Spec URL: http://in.waw.pl/~zbyszek/fedora/archlinux-keyring.spec SRPM URL: http://in.waw.pl/~zbyszek/fedora/archlinux-keyring-20130818-1.src.rpm Description: A set of GPG keys used to sign packages in the Arch distribution, which can be used to verify that downloaded Arch packages are valid. This package will be useful during installation of Arch in a container: see #998125 and #998127 for explanation and instructions. Fedora Account System Username: zbyszek koji f20: http://koji.fedoraproject.org/koji/taskinfo?taskID=5830904 koji f19: http://koji.fedoraproject.org/koji/taskinfo?taskID=5830909 License: I've put "Public Domain" for now, since this is just a bunch of GPG keys, but I've asked upstream for clarification.
Don't use hardcoded paths: PREFIX=/usr has to be PREFIX=%{_prefix} %dir %{_datadir}/pacman is already owned by the pacman package. Drop this line from the file list and add pacman to the runtime requirements.
(In reply to Mario Blättermann from comment #1) Thank you for the speedy review! > Don't use hardcoded paths: > PREFIX=/usr > has to be > PREFIX=%{_prefix} Fixed. > %dir %{_datadir}/pacman > is already owned by the pacman package. Drop this line from the file list > and add pacman to the runtime requirements. Hm, I don't like this. This package can be usable without pacman (it's just a list of maintainer keys, so e.g. somebody could use it as a handy source of keys for mailing purposes or whatever), and adding a dep on pacman would also pull in libalpm, which just doens't seem worth it. I think they can co-own the directory without trouble. Spec URL: http://in.waw.pl/~zbyszek/fedora/archlinux-keyring.spec SRPM URL: http://in.waw.pl/~zbyszek/fedora/archlinux-keyring-20130818-1.src.rpm Git: http://in.waw.pl/git/fedora-archlinux-keyring
(In reply to Zbigniew Jędrzejewski-Szmek from comment #2) > (In reply to Mario Blättermann from comment #1) > > %dir %{_datadir}/pacman > > is already owned by the pacman package. Drop this line from the file list > > and add pacman to the runtime requirements. > Hm, I don't like this. This package can be usable without pacman (it's just > a list of maintainer keys, so e.g. somebody could use it as a handy source > of keys for mailing purposes or whatever), and adding a dep on pacman would > also pull in libalpm, which just doens't seem worth it. I think they can > co-own the directory without trouble. I agree with you, your package doesn't need pacman really. But I'm not a friend of co-ownerships in general. Well, in some cases it works without trouble over the years, for example in gtk-doc. In this early state of the Archlinux stack, we have another possible solution: For your pacman package, create a -filesystem subpackage which contains the appropriate folder (%{_datadir}/pacman) and perhaps some other folders. Then let pull the pacman-filesystem package as a runtime requirement by archlinux-keyring. This is a painless way to avoid unneeded co-ownerships. A few other packages go the same way, such as boost-filesystem, kde-filesystem and many more.
(In reply to Mario Blättermann from comment #3) > In this early state of the > Archlinux stack, we have another possible solution: For your pacman package, > create a -filesystem subpackage which contains the appropriate folder > (%{_datadir}/pacman) and perhaps some other folders. Then let pull the > pacman-filesystem package as a runtime requirement by archlinux-keyring. Done: http://in.waw.pl/git/fedora-pacman/commitdiff/24768d7cdb http://in.waw.pl/git/fedora-archlinux-keyring/commitdiff/51326b02 spec and srpms have been updated.
$ rpmlint -i -v * archlinux-keyring.src: I: checking archlinux-keyring.src: W: no-url-tag The URL tag is missing. archlinux-keyring.src: W: non-coherent-filename archlinux-keyring-20130818-1.src.rpm archlinux-keyring-20130818-1.fc19.src.rpm The file which contains the package should be named <NAME>-<VERSION>-<RELEASE>.<ARCH>.rpm. archlinux-keyring.src: W: no-%build-section The spec file does not contain a %build section. Even if some packages don't directly need it, section markers may be overridden in rpm's configuration to provide additional "under the hood" functionality, such as injection of automatic -debuginfo subpackages. Add the section, even if empty. archlinux-keyring.src: I: checking-url https://projects.archlinux.org/archlinux-keyring.git/snapshot/archlinux-keyring-20130818.tar.gz (timeout 10 seconds) archlinux-keyring.spec: W: no-%build-section The spec file does not contain a %build section. Even if some packages don't directly need it, section markers may be overridden in rpm's configuration to provide additional "under the hood" functionality, such as injection of automatic -debuginfo subpackages. Add the section, even if empty. archlinux-keyring.spec: I: checking-url https://projects.archlinux.org/archlinux-keyring.git/snapshot/archlinux-keyring-20130818.tar.gz (timeout 10 seconds) 1 packages and 1 specfiles checked; 0 errors, 4 warnings. Please add an URL tag (https://projects.archlinux.org/archlinux-keyring.git/) and an empty %build section. I don't know how it can happen that you get a srpm filename in that form. If I run "rpmbuild -bs foo.spec", the fc19 tag always will be added. This tag is the expanded value of %{dist}.
(In reply to Mario Blättermann from comment #5) > Please add an URL tag > (https://projects.archlinux.org/archlinux-keyring.git/) and an empty %build > section. Done. > I don't know how it can happen that you get a srpm filename in that form. If > I run "rpmbuild -bs foo.spec", the fc19 tag always will be added. This tag > is the expanded value of %{dist}. Oh, I uploaded an srpm with the correct name, and made a symlink from the old name to the new name. I didn't know that the name matters. New spec: http://in.waw.pl/~zbyszek/fedora/archlinux-keyring.spec New srpm: http://in.waw.pl/~zbyszek/fedora/archlinux-keyring-20130818-2.fc19.src.rpm
URL should stay above the Source0. Also if you can, please change it to source0.
(In reply to Christopher Meng from comment #7) > URL should stay above the Source0. > It's widely used and proposed by most templates, but the placement is not critical. > Also if you can, please change it to source0. Also widely used, but also not that important. Well, it is useful when adding extra sources in the future, so they can be named appropriately. See http://fedoraproject.org/wiki/How_to_create_an_RPM_package#eject for an example with "Source" and URL not above the source link. Scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=5853428 $ rpmlint -i -v *archlinux-keyring.src: I: checking archlinux-keyring.src: I: checking-url https://projects.archlinux.org/archlinux-keyring.git/ (timeout 10 seconds) archlinux-keyring.src: I: checking-url https://projects.archlinux.org/archlinux-keyring.git/snapshot/archlinux-keyring-20130818.tar.gz (timeout 10 seconds) archlinux-keyring.noarch: I: checking archlinux-keyring.noarch: I: checking-url https://projects.archlinux.org/archlinux-keyring.git/ (timeout 10 seconds) archlinux-keyring.noarch: W: no-documentation The package contains no documentation (README, doc, etc). You have to include documentation files. archlinux-keyring.spec: I: checking-url https://projects.archlinux.org/archlinux-keyring.git/snapshot/archlinux-keyring-20130818.tar.gz (timeout 10 seconds) 2 packages and 1 specfiles checked; 0 errors, 1 warnings. Nothing of interest so far. --------------------------------- key: [+] OK [.] OK, not applicable [X] needs work --------------------------------- [+] MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review. [+] MUST: The package must be named according to the Package Naming Guidelines. [+] MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [+] MUST: The package must meet the Packaging Guidelines. [+] MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines. [+] MUST: The License field in the package spec file must match the actual license. Public Domain [.] MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. [+] MUST: The spec file must be written in American English. [+] MUST: The spec file for the package MUST be legible. [+] MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. $ sha256sum * f6325c3fc5f819a4f53de38bb19f95091424862e0f7694103630387caa37d940 archlinux-keyring-20130818.tar.gz f6325c3fc5f819a4f53de38bb19f95091424862e0f7694103630387caa37d940 archlinux-keyring-20130818.tar.gz.orig [+] MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [.] MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [.] MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. [.] MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. [.] MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [.] MUST: Packages must NOT bundle copies of system libraries. [.] MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [+] MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [.] MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations) [+] MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. [+] MUST: Each package must consistently use macros. [+] MUST: The package must contain code, or permissable content. [.] MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). [+] MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [.] MUST: Static libraries must be in a -static package. [.] MUST: Development files must be in a -devel package. [.] MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} [.] MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. [.] MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [+] MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [+] MUST: All filenames in rpm packages must be valid UTF-8. [.] SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [.] SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. [+] SHOULD: The reviewer should test that the package builds in mock. See Koji build above (which uses Mock anyway). [+] SHOULD: The package should compile and build into binary rpms on all supported architectures. [.] SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. [.] SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. [.] SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. [.] SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. [.] SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. [.] SHOULD: your package should contain man pages for binaries/scripts. If it doesn't, work with upstream to add them where they make sense. ---------------- PACKAGE APPROVED ----------------
(In reply to Christopher Meng from comment #7) > URL should stay above the Source0. > > Also if you can, please change it to source0. Updated. (In reply to Mario Blättermann from comment #8) > PACKAGE APPROVED Thank you for the review.
New Package SCM Request ======================= Package Name: pacman Short Description: Package manager for the Arch distribution Owners: zbyszek Branches: f19 f20 InitialCC: peter mariobl cicku
New Package SCM Request ======================= Package Name: archlinux-keyring Short Description: GPG keys used by Arch distribution to sign packages Owners: zbyszek Branches: f19 f20 InitialCC: peter mariobl cicku
Complete.
archlinux-keyring-20130818-2.fc19,arch-install-scripts-11-2.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/archlinux-keyring-20130818-2.fc19,arch-install-scripts-11-2.fc19
archlinux-keyring-20130818-2.fc19, arch-install-scripts-11-2.fc19 has been pushed to the Fedora 19 testing repository.
archlinux-keyring-20130818-2.fc19, arch-install-scripts-11-2.fc19 has been pushed to the Fedora 19 stable repository.