Spec URL: http://www.auroralinux.org/people/spot/review/new/gambas3.spec SRPM URL: http://www.auroralinux.org/people/spot/review/new/gambas3-2.99.1-1.fc15.src.rpm Description: Gambas3 is a free development environment based on a Basic interpreter with object extensions, like Visual Basic (but it is NOT a clone !). With Gambas3, you can quickly design your program GUI, access MySQL or PostgreSQL databases, pilot KDE applications with DCOP, translate your program into many languages, create network applications easily, and so on... Koji Scratch Build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3106353 Please note: Gambas3 is packaged a bit... uniquely, because of how it works. Gambas is an IDE that generates RPM packages of the software coded within it. These packages are created with assumptions about the Gambas dependencies, hence, the somewhat unique decision choices. See: http://gambasdoc.org/help/howto/package#t1 In addition, rpmlint throws quite a few errors and warnings on the -examples subpackage, like this: gambas3-examples.x86_64: E: world-writable /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L gambas3-examples.x86_64: E: non-standard-executable-perm /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L gambas3-examples.x86_64: W: hidden-file-or-dir /usr/share/gambas3/examples/Sound/MusicPlayer/.startup gambas3-examples.x86_64: W: hidden-file-or-dir /usr/share/gambas3/examples/Automation/DBusExplorer/.startup The examples contain hidden files (necessary for Gambas3), and must be world-writable for Gambas3 users to open/compile/run the example files.
Is the kdelibs3-devel dependency still current? I don't see any KDE 3 module being built, nor do I see the dependency listed in upstream's documentation.
Yeah, I think that is bogus. Good catch. New SPEC: http://www.auroralinux.org/people/spot/review/new/gambas3.spec New SRPM: http://www.auroralinux.org/people/spot/review/new/gambas3-2.99.1-2.fc15.src.rpm
In progress. . .
Hi, (In reply to comment #0) > Spec URL: http://www.auroralinux.org/people/spot/review/new/gambas3.spec > In addition, rpmlint throws quite a few errors and warnings on the -examples > subpackage, like this: > > gambas3-examples.x86_64: E: world-writable > /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L > gambas3-examples.x86_64: E: non-standard-executable-perm > /usr/share/gambas3/examples/Database/MySQLExample/.gambas/FMESSAGE 0777L > gambas3-examples.x86_64: W: hidden-file-or-dir > /usr/share/gambas3/examples/Sound/MusicPlayer/.startup > gambas3-examples.x86_64: W: hidden-file-or-dir > /usr/share/gambas3/examples/Automation/DBusExplorer/.startup > > The examples contain hidden files (necessary for Gambas3), and must be > world-writable for Gambas3 users to open/compile/run the example files. First of all I'm not going to review this, so in the end it is Jon's calls whether or not this is ok. But to me world writable files under /usr/share just seem very wrong and thus unacceptable. How about a helper script which copies one or more examples to $HOME, and some README telling the user to run that and open the copy? Regards, Hans
Created attachment 517439 [details] rpmlint Yeah, it's a lot, so I'm not pasting, I'm attaching. It's mostly bad fsf address, with the perm issues and some shebangless scripts tossed in. I agree with Hans, but am willing to entertain a compelling argument to the contrary.
Without it, the examples don't work. The IDE assumes the examples are present in that directory and in that state, and displays them on startup. Either they keep this permission set (just like Gambas1 and Gambas2), or I get bug reports and upstream complaining that I'm not in compliance with their packaging standard. I don't see world-writable example files in a contained directory below /usr/share as a concern. Odd, yes, but not a blocker.
So there's no way if I edit an example to do something nefarious on my kids's machine, then when my daughter runs the example, it can't email her private files to my son?
Hm. Point taken. I'll try to think of some other way to do this, if nothing else, I'll just break the examples functionality.
Momma always said, if upstream does something insecure, fix it. I mean she didn't, but I could call her and . .. never mind.
Turns out that Gambas3 doesn't need those permissions at all. Silly old me. They're gone now. New SRPM: http://spot.fedorapeople.org/gambas3-2.99.1-3.fc15.src.rpm New SPEC: http://spot.fedorapeople.org/gambas3.spec
Created attachment 517637 [details] rpmlint, phase 2, in which Doris gets her oats. Ah, much better then. Next iteration.
New SRPM: http://spot.fedorapeople.org/gambas3-2.99.2-1.fc15.src.rpm New SPEC: http://spot.fedorapeople.org/gambas3.spec I think that all the rpmlint errors are now safe to ignore (hidden-files, missing docs, one incorrect FSF address)
Good: - rpmlint checks return: See above, OK. I don't love them, but they make sense. :) - package meets naming guidelines - package meets packaging guidelines - license ( ) OK, text in %doc, matches source - spec file legible, in am. english - source matches upstream - package compiles on devel (x86) - no unnecessary BR - no locales - not relocatable - owns all directories that it creates - no duplicate files - permissions ok - %clean ok - macro use consistent - code, not content - no need for -docs - nothing in %doc affects runtime - no need for .desktop file - devel package ok - post/postun ldconfig ok FIX and/or comment on: - no .la files - devel requires base package n-v-r PENDING MOCK BUILD: - no missing BR
BRs are fine.
2.99.3 packages: New SRPM: http://spot.fedorapeople.org/gambas3-2.99.3-1.fc15.src.rpm New SPEC: http://spot.fedorapeople.org/gambas3.spec
Ok, now we have an invalid Source URL, and the devel still doesn't require the main RPM.
There is no "main" RPM. The closest thing is the -runtime, so I've made devel require -runtime. As to the invalid Source URL, I cannot reproduce that (assuming you're talking about Source0): [spot@pterodactyl SPECS]$ wget http://downloads.sourceforge.net/gambas/gambas3-2.99.3.tar.bz2 --2011-09-07 15:23:51-- http://downloads.sourceforge.net/gambas/gambas3-2.99.3.tar.bz2 Resolving downloads.sourceforge.net... 216.34.181.59 Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://downloads.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2 [following] --2011-09-07 15:23:51-- http://downloads.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2 Reusing existing connection to downloads.sourceforge.net:80. HTTP request sent, awaiting response... 302 Found Location: http://voxel.dl.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2 [following] --2011-09-07 15:23:51-- http://voxel.dl.sourceforge.net/project/gambas/gambas3/gambas3-2.99.3.tar.bz2 Resolving voxel.dl.sourceforge.net... 74.63.46.131, 74.63.46.132, 74.63.46.133, ... Connecting to voxel.dl.sourceforge.net|74.63.46.131|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 8459327 (8.1M) [application/x-bzip2] Saving to: “gambas3-2.99.3.tar.bz2” 100%[=======================================================================================================================================>] 8,459,327 1.12M/s in 7.3s 2011-09-07 15:23:59 (1.11 MB/s) - “gambas3-2.99.3.tar.bz2” saved [8459327/8459327] ****** Oh, and gambas actually uses the .la files, iirc. It's special. New SRPM: http://spot.fedorapeople.org/gambas3-2.99.3-2.fc15.src.rpm New SPEC: http://spot.fedorapeople.org/gambas3.spec
Let's call it a network fluke, then. APPROVED.
New Package SCM Request ======================= Package Name: gambas3 Short Description: IDE based on a basic interpreter with object extensions Owners: spot Branches: f14 f15 f16 InitialCC:
Git done (by process-git-requests).
gambas3-2.99.3-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/gambas3-2.99.3-2.fc15
gambas3-2.99.3-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/gambas3-2.99.3-2.fc14
gambas3-2.99.3-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/gambas3-2.99.3-2.fc16
gambas3-2.99.3-2.fc16 has been pushed to the Fedora 16 testing repository.
gambas3-2.99.3-2.fc14 has been pushed to the Fedora 14 stable repository.
gambas3-2.99.3-2.fc15 has been pushed to the Fedora 15 stable repository.
gambas3-2.99.4-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/gambas3-2.99.4-1.fc15
gambas3-2.99.4-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/gambas3-2.99.4-1.fc16
gambas3-2.99.4-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/gambas3-2.99.4-1.fc14
gambas3-2.99.4-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
gambas3-2.99.4-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
gambas3-2.99.4-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.