Hide Forgot
Spec URL: http://goldmann.fedorapeople.org/package_review/byteman/1/byteman.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/byteman/1/byteman-1.5.1-1.fc16.src.rpm Description: Byteman is a tool which simplifies tracing and testing of Java programs. Byteman allows you to insert extra Java code into your application, either as it is loaded during JVM startup or even after it has already started running. The injected code is allowed to access any of your data and call any application methods, including where they are private. You can inject code almost anywhere you want and there is no need to prepare the original source code in advance nor do you have to recompile, repackage or redeploy your application. In fact you can remove injected code and reinstall different code while the application continues to execute. Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=3218713 $ rpmlint byteman-1.5.1-1.fc15.src.rpm byteman.src: I: enchant-dictionary-not-found en_US byteman.src: W: invalid-url URL: http://www.jboss.org/byteman HTTP Error 403: Forbidden 1 packages and 0 specfiles checked; 0 errors, 1 warnings. $ rpmlint byteman.spec 0 packages and 1 specfiles checked; 0 errors, 0 warnings.
Bumped to version 1.5.2. Spec URL: http://goldmann.fedorapeople.org/package_review/byteman/2/byteman.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/byteman/2/byteman-1.5.2-1.fc15.src.rpm Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3233107
This is an informal review [X] rpmlint must be run on every package. Ok for the URL, it is reachable with a regular browser [X] The package must be named according to the Package Naming Guidelines. [X] The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [!] The package must meet the Packaging Guidelines. There is no comment for the buildxml patch According to the java packaging guidelines, you have to specify a version for java (Requires: java >= specific_version) [X] The package must be licensed with a Fedora approved license and meet the Licensing Guidelines. [X] The License field in the package spec file must match the actual license. License is GPL+ or Artistic [X] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. [X] The spec file must be written in American English. [X] The spec file for the package MUST be legible. [X] The sources used to build the package must match the upstream source, as provided in the spec URL. SRPM: fa14f8f248dbf4a2b80439ae1bf89c6d upstream: fa14f8f248dbf4a2b80439ae1bf89c6d [X] The package MUST successfully compile and build into binary rpms on at least one primary architecture. [NA] If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. [X] All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. [NA] The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. [NA] Every binary RPM package (or subpackage) which stores shared library files(not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [NA] Packages must NOT bundle copies of system libraries. [NA] If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [X] A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [X] A Fedora package must not list a file more than once in the spec file's %files listings. [X] Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line. [X] Each package must consistently use macros. [X] The package must contain code, or permissable content. [NA] Large documentation files must go in a -doc subpackage. [X] If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [NA] Header files must be in a -devel package. [NA] Static libraries must be in a -static package. [NA] If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. [NA] In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release}. [X] Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. [NA] Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. [X] Packages must not own files or directories already owned by other packages. [X] All filenames in rpm packages must be valid UTF-8.
I am onto this, I will do a formal review.
Package Review ============== Key: - = N/A x = Check ! = Problem ? = Not evaluated === REQUIRED ITEMS === [x] Rpmlint output: 0 errors, 4 warnings. - spelling errors and invalid URL [x] Package is named according to the Package Naming Guidelines[1]. [x] Spec file name must match the base package name, in the format %{name}.spec. [!] Package meets the Packaging Guidelines[2]. - Must specify java version in Requires [!] Package successfully compiles and builds into binary rpms. [x] Buildroot definition is not present [x] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4]. [x] License field in the package spec file matches the actual license. License type: LGPLv2+ [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x] All independent sub-packages have license of their own [x] Spec file is legible and written in American English. [x] Sources used to build the package matches the upstream source, as provided in the spec URL. [?] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5]. [x] Package must own all directories that it creates. [-] Package requires other packages for directories it uses. [x] Package does not contain duplicates in %files. [x] File sections do not contain %defattr(-,root,root,-) unless changed with good reason [x] Permissions on files are set properly. [x] Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore) [x] Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing) [x] Package contains code, or permissable content. [-] Fully versioned dependency in subpackages, if present. [-] Package contains a properly installed %{name}.desktop file if it is a GUI application. [x] Package does not own files or directories owned by other packages. [x] Javadoc documentation files are generated and included in -javadoc subpackage [x] Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks) [x] Packages have proper BuildRequires/Requires on jpackage-utils [x] Javadoc subpackages have Require: jpackage-utils [-] Package uses %global not %define [-] If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...) [x] If source tarball includes bundled jar/class files these need to be removed prior to building [x] All filenames in rpm packages must be valid UTF-8. [x] Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details) [x] If package contains pom.xml files install it (including depmaps) even when building with ant [x] pom files has correct add_maven_depmap === Maven === [x] Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms [-] If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment [-] If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment [!] Package DOES NOT use %update_maven_depmap in %post/%postun [!] Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro === Other suggestions === [!] If possible use upstream build method (maven/ant/javac) [x] Avoid having BuildRequires on exact NVR unless necessary [x] Package has BuildArch: noarch (if possible) [x] Latest version is packaged. *** ISSUES *** - Must specify java version in Requires - Package doesn't build in mock (fails on %install - err. Jar path doesn't exist) - Package builds with ant, upstream method is maven - Uses %post and %postun
Specifying java version is only needed when the package won't work with all jvm in the repo but needs at least certain version. So if it's fine with gcj i.e 1.5 jvm it's not needed.
Tomas, I fixed the issues and have one comment: maven is used upstream, but the tagged version is using ant. Probably next release will be maven-based. Spec URL: http://goldmann.fedorapeople.org/package_review/byteman/3/byteman.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/byteman/3/byteman-1.5.2-2.fc17.src.rpm Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3360471
Reason for blocking FE-Legal here was the SRPM contains a directory with various binary JARs, including an apparently GPL-licensed one, JFlex.jar, without source. See: http://fedoraproject.org/wiki/Packaging:Java#Pre-built_JAR_files_.2F_Other_bundled_software "There may arise rare cases that an upstream project is distributing JAR files that are actually not re-distributable by Fedora. In this situation, the JAR files themselves should not be redistributed -- even in the source zip. A modified source zip should be created with some sort of modifier in the name (ex. -CLEAN) along with instructions for reproducing." This is one of those "rare cases"; obviously Fedora cannot redistribute JFlex.jar without also distributing its source code.
Richard, fixed. Spec URL: http://goldmann.fedorapeople.org/package_review/byteman/4/byteman.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/byteman/4/byteman-1.5.2-3.fc17.src.rpm Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3363961
Seems OK now, use ant for this version. ======== APPROVED ========
Richard, if you think the license was cleared - could you please remove the FE-Legal block?
FE-Legal block lifted.
Thanks Richard, thanks Tomas. New Package SCM Request ======================= Package Name: byteman Short Description: Java agent-based bytecode injection tool Owners: goldmann
Git done (by process-git-requests).
Thanks for git, closing.