Bug 801680 - Review Request: picketbox - Security framework for Java Applications
Review Request: picketbox - Security framework for Java Applications
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Marek Goldmann
Fedora Extras Quality Assurance
Depends On: 800756 801614 801651
Blocks: 802182
  Show dependency treegraph
Reported: 2012-03-09 01:37 EST by Ricardo Arguello
Modified: 2012-04-11 23:35 EDT (History)
4 users (show)

See Also:
Fixed In Version: picketbox-4.0.6-5.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-04-11 23:35:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mgoldman: fedora‑review+
limburgher: fedora‑cvs+

Attachments (Terms of Use)
jboss-servlet-3.0-api patch (6.02 KB, patch)
2012-03-16 07:33 EDT, Marek Goldmann
no flags Details | Diff

  None (edit)
Description Ricardo Arguello 2012-03-09 01:37:18 EST
Spec URL:


Description: Security framework for Java Applications
Comment 1 Marek Goldmann 2012-03-16 06:00:44 EDT
Ricardo, we need to remove geronimo-jpa from R and BR, and specify minimum version for hibernate-jpa-2.0-api as follows: ">= 1.0.1-5".
Comment 2 Marek Goldmann 2012-03-16 07:33:05 EDT
Created attachment 570584 [details]
jboss-servlet-3.0-api patch

Added a patch that should replace the one you have in sources. This allows to not depend on servlet 2.5.
Comment 3 Marek Goldmann 2012-03-16 11:22:06 EDT
Please also remove the "-a "org.picketbox:picketbox" part.
Comment 5 Marek Goldmann 2012-03-22 13:48:46 EDT
Package Review

- = N/A
x = Check
! = Problem
? = Not evaluated

[!]  Rpmlint output:

$ rpmlint SPECS/picketbox.spec 
SPECS/picketbox.spec:163: W: macro-in-%changelog %add_maven_depmap
SPECS/picketbox.spec: W: invalid-url Source0: picketbox-4.0.6.final.tar.xz
0 packages and 1 specfiles checked; 0 errors, 2 warnings.

$ rpmlint SRPMS/picketbox-4.0.6-3.fc17.src.rpm 
picketbox.src: I: enchant-dictionary-not-found en_US
picketbox.src: E: description-line-too-long C Java Security Framework that provides Java developers the following functionality:
picketbox.src: W: invalid-url URL: http://www.jboss.org/picketbox HTTP Error 403: Forbidden
picketbox.src:163: W: macro-in-%changelog %add_maven_depmap
picketbox.src: W: invalid-url Source0: picketbox-4.0.6.final.tar.xz
1 packages and 0 specfiles checked; 1 errors, 3 warnings.

$ rpmlint RPMS/noarch/picketbox-4.0.6-3.fc17.noarch.rpm 
picketbox.noarch: I: enchant-dictionary-not-found en_US
picketbox.noarch: E: description-line-too-long C Java Security Framework that provides Java developers the following functionality:
picketbox.noarch: W: invalid-url URL: http://www.jboss.org/picketbox HTTP Error 403: Forbidden
picketbox.noarch: W: no-documentation
1 packages and 0 specfiles checked; 1 errors, 2 warnings.

See #1 and #2.

[x]  Package is named according to the Package Naming Guidelines[1].
[x]  Spec file name must match the base package name, in the format %{name}.spec.
[x]  Package meets the Packaging Guidelines[2].
[x]  Package successfully compiles and builds into binary rpms.
[x]  Buildroot definition is not present
[x]  Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].
[x]  License field in the package spec file matches the actual license.
License type: LGPLv2+
[-]  If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[x]  All independent sub-packages have license of their own
[x]  Spec file is legible and written in American English.
[x]  Sources used to build the package matches the upstream source, as provided in the spec URL.
MD5SUM this package    : 8f85cd21a421341d67298b3907bd7cb1
MD5SUM upstream package: 34b36e57ca4a7705692e7f4ed8ffbb83

SVN export, OK.

[x]  All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[x]  Package must own all directories that it creates or must require other packages for directories it uses.
[x]  Package does not contain duplicates in %files.
[x]  File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[x]  Permissions on files are set properly.
[x]  Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[x]  Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[x]  Package contains code, or permissable content.
[x]  Fully versioned dependency in subpackages, if present.
[-]  Package contains a properly installed %{name}.desktop file if it is a GUI application.
[x]  Package does not own files or directories owned by other packages.
[x]  Javadoc documentation files are generated and included in -javadoc subpackage
[x]  Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)
[x]  Packages have proper BuildRequires/Requires on jpackage-utils
[x]  Javadoc subpackages have Require: jpackage-utils
[x]  Package uses %global not %define
[x]  If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[-]  If source tarball includes bundled jar/class files these need to be removed prior to building
[x]  All filenames in rpm packages must be valid UTF-8.
[x]  Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[x]  If package contains pom.xml files install it (including depmaps) even when building with ant
[x]  pom files has correct add_maven_depmap

=== Maven ===
[x]  Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[x]  If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[-]  If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[x]  Package DOES NOT use %update_maven_depmap in %post/%postun
[x]  Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro

=== Other suggestions ===
[x]  If possible use upstream build method (maven/ant/javac)
[x]  Avoid having BuildRequires on exact NVR unless necessary
[x]  Package has BuildArch: noarch (if possible)
[x]  Latest version is packaged.
[x]  Reviewer should test that the package builds in mock.
Tested on:

locally with required deps available

=== Issues ===
1. Break line #64 so it will be shorter than 80 chars.
2. Please remove the macro from changelog (just remove the '%' char)
Comment 7 Marek Goldmann 2012-03-23 04:55:07 EDT
*** APPROVED ***
Comment 8 Ricardo Arguello 2012-03-23 10:51:58 EDT
New Package SCM Request
Package Name: picketbox
Short Description: Security framework for Java Applications
Owners: ricardo
Branches: f17
InitialCC: goldmann
Comment 9 Gwyn Ciesla 2012-03-23 11:00:19 EDT
Git done (by process-git-requests).
Comment 10 Fedora Update System 2012-03-24 19:17:06 EDT
picketbox-4.0.6-5.fc17 has been submitted as an update for Fedora 17.
Comment 11 Fedora Update System 2012-03-25 17:30:04 EDT
picketbox-4.0.6-5.fc17 has been pushed to the Fedora 17 testing repository.
Comment 12 Fedora Update System 2012-04-11 23:35:29 EDT
picketbox-4.0.6-5.fc17 has been pushed to the Fedora 17 stable repository.

Note You need to log in before you can comment on or make changes to this bug.