Red Hat Bugzilla – Bug 790869
explicit-lib-dependency should filter msv-xsdlib
Last modified: 2016-11-07 22:46:02 EST
Description of problem:
msv-xsdlib is a java package, and should not be flagged by the explicit-lib-dependency lint check. Currently, any java package which requires msv-xsdlib raises a lint error, for example:
relaxngcc.noarch: E: explicit-lib-dependency msv-xsdlib
This may be confusing for package reviewers.
Version-Release number of selected component (if applicable):
I've encountered the same issue with another package: python-httplib2.
heat.noarch: E: explicit-lib-dependency python-httplib2
You must let rpm find the library dependencies by itself. Do not put unneeded
explicit Requires: tags.
Suspect that the lib part of the file name is what is erroneously being flagged in both cases.
Same NVR, rpmlint-1.4-6.fc17
Yes, the check is looking for the string "lib" in explicit Requires. This tosses a false positive all the time.
Closing as CANTFIX. If someone has a better idea to accomplish this check in a more correct way (keeping in mind that all we know about the Requires is the string holding the package name, and we have no way to actually look inside the package providing the string being Required), feel free to reopen with a patch.
Created attachment 600192 [details]
Whitelist for valid explicit "lib" packages
If it's acceptable to simply hardcode a whitelist of packages that we know should be ignored, then the attached patch is a start. There are plenty of other hardcoded lists in rpmlint (licenses, shells, biarch packages, etc.), so this seems reasonable.
Of course, if we are going to apply something like this at all, it might be good to do a full pass through the current package list to find others which should be whitelisted. I suspect that most perl, python, and ruby modules which end in "lib" should be in the list.
I don't think I want to try to solve this with a whitelist for a number of reasons:
1) It is entirely plausible that one Requires: foolib is valid and necessary (think dlopen), while another use of Requires: foolib is invalid and inappropriate.
2) It scales poorly, even if we do a full pass through the whole Fedora package list.
I'm going to defer to upstream on this one, if they want to adopt this approach, we'll do it, but otherwise, I think we'll just let packagers use their own judgement on parsing this Error.
I'm with spot on this one. Note the "unneeded" in the info message "Do not put unneeded explicit Requires: tags." - sometimes explicit dependencies to various lib packages are simply _needed_, such as in the cases already mentioned, as well as when one needs to add versioning that is not covered by other means.
Ok, understood. Just thought I'd suggest the patch before the issue was closed for good. Thanks for the comments.
Might it be worth it to whitelist python-* as there are currently no automatic python dependencies generated?