Hide Forgot
Spec URL: http://people.redhat.com/avagarwa/files/tncfhh/tncfhh.spec SRPM URL: http://people.redhat.com/avagarwa/files/tncfhh/tncfhh-0.8.2-1.fc14.src.rpm Description: The TNC@FHH project is an open source implementation of the Trusted Network Connect (TNC) framework, which is specified by the Trusted Computing Group (TCG). TNC@FHH allows you to provision access to a network based upon factors like the user credentials and the requesting endpoint's integrity state. The following TNC components and their respective interfaces are implemented by TNC@FHH: IMCs (IF-IMC 1.2), IMVs (IF-IMV 1.2), TNCS (IF-TNCCS 1.1), NAA (IF-T EAP 1.1).
MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. OK: Warnings are the missing documentation and non stripped binaries. rpmlint outputs are attached. MUST: The package must be named according to the Package Naming Guidelines. OK: The package name is according all naming guidelines. MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. OK: The spec file name match the requested name. MUST: The package must meet the Packaging Guidelines. ? OK: The package mostly fits all guidelines there are some exceptions found by the rpmlint. MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . FAIL: The license is inconsistent, mentions GPLv2, which is incompatible with. It is basically a non-commercial-only license. MUST: The License field in the package spec file must match the actual license. FAIL: The GPLv2 is mentioned in the spec file, the above licence is in the package. I reccomend to work with legal.org to solve the licensing problem.
Created attachment 512635 [details] source rpm rpmlint output
Created attachment 512636 [details] binary rpms rpmlint output
I apologize for the inaccurate data, the license type is FLOSS, therefore admissible. This particular license but is not mentioned in the list of compatible licenses and should be further explored,
I have see some other packages with GPLv2 license too in Fedora. So I am wondering what should I explore further if it is admissble?
http://fedoraproject.org/wiki/Licensing#Good_Licenses GPLv2 is the identifier and its acceptable.
This software is Copyright (C) 2006-2010 Fachhochschule Hannover (University of Applied Sciences and Arts) Use is subject to license conditions. The main licensing options available are: Open Source Licensing. This is the appropriate option if you want to share the source code of your application with everyone you distribute it to, and you also want to give them the right to share who uses it. If you wish to use TNC@FHH under Open Source Licensing, you must contribute all your source code to the open source community in accordance with the GPL Version 2 when your application is distributed. See http://www.gnu.org/copyleft/gpl.html Commercial Licensing. This is the appropriate option if you are creating proprietary applications and you are not prepared to distribute and share the source code of your application. Contact trust.de for details. http://trust.inform.fh-hannover.de/ ---------snip------------------------------ This is NOT the GPLv2 license. This is not listed in http://fedoraproject.org/wiki/Licensing#Good_Licenses. This is some kind of dual license, probably acceptable.
> This is NOT the GPLv2 license. This is not listed in > http://fedoraproject.org/wiki/Licensing#Good_Licenses. This is some kind of > dual license, probably acceptable. This IS GPLv2 license. Meaning, we have a choice which license to use (with the only limit that with GPLv2 we cannot develop proprietary products, which you cannot otherwise, given GPLv2 “stickiness”) and we have chosen GPLv2. Setting FE-LEGAL as well to be sure.
I agree with Matej, there are two choices, and we choose GPLv2. This is a "or", not an "and" scenario. :) Lifting FE-Legal.
MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. OK: the LICENSE file is in %doc MUST: The spec file must be written in American English. OK: AFAIK it is. MUST: The spec file for the package MUST be legible. OK: MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. OK: both file are identical MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. OK: tested on x86_64 MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. NOT TESTED YET. MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. OK: MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. OK: No localews there MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. OK: %post %postun correct MUST: Packages must NOT bundle copies of system libraries. OK: MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. OK:
MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. OK: directories are: /etc/tnc /etc/tnc/xacml (%name-libs) /usr/include/naaeap/ /usr/include/tncs/ /usr/include/tcg/ /usr/include/imunit/ /usr/include/tncxacml/ (%name-devel) MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations) OK: MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. OK: permissions meet the rules. MUST: Each package must consistently use macros. OK: MUST: The package must contain code, or permissable content. OK: MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). N/A: there is lack of documentation MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. OK: MUST: Header files must be in a -devel package. OK: they are MUST: Static libraries must be in a -static package. N/A: There are no static libraries. MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. OK: MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} OK: there is the necessary dependencies. MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. OK: MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. N/A: there is no gui MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. OK: MUST: All filenames in rpm packages must be valid UTF-8. OK: all names are ascii
SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. N/A SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. ? There is no necessity of other languages in this package. SHOULD: The reviewer should test that the package builds in mock. OK: SHOULD: The package should compile and build into binary rpms on all supported architectures. OK: both x86_64 and i386 in rawhide works well. SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. NOT TESTED: SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. OK: SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. OK: %{name}-libs requires %{name} package, %{name}-examples requires %name}-libs and %{name}-devel requires %{name}-examples, %{name}-libs and %{name} SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. N/A: there are no pkgconfig files SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. N/A: No file dependencies here. SHOULD: your package should contain man pages for binaries/scripts. If it doesn't, work with upstream to add them where they make sense FAIL: there are no man pages at all, but there is a pdf file with sufficient documentation.
Resume: all the test pass. There is one question about stripping the binary files. Avesh the files are not striped intentionally?
Stripping should be done by the build system as it makes the debuginfo package. Its not something that you have to manually do, because it would discard the info needed to make the debuginfo packages.
(In reply to comment #13) > Resume: all the test pass. There is one question about stripping the binary > files. > Avesh the files are not striped intentionally? I think rpm build system has a script /usr/lib/rpm/find-debuginfo.sh that does the stripping for making debug package, so it is automatic. When I build on my local system, it does stripping and infact a scratch build on koji does the same thing. Not sure why your system where you might be building this package is not stripping binaries.
All done. + flag set.
New Package SCM Request ======================= Package Name: tncfhh Short Description: An open source implementation of the Trusted Network Connect (TNC) framework Owners: avesh Branches: f16 InitialCC:
Git done (by process-git-requests).