Bug 819184 - (qupzilla) Review Request: qupzilla - Modern web browser
Review Request: qupzilla - Modern web browser
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Volker Fröhlich
Fedora Extras Quality Assurance
:
Depends On:
Blocks: kde-reviews
  Show dependency treegraph
 
Reported: 2012-05-05 09:05 EDT by Christoph Wickert
Modified: 2016-02-26 18:41 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-20 11:29:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
volker27: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Christoph Wickert 2012-05-05 09:05:11 EDT
Spec URL: http://cwickert.fedorapeople.org/review/qupzilla.spec
SRPM URL: http://cwickert.fedorapeople.org/review/qupzilla-1.2.0-1.fc18.src.rpm
Description: QupZilla is modern web browser based on WebKit core and Qt Framework. It is designed to be lightweight and fast and offers advanced functions such as
- an integrated advertisement blocker,
- a search engine manager,
- a SSL certificate manager,
- speed dial
- theming support, and
- seamless integration into your desktop environment

Scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=4056074
Comment 1 Volker Fröhlich 2012-05-06 11:47:02 EDT
The development symlink should not be there, as there are no headers. I suggest to just delete it.

Since one of the seemingly private libraries is installed in libdir, rpmlint complains about not running ldconfig. If this library really is private, it should ideally not be in libdir, but in the subdirectory along with the others. The provides of the final package also contain all those private libraries; that should be filtered.

%dir %{_libdir}/qupzilla and %{_libdir}/qupzilla/*.so could be simplified to %{_libdir}/qupzilla. Probably use the name macro here.

There are a couple of warnings for the desktop file. You should also run a scriplet for the icons installed in datadir/icons: http://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Icon_Cache

Consider to include README.md, as it contains some useful information.

I suggest to add a -f where you're deleting the "useless plugin", just in case it disappears in a future release.

Buildroot rm in the install section, clean section and buildroot definition are definitely not necessary, as you BR qt >= 4.7, which is only in Fedora.

I think the package could have a better Summary, but it's not a must.

I noticed, there are a couple of plug-ins and private libraries with BSD licenses. As far as I understand http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Multiple_Licensing_Scenarios, this should be mentioned or the files should even be put to sub-packages.

Somebody once suggested on one of my reviews, to remove the trailing slash after the domain name on the URL. I don't mind it, but I'd like to mention it.

Are USE_WEBGL and USE_QTWEBKIT_2_2 options of interest? Both should work, I think.
Comment 2 Volker Fröhlich 2012-07-22 16:08:27 EDT
Still interested?
Comment 3 Christoph Wickert 2012-07-22 17:24:23 EDT
Sure, but currently very busy. I don' think I will find time next week, if somebody else wants to move this forward, he is welcome.
Comment 4 Christoph Wickert 2012-10-06 08:19:27 EDT
(In reply to comment #1)
> The development symlink should not be there, as there are no headers. I
> suggest to just delete it.

done.

> Since one of the seemingly private libraries is installed in libdir, rpmlint
> complains about not running ldconfig. If this library really is private, it
> should ideally not be in libdir, but in the subdirectory along with the
> others. The provides of the final package also contain all those private
> libraries; that should be filtered.

I filtered out libQupZilla and the plugins and run ldconfig to make rpmlint happy. Attempts to move the library to %{_libdir}/%{name}/ have been too cumbersome.

> %dir %{_libdir}/qupzilla and %{_libdir}/qupzilla/*.so could be simplified to
> %{_libdir}/qupzilla. Probably use the name macro here.

done.

> There are a couple of warnings for the desktop file. 

I am using desktop-file-install now as I also add x-scheme-handlers.

> You should also run a
> scriplet for the icons installed in datadir/icons

D'oh, of course.

> Consider to include README.md, as it contains some useful information.

done.

> I suggest to add a -f where you're deleting the "useless plugin", just in
> case it disappears in a future release.

done.

> Buildroot rm in the install section, clean section and buildroot definition
> are definitely not necessary, as you BR qt >= 4.7, which is only in Fedora.

done.

> I think the package could have a better Summary, but it's not a must.

What do you think could be improved?

> I noticed, there are a couple of plug-ins and private libraries with BSD
> licenses.

Changed the license tag to "GPLv3+ and BSD".

> Are USE_WEBGL and USE_QTWEBKIT_2_2 options of interest? Both should work, I
> think.

Yes, it does and they add interesting features.

New package:
* Sat Oct 06 2012 Christoph Wickert <cwickert@fedoraproject.org> - 1.3.5-1
- Update to 1.3.5
- Enable WebGL (USE_WEBGL)
- Enable geolocation and notification API (USE_QTWEBKIT_2_2)
- Change icense tag to "GPLv3+ and BSD" (some plugins are BSD licensed)
- Add x-scheme-handlers so qupzilla can be set as default browser
- Filter out private requires and provides
- Include README.md in %%doc

Spec URL: http://cwickert.fedorapeople.org/review/qupzilla.spec
SRPM URL: http://cwickert.fedorapeople.org/review/qupzilla-1.3.5-1.fc19.src.rpm

Scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=4566303

$ rpmlint SPECS/qupzilla.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.

$ rpmlint SRPMS/qupzilla-1.3.5-1.fc17.src.rpm 
qupzilla.src: W: spelling-error %description -l en_US theming -> teeming, hemming, emitting
1 packages and 0 specfiles checked; 0 errors, 1 warnings.

$ rpmlint RPMS/x86_64/qupzilla-*
qupzilla.x86_64: W: spelling-error %description -l en_US theming -> teeming, hemming, emitting
qupzilla.x86_64: W: no-manual-page-for-binary qupzilla
2 packages and 0 specfiles checked; 0 errors, 2 warnings.
Comment 5 Volker Fröhlich 2012-10-08 13:31:25 EDT
Ad summary:

Probably something like "Modern Qt-based web browser" -- Slightly less generic

Ad filtering provides:

I think, there's a more up to date method: https://fedoraproject.org/wiki/User:Tibbs/AutoProvidesAndRequiresFiltering

In anticipation that you fit the other minor issues easily, this package is approved.

Package Review
==============

Key:
[x] = Pass
[!] = Fail
[-] = Not applicable
[?] = Not evaluated
[ ] = Manual review needed


===== MUST items =====

C/C++:
[x]: Header files in -devel subpackage, if present.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.
     Note: Unversioned so-files in private %_libdir subdirectory (see
     attachment). Verify they are not in ld path.

Please see discussion in the former comments!

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package contains no bundled libraries.
[x]: Changelog in prescribed format.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Sources contain only permissible code or content.
[x]: Each %files section contains %defattr if rpm < 4.4
[-]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package contains desktop file if it is a GUI application.
[x]: Package installs a %{name}.desktop using desktop-file-install if there is
     such a file.
[-]: Development files must be in a -devel package
[x]: Package requires other packages for directories it uses.
[x]: Package uses nothing in %doc for runtime.
[x]: Package is not known to require ExcludeArch.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package complies to the Packaging Guidelines
[x]: Spec file lacks Packager, Vendor, PreReq tags.
[-]: Large documentation files are in a -doc subpackage, if required.
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "GPL (v2 or later)", "GPL (v3 or later)", "Unknown or generated", "BSD (3
     clause) GPL (v3 or later)", "GPL (v2 or later) (with incorrect FSF
     address)", "BSD (3 clause)", "BSD (2 clause)". 7 files have unknown
     license. Detailed output of licensecheck in
     /media/speicher1/makerpm/rpmbuild/SPECS/review-qupzilla/licensecheck.txt
[x]: Package consistently uses macro is (instead of hard-coded directory
     names).
[!]: If the package is under multiple licenses, the licensing breakdown must
     be documented in the spec.

Please add a comment in the spec file!

[x]: Package is named using only allowed ASCII characters.
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
     Note: Package contains no Conflicts: tag(s)
[x]: Package do not use a name that already exist
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package installs properly.
[x]: Package is not relocatable.
[-]: Requires correct, justified where necessary.
[x]: CheckResultdir
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file is legible and written in American English.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[-]: Package contains systemd file(s) if in need.
[x]: File names are valid UTF-8.
[x]: Useful -debuginfo package or justification otherwise.

===== SHOULD items =====

Generic:
[x]: Reviewer should test that the package builds in mock.
[!]: Buildroot is not present
     Note: Buildroot: present but not needed

Since qupzilla requires Qt 4.7, it will never go to EPEL5.
Thus the buildroot is not necessary. I still think the ">= 4.7" could
go away as well, since every version of Fedora has Qt >= 4.7.

[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[-]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Dist tag is present.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[!]: Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).

You could add --as-needed to avoid libm and libQtXml, if that makes any sense.
 
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: The placement of pkgconfig(.pc) files are correct.
[x]: Scriptlets must be sane, if used.
[x]: SourceX tarball generation or download is documented.
[x]: SourceX / PatchY prefixed with %{name}.
     Note: Source0 (QupZilla-1.3.5.tar.gz)

This is due to the non-capitalized name and not an error.

[x]: SourceX is a working URL.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[!]: Packages should try to preserve timestamps of original installed files.

Themes loose their original date

[x]: Spec use %global instead of %define.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: qupzilla-debuginfo-1.3.5-1.fc16.x86_64.rpm
          qupzilla-1.3.5-1.fc16.x86_64.rpm
          qupzilla-1.3.5-1.fc16.src.rpm
qupzilla.x86_64: W: spelling-error %description -l en_US theming -> teeming, hemming, emitting
qupzilla.x86_64: W: no-manual-page-for-binary qupzilla
qupzilla.src: W: spelling-error %description -l en_US theming -> teeming, hemming, emitting
3 packages and 0 specfiles checked; 0 errors, 3 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint qupzilla qupzilla-debuginfo
qupzilla.x86_64: I: enchant-dictionary-not-found en_US
qupzilla.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libQupZilla.so.1.3.5 linux-vdso.so.1
qupzilla.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libQupZilla.so.1.3.5 /usr/lib64/libQtXml.so.4
qupzilla.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libQupZilla.so.1.3.5 /lib64/libm.so.6
qupzilla.x86_64: W: no-manual-page-for-binary qupzilla
2 packages and 0 specfiles checked; 0 errors, 4 warnings.
# echo 'rpmlint-done:'



Requires
--------
qupzilla-debuginfo-1.3.5-1.fc16.x86_64.rpm (rpmlib, GLIBC filtered):
    

qupzilla-1.3.5-1.fc16.x86_64.rpm (rpmlib, GLIBC filtered):
    
    /bin/sh  
    libQtCore.so.4()(64bit)  
    libQtDBus.so.4()(64bit)  
    libQtGui.so.4()(64bit)  
    libQtNetwork.so.4()(64bit)  
    libQtScript.so.4()(64bit)  
    libQtSql.so.4()(64bit)  
    libQtWebKit.so.4()(64bit)  
    libQtXml.so.4()(64bit)  
    libc.so.6()(64bit)  
    libgcc_s.so.1()(64bit)  
    libgcc_s.so.1(GCC_3.0)(64bit)  
    libm.so.6()(64bit)  
    libpthread.so.0()(64bit)  
    libstdc++.so.6()(64bit)  
    libstdc++.so.6(CXXABI_1.3)(64bit)  
    rtld(GNU_HASH)  



Provides
--------
qupzilla-debuginfo-1.3.5-1.fc16.x86_64.rpm:
    
    qupzilla-debuginfo = 1.3.5-1.fc16
    qupzilla-debuginfo(x86-64) = 1.3.5-1.fc16

qupzilla-1.3.5-1.fc16.x86_64.rpm:
    
    mimehandler(application/xhtml+xml)  
    mimehandler(text/html)  
    mimehandler(x-scheme-handler/http)  
    mimehandler(x-scheme-handler/https)  
    qupzilla = 1.3.5-1.fc16
    qupzilla(x86-64) = 1.3.5-1.fc16



Unversioned so-files
--------------------
qupzilla-1.3.5-1.fc16.x86_64.rpm: /usr/lib64/qupzilla/libAccessKeysNavigation.so
qupzilla-1.3.5-1.fc16.x86_64.rpm: /usr/lib64/qupzilla/libGreaseMonkey.so
qupzilla-1.3.5-1.fc16.x86_64.rpm: /usr/lib64/qupzilla/libMouseGestures.so
qupzilla-1.3.5-1.fc16.x86_64.rpm: /usr/lib64/qupzilla/libPIM.so

MD5-sum check
-------------
https://github.com/downloads/QupZilla/qupzilla/QupZilla-1.3.5.tar.gz :
  CHECKSUM(SHA256) this package     : af8266dce8c3d353a9b7e2c0494651b55f3715b06e8465ff730f4e618fe453a3
  CHECKSUM(SHA256) upstream package : af8266dce8c3d353a9b7e2c0494651b55f3715b06e8465ff730f4e618fe453a3


Generated by fedora-review 0.3.0 (c78e275) last change: 2012-09-24
Buildroot used: fedora-16-x86_64
Command line :/usr/bin/fedora-review -n qupzilla
Comment 6 Christoph Wickert 2012-10-20 04:59:02 EDT
New Package SCM Request
=======================
Package Name: qupzilla
Short Description: Modern web browser
Owners: cwickert kkofler rdieter volter
Branches: F16 F17 F18
InitialCC:
Comment 7 Jon Ciesla 2012-10-20 09:20:11 EDT
Git done (by process-git-requests).
Comment 8 Christoph Wickert 2012-10-22 17:46:00 EDT
(In reply to comment #5)
> Ad summary:
> 
> Probably something like "Modern Qt-based web browser" -- Slightly less
> generic

AFAIC we should not use technical terms like tool kits or programming language in the summary, they don't matter from a user's POV.

> Ad filtering provides:
> 
> I think, there's a more up to date method:
> https://fedoraproject.org/wiki/User:Tibbs/AutoProvidesAndRequiresFiltering

Thanks, this is slightly easier, however I wonder if it was approved by the packaging committee.

> [!]: If the package is under multiple licenses, the licensing breakdown must
>      be documented in the spec.
> 
> Please add a comment in the spec file!

Actually this is not really a multiple licensing scenario because the resulting binaries or libs are not under separate licenses.

If code that is licensed under different licenses is compiled into one binary or library, then the most restrictive license applies. GPLv2+ and BSD compiled into one plugin results in GPLv2+, GPLv2+ and GPLv3+ results in GPLv3+. We could as well just declare the whole package GPLv3+, nevertheless I have listed the individual licenses and added a comment to the spec.


> [!]: Buildroot is not present
>      Note: Buildroot: present but not needed
> 
> Since qupzilla requires Qt 4.7, it will never go to EPEL5.
> Thus the buildroot is not necessary. I still think the ">= 4.7" could
> go away as well, since every version of Fedora has Qt >= 4.7.

Fixed.

> [!]: Final provides and requires are sane (rpm -q --provides and rpm -q
>      --requires).
> 
> You could add --as-needed to avoid libm and libQtXml, if that makes any
> sense.

Done.

> [!]: Packages should try to preserve timestamps of original installed files.
> 
> Themes loose their original date

Fixed.

Thanks for this careful review!
Comment 9 Fedora Update System 2012-10-22 18:17:53 EDT
qupzilla-1.3.5-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/qupzilla-1.3.5-2.fc18
Comment 10 Fedora Update System 2012-10-22 18:18:05 EDT
qupzilla-1.3.5-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/qupzilla-1.3.5-2.fc17
Comment 11 Fedora Update System 2012-10-22 18:18:19 EDT
qupzilla-1.3.5-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/qupzilla-1.3.5-2.fc16
Comment 12 Fedora Update System 2012-10-23 02:44:09 EDT
qupzilla-1.3.5-2.fc18 has been pushed to the Fedora 18 testing repository.
Comment 13 Fedora Update System 2012-12-20 11:29:17 EST
qupzilla-1.3.5-2.fc18 has been pushed to the Fedora 18 stable repository.

Note You need to log in before you can comment on or make changes to this bug.