Spec URL: http://bochecha.fedorapeople.org/packages/libhtp.spec
SRPM URL: http://bochecha.fedorapeople.org/packages/libhtp-0.3.0-0.1.20111021.git537ac17.fc17.src.rpm


$ rpmlint libhtp*
libhtp.src: W: invalid-url Source0: libhtp-0.3.0-20111021.git537ac17.tar.xz
libhtp.spec: W: invalid-url Source0: libhtp-0.3.0-20111021.git537ac17.tar.xz
4 packages and 1 specfiles checked; 0 errors, 2 warnings.

This warning should be ignored as I'm creating the source tarball from a Git
snapshot (see comment in spec file).

Taking the review, stay tuned.

Hi Mathieu,

Package Review
==============

Key:
- = N/A
x = Pass
! = Fail
? = Not evaluated



==== C/C++ ====
[x]: MUST Header files in -devel subpackage, if present.
[x]: MUST Package does not contain any libtool archives (.la)
[x]: MUST Package does not contain kernel modules.
[x]: MUST Package contains no static executables.
[x]: MUST Rpath absent or only used for internal libs.
[x]: MUST Package is not relocatable.
[x]: MUST Development .so files in -devel subpackage, if present.


==== Generic ====
[x]: MUST Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: MUST Package successfully compiles and builds into binary rpms on at
     least one supported architecture.
[x]: MUST All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: MUST Buildroot is not present
     Note: Unless packager wants to package for EPEL5 this is fine
[x]: MUST Package contains no bundled libraries.
[x]: MUST Changelog in prescribed format.
[x]: MUST Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: Clean would be needed if support for EPEL is required
[x]: MUST Sources contain only permissible code or content.
[!]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: defattr(....) present in %files devel section. This is OK if
     packaging for EPEL5. Otherwise not needed
[x]: MUST Macros in Summary, %description expandable at SRPM build time.
[x]: MUST Package requires other packages for directories it uses.
[x]: MUST Package uses nothing in %doc for runtime.
[x]: MUST Package is not known to require ExcludeArch.
[x]: MUST Permissions on files are set properly.
[x]: MUST Package does not contain duplicates in %files.
[x]: MUST Spec file lacks Packager, Vendor, PreReq tags.
[x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf would be needed if support for EPEL5 is required
[x]: MUST If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %doc.
[x]: MUST License field in the package spec file matches the actual license.
[x]: MUST License file installed when any subpackage combination is installed.
[x]: MUST Package consistently uses macros (instead of hard-coded directory
     names).
[x]: MUST Package meets the Packaging Guidelines.
[x]: MUST Package is named according to the Package Naming Guidelines.
[x]: MUST Package does not generates any conflict.
[x]: MUST Package obeys FHS, except libexecdir and /usr/target.
[x]: MUST Package must own all directories that it creates.
[x]: MUST Package does not own files or directories owned by other packages.
[x]: MUST Package installs properly.
[!]: MUST Package requires pkgconfig, if .pc files are present. (EPEL5)
     Note: Only applicable for EL-5
[-]: MUST Requires correct, justified where necessary.
[!]: MUST Rpmlint output is silent.

rpmlint libhtp-0.3.0-0.1.20111021.git537ac17.fc17.src.rpm

libhtp.src: W: invalid-url Source0: libhtp-0.3.0-20111021.git537ac17.tar.xz
1 packages and 0 specfiles checked; 0 errors, 1 warnings.


rpmlint libhtp-devel-0.3.0-0.1.20111021.git537ac17.fc17.x86_64.rpm

1 packages and 0 specfiles checked; 0 errors, 0 warnings.


rpmlint libhtp-debuginfo-0.3.0-0.1.20111021.git537ac17.fc17.x86_64.rpm

1 packages and 0 specfiles checked; 0 errors, 0 warnings.


rpmlint libhtp-0.3.0-0.1.20111021.git537ac17.fc17.x86_64.rpm

1 packages and 0 specfiles checked; 0 errors, 0 warnings.


[x]: MUST Sources used to build the package match the upstream source, as
     provided in the spec URL.
libhtp-0.3.0-20111021.git537ac17.tar.xz :
  MD5SUM this package     : d29cb0177692cf4113dce3e674a8ac5a
  MD5SUM upstream package : d29cb0177692cf4113dce3e674a8ac5a

[x]: MUST Spec file is legible and written in American English.
[x]: MUST Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[-]: MUST Package contains a SysV-style init script if in need of one.
[x]: MUST File names are valid UTF-8.
[x]: SHOULD Reviewer should test that the package builds in mock.
[-]: SHOULD If the source package does not include license text(s) as a
     separate file from upstream, the packager SHOULD query upstream to
     include it.
[x]: SHOULD Dist tag is present.
[x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin,
     /usr/sbin.
[-]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[x]: SHOULD Package functions as described.
[x]: SHOULD Package does not include license text files separate from
     upstream.
[x]: SHOULD The placement of pkgconfig(.pc) files are correct.
[x]: SHOULD Scriptlets must be sane, if used.
[x]: SHOULD SourceX is a working URL.
[-]: SHOULD Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: SHOULD Package should compile and build into binary rpms on all supported
     architectures.
[-]: SHOULD %check is present and all tests pass.
[x]: SHOULD Packages should try to preserve timestamps of original installed
     files.
[x]: SHOULD Spec use %global instead of %define.

Issues:
[!]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: defattr(....) present in %files devel section. This is OK if
     packaging for EPEL5. Otherwise not needed
[!]: MUST Package requires pkgconfig, if .pc files are present. (EPEL5)
     Note: Only applicable for EL-5
[!]: MUST Rpmlint output is silent.

Generated by fedora-review 0.1.1


Your package looks good.

----------------
Package Approved
----------------

There are some things that should be addressed before the package is checked in:

- the devel package should require the base package this way:
  http://fedoraproject.org/wiki/PackagingGuidelines#Requiring_Base_Package

- Don't add the %doc files several times. Drop AUTHORS, LICENSE, and COPYING 
  from the devel package. Since it requires the base package, these files are 
  installed anyway.

- add README and NOTICE to the base package (with %doc) and doc/QUICK_START to
  the devel package

- I suggest to build the doxygen API documentation (cd into docs/ and run 
  doxygen doxygen.conf) the devel package.

- Either add a Group field to the base package (System Environment/Libraries), 
  or remove it from the devel package. Currently, the Group field is used
  inconsistently.

(In reply to comment #4)
> - I suggest to build the doxygen API documentation (cd into docs/ and run 
>   doxygen doxygen.conf) the devel package.

I meant: I suggest to build the doxygen API documentation, and to add it to the devel package. ;)

First of all, I want to apologize for taking so long to answer.

It seems that this review was part of Matthieu's sponsoring process and I hope my failure to react in a timely fashion didn't have any negative consequence on it, either for you, Matthieu, or for your sponsor, Martin.

(In reply to comment #3)
> Issues:
> [!]: MUST Each %files section contains %defattr if rpm < 4.4
>      Note: defattr(....) present in %files devel section. This is OK if
>      packaging for EPEL5. Otherwise not needed

Thanks, I removed the %defattr lines.

> [!]: MUST Package requires pkgconfig, if .pc files are present. (EPEL5)
>      Note: Only applicable for EL-5

I'll ignore this since I'm not targeting EPEL 5.

(In reply to comment #4)
> There are some things that should be addressed before the package is checked
> in:
> 
> - the devel package should require the base package this way:
>   http://fedoraproject.org/wiki/PackagingGuidelines#Requiring_Base_Package

Thanks, I somehow missed specifying the architecture.

> - Don't add the %doc files several times. Drop AUTHORS, LICENSE, and COPYING 
>   from the devel package. Since it requires the base package, these files are 
>   installed anyway.

Right, I fixed that.

> - add README and NOTICE to the base package (with %doc) and doc/QUICK_START to
>   the devel package

Good catch, I added those.

> - I suggest to build the doxygen API documentation (cd into docs/ and run 
>   doxygen doxygen.conf) the devel package.

Done, but since the generated doc is rather large I've added it to a -doc subpackage (noarch).

> - Either add a Group field to the base package (System Environment/Libraries), 
>   or remove it from the devel package. Currently, the Group field is used
>   inconsistently.

I had explicitly removed the one on the base package, but somehow forgot to do that for the devel subpackage as well. This is fixed.

----

I also updated to the latest upstream VCS snapshot, as it brings in a couple of bug fixes, better unit testing, and it makes it easier to build the doxygen documentation.

Spec URL: http://bochecha.fedorapeople.org/packages/libhtp.spec
SRPM URL: http://bochecha.fedorapeople.org/packages/libhtp-0.3.0-0.3.20120126.git53e5901.fc16.src.rpm

Matthieu, were you already sponsored at the time you approved the package?

Martin, since you had a few issues with the approved package, can I consider the review granted and ask for the SCM branches?

Thanks, and once again please accept my apologies for delaying the review for such a long time.

(In reply to comment #6)
> Matthieu, were you already sponsored at the time you approved the package?

Yes, Matthieu was already sponsored. Otherwise, he wouldn't had been able to set the review flags. :)

> Martin, since you had a few issues with the approved package, can I consider
> the review granted and ask for the SCM branches?

Yes, please do so. My additional notes were almost minor ones, so there's no need to block the package.

> Thanks, and once again please accept my apologies for delaying the review for
> such a long time.

Of course. To me, the delay isn't a problem at all.

Thanks Matthieu and Martin!

New Package SCM Request
=======================
Package Name: libhtp
Short Description: Security-aware parser for the HTTP protocol and the related bits and pieces
Owners: bochecha
Branches: f16 el6
InitialCC:

Git done (by process-git-requests).

Thank you Jon for the VCS.

I just committed, pushed, built and requested updates for all branches.

Closing.