Spec URL: http://leamas.fedorapeople.org/lpf/0.1/lpf.spec SRPM URL: http://leamas.fedorapeople.org/lpf/0.1/lpf-0-1.34b6fab.fc18.src.rpm Description: lpf (Local Package Build System) is designed to handle two separate problems: - Packages built from sources which does not allow redistribution. - Packages requiring user to accept EULA-like terms. It works by downloading sources, possibly requiring a user to accept license terms and then building and installing rpm package(s) locally. Besides being interactive the operation is similar to akmod and dkms Fedora Account System Username: leamas
Simplified spec using a Makefile. new links: spec: http://leamas.fedorapeople.org/lpf/2/lpf.spec srpm: http://leamas.fedorapeople.org/lpf/2/lpf-0-2.7df703a.fc18.src.rpm
Running fedora-review tool against rawhide. Manual review upcoming.. $ fedora-review -m fedora-rawhide-x86_64 \ --rpm-spec -n lpf-0-2.7df703a.fc18.src.rpm Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Package contains BR: python2-devel or python3-devel See: http://fedoraproject.org/wiki/Packaging:Python#BuildRequires ===== MUST items ===== Generic: [ ]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [ ]: Package contains no bundled libraries without FPC exception. [ ]: Changelog in prescribed format. [ ]: Sources contain only permissible code or content. [ ]: Development files must be in a -devel package [ ]: Package requires other packages for directories it uses. [ ]: Package uses nothing in %doc for runtime. [ ]: Package is not known to require ExcludeArch. [ ]: Package complies to the Packaging Guidelines [ ]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 2 files have unknown license. Detailed output of licensecheck in /home/kashyap/rpmbuild/SRPMS/lpf/licensecheck.txt [ ]: Package consistently uses macro is (instead of hard-coded directory names). [ ]: Package is named according to the Package Naming Guidelines. [ ]: Package does not generate any conflict. [ ]: Package obeys FHS, except libexecdir and /usr/target. [ ]: If the package is a rename of another package, proper Obsoletes and Provides are present. [ ]: Package must own all directories that it creates. [ ]: Package does not own files or directories owned by other packages. [ ]: Requires correct, justified where necessary. [ ]: Spec file is legible and written in American English. [ ]: Package contains systemd file(s) if in need. [ ]: update-desktop-database is invoked when required Note: desktop file(s) in lpf [ ]: gtk-update-icon-cache is invoked when required Note: icons in lpf [ ]: Large documentation must go in a -doc subpackage. Note: Documentation size is 20480 bytes in 2 files. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Each %files section contains %defattr if rpm < 4.4 [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package contains desktop file if it is a GUI application. [x]: Package installs a %{name}.desktop using desktop-file-install if there is such a file. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Fully versioned dependency in subpackages, if present. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package do not use a name that already exist [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). Python: [ ]: Python eggs must not download any dependencies during the build process. [ ]: A package which is used by another package via an egg interface should provide egg info. [ ]: Package meets the Packaging Guidelines::Python [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [ ]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [ ]: Final provides and requires are sane (see attachments). [ ]: Package functions as described. [ ]: Latest version is packaged. [ ]: Package does not include license text files separate from upstream. [ ]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [ ]: Package should compile and build into binary rpms on all supported architectures. [ ]: %check is present and all tests pass. [ ]: Packages should try to preserve timestamps of original installed files. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: Dist tag is present. [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SourceX tarball generation or download is documented. [x]: SourceX is a working URL. [x]: Spec use %global instead of %define. ===== EXTRA items ===== Generic: [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). Rpmlint ------- Checking: lpf-0-2.7df703a.fc20.noarch.rpm lpf.noarch: W: spelling-error Summary(en_US) redistributable -> redistribute, redistribution, attributable lpf.noarch: W: spelling-error %description -l en_US akmod -> Kodak lpf.noarch: W: spelling-error %description -l en_US dkms -> dims, dams, DBMS lpf.noarch: W: incoherent-version-in-changelog 0-1.c4bc5a2 ['0-2.7df703a.fc20', '0-2.7df703a'] lpf.noarch: W: non-standard-uid /var/lib/lpf/rpms pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/rpms pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/rpms 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/log pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/log pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/log 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/packages pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/packages pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/packages 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/approvals pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/approvals pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/approvals 0775L lpf.noarch: W: no-manual-page-for-binary lpf lpf.noarch: W: desktopfile-without-binary /usr/share/applications/lpf.desktop setsid 1 packages and 0 specfiles checked; 5 errors, 16 warnings. Rpmlint (installed packages) ---------------------------- # rpmlint lpf lpf.noarch: W: spelling-error Summary(en_US) redistributable -> redistribute, redistribution, attributable lpf.noarch: W: spelling-error %description -l en_US akmod -> Kodak lpf.noarch: W: spelling-error %description -l en_US dkms -> dims, dams, DBMS lpf.noarch: W: incoherent-version-in-changelog 0-1.c4bc5a2 ['0-2.7df703a.fc20', '0-2.7df703a'] lpf.noarch: W: non-standard-uid /var/lib/lpf/rpms pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/rpms pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/rpms 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/log pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/log pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/log 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/packages pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/packages pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/packages 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/approvals pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/approvals pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/approvals 0775L lpf.noarch: W: no-manual-page-for-binary lpf 1 packages and 0 specfiles checked; 5 errors, 15 warnings. # echo 'rpmlint-done:' Requires -------- lpf (rpmlib, GLIBC filtered): /bin/bash /bin/sh /usr/bin/env config(lpf) hicolor-icon-theme rpm-build rpmdevtools shadow-utils sudo zenity Provides -------- lpf: config(lpf) lpf Source checksums ---------------- https://github.com/leamas/lpf/archive/7df703a4ef0f9571415b4c2008910ea34410bd88/lpf-0-7df703a.tar.gz : CHECKSUM(SHA256) this package : d7da96ea9624f9cd80fd7878fa9775129d8b8136de58d5634d126ed21c3c6c46 CHECKSUM(SHA256) upstream package : d7da96ea9624f9cd80fd7878fa9775129d8b8136de58d5634d126ed21c3c6c46 Generated by fedora-review 0.4.1 (b2e211f) last change: 2013-04-29 Buildroot used: fedora-rawhide-x86_64 Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 --rpm-spec -n lpf-0-2.7df703a.fc18.src.rpm
Before I proceed with manual review, we might need a comment from legal folks given the package description. Added Tom Callaway to CC.
My judgment is that this package as such is not problematic from legal point of view - it's just a tool simplifying the rpm build process similar in scope to e. g., rpmbuild. OTOH, I'm definitely not the lawyer here. Upcoming lpf-* packages is another issue. E. g., the blocked bug #973069, which I already have blocked on FE-Legal. Perhaps also the examples in this package could be problematic, but they could then just be excluded from the package. If necessary, I could comment on the rpmlint output. However, my overall feeling is that the messages are harmless (admittedly, I could get rid of the last by writing a manpage, though). Did some specfile nit-picking (mid-air collision), same links. Changelog: * Thu Jun 13 2013 Alec Leamas <leamas> - 0-3.3c3c216 - Added BR: python2-devel - Simplified Source0 (https://fedorahosted.org/fpc/ticket/284) - Using 2775 instead of 775 perms (https://fedorahosted.org/fpc/ticket/286) New links: spec: http://leamas.fedorapeople.org/lpf/3/lpf.spec srpm: http://leamas.fedorapeople.org/lpf/3/lpf-0-3.4b9f706.fc18.src.rpm
Deadlock? If you need Tom's opinion on this, wouldn't it be better to block the bug on FE-Legal? If not, as I think, could we proceed?
Alec, thanks for the update. Yes, made a FE-Legal blocker. (Sorry, I was occupied with other higher priority work, and didn't mean to ignore this review request.)
I don't think there is any reason not to permit the lpf tooling itself, but the examples might be problematic (along with any lpf helper "packages"). I'm going to have to discuss this scenario with Red Hat Legal before we can move anything forward.
The examples are silly and should be removed not only for legal reasons. They are needed upstream, but not in the package. My bad.
Tom: ping?
The tooling itself is not an issue. Any lpf examples/recipes/packages must be legally reviewed on a case-by-case basis to minimize risk. Lifting FE-Legal here, but please be sure to remove the examples before committing.
Thanks Tom, for your comment. So, Alec, I assume you'd be providing updated SPEC/SRPM with the said examples elided (is that the right assumption?), so that this review can proceed further.
Tom: thanks! Kashyap: new links: spec: http://leamas.fedorapeople.org/lpf/3/lpf.spec srpm: http://leamas.fedorapeople.org/lpf/3/lpf-0-3.46ae0c3.fc18.src.rpm Changelog: * Sun Jun 23 2013 Alec Leamas <leamas> - 0-3.fe3defcf9 - Removed examples, added lpf spec template.
Manual Review in progress. Koji scratch build successful: $ koji build --scratch rawhide lpf-0-3.46ae0c3.fc18.src.rpm Uploading srpm: lpf-0-3.46ae0c3.fc18.src.rpm [====================================] 100% 00:00:03 176.65 KiB 57.87 KiB/sec Created task: 5581936 Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=5581936 Watching tasks (this may be safely interrupted)... 5581936 build (rawhide, lpf-0-3.46ae0c3.fc18.src.rpm): open (ppc12.phx2.fedoraproject.org) 5581937 buildArch (lpf-0-3.46ae0c3.fc18.src.rpm, noarch): free 5581937 buildArch (lpf-0-3.46ae0c3.fc18.src.rpm, noarch): free -> open (buildvm-07.phx2.fedoraproject.org) 5581937 buildArch (lpf-0-3.46ae0c3.fc18.src.rpm, noarch): open (buildvm-07.phx2.fedoraproject.org) -> closed 0 free 1 open 1 done 0 failed 5581936 build (rawhide, lpf-0-3.46ae0c3.fc18.src.rpm): open (ppc12.phx2.fedoraproject.org) -> closed 0 free 0 open 2 done 0 failed 5581936 build (rawhide, lpf-0-3.46ae0c3.fc18.src.rpm) completed successfully
Manual Review ~~~~~~~~~~~~~ Mostly looks good, just a couple of things: TL;DR: (1) Lincences Unknown or generated -------------------- /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/build_error.py /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/update.py (2) No %check? (3) Rationale for the non-standard-dir-perm (from rpmlint errors) ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Development files must be in a -devel package [x]: Package requires other packages for directories it uses. [x]: Package uses nothing in %doc for runtime. [-]: Package is not known to require ExcludeArch. [x]: Package complies to the Packaging Guidelines [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 2 files have unknown license. Detailed output of licensecheck in /home/kashyap/rpmbuild/SRPMS/lpf/licensecheck.txt [x]: Package consistently uses macro is (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: update-desktop-database is invoked when required Note: desktop file(s) in lpf - {No 'MimeType key' in lpf.desktop, that's fine} [x]: gtk-update-icon-cache is invoked when required Note: icons in lpf ---------------- - $ grep gtk-update srpm-unpacked/lpf.spec /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : ---------------- [-]: Large documentation must go in a -doc subpackage. Python: [-]: Python eggs must not download any dependencies during the build process. [-]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python ===== SHOULD items ===== Generic: [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. - {I didn't test the package extensively.} [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [-]: Packages should try to preserve timestamps of original installed files. Rpmlint (installed packages) ---------------------------- # rpmlint lpf lpf.noarch: W: spelling-error Summary(en_US) redistributable -> redistribute, redistribution, attributable lpf.noarch: W: spelling-error %description -l en_US akmod -> Kodak lpf.noarch: W: spelling-error %description -l en_US dkms -> dims, dams, DBMS lpf.noarch: W: incoherent-version-in-changelog 0-1.c4bc5a2 ['0-2.7df703a.fc20', '0-2.7df703a'] lpf.noarch: W: non-standard-uid /var/lib/lpf/rpms pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/rpms pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/rpms 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/log pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/log pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/log 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/packages pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/packages pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/packages 0775L lpf.noarch: W: non-standard-uid /var/lib/lpf/approvals pkg-build lpf.noarch: W: non-standard-gid /var/lib/lpf/approvals pkg-build lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/approvals 0775L lpf.noarch: W: no-manual-page-for-binary lpf 1 packages and 0 specfiles checked; 5 errors, 15 warnings. # echo 'rpmlint-done:' - {Can you provide the rationale for the non-standard-dir-perm?} Source checksums ---------------- Matches: https://github.com/leamas/lpf/archive/46ae0c3b2791013a2b5b1d03137538b9bc906350/lpf-46ae0c3.tar.gz : CHECKSUM(SHA256) this package : 9343f7c1b2b338d1873b77a77f1e67e69638016ee9a68a182a499d521abc222c CHECKSUM(SHA256) upstream package : 9343f7c1b2b338d1873b77a77f1e67e69638016ee9a68a182a499d521abc222c
(In reply to Kashyap Chamarthy from comment #14) [cut] > (1) Lincences > > Unknown or generated > -------------------- > > /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf- > 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/build_error.py > > /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf- > 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/update.py Even if these files are not marked properly, the overall licensing situation for this package should be clear form the README and the LICENSE file IMHO. If you insist, I can patch the files. However, I've approved some packages myself containing files with these licenses since I havn't found anything in the guidelines which says I shouldn't in cases like this?! > (2) No %check? Unit tests are on the todo-list but yet not in place. Is %check required in the guidelines? > (3) Rationale for the non-standard-dir-perm (from rpmlint errors) Because user modifies files owned by the lpg user pkg-build using group permissions, the 775 permissions is needed to allow this. There's some more in the README on this.
Just FYI I'll be on vacation (disconnected on a sailing yacht) from Thursday until some day in August yet to be defined :)
(In reply to Alec Leamas from comment #15) > (In reply to Kashyap Chamarthy from comment #14) > [cut] > > (1) Lincences > > > > Unknown or generated > > -------------------- > > > > /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf- > > 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/build_error.py > > > > /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf- > > 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/update.py > Even if these files are not marked properly, the overall licensing > situation for this package should be clear form the README and the LICENSE > file IMHO. If you insist, I can patch the files. However, I've approved > some packages myself containing files with these licenses since I havn't > found anything in the guidelines which says I shouldn't in cases like this?! Ok, ACK, I'm not rigid here. > > > > (2) No %check? > Unit tests are on the todo-list but yet not in place. Is %check required in > the guidelines? Well, not mandatory. Once you have them, you can update the spec. > > > > (3) Rationale for the non-standard-dir-perm (from rpmlint errors) > Because user modifies files owned by the lpg user pkg-build using group > permissions, the 775 permissions is needed to allow this. There's some more > in the README on this. ACK. APPROVED. (Sorry for the delay.)
Cristopher: still on holiday, back in August (date to ber defined).
Just as a clarification, I don't plan to actually import this until a actual lpf package is approved. Currently, I'm working with lpf-spotify-client. If someone else is interested of this package I'll import it asap, though.
New Package SCM Request ======================= Package Name: lpf Short Description: Local package factory - build non-redistributable rpms Owners: leamas Branches: f19 f20 InitialCC:
Git done (by process-git-requests).
lpf-0-8.ff50a5b.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/lpf-0-8.ff50a5b.fc20
lpf-0-8.ff50a5b.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/lpf-0-8.ff50a5b.fc19
lpf-0-8.ff50a5b.fc20 has been pushed to the Fedora 20 testing repository.
lpf-0-8.ff50a5b.fc20 has been pushed to the Fedora 20 stable repository.
lpf-0-9.b40e846.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/lpf-0-9.b40e846.fc19
Per fpc decision in ticket 362 lpf-spotify-client should be moved to a more appropriate repository. The package is retired.
lpf-0-10.d18db6d.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/lpf-0-10.d18db6d.fc19
lpf-0-10.d18db6d.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Package Change Request ====================== Package Name: lpf New Branches: el6 Owners: slaanesh InitialCC: slaanesh