This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 806677 - Review Request: jboss-web - JBoss Web Server
Review Request: jboss-web - JBoss Web Server
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Juan Hernández
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-25 19:52 EDT by Anthony Sasadeusz
Modified: 2012-03-30 14:10 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-30 14:10:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
juan.hernandez: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Anthony Sasadeusz 2012-03-25 19:52:42 EDT
Spec URL: <http://cerberus.fedorapeople.org/jboss-web/7.0.13/1/jboss-web.spec>
SRPM URL: <http://cerberus.fedorapeople.org/jboss-web/7.0.13/1/jboss-web-7.0.13-1.fc18.src.rpm>

Description: JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat.

JBoss Web a component of the JBoss Application Server, there are no more standalone version of JBoss Web you need the Application Server to get the Servlet/JSP container.,

JBoss Web Server provides organizations with a single deployment platform for Java Server Pages (JSP) and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications.

http://koji.fedoraproject.org/koji/taskinfo?taskID=3931742
Comment 1 Juan Hernández 2012-03-26 10:11:51 EDT
I am taking this for review.
Comment 2 Juan Hernández 2012-03-26 12:32:37 EDT
Package Review
==============

Key:
- = N/A
x = Check
! = Problem
? = Not evaluated

=== REQUIRED ITEMS ===
[!]  Rpmlint output:

Output of rpmlint of the source package:

$ rpmlint jboss-web-7.0.13-1.fc18.src.rpm
jboss-web.src: E: description-line-too-long C JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat.
jboss-web.src: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden
jboss-web.src:60: W: macro-in-comment %{_javadocdir}
jboss-web.src:60: W: macro-in-comment %{name}
jboss-web.src:61: W: macro-in-comment %{_javadocdir}
jboss-web.src:61: W: macro-in-comment %{name}
jboss-web.src: W: invalid-url Source0: jboss-web-7.0.13.Final.tar.xz
1 packages and 0 specfiles checked; 1 errors, 6 warnings.

Output of rpmlint of the binary packages:

$ rpmlint jboss-web-7.0.13-1.fc18.noarch.rpm
jboss-web-doc-7.0.13-1.fc18.noarch.rpm jboss-web.noarch: E: description-line-too-long C JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat.
jboss-web.noarch: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden
jboss-web-doc.noarch: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden
2 packages and 0 specfiles checked; 1 errors, 2 warnings.

URL warnings are acceptable.

[x]  Package is named according to the Package Naming Guidelines[1].
[x]  Spec file name must match the base package name, in the format %{name}.spec.
[x]  Package meets the Packaging Guidelines[2].
[x]  Package successfully compiles and builds into binary rpms.

Koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3933281

[x]  Buildroot definition is not present

[!]  Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].

Some of the source files state in their license header that they are covered by "CDDL or GPLv2+ or ASL 2.0", which are known to be imcompatible. This affects most of the files in the java/javax directory. See for example the file "java/javax/servlet/ServletContextListener.java".

[!]  License field in the package spec file matches the actual license.

The license in the spec file is "LGPLv3+" but the package contains files with a mix of licenses. Some examples:

LGPLv2.1+: java/org/jboss/servlet/http/HttpEventFilterChain.java
LGPLv2+: java/org/jboss/web/php/PhpThread.java
ASL 2.0: java/org/apache/jasper/*
LGPLv2.1+ or ASL 2.0: java/org/apache/naming/resources/ProxyDirContext.java
MIT: java/org/apache/tomcat/util/json/JSONTokener.java
CDDL or LGPLv2+: java/javax/servlet/ServletContainerInitializer.java 

[x]  If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[x]  All independent sub-packages have license of their own
[x]  Spec file is legible and written in American English.
[x]  Sources used to build the package matches the upstream source, as provided in the spec URL.

Checked using a recursive diff of the sources, which gives output like this:

diff --recursive --unified
t/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java t2/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java
---
t/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2011-10-11 17:29:56.000000000 +0200
+++
t2/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2011-10-11 17:29:56.818919000 +0200
@@ -70,7 +70,7 @@
  * requests.  Requests of any other type will simply be passed
  * through.
  *
  * @author Craig R. McClanahan
- * @version $Revision: 1848 $ $Date: 2011-10-11 11:29:56 -0400
  (Tue, 11 Oct 2011) $
+ * @version $Revision: 1848 $ $Date: 2011-10-11 17:29:56 +0200
(Tue, 11 Oct 2011) $
  */

These differences are acceptable, as they appear due to distinct time zones and subversion quirks.

[x]  All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[x]  Package must own all directories that it creates or must require other packages for directories it uses.
[x]  Package does not contain duplicates in %files.
[x]  File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[x]  Permissions on files are set properly.
[x]  Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[x]  Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[x]  Package contains code, or permissable content.
[-]  Fully versioned dependency in subpackages, if present.
[-]  Package contains a properly installed %{name}.desktop file if it is a GUI application.
[-]  Package does not own files or directories owned by other packages.
[!]  Javadoc documentation files are generated and included in -javadoc subpackage
[!]  Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)

No javadoc is generated.

[x]  Packages have proper BuildRequires/Requires on jpackage-utils
[-]  Javadoc subpackages have Require: jpackage-utils
[x]  Package uses %global not %define
[x]  If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[x]  If source tarball includes bundled jar/class files these need to be removed prior to building
[x]  All filenames in rpm packages must be valid UTF-8.
[x]  Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[x]  If package contains pom.xml files install it (including depmaps) even when building with ant
[x]  pom files has correct add_maven_depmap

=== Maven ===
[x]  Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[-]  If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[-]  If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[x]  Package DOES NOT use %update_maven_depmap in %post/%postun
[x]  Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro

=== Other suggestions ===
[x]  If possible use upstream build method (maven/ant/javac)
[x]  Avoid having BuildRequires on exact NVR unless necessary
[x]  Package has BuildArch: noarch (if possible)
[x]  Latest version is packaged.
[x]  Reviewer should test that the package builds in mock.

Tested on: http://koji.fedoraproject.org/koji/taskinfo?taskID=3933281

=== Issues ===
1. Description line is too long, please make it shorter than 79 characters.
2. Macros in comments, please remove them.
3. Several license issues, see above.
4. No javadocs.

=== Final Notes ===
My suggestion to move forward:

1. Contact upstream developers and inform them of the licensing issues, specially for the files stating several incompatible licenses. Contact legal@lists.fedoraproject.org for assistance.

2. Remove macros from comments (this is not strictly required).

3. As the licensing of the content in the "java/javax" is problematic you may want to replace it with dependencies on packages providing the same content. In this particular case that content can be obtained from the following packages (already in rawhide):

jboss-annotations-1.1-api
jboss-el-2.2-api
jboss-jsp-2.1-api
jboss-servlet-3.0-api

You could add those to BuildRequires and Requires. Then in the %setup section you can remove the "java/javax" directory and replace it with links in the "lib" directory: 

%setup

# Remove all the javax classes, as they should come from other packages:
rm -rf java/javax
ln -s $(build-classpath jboss-annotations-1.1-api) lib
ln -s $(build-classpath jboss-el-2.2-api) lib
ln -s $(build-classpath jboss-jsp-2.2-api) lib
ln -s $(build-classpath jboss-servlet-3.0-api) lib

If you do this you will need to add the dependencies to the POM file as well.

This also reduces the number of different implementations of "javax" things that we have in Fedora.

I would even suggest to remove that "java/javax" directory from the source tarball.

Once the license issues are cleared with upstream and legal we can check what is the right license type.

4. In order to generate the javadoc you could add a new source file:

Source2: build-javadoc.xml

With the following content:

<project name="javadoc" default="build">
  <target name="build">
    <mkdir dir="apidocs" />
    <javadoc destdir="apidocs">
      <fileset dir="java"/>
    </javadoc>
  </target>
</project>

Then in the spec you can add the following:

%setup
cp %{SOURCE2} .

%build
ant -f build-javadoc.xml

%install
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}
cp -rp apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
Comment 3 Anthony Sasadeusz 2012-03-26 12:58:57 EDT
Okay, I will work on it. Thanks for the review!
Comment 4 Anthony Sasadeusz 2012-03-27 00:35:19 EDT
Sent out e-mails to legal and Remy Maucherat (project lead for jbossweb) about the licensing issue. Tried your method to build javadoc. It worked but wouldn't build the project so I added a patch to patch build.xml. Looks to me like it should have worked. It creates apidocs folder but then still complains about it not existing. Can you take a peek? Thanks for your guidance. 

- Tony

http://cerberus.fedorapeople.org/jboss-web/7.0.13/2/jboss-web.spec
http://cerberus.fedorapeople.org/jboss-web/7.0.13/2/jboss-web-7.0.13-2.fc16.src.rpm
Comment 5 Juan Hernández 2012-03-27 04:37:48 EDT
Thanks Tony!

In order to use the method I suggested to build the javadoc you need to use the original build.xml *and* the new build-javadoc.xml. It wasn't very well explained in my previous comment, sorry. In the %build section you will need to invoke ant twice:

# Once for the binaries:
ant

# And another time for the javadoc:
ant -f build-javadoc.xml

Patching the original build.xml is also ok, but it will require more work when you update to a new upstream version. I let it up to you to decide which is better. Right now it is not working because of the slash in front of the directory, it should be a relative path:

- cp -rp /apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
+ cp -rp apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
Comment 6 Anthony Sasadeusz 2012-03-27 16:21:35 EDT
Okay. Haha, yeah that was my first thought but I didn't change the path to relative. Fixed now. Also added a %files javadoc section. Javadoc still throws warnings about the stuff that was deleted. Don't know if it's required but I guess put some exclusions in the build-javadoc.xml for those directories. Also do I still add dependency information in jboss-web-7.0.13.Final-pom.xml.

Thanks again Juan!

http://koji.fedoraproject.org/koji/taskinfo?taskID=3937470

http://cerberus.fedorapeople.org/jboss-web/7.0.13/3/jboss-web.spec

http://cerberus.fedorapeople.org/jboss-web/7.0.13/3/jboss-web-7.0.13-3.fc18.src.rpm
Comment 7 Juan Hernández 2012-03-28 06:34:23 EDT
Package Review
==============

Key:
- = N/A
x = Check
! = Problem
? = Not evaluated

=== REQUIRED ITEMS ===
[!]  Rpmlint output:

Output of rpmlint of the source package:

$ rpmlint jboss-web-7.0.13-3.fc18.src.rpm
jboss-web.src: E: description-line-too-long C JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat.
jboss-web.src: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden
jboss-web.src: W: invalid-url Source0: jboss-web-7.0.13.Final.tar.xz
1 packages and 0 specfiles checked; 1 errors, 2 warnings.

Output of rpmlint of the binary packages:

$ rpmlint jboss-web-7.0.13-3.fc18.noarch.rpm jboss-web-doc-7.0.13-3.fc18.noarch.rpm jboss-web-javadoc-7.0.13-3.fc18.noarch.rpm
jboss-web.noarch: E: description-line-too-long C JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat.
jboss-web.noarch: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden
jboss-web-doc.noarch: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden
jboss-web-javadoc.noarch: W: spelling-error Summary(en_US) Javadocs -> Java docs, Java-docs, Avocados
jboss-web-javadoc.noarch: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden
3 packages and 0 specfiles checked; 1 errors, 4 warnings.

URL warnings are acceptable.

The description should be shorter than 79 characters.

[x]  Package is named according to the Package Naming Guidelines[1].
[x]  Spec file name must match the base package name, in the format %{name}.spec.
[x]  Package meets the Packaging Guidelines[2].
[x]  Package successfully compiles and builds into binary rpms.

Koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3939085

[x]  Buildroot definition is not present
[x]  Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].
[!]  License field in the package spec file matches the actual license.

The license in the spec file is "LGPLv3+" but the package contains files with a mix of licenses. Some examples:

LGPLv2.1+: java/org/jboss/servlet/http/HttpEventFilterChain.java
LGPLv2+: java/org/jboss/web/php/PhpThread.java
ASL 2.0: java/org/apache/jasper/*
LGPLv2.1+ or ASL 2.0: java/org/apache/naming/resources/ProxyDirContext.java
MIT: java/org/apache/tomcat/util/json/JSONTokener.java

The license type should be: LGPLv2+ and ASL 2.0 and MIT and (LGPLv2+ or ASL 2.0)

[x]  If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[x]  All independent sub-packages have license of their own
[x]  Spec file is legible and written in American English.
[x]  Sources used to build the package matches the upstream source, as provided in the spec URL.

Checked using a recursive diff of the sources, which gives output like this:

diff --recursive --unified
t/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java t2/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java
---
t/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2011-10-11 17:29:56.000000000 +0200
+++
t2/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2011-10-11 17:29:56.818919000 +0200
@@ -70,7 +70,7 @@
  * requests.  Requests of any other type will simply be passed
  * through.
  *
  * @author Craig R. McClanahan
- * @version $Revision: 1848 $ $Date: 2011-10-11 11:29:56 -0400
  (Tue, 11 Oct 2011) $
+ * @version $Revision: 1848 $ $Date: 2011-10-11 17:29:56 +0200
(Tue, 11 Oct 2011) $
  */

These differences are acceptable, as they appear due to distinct time zones and subversion quirks.

[x]  All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[x]  Package must own all directories that it creates or must require other packages for directories it uses.
[x]  Package does not contain duplicates in %files.
[x]  File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[x]  Permissions on files are set properly.
[x]  Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[x]  Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[x]  Package contains code, or permissable content.
[-]  Fully versioned dependency in subpackages, if present.
[-]  Package contains a properly installed %{name}.desktop file if it is a GUI application.
[-]  Package does not own files or directories owned by other packages.
[x]  Javadoc documentation files are generated and included in -javadoc subpackage
[x]  Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)

No javadoc is generated.

[x]  Packages have proper BuildRequires/Requires on jpackage-utils
[-]  Javadoc subpackages have Require: jpackage-utils
[x]  Package uses %global not %define
[x]  If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[x]  If source tarball includes bundled jar/class files these need to be removed prior to building
[x]  All filenames in rpm packages must be valid UTF-8.
[x]  Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[x]  If package contains pom.xml files install it (including depmaps) even when building with ant
[x]  pom files has correct add_maven_depmap

=== Maven ===
[x]  Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[-]  If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[-]  If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[x]  Package DOES NOT use %update_maven_depmap in %post/%postun
[x]  Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro

=== Other suggestions ===
[x]  If possible use upstream build method (maven/ant/javac)
[x]  Avoid having BuildRequires on exact NVR unless necessary
[x]  Package has BuildArch: noarch (if possible)
[x]  Latest version is packaged.
[x]  Reviewer should test that the package builds in mock.

Tested on: http://koji.fedoraproject.org/koji/taskinfo?taskID=3939085

=== Issues ===
1. Description line is too long, please make it shorter than 79 characters.
2. License should be "LGPLv2+ and ASL 2.0 and MIT and (LGPLv2+ or ASL 2.0)".
3. "Requires: jboss-jsp-2.1-api" should be "Requires: jboss-jsp-2.2-api".
4. The POM file doesn't include the dependencies for "jboss-*-api".

=== Final Notes ===
We are almost there! The javadoc warnings are acceptable. Once you fix the above issues I will approve.

To be clear about #1, #2 and #3:

--- jboss-web.spec
+++ jboss-web.spec
@@ -6,7 +6,7 @@
 Release:          3%{?dist}
 Summary:          JBoss Web
 Group:            Development/Libraries
-License:          LGPLv3+
+License:          LGPLv2+ and ASL 2.0 and MIT and (LGPLv2+ or ASL 2.0)
 URL:              http://www.jboss.org/jbossweb
 
 # svn export
 # http://anonsvn.jboss.org/repos/jbossweb/tags/JBOSSWEB_7_0_13_FINAL/
 # jboss-web-7.0.13.Final
@@ -34,11 +34,12 @@
 Requires:         java
 Requires:         jboss-annotations-1.1-api
 Requires:         jboss-el-2.2-api
-Requires:         jboss-jsp-2.1-api
+Requires:         jboss-jsp-2.2-api
 Requires:         jboss-servlet-3.0-api
 
 %description
-JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat.
+JBoss Web Server is an enterprise ready web server designed for medium and
+large applications, based on Tomcat.
 
 %package doc
 Summary:          User guide for %{name}

For #4 you need to add something like this to the POM:

  <dependencies>
    <dependency>
      <groupId>org.jboss.spec.javax.annotation</groupId>
      <artifactId>jboss-annotations-api_1.1_spec</artifactId>
      <version>1.0.1-SNAPSHOT</version>
    </dependency>
    <dependency>
      <groupId>org.jboss.spec.javax.el</groupId>
      <artifactId>jboss-el-api_2.2_spec</artifactId>
      <version>1.0.1-SNAPSHOT</version>
    </dependency>
    <dependency>
      <groupId>org.jboss.spec.javax.servlet.jsp</groupId>
      <artifactId>jboss-jsp-api_2.2_spec</artifactId>
      <version>1.0.1.Final</version>
    </dependency>
    <dependency>
      <groupId>org.jboss.spec.javax.servlet</groupId>
      <artifactId>jboss-servlet-api_3.0_spec</artifactId>
      <version>1.0.1.Final</version>
    </dependency>
  </dependencies>

Thanks Tony!
Comment 9 Juan Hernández 2012-03-28 17:11:50 EDT
I don't see any reason to block this package now.

There is a little thing that you can fix before doing the initial commit. Instead of long lines in the changelog, use several lines, one per change:

* Wed Mar 28 2012 Anthony Sasadeusz <sasadeu1@umbc.edu> 7.0.13-4
- Fixed licensing issue
- Cleaned up description and requires section
- Added dependency information to POM file

Good job!

================
*** APPROVED ***
================
Comment 10 Anthony Sasadeusz 2012-03-28 17:33:47 EDT
New Package SCM Request
=======================
Package Name: jboss-web
Short Description: JBoss Web Server
Owners: cerberus
Branches: f17
InitialCC: goldmann jhernand
Comment 11 Gwyn Ciesla 2012-03-29 08:25:40 EDT
Git done (by process-git-requests).
Comment 12 Anthony Sasadeusz 2012-03-29 11:14:51 EDT
Did a fedpkg build for f17 and only 1 of the 3 completed. The two that failed complained about Error: No Package found for jboss-annotations-1.1-api.

Not sure if I can close this bug yet.

http://koji.fedoraproject.org/koji/taskinfo?taskID=3943576
Comment 13 Juan Hernández 2012-03-29 11:25:47 EDT
I created a buildroot override for jboss-annotations-1.1-api. That should allow you to do the build. Please wait for the next repo and then try again the build:

koji wait-repo f17-build
fedpkg build
Comment 14 Juan Hernández 2012-03-30 04:18:17 EDT
Tony, I see that you already built for F17. Please remember to create an update:

fedpkg update

Thanks!

Note You need to log in before you can comment on or make changes to this bug.