Bug 871191 - Review Request: sendKindle - CLI tool for sending files via email to your Amazon Kindle device
Review Request: sendKindle - CLI tool for sending files via email to your Ama...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Stanislav Ochotnicky
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-29 17:05 EDT by Kamil Páral
Modified: 2013-02-22 20:04 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-15 00:00:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
sochotni: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Kamil Páral 2012-10-29 17:05:57 EDT
Spec URL: http://kparal.fedorapeople.org/pkgs/sendKindle/sendKindle.spec
SRPM URL: http://kparal.fedorapeople.org/pkgs/sendKindle/sendKindle-2-1.fc17.src.rpm
Description: Send files as email attachments to your Amazon Kindle device. IMAP access to your email account is required.
Fedora Account System Username: kparal

This is my first package in Fedora and I need a sponsor. For the last three+ years I am a member of Fedora QA team.

sendKindle is my own project, i.e. I am the upstream maintainer.

Koji build is here: http://koji.fedoraproject.org/koji/taskinfo?taskID=4637187
Comment 1 Kamil Páral 2012-10-29 17:13:19 EDT
fedora-review output attached. I'm not sure why rpmlint complains about invalid AGPLv3+ license, because the identifier is taken directly from https://fedoraproject.org/wiki/Licensing:Main .


Package Review
==============

Key:
[x] = Pass
[!] = Fail
[-] = Not applicable
[?] = Not evaluated
[ ] = Manual review needed



===== MUST items =====

Generic:
[ ]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[ ]: %build honors applicable compiler flags or justifies otherwise.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[ ]: Package contains no bundled libraries.
[ ]: Changelog in prescribed format.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[ ]: Sources contain only permissible code or content.
[x]: Each %files section contains %defattr if rpm < 4.4
[ ]: Macros in Summary, %description expandable at SRPM build time.
[ ]: Package contains desktop file if it is a GUI application.
[ ]: Development files must be in a -devel package
[ ]: Package requires other packages for directories it uses.
[ ]: Package uses nothing in %doc for runtime.
[ ]: Package is not known to require ExcludeArch.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[ ]: Package complies to the Packaging Guidelines
[x]: Spec file lacks Packager, Vendor, PreReq tags.
[ ]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[ ]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "*No copyright* AGPL (v3 or later)", "Unknown or generated". 2 files have
     unknown license. Detailed output of licensecheck in
     /home/makerpm/rpmbuild/review-sendKindle/licensecheck.txt
[ ]: Package consistently uses macro is (instead of hard-coded directory
     names).
[x]: Package is named using only allowed ASCII characters.
[ ]: Package is named according to the Package Naming Guidelines.
[ ]: Package does not generate any conflict.
     Note: Package contains no Conflicts: tag(s)
[x]: Package do not use a name that already exist
[ ]: Package obeys FHS, except libexecdir and /usr/target.
[ ]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[ ]: Package must own all directories that it creates.
[ ]: Package does not own files or directories owned by other packages.
[x]: Package installs properly.
[ ]: Package is not relocatable.
[ ]: Requires correct, justified where necessary.
[x]: CheckResultdir
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[ ]: Spec file is legible and written in American English.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[ ]: Package contains systemd file(s) if in need.
[x]: File names are valid UTF-8.
[ ]: Large documentation must go in a -doc subpackage.
     Note: Documentation size is 10240 bytes in 1 files.
[x]: Packages must not store files under /srv, /opt or /usr/local

Python:
[x]: Package contains BR: python2-devel or python3-devel
[x]: Binary eggs must be removed in %prep
[ ]: Python eggs must not download any dependencies during the build process.
[ ]: A package which is used by another package via an egg interface should
     provide egg info.
[ ]: Package meets the Packaging Guidelines::Python

===== SHOULD items =====

Generic:
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[ ]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Dist tag is present.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[ ]: Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[ ]: Package functions as described.
[ ]: Latest version is packaged.
[ ]: Package does not include license text files separate from upstream.
[x]: The placement of pkgconfig(.pc) files are correct.
[ ]: SourceX tarball generation or download is documented.
     Note: Package contains tarball without URL, check comments
[x]: SourceX / PatchY prefixed with %{name}.
[x]: SourceX is a working URL.
[ ]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[ ]: %check is present and all tests pass.
[ ]: Packages should try to preserve timestamps of original installed files.
[x]: Spec use %global instead of %define.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.


Rpmlint
-------
Checking: sendKindle-2-1.fc19.noarch.rpm
          sendKindle-2-1.fc19.src.rpm
sendKindle.noarch: W: invalid-license AGPLv3+
sendKindle.noarch: W: no-manual-page-for-binary sendKindle
sendKindle.src: W: invalid-license AGPLv3+
sendKindle.src: W: invalid-url Source0: sendKindle-2.tar.xz
2 packages and 0 specfiles checked; 0 errors, 4 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint sendKindle
sendKindle.noarch: W: invalid-license AGPLv3+
sendKindle.noarch: W: no-manual-page-for-binary sendKindle
1 packages and 0 specfiles checked; 0 errors, 2 warnings.
# echo 'rpmlint-done:'



Requires
--------
sendKindle-2-1.fc19.noarch.rpm (rpmlib, GLIBC filtered):
    
    /usr/bin/env  
    /usr/bin/python  
    python(abi) = 2.7



Provides
--------
sendKindle-2-1.fc19.noarch.rpm:
    
    sendKindle = 2-1.fc19



MD5-sum check
-------------


Generated by fedora-review 0.3.1 (b71abc1) last change: 2012-10-16
Buildroot used: fedora-rawhide-x86_64
Command line :/bin/fedora-review -rn SRPMS/sendKindle-2-1.fc17.src.rpm -m fedora-rawhide-x86_64
Comment 2 Stanislav Ochotnicky 2012-10-31 08:31:40 EDT
I'll review this happily
Comment 3 Stanislav Ochotnicky 2012-11-13 11:53:26 EST
So first a few quick things:
1. Your source0 url should be: https://github.com/kparal/%{name}/tarball/v%{version}#/%{name}-%{version}.tar.gz

2. Instead of:
# installation removed the executable bit for some reason, but rpmlint then 
# complains (the file has a hashbang), so put the X bit back again
chmod a+x %{buildroot}%{python_sitelib}/sendKindle.py

do:
sed -i '1d' sendKindle.py (in prep section)

You are missing requires on python. Also as upstream you might want to considering supporting python 3.

as for licensing, package is GPLv3+ and part 4 of the license states that "...;and give all recipients a copy of this License along with the Program.". You should therefore both as upstream and packager distribute text of the license together with the source code.
Comment 4 Kamil Páral 2012-11-15 09:31:19 EST
(In reply to comment #3)
> So first a few quick things:
> 1. Your source0 url should be:
> https://github.com/kparal/%{name}/tarball/v%{version}#/%{name}-%{version}.
> tar.gz

It seems that Github was doing some changes lately. The URL that you posted works, but I no longer see it accessible from the web interface. It also has some drawbacks - the file name contains a git commit and other information (like "kparal-sendKindle-v2-0-g3bd4abf.tar.gz"), and the top level directory as well ("kparal-sendKindle-3bd4abf/"). I had problems work with that using Source0 and %setup, I would probably have to repackage it completely. Therefore I assumed manual git export is just easier (and Mirek Suchý advised me the same).

But today I see Github offering me this link:
https://github.com/kparal/sendKindle/archive/v2.tar.gz

That is nearly perfect. The filename is static now ("v2.tar.gz"), no git commit hash, unfortunately it doesn't contain a project name so it will mess up my SOURCES/. (I don't know how to deal with that, any advice welcome). But the top level directory is now finally reasonable ("sendKindle-2/"). So overall I think it's a good enough change and I switched Source0 to this URL (the old method is just commented out, I'll remove it later).

fedora-review now says:
[!]: SourceX / PatchY prefixed with %{name}.
     Note: Source0 (v2.1.tar.gz)

Isn't is possible to somehow say that the downloaded file should be renamed?

> 
> 2. Instead of:
> # installation removed the executable bit for some reason, but rpmlint then 
> # complains (the file has a hashbang), so put the X bit back again
> chmod a+x %{buildroot}%{python_sitelib}/sendKindle.py
> 
> do:
> sed -i '1d' sendKindle.py (in prep section)

Done (a bit more secure variant).

> 
> You are missing requires on python. 

I thought that rpmbuild does that automatically. Isn't this enough?

$ rpm -qRp /var/lib/mock/fedora-17-x86_64/result/sendKindle-2-1.fc17.noarch.rpm
/usr/bin/python  
python(abi) = 2.7
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PartialHardlinkSets) <= 4.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1


> Also as upstream you might want to
> considering supporting python 3.

I actually already received a patch from someone. But I don't want to maintain two separate versions. Once Fedora switches to Python 3, I'll definitely adjust the program.

> 
> as for licensing, package is GPLv3+ and part 4 of the license states that
> "...;and give all recipients a copy of this License along with the
> Program.". You should therefore both as upstream and packager distribute
> text of the license together with the source code.

Actually I think this (and all other paragraphs) do not apply for the software author. The packaging guidelines also seem to indicate that (A)GPL does not require adding the very text of the license:
"Common licenses that require including their texts with all derivative works include ASL 2.0, EPL, BSD and MIT."
https://fedoraproject.org/wiki/Packaging:LicensingGuidelines

But that's just nitpicking :-) I included the license text in the upstream code and in the RPM.


I have updated the files:
Spec URL: http://kparal.fedorapeople.org/pkgs/sendKindle/sendKindle.spec
SRPM URL: http://kparal.fedorapeople.org/pkgs/sendKindle/sendKindle-2.1-1.fc17.src.rpm
Comment 5 Stanislav Ochotnicky 2012-11-15 10:15:34 EST
(In reply to comment #4)
> But today I see Github offering me this link:
> https://github.com/kparal/sendKindle/archive/v2.tar.gz
> 
> That is nearly perfect. The filename is static now ("v2.tar.gz"), no git
> commit hash, unfortunately it doesn't contain a project name so it will mess
> up my SOURCES/. (I don't know how to deal with that, any advice welcome).
>

> fedora-review now says:
> [!]: SourceX / PatchY prefixed with %{name}.
>      Note: Source0 (v2.1.tar.gz)
> 
> Isn't is possible to somehow say that the downloaded file should be renamed?

That's why my suggestion was using "#/%{name}-%{version}.tar.gz" at the end of URL. Try it out

> > 
> > You are missing requires on python. 
> 
> I thought that rpmbuild does that automatically. Isn't this enough?
> 
> $ rpm -qRp
> /var/lib/mock/fedora-17-x86_64/result/sendKindle-2-1.fc17.noarch.rpm
> /usr/bin/python  
> python(abi) = 2.7
> rpmlib(CompressedFileNames) <= 3.0.4-1
> rpmlib(FileDigests) <= 4.6.0-1
> rpmlib(PartialHardlinkSets) <= 4.0.4-1
> rpmlib(PayloadFilesHavePrefix) <= 4.0-1
> rpmlib(PayloadIsXz) <= 5.2-1

My bad, I am seeing double

> > Also as upstream you might want to
> > considering supporting python 3.
> 
> I actually already received a patch from someone. But I don't want to
> maintain two separate versions. Once Fedora switches to Python 3, I'll
> definitely adjust the program.

Not something I am going to block on, but it's fairly simple to have support for both python 3 and 2 in single code (imports from future help). Especially true since you have no dependencies besides python itself and it's ~8kb of code. Up to you in any case


> > as for licensing, package is GPLv3+ and part 4 of the license states that
> > "...;and give all recipients a copy of this License along with the
> > Program.". You should therefore both as upstream and packager distribute
> > text of the license together with the source code.
> 
> Actually I think this (and all other paragraphs) do not apply for the
> software author. The packaging guidelines also seem to indicate that (A)GPL
> does not require adding the very text of the license:
> "Common licenses that require including their texts with all derivative
> works include ASL 2.0, EPL, BSD and MIT."
> https://fedoraproject.org/wiki/Packaging:LicensingGuidelines
> 
> But that's just nitpicking :-) I included the license text in the upstream
> code and in the RPM.

Right, they don't apply to you as the author but they apply to Fedora as distribution (ergo to you as packager). Theoretically it would have been enough to just add it into spec as separate source, but in case other distributions will want to package it you will make it easier for them.

> 
> I have updated the files:
> Spec URL: http://kparal.fedorapeople.org/pkgs/sendKindle/sendKindle.spec
> SRPM URL:
> http://kparal.fedorapeople.org/pkgs/sendKindle/sendKindle-2.1-1.fc17.src.rpm

Right now I don't see any issues so I am approving/sponsoring you. You might want to update that source url though. 

Please when you ask for CVS add me into initial CC for the package. Thanks
Comment 6 Kamil Páral 2012-11-19 08:15:25 EST
(In reply to comment #5)
> That's why my suggestion was using "#/%{name}-%{version}.tar.gz" at the end
> of URL. Try it out

Ah-ha. You failed to mention that this hack is not related to github, but to spectool (I used wget all the time and wondered).

But it seems that github is making lots of changes these days. Now they started to use Content-Disposition headers to rename the archive correctly. Pitty that spectool ignores that. So you hack is still useful, I used it, thanks.

I'll propose it for inclusion at http://fedoraproject.org/wiki/Packaging:SourceURL .

> Right, they don't apply to you as the author but they apply to Fedora as
> distribution (ergo to you as packager).

Ah, that's true. I didn't think about it that way.

> Please when you ask for CVS add me into initial CC for the package. Thanks

Will do.
Comment 7 Stanislav Ochotnicky 2012-11-19 08:47:50 EST
You are supposed to set fedora-cvs flag to ? (not fedora-review) and ask for SCM as described in https://fedoraproject.org/wiki/Package_SCM_admin_requests

I've reset the fedora-review to + and assigned back to me
Comment 8 Kamil Páral 2013-02-12 09:01:15 EST
New Package SCM Request
=======================
Package Name: sendKindle
Short Description: CLI tool for sending files via email to your Amazon Kindle device
Owners: kparal
Branches: f17 f18
InitialCC: sochotni
Comment 9 Jon Ciesla 2013-02-12 09:08:45 EST
Git done (by process-git-requests).
Comment 10 Fedora Update System 2013-02-13 09:51:29 EST
sendKindle-2.1-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/sendKindle-2.1-1.fc18
Comment 11 Fedora Update System 2013-02-13 09:58:41 EST
sendKindle-2.1-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/sendKindle-2.1-1.fc17
Comment 12 Fedora Update System 2013-02-13 21:20:58 EST
sendKindle-2.1-1.fc17 has been pushed to the Fedora 17 testing repository.
Comment 13 Fedora Update System 2013-02-15 00:00:59 EST
sendKindle-2.1-1.fc18 has been pushed to the Fedora 18 stable repository.
Comment 14 Fedora Update System 2013-02-22 20:04:25 EST
sendKindle-2.1-1.fc17 has been pushed to the Fedora 17 stable repository.

Note You need to log in before you can comment on or make changes to this bug.