Bug 790869 - explicit-lib-dependency should filter msv-xsdlib
explicit-lib-dependency should filter msv-xsdlib
Product: Fedora
Classification: Fedora
Component: rpmlint (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Tom "spot" Callaway
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-02-15 10:36 EST by Andy Grimm
Modified: 2016-11-07 22:46 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-07-24 17:03:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Whitelist for valid explicit "lib" packages (1.09 KB, patch)
2012-07-24 21:29 EDT, Andy Grimm
no flags Details | Diff

  None (edit)
Description Andy Grimm 2012-02-15 10:36:24 EST
Description of problem:

msv-xsdlib is a java package, and should not be flagged by the explicit-lib-dependency lint check.  Currently, any java package which requires msv-xsdlib raises a lint error, for example:

relaxngcc.noarch: E: explicit-lib-dependency msv-xsdlib

This may be confusing for package reviewers.

Version-Release number of selected component (if applicable):
Comment 1 Jeff Peeler 2012-07-24 16:58:34 EDT
I've encountered the same issue with another package: python-httplib2.

heat.noarch: E: explicit-lib-dependency python-httplib2
You must let rpm find the library dependencies by itself. Do not put unneeded
explicit Requires: tags.

Suspect that the lib part of the file name is what is erroneously being flagged in both cases.

Same NVR, rpmlint-1.4-6.fc17
Comment 2 Tom "spot" Callaway 2012-07-24 17:03:59 EDT
Yes, the check is looking for the string "lib" in explicit Requires. This tosses a false positive all the time.

Closing as CANTFIX. If someone has a better idea to accomplish this check in a more correct way (keeping in mind that all we know about the Requires is the string holding the package name, and we have no way to actually look inside the package providing the string being Required), feel free to reopen with a patch.
Comment 3 Andy Grimm 2012-07-24 21:29:00 EDT
Created attachment 600192 [details]
Whitelist for valid explicit "lib" packages

If it's acceptable to simply hardcode a whitelist of packages that we know should be ignored, then the attached patch is a start.  There are plenty of other hardcoded lists in rpmlint (licenses, shells, biarch packages, etc.), so this seems reasonable.

Of course, if we are going to apply something like this at all, it might be good to do a full pass through the current package list to find others which should be whitelisted.  I suspect that most perl, python, and ruby modules which end in "lib" should be in the list.
Comment 4 Tom "spot" Callaway 2012-07-25 09:47:19 EDT
I don't think I want to try to solve this with a whitelist for a number of reasons:

1) It is entirely plausible that one Requires: foolib is valid and necessary (think dlopen), while another use of Requires: foolib is invalid and inappropriate.

2) It scales poorly, even if we do a full pass through the whole Fedora package list.

I'm going to defer to upstream on this one, if they want to adopt this approach, we'll do it, but otherwise, I think we'll just let packagers use their own judgement on parsing this Error.
Comment 5 Ville Skyttä 2012-07-26 01:36:44 EDT
I'm with spot on this one. Note the "unneeded" in the info message "Do not put unneeded explicit Requires: tags." - sometimes explicit dependencies to various lib packages are simply _needed_, such as in the cases already mentioned, as well as when one needs to add versioning that is not covered by other means.
Comment 6 Andy Grimm 2012-07-26 10:07:39 EDT
Ok, understood.  Just thought I'd suggest the patch before the issue was closed for good.  Thanks for the comments.
Comment 7 Orion Poplawski 2013-08-01 16:47:23 EDT
Might it be worth it to whitelist python-* as there are currently no automatic python dependencies generated?

Note You need to log in before you can comment on or make changes to this bug.