Bug 822952 - Review Request: rat-lib - A Release Audit Tool Library
Review Request: rat-lib - A Release Audit Tool Library
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-18 11:33 EDT by gil cattaneo
Modified: 2012-10-12 13:23 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-12 13:23:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description gil cattaneo 2012-05-18 11:33:55 EDT
Spec URL: http://gil.fedorapeople.org/rat-lib.spec
SRPM URL: http://gil.fedorapeople.org/rat-lib-0.5.1-1.fc16.src.rpm
Description: Release Audit Tool (RAT) is a tool to improve accuracy and
efficiency when checking releases. It is heuristic in nature:
making guesses about possible problems. It will produce
false positives and cannot find every possible issue with a release.
It's reports require interpretation.

In response to demands from project quality tool developers, RAT
is available as a library suitable for inclusion in tools.
Comment 1 Jeffrey C. Ollie 2012-10-12 11:43:35 EDT
Package Review
==============

Key:
[x] = Pass
[!] = Fail
[-] = Not applicable
[?] = Not evaluated
[ ] = Manual review needed


Issues:
=======
[!]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
See: http://fedoraproject.org/wiki/Packaging/LicensingGuidelines#License_Text

LICENSE.txt should be packaged in main package as well.

[!]: Fully versioned dependency in subpackages, if present.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in %package
     javadoc

[!]: License file installed when any subpackage combination is installed.

[!]: Latest version is packaged.

It looks like this project has moved to the Apache incubator and
released some new versions:

http://creadur.apache.org/rat/

[!]: SourceX / PatchY prefixed with %{name}.
     Note: Source0 (rat-0.5.1-src.tar.gz)

Perhaps the package should be renamed to apache-rat with the upstream move?

[!]: %check is present and all tests pass.

===== MUST items =====

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package contains no bundled libraries.
[x]: Changelog in prescribed format.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Sources contain only permissible code or content.
[x]: Each %files section contains %defattr if rpm < 4.4
[x]: Macros in Summary, %description expandable at SRPM build time.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package requires other packages for directories it uses.
[x]: Package uses nothing in %doc for runtime.
[x: Package is not known to require ExcludeArch.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[!]: Fully versioned dependency in subpackages, if present.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in %package
     javadoc
[x]: Package complies to the Packaging Guidelines
[x]: Spec file lacks Packager, Vendor, PreReq tags.
[x]: Large documentation files are in a -doc subpackage, if required.
[!]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
     Note: Cannot find license in rpm(s)
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "Apache (v2.0)", "Unknown or generated". 2 files have unknown license.
     Detailed output of licensecheck in /home/jcollie/dev/rpm/rat-lib/822952
     -rat-lib/licensecheck.txt
[!]: License file installed when any subpackage combination is installed.
[x]: Package consistently uses macro is (instead of hard-coded directory
     names).
[x]: Package is named using only allowed ASCII characters.
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
     Note: Package contains no Conflicts: tag(s)
[x]: Package do not use a name that already exist
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package installs properly.
[x]: Package is not relocatable.
[x]: Requires correct, justified where necessary.
[x]: CheckResultdir
[x]: Rpmlint is run on all rpms the build produces.
     Note: No rpmlint messages.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file is legible and written in American English.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[-]: Package contains systemd file(s) if in need.
[x]: File names are valid UTF-8.

Java:
[x]: If source tarball includes bundled jar/class files these need to be
     removed prior to building
[x]: Packages have proper BuildRequires/Requires on jpackage-utils
[x]: Fully versioned dependency in subpackages, if present.
[x]: Javadoc documentation files are generated and included in -javadoc
     subpackage
[x]: Javadoc subpackages have Requires: jpackage-utils
[x]: Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlink)

Maven:
[x]: Pom files have correct add_maven_depmap call
     Note: Some add_maven_depmap calls found. Please check if they are correct
[x]: Old add_to_maven_depmap macro is not being used
[x]: Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-
     utils for %update_maven_depmap macro
[x]: If package contains pom.xml files install it (including depmaps) even
     when building with ant
[x]: Package DOES NOT use %update_maven_depmap in %post/%postun
[x]: Packages use %{_mavenpomdir} instead of %{_datadir}/maven2/poms

===== SHOULD items =====

Generic:
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[-]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Dist tag is present.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[x]: Package functions as described.
[!]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[x]: The placement of pkgconfig(.pc) files are correct.
[x]: SourceX tarball generation or download is documented.
[!]: SourceX / PatchY prefixed with %{name}.
     Note: Source0 (rat-0.5.1-src.tar.gz)
[x]: SourceX is a working URL.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[!]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed files.
[x]: Spec use %global instead of %define.

Java:
[x]: Package has BuildArch: noarch (if possible)
[x]: Package uses upstream build method (ant/maven/etc.)

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: No rpmlint messages.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: rat-lib-javadoc-0.5.1-1.fc17.noarch.rpm
          rat-lib-0.5.1-1.fc17.src.rpm
          rat-lib-0.5.1-1.fc17.noarch.rpm
3 packages and 0 specfiles checked; 0 errors, 0 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint rat-lib-javadoc rat-lib
2 packages and 0 specfiles checked; 0 errors, 0 warnings.
# echo 'rpmlint-done:'



Requires
--------
rat-lib-javadoc-0.5.1-1.fc17.noarch.rpm (rpmlib, GLIBC filtered):
    
    jpackage-utils  

rat-lib-0.5.1-1.fc17.noarch.rpm (rpmlib, GLIBC filtered):
    
    ant  
    apache-commons-collections  
    apache-commons-lang  
    java  
    jpackage-utils  



Provides
--------
rat-lib-javadoc-0.5.1-1.fc17.noarch.rpm:
    
    rat-lib-javadoc = 0.5.1-1.fc17

rat-lib-0.5.1-1.fc17.noarch.rpm:
    
    mvn(com.google.code.p.arat:rat-lib)  
    rat-lib = 0.5.1-1.fc17



MD5-sum check
-------------
http://arat.googlecode.com/files/rat-0.5.1-src.tar.gz :
  CHECKSUM(SHA256) this package     : ae411293029fc4db89c058730e8f2dc55fb1b56cdfb294baf7209822b8b1faee
  CHECKSUM(SHA256) upstream package : ae411293029fc4db89c058730e8f2dc55fb1b56cdfb294baf7209822b8b1faee


Generated by fedora-review 0.3.0 (c78e275) last change: 2012-09-24
Buildroot used: fedora-dmacc-17-x86_64
Command line :/bin/fedora-review -b 822952
Comment 2 gil cattaneo 2012-10-12 12:22:09 EDT
hi Jeffrey,
this is not a apache rat library.
is used only in zookeper package, but in the 3.4.4 i removed rat-lib
and others unused deps like jdiff
thanks
Comment 3 Jeffrey C. Ollie 2012-10-12 13:04:16 EDT
If I'm understanding you correctly, rat-lib will not be needed to build your zookeeper 3.4.4 package and therefore this review can be abandoned?
Comment 4 gil cattaneo 2012-10-12 13:16:11 EDT
yes thanks
sorry for the inconvenience
Comment 5 Jeffrey C. Ollie 2012-10-12 13:23:26 EDT
OK, thanks.

Note You need to log in before you can comment on or make changes to this bug.