Simplified spec using a Makefile. new links:
spec: http://leamas.fedorapeople.org/lpf/2/lpf.spec
srpm: http://leamas.fedorapeople.org/lpf/2/lpf-0-2.7df703a.fc18.src.rpm

Running fedora-review tool against rawhide. Manual review upcoming..

 $ fedora-review -m fedora-rawhide-x86_64 \
  --rpm-spec -n  lpf-0-2.7df703a.fc18.src.rpm


Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
=======
- Package contains BR: python2-devel or python3-devel
  See: http://fedoraproject.org/wiki/Packaging:Python#BuildRequires


===== MUST items =====

Generic:
[ ]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[ ]: Package contains no bundled libraries without FPC exception.
[ ]: Changelog in prescribed format.
[ ]: Sources contain only permissible code or content.
[ ]: Development files must be in a -devel package
[ ]: Package requires other packages for directories it uses.
[ ]: Package uses nothing in %doc for runtime.
[ ]: Package is not known to require ExcludeArch.
[ ]: Package complies to the Packaging Guidelines
[ ]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "Unknown or generated". 2 files have unknown license. Detailed output of
     licensecheck in /home/kashyap/rpmbuild/SRPMS/lpf/licensecheck.txt
[ ]: Package consistently uses macro is (instead of hard-coded directory
     names).
[ ]: Package is named according to the Package Naming Guidelines.
[ ]: Package does not generate any conflict.
[ ]: Package obeys FHS, except libexecdir and /usr/target.
[ ]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[ ]: Package must own all directories that it creates.
[ ]: Package does not own files or directories owned by other packages.
[ ]: Requires correct, justified where necessary.
[ ]: Spec file is legible and written in American English.
[ ]: Package contains systemd file(s) if in need.
[ ]: update-desktop-database is invoked when required
     Note: desktop file(s) in lpf
[ ]: gtk-update-icon-cache is invoked when required
     Note: icons in lpf
[ ]: Large documentation must go in a -doc subpackage.
     Note: Documentation size is 20480 bytes in 2 files.
[x]: All build dependencies are listed in BuildRequires, except for any that
     are listed in the exceptions section of Packaging Guidelines.
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Each %files section contains %defattr if rpm < 4.4
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package contains desktop file if it is a GUI application.
[x]: Package installs a %{name}.desktop using desktop-file-install if there is
     such a file.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Fully versioned dependency in subpackages, if present.
[x]: If (and only if) the source package includes the text of the license(s)
     in its own file, then that file, containing the text of the license(s)
     for the package is included in %doc.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
     in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local
[x]: Package successfully compiles and builds into binary rpms on at least one
     supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).

Python:
[ ]: Python eggs must not download any dependencies during the build process.
[ ]: A package which is used by another package via an egg interface should
     provide egg info.
[ ]: Package meets the Packaging Guidelines::Python
[x]: Binary eggs must be removed in %prep

===== SHOULD items =====

Generic:
[ ]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[ ]: Final provides and requires are sane (see attachments).
[ ]: Package functions as described.
[ ]: Latest version is packaged.
[ ]: Package does not include license text files separate from upstream.
[ ]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[ ]: Package should compile and build into binary rpms on all supported
     architectures.
[ ]: %check is present and all tests pass.
[ ]: Packages should try to preserve timestamps of original installed files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: Dist tag is present.
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: SourceX tarball generation or download is documented.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define.

===== EXTRA items =====

Generic:
[x]: Large data in /usr/share should live in a noarch subpackage if package is
     arched.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).


Rpmlint
-------
Checking: lpf-0-2.7df703a.fc20.noarch.rpm
lpf.noarch: W: spelling-error Summary(en_US) redistributable -> redistribute, redistribution, attributable
lpf.noarch: W: spelling-error %description -l en_US akmod -> Kodak
lpf.noarch: W: spelling-error %description -l en_US dkms -> dims, dams, DBMS
lpf.noarch: W: incoherent-version-in-changelog 0-1.c4bc5a2 ['0-2.7df703a.fc20', '0-2.7df703a']
lpf.noarch: W: non-standard-uid /var/lib/lpf/rpms pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/rpms pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/rpms 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/log pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/log pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/log 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/packages pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/packages pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/packages 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/approvals pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/approvals pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/approvals 0775L
lpf.noarch: W: no-manual-page-for-binary lpf
lpf.noarch: W: desktopfile-without-binary /usr/share/applications/lpf.desktop setsid
1 packages and 0 specfiles checked; 5 errors, 16 warnings.




Rpmlint (installed packages)
----------------------------
# rpmlint lpf
lpf.noarch: W: spelling-error Summary(en_US) redistributable -> redistribute, redistribution, attributable
lpf.noarch: W: spelling-error %description -l en_US akmod -> Kodak
lpf.noarch: W: spelling-error %description -l en_US dkms -> dims, dams, DBMS
lpf.noarch: W: incoherent-version-in-changelog 0-1.c4bc5a2 ['0-2.7df703a.fc20', '0-2.7df703a']
lpf.noarch: W: non-standard-uid /var/lib/lpf/rpms pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/rpms pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/rpms 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/log pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/log pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/log 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/packages pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/packages pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/packages 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/approvals pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/approvals pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/approvals 0775L
lpf.noarch: W: no-manual-page-for-binary lpf
1 packages and 0 specfiles checked; 5 errors, 15 warnings.
# echo 'rpmlint-done:'



Requires
--------
lpf (rpmlib, GLIBC filtered):
    /bin/bash
    /bin/sh
    /usr/bin/env
    config(lpf)
    hicolor-icon-theme
    rpm-build
    rpmdevtools
    shadow-utils
    sudo
    zenity



Provides
--------
lpf:
    config(lpf)
    lpf



Source checksums
----------------
https://github.com/leamas/lpf/archive/7df703a4ef0f9571415b4c2008910ea34410bd88/lpf-0-7df703a.tar.gz :
  CHECKSUM(SHA256) this package     : d7da96ea9624f9cd80fd7878fa9775129d8b8136de58d5634d126ed21c3c6c46
  CHECKSUM(SHA256) upstream package : d7da96ea9624f9cd80fd7878fa9775129d8b8136de58d5634d126ed21c3c6c46


Generated by fedora-review 0.4.1 (b2e211f) last change: 2013-04-29
Buildroot used: fedora-rawhide-x86_64
Command line :/usr/bin/fedora-review -m fedora-rawhide-x86_64 --rpm-spec -n lpf-0-2.7df703a.fc18.src.rpm

Before I proceed with manual review, we might need a comment from legal folks given the package description.

Added Tom Callaway to CC.

My judgment is  that this package as such is not problematic from legal point of view - it's just a tool simplifying the rpm build process similar in scope to e. g.,  rpmbuild. OTOH, I'm definitely not the lawyer here.

Upcoming  lpf-* packages is another issue. E. g., the blocked bug #973069, which I already have blocked on FE-Legal. Perhaps also the examples in this package could be problematic, but they could then just be excluded from the package.

If necessary, I could comment on the rpmlint output. However, my overall feeling is that the messages are harmless (admittedly, I could get rid of the last by writing a manpage, though).

Did some specfile nit-picking (mid-air collision), same links. Changelog:

* Thu Jun 13 2013 Alec Leamas <leamas@nowhere.net> - 0-3.3c3c216
- Added BR: python2-devel
- Simplified Source0 (https://fedorahosted.org/fpc/ticket/284)
- Using 2775 instead of 775 perms (https://fedorahosted.org/fpc/ticket/286)

New links:
spec: http://leamas.fedorapeople.org/lpf/3/lpf.spec
srpm: http://leamas.fedorapeople.org/lpf/3/lpf-0-3.4b9f706.fc18.src.rpm

Deadlock? If you need Tom's opinion on this, wouldn't it be better to block the bug on FE-Legal? If not, as I think, could we proceed?

Alec, thanks for the update.

Yes, made a FE-Legal blocker. (Sorry, I was occupied with other higher priority work, and didn't mean to ignore this review request.)

I don't think there is any reason not to permit the lpf tooling itself, but the examples might be problematic (along with any lpf helper "packages"). I'm going to have to discuss this scenario with Red Hat Legal before we can move anything forward.

The examples are silly and should be removed not only for legal reasons. They are needed upstream, but not in the package. My bad.

Tom: ping?

The tooling itself is not an issue. Any lpf examples/recipes/packages must be legally reviewed on a case-by-case basis to minimize risk. Lifting FE-Legal here, but please be sure to remove the examples before committing.

Thanks Tom, for your comment.

So, Alec, I assume you'd be providing updated SPEC/SRPM with the said examples elided (is that the right assumption?), so that this review can proceed further.

Tom: thanks!

Kashyap: new links:
spec: http://leamas.fedorapeople.org/lpf/3/lpf.spec
srpm: http://leamas.fedorapeople.org/lpf/3/lpf-0-3.46ae0c3.fc18.src.rpm

Changelog:
* Sun Jun 23 2013 Alec Leamas <leamas@nowhere.net> - 0-3.fe3defcf9
- Removed examples, added lpf spec template.

Manual Review in progress.

Koji scratch build successful:

$ koji build --scratch rawhide lpf-0-3.46ae0c3.fc18.src.rpm 
Uploading srpm: lpf-0-3.46ae0c3.fc18.src.rpm
[====================================] 100% 00:00:03 176.65 KiB  57.87 KiB/sec
Created task: 5581936
Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=5581936
Watching tasks (this may be safely interrupted)...
5581936 build (rawhide, lpf-0-3.46ae0c3.fc18.src.rpm): open (ppc12.phx2.fedoraproject.org)
  5581937 buildArch (lpf-0-3.46ae0c3.fc18.src.rpm, noarch): free
  5581937 buildArch (lpf-0-3.46ae0c3.fc18.src.rpm, noarch): free -> open (buildvm-07.phx2.fedoraproject.org)
  5581937 buildArch (lpf-0-3.46ae0c3.fc18.src.rpm, noarch): open (buildvm-07.phx2.fedoraproject.org) -> closed
  0 free  1 open  1 done  0 failed
5581936 build (rawhide, lpf-0-3.46ae0c3.fc18.src.rpm): open (ppc12.phx2.fedoraproject.org) -> closed
  0 free  0 open  2 done  0 failed

5581936 build (rawhide, lpf-0-3.46ae0c3.fc18.src.rpm) completed successfully

Manual Review
~~~~~~~~~~~~~

Mostly looks good, just a couple of things:

TL;DR: 

 
(1) Lincences

  Unknown or generated
  --------------------
  /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/build_error.py
  /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/update.py

(2) No %check?

(3) Rationale for the non-standard-dir-perm (from rpmlint errors)


===== MUST items =====

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Development files must be in a -devel package
[x]: Package requires other packages for directories it uses.
[x]: Package uses nothing in %doc for runtime.
[-]: Package is not known to require ExcludeArch.
[x]: Package complies to the Packaging Guidelines
[!]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses found:
     "Unknown or generated". 2 files have unknown license. Detailed output of
     licensecheck in /home/kashyap/rpmbuild/SRPMS/lpf/licensecheck.txt

[x]: Package consistently uses macro is (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: update-desktop-database is invoked when required
     Note: desktop file(s) in lpf
	- {No 'MimeType key' in lpf.desktop, that's fine}
[x]: gtk-update-icon-cache is invoked when required
     Note: icons in lpf
----------------
	- $ grep gtk-update srpm-unpacked/lpf.spec 
    /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
----------------
[-]: Large documentation must go in a -doc subpackage.

Python:
[-]: Python eggs must not download any dependencies during the build process.
[-]: A package which is used by another package via an egg interface should
     provide egg info.
[x]: Package meets the Packaging Guidelines::Python

===== SHOULD items =====

Generic:
[x]: If the source package does not include license text(s) as a separate file
     from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
	- {I didn't test the package extensively.}
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[x]: %check is present and all tests pass.
[-]: Packages should try to preserve timestamps of original installed files.




Rpmlint (installed packages)
----------------------------
# rpmlint lpf
lpf.noarch: W: spelling-error Summary(en_US) redistributable -> redistribute, redistribution, attributable
lpf.noarch: W: spelling-error %description -l en_US akmod -> Kodak
lpf.noarch: W: spelling-error %description -l en_US dkms -> dims, dams, DBMS
lpf.noarch: W: incoherent-version-in-changelog 0-1.c4bc5a2 ['0-2.7df703a.fc20', '0-2.7df703a']
lpf.noarch: W: non-standard-uid /var/lib/lpf/rpms pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/rpms pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/rpms 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/log pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/log pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/log 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/packages pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/packages pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/packages 0775L
lpf.noarch: W: non-standard-uid /var/lib/lpf/approvals pkg-build
lpf.noarch: W: non-standard-gid /var/lib/lpf/approvals pkg-build
lpf.noarch: E: non-standard-dir-perm /var/lib/lpf/approvals 0775L
lpf.noarch: W: no-manual-page-for-binary lpf
1 packages and 0 specfiles checked; 5 errors, 15 warnings.
# echo 'rpmlint-done:'

	- {Can you provide the rationale for the non-standard-dir-perm?}


Source checksums
----------------

Matches:

https://github.com/leamas/lpf/archive/46ae0c3b2791013a2b5b1d03137538b9bc906350/lpf-46ae0c3.tar.gz :
  CHECKSUM(SHA256) this package     : 9343f7c1b2b338d1873b77a77f1e67e69638016ee9a68a182a499d521abc222c
  CHECKSUM(SHA256) upstream package : 9343f7c1b2b338d1873b77a77f1e67e69638016ee9a68a182a499d521abc222c

(In reply to Kashyap Chamarthy from comment #14)
[cut]
> (1) Lincences
> 
>   Unknown or generated
>   --------------------
>  
> /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-
> 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/build_error.py
>  
> /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-
> 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/update.py
Even if these files are not marked properly, the overall  licensing situation for this package should be clear form the README and the LICENSE file IMHO. If you insist, I can patch the files.  However,  I've approved some packages myself containing files with these licenses since I havn't found anything in the guidelines which says I shouldn't in cases like this?!


> (2) No %check?
Unit tests are on the todo-list but yet not in place. Is %check required in the guidelines?


> (3) Rationale for the non-standard-dir-perm (from rpmlint errors)
Because user modifies files owned by the lpg user pkg-build using group permissions,  the 775 permissions is needed to allow this. There's some more in the README on this.

Just FYI I'll be on vacation (disconnected on a sailing yacht) from Thursday until some day in August yet to be defined :)

(In reply to Alec Leamas from comment #15)
> (In reply to Kashyap Chamarthy from comment #14)
> [cut]
> > (1) Lincences
> > 
> >   Unknown or generated
> >   --------------------
> >  
> > /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-
> > 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/build_error.py
> >  
> > /var/lib/mock/fedora-rawhide-x86_64/root/builddir/build/BUILD/lpf-
> > 46ae0c3b2791013a2b5b1d03137538b9bc906350/scripts/update.py
> Even if these files are not marked properly, the overall  licensing
> situation for this package should be clear form the README and the LICENSE
> file IMHO. If you insist, I can patch the files.  However,  I've approved
> some packages myself containing files with these licenses since I havn't
> found anything in the guidelines which says I shouldn't in cases like this?!

Ok, ACK, I'm not rigid here.

> 
> 
> > (2) No %check?
> Unit tests are on the todo-list but yet not in place. Is %check required in
> the guidelines?

Well, not mandatory. Once you have them, you can update the spec.
> 
> 
> > (3) Rationale for the non-standard-dir-perm (from rpmlint errors)
> Because user modifies files owned by the lpg user pkg-build using group
> permissions,  the 775 permissions is needed to allow this. There's some more
> in the README on this.

ACK.

APPROVED.

(Sorry for the delay.)

Cristopher:  still on holiday, back in August (date to ber defined).

Just as a clarification, I don't plan to actually import this until a actual lpf package is approved. Currently, I'm working with lpf-spotify-client. If someone else is interested of this package I'll import it asap, though.

New Package SCM Request
=======================
Package Name: lpf
Short Description: Local package factory - build non-redistributable rpms
Owners: leamas
Branches: f19 f20
InitialCC:

Git done (by process-git-requests).

lpf-0-8.ff50a5b.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/lpf-0-8.ff50a5b.fc20

lpf-0-8.ff50a5b.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/lpf-0-8.ff50a5b.fc19

lpf-0-8.ff50a5b.fc20 has been pushed to the Fedora 20 testing repository.

lpf-0-8.ff50a5b.fc20 has been pushed to the Fedora 20 stable repository.

lpf-0-9.b40e846.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/lpf-0-9.b40e846.fc19

Per fpc decision in ticket 362 lpf-spotify-client should be moved to a more appropriate repository. The package is retired.

lpf-0-10.d18db6d.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/lpf-0-10.d18db6d.fc19

lpf-0-10.d18db6d.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Package Change Request
======================
Package Name: lpf
New Branches: el6
Owners: slaanesh
InitialCC: slaanesh

Git done (by process-git-requests).