Bug 834574 - Review Request: reflections - Java run time meta data analysis
Review Request: reflections - Java run time meta data analysis
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Alec Leamas
Fedora Extras Quality Assurance
:
: 1197132 (view as bug list)
Depends On:
Blocks: 1168605 848096
  Show dependency treegraph
 
Reported: 2012-06-22 09:16 EDT by gil cattaneo
Modified: 2015-03-09 04:38 EDT (History)
5 users (show)

See Also:
Fixed In Version: reflections-0.9.9-3.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-09 04:38:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
leamas.alec: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description gil cattaneo 2012-06-22 09:16:37 EDT
Spec URL: http://gil.fedorapeople.org/reflections.spec
SRPM URL: http://gil.fedorapeople.org/reflections-0.9.8-1.fc16.src.rpm
Description: A Java run time meta data analysis, in the spirit of Scannotations

Reflections scans your classpath, indexes the meta data, allows you
to query it on run time and may save and collect that information
for many modules within your project.

Using Reflections you can query your meta data such as:
* get all sub types of some type
* get all types/methods/fields annotated with some annotation,
  w/o annotation parameters matching
* get all resources matching matching a regular expression
Fedora Account System Username: gil
Comment 1 gil cattaneo 2012-06-22 09:24:03 EDT
tested on: http://koji.fedoraproject.org/koji/taskinfo?taskID=4188033
Comment 2 Jason Tibbitts 2013-06-04 16:26:52 EDT
Build fails.
Comment 3 gil cattaneo 2013-06-04 17:38:13 EDT
yes i know, need maven-local instead of maven as buildrequires
thanks
Comment 6 Mikolaj Izdebski 2015-02-12 00:18:48 EST
Incorrect license tag, should be WTFPL.
Besides that looks OK to me.
I'll approve if you fix licensing.
Comment 7 gil cattaneo 2015-02-12 00:31:21 EST

(In reply to Mikolaj Izdebski from comment #6)
> Incorrect license tag, should be WTFPL.
> Besides that looks OK to me.
> I'll approve if you fix licensing.

Spec URL: http://gil.fedorapeople.org/reflections.spec
SRPM URL: http://gil.fedorapeople.org/reflections-0.9.9-0.2.RC1.fc19.src.rpm

- fix license tag
Comment 8 Mikolaj Izdebski 2015-02-12 00:49:34 EST
I'm getting HTTP 404 when trying to download SRPM.
Comment 9 gil cattaneo 2015-02-12 00:52:45 EST
(In reply to Mikolaj Izdebski from comment #8)
> I'm getting HTTP 404 when trying to download SRPM.

Sorry
Spec URL: http://gil.fedorapeople.org/reflections.spec
SRPM URL: http://gil.fedorapeople.org/reflections-0.9.9-0.2.RC1.fc20.src.rpm
Comment 11 Sandro Bonazzola 2015-03-02 01:31:54 EST
*** Bug 1197132 has been marked as a duplicate of this bug. ***
Comment 12 Alec Leamas 2015-03-02 07:53:56 EST
Issues:
=======
- Bundled jar/class files should be removed before build
  Note: Jar files in source (see attachment)
  See: http://fedoraproject.org/wiki/Packaging:Java#Pre-
  built_JAR_files_.2F_Other_bundled_software'. Try:
    find \( -name '*.jar' -o -name '*.class' \) -delete

- The package seems to contain a test suite. If possible, run this in
  %check (or put a  motivation in spec why not)

- There are specific GL for packaging source url from github which not are
  followed. One result is a (too) anonymous source filename. Please adjust
  to follow these GL:
  https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/SourceURL#Github
Comment 13 Alec Leamas 2015-03-02 08:21:29 EST
Please note that the Packaging Source URL GL also means you need to apply the pre-release part of the Naming GL. I cannot see any release (or tag) in the github repo.
Comment 14 gil cattaneo 2015-03-02 09:16:15 EST
(In reply to Alec Leamas from comment #12)
> Issues:
> =======
> - Bundled jar/class files should be removed before build
>   Note: Jar files in source (see attachment)
>   See: http://fedoraproject.org/wiki/Packaging:Java#Pre-
>   built_JAR_files_.2F_Other_bundled_software'. Try:
>     find \( -name '*.jar' -o -name '*.class' \) -delete
contains a simple jar used only for test, if i remove this one so i should skip also the test suite
> - The package seems to contain a test suite. If possible, run this in
>   %check (or put a  motivation in spec why not)
test suite is already executed, with maven no need to run it in %check
> - There are specific GL for packaging source url from github which not are
>   followed. One result is a (too) anonymous source filename. Please adjust
>   to follow these GL:
> https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/
> SourceURL#Github
this project do not provides again a tarball with the characteristics that request. and you can cosider this version as stable release. (latest unstable is 0.10-SNAPSHOT)
Comment 15 gil cattaneo 2015-03-02 09:24:46 EST
Spec URL: http://gil.fedorapeople.org/reflections.spec
SRPM URL: http://gil.fedorapeople.org/reflections-0.9.9-2.fc20.src.rpm

- remove bundled jar (used only for testing)

Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=9119341
Comment 16 Alec Leamas 2015-03-02 10:07:25 EST
(In reply to gil cattaneo from comment #14)


> > - The package seems to contain a test suite. If possible, run this in
> >   %check (or put a  motivation in spec why not)
> test suite is already executed, with maven no need to run it in %check

Since the test suite won't run, please make a  note in the spec.

> > - There are specific GL for packaging source url from github which not are
> >   followed. One result is a (too) anonymous source filename. Please adjust
> >   to follow these GL:
> > https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/
> > SourceURL#Github
> this project do not provides again a tarball with the characteristics that
> request. and you can cosider this version as stable release. (latest
> unstable is 0.10-SNAPSHOT)

I don't really follow you here. 

The version mgmt is in the pom.xml. But without both a tarball and a tag, there is no way to get an exact version of the code which corresponds to the pom.xml version. Which means that the only thing identifying the source is the commit hash.

The GL I referred to describes how to package a github source url for a specific git hash. In short, they apply.

Question then becomes how to apply them. There is some text on how to set the version field. Since you have the version in the sources, you can use that as Version:, applying the overall GL. So, again, the GL applies using the pom.xml version as Version: 

Bottom line: please apply the Packaging Source URL (github)  GL.

The root of this mess is the poorly managed upstream. What's missing is a git tag for each release. It would make a lot of sense of you filed this as an upstream issue. If you could get them to tag 0.9.9 everything would become so much clearer. Tagging releases is a well established best practise.
Comment 17 gil cattaneo 2015-03-02 10:45:10 EST
(In reply to Alec Leamas from comment #16)
> (In reply to gil cattaneo from comment #14)
> 
> 
> > > - The package seems to contain a test suite. If possible, run this in
> > >   %check (or put a  motivation in spec why not)
> > test suite is already executed, with maven no need to run it in %check
> 
> Since the test suite won't run, please make a  note in the spec.

that jar was removed, but test suite is still being executed in %build section because is a maven style build and comment is superflous

> > > - There are specific GL for packaging source url from github which not are
> > >   followed. One result is a (too) anonymous source filename. Please adjust
> > >   to follow these GL:
> > > https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/
> > > SourceURL#Github
> > this project do not provides again a tarball with the characteristics that
> > request. and you can cosider this version as stable release. (latest
> > unstable is 0.10-SNAPSHOT)
> 
> I don't really follow you here. 
> 
> The version mgmt is in the pom.xml. But without both a tarball and a tag,
> there is no way to get an exact version of the code which corresponds to the
> pom.xml version. Which means that the only thing identifying the source is
> the commit hash.
> 
> The GL I referred to describes how to package a github source url for a
> specific git hash. In short, they apply.
> 
> Question then becomes how to apply them. There is some text on how to set
> the version field. Since you have the version in the sources, you can use
> that as Version:, applying the overall GL. So, again, the GL applies using
> the pom.xml version as Version: 
> 
> Bottom line: please apply the Packaging Source URL (github)  GL.
> 
> The root of this mess is the poorly managed upstream. What's missing is a
> git tag for each release. It would make a lot of sense of you filed this as
> an upstream issue. If you could get them to tag 0.9.9 everything would
> become so much clearer. Tagging releases is a well established best practise.


Spec URL: http://gil.fedorapeople.org/reflections.spec
SRPM URL: http://gil.fedorapeople.org/reflections-0.9.9-3.fc20.src.rpm

- fix url taraball
Comment 18 Alec Leamas 2015-03-02 10:49:38 EST
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated


===== MUST items =====

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "Unknown or generated". 46 files have unknown license. Detailed output of
     licensecheck in
     /home/mk/tmp/harctoolbox/834574-reflections/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 10240 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: No rpmlint messages.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

Java:
[x]: Packages have proper BuildRequires/Requires on jpackage-utils
     Note: Maven packages do not need to (Build)Require jpackage-utils. It is
     pulled in by maven-local
[x]: Javadoc documentation files are generated and included in -javadoc
     subpackage
[x]: Javadoc subpackages should not have Requires: jpackage-utils
[x]: Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlink)

Maven:
[-]: If package contains pom.xml files install it (including depmaps) even
     when building with ant
[x]: POM files have correct Maven mapping
[x]: Maven packages should use new style packaging
[x]: Old add_to_maven_depmap macro is not being used
[x]: Packages DO NOT have Requires(post) and Requires(postun) on jpackage-
     utils for %update_maven_depmap macro
[x]: Package DOES NOT use %update_maven_depmap in %post/%postun
[x]: Packages use %{_mavenpomdir} instead of %{_datadir}/maven2/poms

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[-]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in
     reflections-javadoc
[?]: Package functions as described.
[?]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[?]: Package should compile and build into binary rpms on all supported
     architectures.
[!]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: Dist tag is present (not strictly required in GL).
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

Java:
[x]: Package uses upstream build method (ant/maven/etc.)
[x]: Packages are noarch unless they use JNI

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: reflections-0.9.9-1.fc22.noarch.rpm
          reflections-javadoc-0.9.9-1.fc22.noarch.rpm
          reflections-0.9.9-1.fc22.src.rpm
3 packages and 0 specfiles checked; 0 errors, 0 warnings.




Rpmlint (installed packages)
----------------------------
Cannot parse rpmlint output:


Requires
--------
reflections-javadoc (rpmlib, GLIBC filtered):
    jpackage-utils

reflections (rpmlib, GLIBC filtered):
    java-headless
    jpackage-utils
    mvn(com.google.code.findbugs:annotations)
    mvn(com.google.guava:guava)
    mvn(org.javassist:javassist)
    mvn(org.jsr-305:ri)



Provides
--------
reflections-javadoc:
    reflections-javadoc

reflections:
    mvn(org.reflections:reflections)
    mvn(org.reflections:reflections:pom:)
    reflections



Source checksums
----------------
https://github.com/ronmamo/reflections/archive/833f4ba0bb73751ebf048bb179a61b535a0936d9.tar.gz :
  CHECKSUM(SHA256) this package     : 2706e4d66892edb1151e31673075bc88b65df98799803f86042b5887a7453fc6
  CHECKSUM(SHA256) upstream package : 2706e4d66892edb1151e31673075bc88b65df98799803f86042b5887a7453fc6


Jar and class files in source
-----------------------------
./reflections-833f4ba0bb73751ebf048bb179a61b535a0936d9/src/test/resources/jarWithManifest.jar


Generated by fedora-review 0.5.2 (63c24cb) last change: 2014-07-14
Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 -b 834574
Buildroot used: fedora-rawhide-x86_64
Active plugins: Generic, Shell-api, Java
Disabled plugins: C/C++, Python, fonts, SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby
Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG
Comment 19 Alec Leamas 2015-03-02 10:50:30 EST
Looks good.

*** Approved
Comment 20 gil cattaneo 2015-03-02 11:19:23 EST
Thanks!

New Package SCM Request
=======================
Package Name: reflections
Short Description: Java run-time meta-data analysis
Upstream URL: https://github.com/ronmamo/reflections
Owners: gil sbonazzo
Branches: f22 epel7
InitialCC: java-sig
Comment 21 Jon Ciesla 2015-03-02 11:30:08 EST
sbonazzo is not in the Packager group.
Comment 22 gil cattaneo 2015-03-02 11:32:27 EST
New Package SCM Request
=======================
Package Name: reflections
Short Description: Java run-time meta-data analysis
Upstream URL: https://github.com/ronmamo/reflections
Owners: gil
Branches: f22
InitialCC: java-sig
Comment 23 Jon Ciesla 2015-03-02 11:41:02 EST
Git done (by process-git-requests).
Comment 24 Fedora Update System 2015-03-02 12:15:05 EST
reflections-0.9.9-3.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/reflections-0.9.9-3.fc22
Comment 25 Fedora Update System 2015-03-02 18:07:26 EST
reflections-0.9.9-3.fc22 has been pushed to the Fedora 22 testing repository.
Comment 26 Fedora Update System 2015-03-09 04:38:37 EDT
reflections-0.9.9-3.fc22 has been pushed to the Fedora 22 stable repository.

Note You need to log in before you can comment on or make changes to this bug.