshot 0.7.76FAE2 # second git snapshot If we just move the revision string into release, the numbers have meaning to developers who are used to working with revision control but do not have meaning to end users. An enduser can't tell whether 0.7-1.87AF2E is more recent than 0.7-2.76FAE2 or if it contains fixes that they found in a ChangeLog that says the feature was added in March, 2010. Having the date gives them a bit more information: 0.7-1.20100101svn917557 0.7-2.20100102svn987654 0.7-3.20100201git87AF2E 0.7-4.20100301git76FAE2
Is anything happening with this review? It should probably be closed out after nine months without response from the submitter.
afaict python-qpid-qmf is now subpackage of qpid-cpp