Spec URL: http://rathann.fedorapeople.org/review/libxmp.spec SRPM URL: http://rathann.fedorapeople.org/review/libxmp-4.1.1-1.fc20.src.rpm Description: Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. Fedora Account System Username: rathann
Hi, the package appears good, and I feel if any issues arise it is due to a vague possibility of it implementing some patented algorithm or issues with the public domain licensed files. I will try to carefully review all files to make more specific questions about the possible refactoring and/or bundling of system libraries in the decoders, unpack, etc, implementation files, but any early comment by you (or Claudio :-) is welcome). [?]: Package complies to the Packaging Guidelines [!]: Buildroot is not present Note: Invalid buildroot found: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -u -n) Unless you plan to package to epel5, you must remove the BuildRoot tag, and still, would be better to have the buildroot tag only in the epel5 branch. [!]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. Please do to a breakdown of the license in the spec. Usually prefixing the license name as a comment before files in the %files sections. https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#Multiple_Licensing_Scenarios Generic fedora-review output follows. ---%<--- Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: Header files in -devel subpackage, if present. [x]: ldconfig called in %post and %postun if required. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [x]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package requires other packages for directories it uses. [x]: Package uses nothing in %doc for runtime. [x]: Package is not known to require ExcludeArch. [x]: Fully versioned dependency in subpackages, if present. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in libxmp- devel [?]: Package complies to the Packaging Guidelines [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "LGPL (v2.1 or later) (with incorrect FSF address)", "Unknown or generated", "BSD (4 clause)", "MIT/X11 (BSD like)", "LGPL (v2 or later) (with incorrect FSF address)", "*No copyright* Public domain", "GPL (unversioned/unknown version)", "LGPL (v2.1 or later)". 424 files have unknown license. Detailed output of licensecheck in /home/pcpa/957918-libxmp/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: Package consistently uses macro is (instead of hard-coded directory names). [!]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Large documentation must go in a -doc subpackage. Note: Documentation size is 348160 bytes in 12 files. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Each %files section contains %defattr if rpm < 4.4 [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package do not use a name that already exist [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). ===== SHOULD items ===== Generic: [!]: Buildroot is not present Note: Invalid buildroot found: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -u -n) [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Scriptlets must be sane, if used. [x]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Sources can be downloaded from URI in Source: tag [x]: Reviewer should test that the package builds in mock. [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: Dist tag is present. [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Uses parallel make. [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX tarball generation or download is documented. [x]: SourceX is a working URL. [x]: Spec use %global instead of %define. ===== EXTRA items ===== Generic: [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: libxmp-4.1.1-1.fc20.x86_64.rpm libxmp-devel-4.1.1-1.fc20.x86_64.rpm libxmp.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti libxmp.x86_64: W: spelling-error %description -l en_US gzip -> zip, grip, g zip libxmp.x86_64: W: shared-lib-calls-exit /usr/lib64/libxmp.so.4.1.1 exit.5 libxmp-devel.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti libxmp-devel.x86_64: W: spelling-error %description -l en_US gzip -> zip, grip, g zip 2 packages and 0 specfiles checked; 0 errors, 5 warnings. Rpmlint (installed packages) ---------------------------- # rpmlint libxmp-devel libxmp libxmp-devel.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti libxmp-devel.x86_64: W: spelling-error %description -l en_US gzip -> zip, grip, g zip libxmp.x86_64: W: spelling-error Summary(en_US) multi -> mulch, mufti libxmp.x86_64: W: spelling-error %description -l en_US gzip -> zip, grip, g zip libxmp.x86_64: W: shared-lib-calls-exit /usr/lib64/libxmp.so.4.1.1 exit.5 2 packages and 0 specfiles checked; 0 errors, 5 warnings. # echo 'rpmlint-done:' Requires -------- libxmp-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config libxmp libxmp.so.4()(64bit) libxmp (rpmlib, GLIBC filtered): /sbin/ldconfig libc.so.6()(64bit) libm.so.6()(64bit) rtld(GNU_HASH) Provides -------- libxmp-devel: libxmp-devel libxmp-devel(x86-64) pkgconfig(libxmp) libxmp: libxmp libxmp(x86-64) libxmp.so.4()(64bit) libxmp.so.4(XMP_4.0)(64bit) libxmp.so.4(XMP_4.1)(64bit) Source checksums ---------------- http://downloads.sourceforge.net/project/xmp/libxmp/4.1.1/libxmp-4.1.1.tar.gz : CHECKSUM(SHA256) this package : 1509d7c04fcb3ae873aad35c9f84056049a6d63b19936af38cf93ecb794c33b1 CHECKSUM(SHA256) upstream package : 1509d7c04fcb3ae873aad35c9f84056049a6d63b19936af38cf93ecb794c33b1 Generated by fedora-review 0.4.1 (b2e211f) last change: 2013-04-29 Buildroot used: fedora-rawhide-x86_64 Command line :/usr/bin/fedora-review -v -b 957918
Issues: 1. Please provide some information of the data files in test/data. Are all of them created for the sole purpose of test cases, otherwise what is the source of them? At least the binary ones need some information about origin. 2. test/md5.c and test/md5.h (and src/md5.{c,h}) have a restrictive text license, is it linked to the library? (appears to be, besides not being in objdump output) 3. Could be a good idea to move license information from docs/CREDITS to a LICENSE file in the toplevel, but COPYING.LIB is also thre, so not a big issue. I am particularly interested in information on this entry in CREDITS: ---%<--- Powerpack depacker ppcrack 0.1 - decrypts PowerPacker encrypted data files with brute force by Stuart Caie <kyzer>, this software is in the Public Domain ---%<--- 4. There are binaries in docs also, e.g. docs/st02-ok.sample. I believe it would be easier to get the package included in Fedora if the tarball was split in two, with data files in a secondary tarball, and only the source code in the main one. It is really bad that it would prevent running %check, but without some clear information about origin of the data files it cannot be added (unless FE-LEGAL approves it).
Thank you Paulo for the detailed review. MD5 digest code will be replaced upstream for a different version. Regarding item 3, PPdepack encryption code is currently disabled in source but these sections can also be removed altogether. I'll check other issues with Dominik and see the best way to address them.
Spec URL: http://rathann.fedorapeople.org/review/libxmp.spec SRPM URL: http://rathann.fedorapeople.org/review/libxmp-4.1.4-1.fc20.src.rpm New upstream release: - md5.c had a bad license, I replaced it with a better implementation - removed the large regression test set completely (they're still checked before packaging and also in continuous integration, but the final distribution package has a simpler test) - removed the "ok" sample - removed decryption code from ppdepack (it was already commented out, so I just deleted the comment block). I addressed the comments about BuildRoot and licensing breakdown.
There are several embedded chunks for different kinds of decoders. License is clean and I am not aware of any possible patent problems (e.g. codecs) https://fedoraproject.org/wiki/Software_Patents The package only implements "historic" formats. I do not think I have enough authority to say it is ok for Fedora, I am almost sure it is, but lifting FE-LEGAL, now that it has been cleaned after removal of most of the test cases (and binary test input files) from the main tarball. Non legal issues below. The -devel package should have %{name}%{?_isa} = %{version}-%{release} instead of %{name} = %{version}-%{release} I believe the embedded "mini" gzip, xz, etc decoders are ok due to very small code and most of those do not have a related devel/runtime library anyway. Upstream may be interested on these: o The fnmatch implementation is linked in, but in the final library, the symbol used comes from glibc, maybe fnmatch.{c,h} belongs to src/win32 ? o Not sure if this warnings is generated on systems other than rawhide (4.8.0): gcc -c -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wall -Wno-unused-but-set-variable -Wno-unused-result -Wno-array-bounds -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_LIBM=1 -DHAVE_POPEN=1 -DHAVE_MKSTEMP=1 -DHAVE_FNMATCH=1 -D_REENTRANT -Iinclude -Isrc -fPIC -o src/loaders/emod_load.lo src/loaders/emod_load.c src/loaders/it_load.c: In function 'it_load': src/loaders/it_load.c:691:15: warning: iteration 108u invokes undefined behavior [-Waggressive-loop-optimizations] c = i1h.keys[25 + j * 2] - 1;
Nothing obvious stands out as a legal concern here. Lifting FE-Legal.
(In reply to Tom "spot" Callaway from comment #6) > Nothing obvious stands out as a legal concern here. Lifting FE-Legal. Thanks! The package is approved. Just do not forget to correct the -devel package to require %{name}%{?_isa} = %{version}-%{release}.
Thanks a lot for the review! New Package SCM Request ======================= Package Name: libxmp Short Description: Owners: rathann Branches: f19 InitialCC:
No description provided, please correct.
New Package SCM Request ======================= Package Name: libxmp Short Description: A multi-format module playback library Owners: rathann Branches: f19 InitialCC:
Git done (by process-git-requests).
Rawhide is imported, so awhat about f19?
libxmp-4.1.5-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/libxmp-4.1.5-1.fc19
libxmp-4.1.5-1.fc19 has been pushed to the Fedora 19 testing repository.
libxmp-4.1.5-1.fc19 has been pushed to the Fedora 19 stable repository.