Bug 817271 - Review Request:openerp - Business Applications Server
Review Request:openerp - Business Applications Server
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Richard Shaw
Fedora Extras Quality Assurance
:
Depends On: 817270 818264
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-28 09:47 EDT by Alec Leamas
Modified: 2012-07-10 16:56 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-03 02:41:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
hobbes1069: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Alec Leamas 2012-04-28 09:47:33 EDT
Spec URL: http://dl.dropbox.com/u/17870887/openerp-server-6.0.4-1/openerp-server.spec
SRPM URL: http://dl.dropbox.com/u/17870887/openerp-server-6.0.4-1/openerp-server-6.0.4-1.fc16.src.rpm
Description:
OpenERP is a free Enterprise Resource Planning and Customer Relationship
Management software. It is mainly developed to meet changing needs.

The main functional features are: CRM & SRM, analytic and financial accounting,
double-entry stock management, sales and purchases management, tasks automation,
help desk, marketing campaign, ... and vertical modules for very specific
businesses.
[cut]
This server package contains the core (server) of OpenERP system and all
additions of the official distribution. You may need the GTK client to connect
to this server, or the web-client, which serves to HTML browsers. You can
also find more additions (aka. modules) for this ERP system in:
http://www.openerp.com/ or  http://apps.openerp.com

rpmlint:
openerp-server.noarch: W: non-standard-uid /etc/openerp/openerp-server.conf openerp
openerp-server.noarch: W: non-standard-gid /etc/openerp/openerp-server.conf openerp
openerp-server.noarch: W: non-standard-uid /var/run/openerp openerp
openerp-server.noarch: W: non-standard-gid /var/run/openerp openerp
openerp-server.noarch: W: non-standard-uid /var/log/openerp openerp
openerp-server.noarch: W: non-standard-gid /var/log/openerp openerp
openerp-server.noarch: W: non-standard-uid /var/spool/openerp openerp
openerp-server.noarch: W: non-standard-gid /var/spool/openerp openerp
- Are OK, they refer to user/group created by the package
openerp-server.noarch: W: no-manual-page-for-binary openerp-gen-cert
- No blocker

This is https://bugzilla.redhat.com/show_bug.cgi?id=693425 resurrected. The original submitter closed that as WONTFIX. I have continued his work here.

This only the server package. To test and setup this a GTK client is needed. For test purposes there is a srpm at http://dl.dropbox.com/u/17870887/openerp-client/openerp-client-6.0.2-6.fc14.src.rpm
Comment 1 Alec Leamas 2012-04-28 09:58:19 EDT
Updating metadata
Comment 3 Robin Lee 2012-05-08 00:04:50 EDT
The URL of Source0 in 6.1 specfile seems 404.

And if you change the name of the package, you should update the title of this report.

And the summary is missed in the title.
Comment 4 Alec Leamas 2012-05-08 02:09:13 EDT
Thanks for input. However, note the 'NotReady' whiteboard status: this is a work in progress not ready for review.
Comment 5 Alec Leamas 2012-06-19 19:42:00 EDT
As of now, the python-xlwt dependency is only available in rawhide.
Comment 6 Alec Leamas 2012-06-20 15:59:33 EDT
And as of now python-xlwt is in updates-testing for F16 and F17

The test tool openerp-client is under review in bug 818805.

I think this bug is ready for review.
Comment 7 Richard Shaw 2012-06-21 15:28:46 EDT
Ok, licenses is one of my weak points and I'm not sure you have all the bases covered but I could definitely be wrong :)

Licenses detected in source:
$ licensecheck -r . | awk -F ": " '{ print $2 }' | sort | uniq -c
      1 AGPL
     22 AGPL (v2.1 or later) LGPL (v2.1 or later)
   1276 AGPL (v3 or later)
      9 AGPL (v3 or later) GENERATED FILE
      2 AGPL (v3 or later) LGPL (v3 or later)
      5 BSD (2 clause)
      6 BSD (3 clause)
      7 BSD (4 clause)
     43 GPL
      2 GPL GENERATED FILE
     40 GPL (v2 or later)
     41 GPL (v3 or later)
      1 LGPL
      1 *No copyright* AGPL (v3 or later)
     43 *No copyright* GENERATED FILE
    161 *No copyright* UNKNOWN
      4 UNKNOWN

Is just using "AGPLv3+" good enough to cover all of the AGPLs listed? Same for GPL. Also, BSD (4 clause) should be referenced as "BSD with advertising"...
Comment 8 Richard Shaw 2012-06-21 15:32:09 EDT
Also, it's never OK to patch licenses. The bad FSF address is not considered a blocker but it is recommended to at least tell upstream about it. You might as well send them your patch.
Comment 9 Richard Shaw 2012-06-21 15:38:51 EDT
Duh, I looked at your LICENSING file... never mind. But perhaps using the guidelines version of the comment and file name would be good?

# For a breakdown of the licensing, see PACKAGE-LICENSING
Comment 10 Alec Leamas 2012-06-21 16:16:52 EDT
(In reply to comment #8)
> Also, it's never OK to patch licenses. The bad FSF address is not considered
> a blocker but it is recommended to at least tell upstream about it. You
> might as well send them your patch.

License files can't be patched, agreed. But license text in source can be patched, see https://fedoraproject.org/wiki/Common_Rpmlint_issues#incorrect-fsf-address (OK, I actually wrote that :), but it's still kind of a reference)

(In reply to comment #9)
> Duh, I looked at your LICENSING file... never mind. But perhaps using the
> guidelines version of the comment and file name would be good?
> 
> # For a breakdown of the licensing, see PACKAGE-LICENSING

Sure, I can change it according to that. 

I read this as you hadn't noticed the break-down when you wrote comment #7

Holding updated links in wait for more remarks or conclusions.
Comment 11 Alec Leamas 2012-06-21 16:20:23 EDT
(In reply to comment #10)
> (In reply to comment #8)
> > Also, it's never OK to patch licenses.[cut] You
> > might as well send them your patch.
Already done, see the comment attached to the patch.
Comment 12 Richard Shaw 2012-06-21 16:22:38 EDT
(In reply to comment #11)
> (In reply to comment #10)
> > (In reply to comment #8)
> > > Also, it's never OK to patch licenses.[cut] You
> > > might as well send them your patch.
> Already done, see the comment attached to the patch.

Yup, sorry. I use puTTY at work to ssh into my home machine and the blue on black is almost unreadable :)

I would just drop the patch since it's not a blocker and let it be fixed on the next upstream release.
Comment 13 Alec Leamas 2012-06-21 16:39:51 EDT
If you insist, I will certainly drop it. But I prefer to use it - it's a question of keeping rpmlint output at a reasonable size. Without the patch, the output is just insane.

And since the guidelines allows it, why not? Of course, if they release another version without applying the patch it's some work. But it's generated by a script, so I'm not that worried. I can even drop it at an update. But for the review, I think it's an advantage to keep it. 

But, like I said, it's your decision.
Comment 14 Richard Shaw 2012-06-21 16:42:14 EDT
Nah, good enough for me.
Comment 15 Richard Shaw 2012-06-29 14:36:47 EDT
Ok, now that the whole freecad, pycxx, zipios issues on my end are done, time to get back to this. Working on the full review.
Comment 16 Richard Shaw 2012-06-29 16:09:27 EDT
Ok, a couple of nit-picks:

1. The source tag could use the %name and %version tags a little more:
Source0:    http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
could be:
Source0:    http://nightly.openerp.com/%{version}/nightly/src/%{name}-%{version}%{oe_rel}.tar.gz

unless the 6.1 doesn't get the patch level version number when/if it occurs. 

2. If your using "install" to install additional files from the source then you need to add the -p option to preserve time stamps, i.e.:

install -m 644 -D install/openerp-server.conf  \
    %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf
to:
install -pm 644 -D install/openerp-server.conf  \
    %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf

3. I'm not a reviewers that insists on using %dir in %files and calling out each directory/file underneath it separately but if you're going to glob a whole directory it's a good practice to leave a trailing slash on the entry so it's obvious to someone else looking at your spec:

%{_datadir}/openerp
to:
%{_datadir}/openerp/

4. I assume some of the strange permissions are needed for functionality or security? It would probably be a good idea to add comments to the entries in %files where you're assigning non-standard perms.
Comment 17 Alec Leamas 2012-06-29 16:39:40 EDT
(In reply to comment #16)
> Ok, a couple of nit-picks:
> 
> 1. The source tag could use the %name and %version tags a little more:
> Source0:   
> http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
> could be:
> Source0:   
> http://nightly.openerp.com/%{version}/nightly/src/%{name}-
> %{version}%{oe_rel}.tar.gz
> 
> unless the 6.1 doesn't get the patch level version number when/if it occurs.
I certainly could, and I will if you insist. However, using openerp instead of name is on purpose and as I understand it according to the guidelines. The macro section explicitly says that using macros (besides paths) is a question of personal preferences, and I prefer writing the name "in clear".
 
> 
> 2. If your using "install" to install additional files from the source then
> you need to add the -p option to preserve time stamps, i.e.:
> 
> install -m 644 -D install/openerp-server.conf  \
>     %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf
> to:
> install -pm 644 -D install/openerp-server.conf  \
>     %{buildroot}%{_sysconfdir}/openerp/openerp-server.conf
> 
Fixed. "blushes"

> 3. I'm not a reviewers that insists on using %dir in %files and calling out
> each directory/file underneath it separately but if you're going to glob a
> whole directory it's a good practice to leave a trailing slash on the entry
> so it's obvious to someone else looking at your spec:
> 
> %{_datadir}/openerp
> to:
> %{_datadir}/openerp/
Fixed
> 
> 4. I assume some of the strange permissions are needed for functionality or
> security? It would probably be a good idea to add comments to the entries in
> %files where you're assigning non-standard perms.

Fixed


Updating in place, same links, no release bumb (which actually is OK, promise :) )
Comment 18 Richard Shaw 2012-06-29 16:50:49 EDT
(In reply to comment #17)
> (In reply to comment #16)
> > Ok, a couple of nit-picks:
> > 
> > 1. The source tag could use the %name and %version tags a little more:
> > Source0:   
> > http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
> > could be:
> > Source0:   
> > http://nightly.openerp.com/%{version}/nightly/src/%{name}-
> > %{version}%{oe_rel}.tar.gz
> > 
> > unless the 6.1 doesn't get the patch level version number when/if it occurs.
> I certainly could, and I will if you insist. However, using openerp instead
> of name is on purpose and as I understand it according to the guidelines.
> The macro section explicitly says that using macros (besides paths) is a
> question of personal preferences, and I prefer writing the name "in clear".

Nah, just something I've seen recommended.

  
> Updating in place, same links, no release bumb (which actually is OK,
> promise :) )

Hmm... Once bitten twice shy for me. I was chastised for doing just that early in my packaging career :)
Comment 19 Alec Leamas 2012-06-30 00:02:37 EDT
(In reply to comment #18)

> > Updating in place, same links, no release bump (which actually is OK,
> > promise :) )
> 
> Hmm... Once bitten twice shy for me. I was chastised for doing just that
> early in my packaging career :)

The Guidelines have been updated:  http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs, look for Multiple Changelog Entries per Release).

BTW: those two sentences were not trivial, "chastised" and "once bitten twice shy" being completely new to me. Even if I'll never learn packaging properly, I'll at least learn some English. By now you should know I appreciate that :)

--a
Comment 20 Richard Shaw 2012-07-02 09:21:16 EDT
(In reply to comment #19)
> (In reply to comment #18)
> 
> > > Updating in place, same links, no release bump (which actually is OK,
> > > promise :) )
> > 
> > Hmm... Once bitten twice shy for me. I was chastised for doing just that
> > early in my packaging career :)
> 
> The Guidelines have been updated: 
> http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs, look for
> Multiple Changelog Entries per Release).
> 
> BTW: those two sentences were not trivial, "chastised" and "once bitten
> twice shy" being completely new to me. Even if I'll never learn packaging
> properly, I'll at least learn some English. By now you should know I
> appreciate that :)

Hehe. I couldn't tell since your English is so good. It's hard these days because so many have a gmail account I can't rely on the domain suffix :)
Comment 21 Richard Shaw 2012-07-02 10:00:04 EDT
Ok, got the full review done. One final nit but not a blocker.

%attr(0755,openerp,openerp) %{_localstatedir}/run/openerp

should probably be prefixed with %dir since it's just and empty directory, right?



Package Review
==============

Key:
- = N/A
x = Pass
! = Fail
? = Not evaluated



==== Generic ====
[x]: MUST Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: MUST Package successfully compiles and builds into binary rpms on at
     least one supported primary architecture.
[-]: MUST %build honors applicable compiler flags or justifies otherwise.
[x]: MUST All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: MUST Buildroot is not present
     Note: Unless packager wants to package for EPEL5 this is fine
[x]: MUST Package contains no bundled libraries.
[x]: MUST Changelog in prescribed format.
[x]: MUST Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: Clean would be needed if support for EPEL is required
[x]: MUST Sources contain only permissible code or content.
[x]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: Note: defattr macros not found. They would be needed for EPEL5
[x]: MUST Macros in Summary, %description expandable at SRPM build time.
[x]: MUST Package requires other packages for directories it uses.
[x]: MUST Package uses nothing in %doc for runtime.
[x]: MUST Package is not known to require ExcludeArch.
[x]: MUST Permissions on files are set properly.
[x]: MUST Package does not contain duplicates in %files.
[x]: MUST Spec file lacks Packager, Vendor, PreReq tags.
[x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf would be needed if support for EPEL5 is required
[-]: MUST Large documentation files are in a -doc subpackage, if required.
[x]: MUST If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %doc.
[x]: MUST License field in the package spec file matches the actual license.
[x]: MUST Package consistently uses macros (instead of hard-coded directory
     names).
[x]: MUST Package is named according to the Package Naming Guidelines.
[x]: MUST Package does not generate any conflict.
[x]: MUST Package obeys FHS, except libexecdir and /usr/target.
[x]: MUST Package must own all directories that it creates.
[x]: MUST Package does not own files or directories owned by other packages.
[x]: MUST Package installs properly.
[x]: MUST Requires correct, justified where necessary.
[!]: MUST Rpmlint output is silent.

rpmlint openerp-6.1-1.fc18.noarch.rpm

openerp.noarch: E: explicit-lib-dependency pyftpdlib
openerp.noarch: W: non-standard-gid /etc/openerp/openerp-server.conf openerp
openerp.noarch: E: non-readable /etc/openerp/openerp-server.conf 0660L
openerp.noarch: W: non-standard-gid /etc/openerp openerp
openerp.noarch: W: non-standard-uid /var/run/openerp openerp
openerp.noarch: W: non-standard-gid /var/run/openerp openerp
openerp.noarch: W: no-manual-page-for-binary openerp-gen-cert
1 packages and 0 specfiles checked; 2 errors, 5 warnings.


rpmlint openerp-6.1-1.fc18.src.rpm

openerp.src: W: strange-permission openerp-gen-cert 0755L
openerp.src:14: W: macro-in-comment %{version}
1 packages and 0 specfiles checked; 0 errors, 2 warnings.


[x]: MUST Sources used to build the package match the upstream source, as
     provided in the spec URL.
/home/build/817271/openerp-6.1-20120505-233516.tar.gz :
  MD5SUM this package     : 572987da13d71942c252339b38d5d575
  MD5SUM upstream package : 572987da13d71942c252339b38d5d575

[x]: MUST Spec file is legible and written in American English.
[x]: MUST Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: MUST Package contains a SysV-style init script if in need of one.
[x]: MUST File names are valid UTF-8.
[-]: MUST Useful -debuginfo package or justification otherwise.
[x]: SHOULD Reviewer should test that the package builds in mock.
[-]: SHOULD If the source package does not include license text(s) as a
     separate file from upstream, the packager SHOULD query upstream to
     include it.
[x]: SHOULD Dist tag is present.
[-]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin,
     /usr/sbin.
[x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[?]: SHOULD Package functions as described.
[x]: SHOULD Latest version is packaged.
[x]: SHOULD Package does not include license text files separate from
     upstream.
[x]: SHOULD Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[-]: SHOULD Scriptlets must be sane, if used.
[!]: SHOULD SourceX / PatchY prefixed with %{name}.
     Note: Source0:
     http://nightly.openerp.com/6.1/nightly/src/openerp-%{version}%{oe_rel}.tar.gz
     (openerp-%{version}%{oe_rel}.tar.gz) Source1: openerp.service
     (openerp.service) Source2: openerp-gen-cert (openerp-gen-cert) Source3:
     README.fedora (README.fedora) Source4: LICENSING (LICENSING) Patch0:
     openerp-fsf-fix.patch (openerp-fsf-fix.patch) Patch1: openerp-unbundle-
     pyftpdlib.patch (openerp-unbundle-pyftpdlib.patch) Patch10: openerp-
     server-relicense-dict_tools-to-LGPL2.1.patch (openerp-server-relicense-
     dict_tools-to-LGPL2.1.patch)
[x]: SHOULD SourceX is a working URL.
[-]: SHOULD Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: SHOULD Package should compile and build into binary rpms on all supported
     architectures.
[-]: SHOULD %check is present and all tests pass.
[x]: SHOULD Packages should try to preserve timestamps of original installed
     files.
[x]: SHOULD Spec use %global instead of %define.

Issues:
[!]: MUST Rpmlint output is silent.

rpmlint openerp-6.1-1.fc18.noarch.rpm

openerp.noarch: E: explicit-lib-dependency pyftpdlib
openerp.noarch: W: non-standard-gid /etc/openerp/openerp-server.conf openerp
openerp.noarch: E: non-readable /etc/openerp/openerp-server.conf 0660L
openerp.noarch: W: non-standard-gid /etc/openerp openerp
openerp.noarch: W: non-standard-uid /var/run/openerp openerp
openerp.noarch: W: non-standard-gid /var/run/openerp openerp
openerp.noarch: W: no-manual-page-for-binary openerp-gen-cert
1 packages and 0 specfiles checked; 2 errors, 5 warnings.


rpmlint openerp-6.1-1.fc18.src.rpm

openerp.src: W: strange-permission openerp-gen-cert 0755L
openerp.src:14: W: macro-in-comment %{version}
1 packages and 0 specfiles checked; 0 errors, 2 warnings.


See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint


Generated by fedora-review 0.1.3
External plugins:


*** APPROVED ***
Comment 22 Alec Leamas 2012-07-02 15:23:35 EDT
(In reply to comment #21)
> Ok, got the full review done. One final nit but not a blocker.
> 
> %attr(0755,openerp,openerp) %{_localstatedir}/run/openerp
> 
> should probably be prefixed with %dir since it's just and empty directory,
> right?

Right! (fixed)

This is the beginning of the end of quite a journey. I first tried to breath life into  #641261, and worked with an (at the time) openerp employee Panos Christeas over spring 2011. And now it goes through. It's kind of a relief.

Now, let's see if I can get it right, this has become a challenge: 

New Package SCM Request
=======================
Package Name: openerp
Short Description: Business Applications Server
Owners: leamas
Branches: f16 f17
InitialCC:
Comment 23 Richard Shaw 2012-07-02 15:32:08 EDT
Two things:

1. The git/scm crawler may find your request but generally it should go at the top and any explanatory text goes under it.
2. Don't forget to set the fedora-cvs flag to "?".
Comment 24 Alec Leamas 2012-07-02 16:00:26 EDT
Didn't make this time either... Thanks for this remark, some English lessons and of course also for the review!

--alec
Comment 25 Gwyn Ciesla 2012-07-02 16:03:20 EDT
Git done (by process-git-requests).
Comment 26 Fedora Update System 2012-07-03 02:38:41 EDT
openerp-6.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/openerp-6.1-1.fc16
Comment 27 Fedora Update System 2012-07-03 02:40:23 EDT
openerp-6.1-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/openerp-6.1-1.fc17
Comment 28 Fedora Update System 2012-07-10 16:55:25 EDT
openerp-6.1-1.fc17 has been pushed to the Fedora 17 stable repository.
Comment 29 Fedora Update System 2012-07-10 16:56:40 EDT
openerp-6.1-1.fc16 has been pushed to the Fedora 16 stable repository.

Note You need to log in before you can comment on or make changes to this bug.