Spec URL: http://fab.fedorapeople.org/packages/SRPMS/bannergrab.spec SRPM URL: http://fab.fedorapeople.org/packages/SRPMS/bannergrab-3.5-1.fc17.src.rpm Project URL: http://sourceforge.net/projects/bannergrab Description: Bannergrab is a simple tool, designed to collect information from network services. It can do this using two different methods; grab the connection banners and send triggers and collect the responses. Bannergrab defaults to sending triggers. Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=4752293 rpmlint output: [fab@laptop11 SRPMS]$ rpmlint bannergrab-3.5-1.fc17.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. [fab@laptop11 x86_64]$ rpmlint bannergrab-* 2 packages and 0 specfiles checked; 0 errors, 0 warnings. Fedora Account System Username: fab
$ rpmlint bannergrab.spec 0 packages and 1 specfiles checked; 0 errors, 0 warnings. $ rpmlint bannergrab-3.5-1.fc17.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. $ rpmlint bannergrab-*.rpm 2 packages and 0 specfiles checked; 0 errors, 0 warnings. MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. OK MUST: The package must be named according to the Package Naming Guidelines. OK MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [2] . OK MUST: The package must meet the Packaging Guidelines . OK MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . OK MUST: The License field in the package spec file must match the actual license. [3] OK MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.[4] OK MUST: The spec file must be written in American English. [5] OK MUST: The spec file for the package MUST be legible. [6] OK MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. OK MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [7] OK MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [8] NOT APPLICABLE MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. OK MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.[9] NOT APPLICABLE MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [10] NOT APPLICABLE MUST: Packages must NOT bundle copies of system libraries.[11] OK MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [12] NOT APPLICABLE MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [13] OK MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations)[14] OK MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. [15] OK MUST: Each package must consistently use macros. [16] OK MUST: The package must contain code, or permissable content. [17] OK MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). [18] OK MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [18] OK MUST: Static libraries must be in a -static package. [19] NOT APPLICABLE MUST: Development files must be in a -devel package. [20] NOT APPLICABLE MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} [21] NOT APPLICABLE MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.[19] OK MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [22] N/A MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [23] OK MUST: All filenames in rpm packages must be valid UTF-8. [24] OK $ mock -r fedora-17-x86_64 rebuild bannergrab-3.5-1.fc17.src.rpm SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [25] NOT APPLICABLE SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. [26] NOT APPLICABLE SHOULD: The reviewer should test that the package builds in mock. [27] OK SHOULD: The package should compile and build into binary rpms on all supported architectures. [28] NOT TESTED SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. NOT TESTED SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. [29] NOT APPLICABLE SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. [21] NOT APPLICABLE SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. [30] NOT APPLICABLE SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. [31] NOT APPLICABLE SHOULD: your package should contain man pages for binaries/scripts. If it doesn't, work with upstream to add them where they make sense.[32] OK
$ rpmlint bannergrab.spec 0 packages and 1 specfiles checked; 0 errors, 0 warnings. $ rpmlint bannergrab-3.5-1.fc17.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings. $ mock -r fedora-17-x86_64 rebuild bannergrab-3.5-1.fc17.src.rpm MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. OK MUST: The package must be named according to the Package Naming Guidelines. OK MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. OK MUST: The package must meet the Packaging Guidelines. OK MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines . OK MUST: The License field in the package spec file must match the actual license. OK MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. OK MUST: The spec file must be written in American English. OK MUST: The spec file for the package MUST be legible. OK MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. OK MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. OK MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. N/A MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. OK MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. N/A MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. N/A MUST: Packages must NOT bundle copies of system libraries. OK MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. N/A MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. OK MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations) OK MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. OK MUST: Each package must consistently use macros. OK MUST: The package must contain code, or permissable content. OK MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). OK MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. OK MUST: Static libraries must be in a -static package. N/A MUST: Development files must be in a -devel package. N/A MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} N/A MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. OK MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. N/A MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. OK MUST: All filenames in rpm packages must be valid UTF-8. OK SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. N/A SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. N/A SHOULD: The reviewer should test that the package builds in mock. OK SHOULD: The package should compile and build into binary rpms on all supported architectures. NOT TESTED SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. OK SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. N/A SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. N/A SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. N/A SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. N/A SHOULD: your package should contain man pages for binaries/scripts. If it doesn't, work with upstream to add them where they make sense. OK
I have done my first pass, here is the review for initial walkthrough. I am in the process of manually reviewing those items which are without a X or items which have not passed by tool. I will add that manual review comment shortly after this comment [richardvj11@localhost 883125-bannergrab]$ more bannergrab-review.txt Package Review ============== Key: [x] = Pass [!] = Fail [-] = Not applicable [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== Generic: [ ]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [ ]: %build honors applicable compiler flags or justifies otherwise. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [ ]: Package contains no bundled libraries. [ ]: Changelog in prescribed format. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [ ]: Sources contain only permissible code or content. [x]: Each %files section contains %defattr if rpm < 4.4 [ ]: Macros in Summary, %description expandable at SRPM build time. [ ]: Package contains desktop file if it is a GUI application. [ ]: Development files must be in a -devel package [ ]: Package requires other packages for directories it uses. [ ]: Package uses nothing in %doc for runtime. [ ]: Package is not known to require ExcludeArch. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [ ]: Package complies to the Packaging Guidelines [x]: Spec file lacks Packager, Vendor, PreReq tags. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [ ]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "GPL (v3 or later)". 1 files have unknown license. Detailed output of licensecheck in /home/richardvj11/883125-bannergrab/licensecheck.txt [ ]: Package consistently uses macro is (instead of hard-coded directory names). [x]: Package is named using only allowed ASCII characters. [ ]: Package is named according to the Package Naming Guidelines. [ ]: Package does not generate any conflict. Note: Package contains no Conflicts: tag(s) [x]: Package do not use a name that already exist [ ]: Package obeys FHS, except libexecdir and /usr/target. [ ]: If the package is a rename of another package, proper Obsoletes and Provides are present. [ ]: Package must own all directories that it creates. [ ]: Package does not own files or directories owned by other packages. [x]: Package installs properly. [ ]: Package is not relocatable. [ ]: Requires correct, justified where necessary. [x]: CheckResultdir [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [ ]: Spec file is legible and written in American English. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [ ]: Package contains systemd file(s) if in need. [x]: File names are valid UTF-8. [ ]: Useful -debuginfo package or justification otherwise. [ ]: Large documentation must go in a -doc subpackage. Note: Documentation size is 51200 bytes in 4 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [ ]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Dist tag is present. [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [ ]: Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [ ]: Package functions as described. [ ]: Latest version is packaged. [ ]: Package does not include license text files separate from upstream. [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX tarball generation or download is documented. [x]: SourceX / PatchY prefixed with %{name}. [x]: SourceX is a working URL. [ ]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [ ]: Package should compile and build into binary rpms on all supported architectures. [ ]: %check is present and all tests pass. [ ]: Packages should try to preserve timestamps of original installed files. [x]: Spec use %global instead of %define. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Spec file according to URL is the same as in SRPM. [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: bannergrab-3.5-1.fc18.x86_64.rpm bannergrab-3.5-1.fc18.src.rpm bannergrab-debuginfo-3.5-1.fc18.x86_64.rpm 3 packages and 0 specfiles checked; 0 errors, 0 warnings. Rpmlint (installed packages) ---------------------------- # rpmlint bannergrab-debuginfo bannergrab 2 packages and 0 specfiles checked; 0 errors, 0 warnings. # echo 'rpmlint-done:' Requires -------- bannergrab-3.5-1.fc18.x86_64.rpm (rpmlib, GLIBC filtered): libc.so.6()(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libssl.so.10()(64bit) libssl.so.10(libssl.so.10)(64bit) rtld(GNU_HASH) bannergrab-debuginfo-3.5-1.fc18.x86_64.rpm (rpmlib, GLIBC filtered): Provides -------- bannergrab-3.5-1.fc18.x86_64.rpm: bannergrab = 3.5-1.fc18 bannergrab(x86-64) = 3.5-1.fc18 bannergrab-debuginfo-3.5-1.fc18.x86_64.rpm: bannergrab-debuginfo = 3.5-1.fc18 bannergrab-debuginfo(x86-64) = 3.5-1.fc18 MD5-sum check ------------- http://downloads.sourceforge.net/bannergrab/bannergrab-3.5.tgz : CHECKSUM(SHA256) this package : f9995bc1f750234b08034d4bc8c214ec505690a8d939eeda176da46328a7638d CHECKSUM(SHA256) upstream package : f9995bc1f750234b08034d4bc8c214ec505690a8d939eeda176da46328a7638d Generated by fedora-review 0.3.1 (b71abc1) last change: 2012-10-16 Buildroot used: fedora-18-x86_64
[richardvj11@localhost srpm-unpacked]$ rpmlint bannergrab.spec 0 packages and 1 specfiles checked; 0 errors, 0 warnings.
[richardvj11@localhost srpm]$ rpmlint bannergrab-3.5-1.fc17.src.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings.
Thanks for your time to review this package.
Do you need something from me to proceed with the review?
Fabian, I was browsing for packages to review when I came across this. I believe that none of the reviewers are members of the Fedora packager group, so they are not authorized to mark this request as "reviewed". Does that sound correct?
Yes, only members of the Fedora packager group can approve packages.
Alright, I've reviewed the package myself and haven't found any blocking issues either. Approving. Just some notes: Instead of installing the files in the spec, you could work with upstream to produce a better Makefile (e.g. supporting DESTDIR and PREFIX instead of hardcoded paths). Linking against libcrypto should be done there as well. I see upstream is alive so this should be no problem. [cosmetics] %{_mandir}/man?/*.* -- this is a bit overzealous. A single asterisk would have been enough :)
Thanks Petr for the review. I will get in touch with upstream.
New Package SCM Request ======================= Package Name: bannergrab Short Description: A banner grabbing tool Owners: fab Branches: F18 F19 InitialCC:
Git done (by process-git-requests).
Package Change Request ====================== Package Name: bannergrab New Branches: el6 epel7 Owners: fab InitialCC: