Red Hat Bugzilla – Bug 808768
Review Request: annox - Java annotations in XML resources
Last modified: 2012-05-26 02:57:04 EDT
Spec URL: http://gil.fedorapeople.org/annox.spec SRPM URL: http://gil.fedorapeople.org/annox-0.5.0-1.fc16.src.rpm Description: Annox is an open source project which allows you to read arbitrary Java annotations from XML resources. JAXB users may be interested in Annox annotation reader for JAXB RI which allows you to define JAXB Java/XML mappings in XML resources (instead of annotations).
Tested on : http://koji.fedoraproject.org/koji/taskinfo?taskID=4011099
I'm taking this review.
Package Review ============== Key: - = N/A x = Pass ! = Fail ? = Not evaluated ==== Generic ==== [!]: MUST Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. The license text (http://confluence.highsource.org/display/ANX/License) says that "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution", but binary RPMs don't install the license as documentation nor reproduce it in any other way. It would be a good idea to ask upstream to include the license text. Solution: Please install the license along with binary packages. [x]: MUST Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: MUST %build honors applicable compiler flags or justifies otherwise. [x]: MUST All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: MUST Buildroot is not present Note: Unless packager wants to package for EPEL5 this is fine [x]: MUST Package contains no bundled libraries. [x]: MUST Changelog in prescribed format. [x]: MUST Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) Note: Clean would be needed if support for EPEL is required [x]: MUST Sources contain only permissible code or content. [x]: MUST Each %files section contains %defattr if rpm < 4.4 Note: Note: defattr macros not found. They would be needed for EPEL5 [x]: MUST Macros in Summary, %description expandable at SRPM build time. [x]: MUST Package requires other packages for directories it uses. [-]: MUST Package uses nothing in %doc for runtime. [x]: MUST Package is not known to require ExcludeArch. [x]: MUST Permissions on files are set properly. [x]: MUST Package does not contain duplicates in %files. [x]: MUST Spec file lacks Packager, Vendor, PreReq tags. [x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. Note: rm -rf would be needed if support for EPEL5 is required [-]: MUST Large documentation files are in a -doc subpackage, if required. [x]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: MUST License field in the package spec file matches the actual license. [x]: MUST License file installed when any subpackage combination is installed. [x]: MUST Package consistently uses macros (instead of hard-coded directory names). [x]: MUST Package is named according to the Package Naming Guidelines. [x]: MUST Package does not generate any conflict. [x]: MUST Package obeys FHS, except libexecdir and /usr/target. [x]: MUST Package must own all directories that it creates. [x]: MUST Package does not own files or directories owned by other packages. [x]: MUST Package installs properly. [x]: MUST Requires correct, justified where necessary. [!]: MUST Rpmlint output is silent. rpmlint annox-javadoc-0.5.0-1.fc18.noarch.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. rpmlint annox-0.5.0-1.fc18.noarch.rpm annox.noarch: W: no-documentation 1 packages and 0 specfiles checked; 0 errors, 1 warnings. rpmlint annox-0.5.0-1.fc18.src.rpm annox.src: W: invalid-url Source0: annox-0.5.0-src-svn.tar.gz 1 packages and 0 specfiles checked; 0 errors, 1 warnings. These warnings can be ignored. [?]: MUST Sources used to build the package match the upstream source, as provided in the spec URL. I haven't verified that yet. [x]: MUST Spec file is legible and written in American English. [x]: MUST Spec file name must match the spec package %{name}, in the format %{name}.spec. [-]: MUST Package contains a SysV-style init script if in need of one. [x]: MUST File names are valid UTF-8. [-]: MUST Useful -debuginfo package or justification otherwise. [x]: SHOULD Reviewer should test that the package builds in mock. [!]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. The package doesn't include license file, please query upstream. [x]: SHOULD Dist tag is present. [x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [x]: SHOULD Package functions as described. [!]: SHOULD Latest version is packaged. The newest upstream release is 0.5.1, but the packaged version is 0.5.0. You can consider packaging the newer version, especially if upstream agrees to incorporate license text into the repo. However since it's a minor release only it's fine keep version 0.5.0 packaged. [x]: SHOULD Package does not include license text files separate from upstream. [x]: SHOULD Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: SHOULD SourceX / PatchY prefixed with %{name}. Note: Source0: annox-0.5.0-src-svn.tar.gz (annox-0.5.0-src-svn.tar.gz) Patch0: annox-0.5.0-fixbuild.patch (annox-0.5.0-fixbuild.patch) [x]: SHOULD SourceX is a working URL. [-]: SHOULD Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [?]: SHOULD Package should compile and build into binary rpms on all supported architectures. [!]: SHOULD %check is present and all tests pass. The tests are disabled, as justifiex in .spec file. [x]: SHOULD Packages should try to preserve timestamps of original installed files. [x]: SHOULD Spec use %global instead of %define. ==== Java ==== [x]: MUST If source tarball includes bundled jar/class files these need to be removed prior to building [x]: MUST Packages have proper BuildRequires/Requires on jpackage-utils [x]: MUST Fully versioned dependency in subpackages, if present. [x]: MUST Javadoc documentation files are generated and included in -javadoc subpackage [x]: MUST Javadoc subpackages have Requires: jpackage-utils [x]: MUST Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlink) [x]: SHOULD Package has BuildArch: noarch (if possible) [x]: SHOULD Package uses upstream build method (ant/maven/etc.) ==== Maven ==== [x]: MUST Pom files have correct add_maven_depmap call Note: Some add_maven_depmap calls found. Please check if they are correct [x]: MUST Old add_to_maven_depmap macro is not being used [x]: MUST Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro [x]: MUST If package contains pom.xml files install it (including depmaps) even when building with ant [x]: MUST If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment Note: Some comment is used before mvn-rpmbuild command. Please verify it explains use of -Dmaven.test.skip [x]: MUST Package DOES NOT use %update_maven_depmap in %post/%postun [x]: MUST Packages use %{_mavenpomdir} instead of %{_datadir}/maven2/poms Summary ======= 1. Ask upstream to include license text 2. Install license file along with both packages Please correct the above flaws.
My question about the licensing situation on Fedora-legal-list: http://lists.fedoraproject.org/pipermail/legal/2012-May/001907.html and the answer: http://lists.fedoraproject.org/pipermail/legal/2012-May/001908.html I'm waiting for gil to take an appropriate action. gil: The spec file you sent to me looked fine. Post here the updated SRPM and spec please.
Spec URL: http://gil.fedorapeople.org/annox/annox.spec SRPM URL: http://gil.fedorapeople.org/annox/annox-0.5.0-2.fc16.src.rpm tested on : http://koji.fedoraproject.org/koji/taskinfo?taskID=4078187
Fixed issue: [x]: MUST Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. Checked now: [x]: MUST Sources used to build the package match the upstream source, as provided in the spec URL. Some minor problems not blocking the package: [!]: SHOULD %check is present and all tests pass. Tests are skipped, but a justification is given. [!]: SHOULD Latest version is packaged. A newer upstream version is available. [!]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. The maintainer hasn't asked upstream to include the license text. Because the remaining issues are not very important, annox is: ================ *** APPROVED *** ================
New Package SCM Request ======================= Package Name: annox Short Description: Java annotations in XML resources Owners: gil Branches: f16 f17 InitialCC: java-sig
Git done (by process-git-requests).
annox-0.5.0-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/annox-0.5.0-2.fc17
annox-0.5.0-2.fc17 has been pushed to the Fedora 17 testing repository.
annox-0.5.0-2.fc17 has been pushed to the Fedora 17 stable repository.