Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=806677 --- Comment #2 from Juan Hernández <juan.hernandez@xxxxxxxxxx> 2012-03-26 12:32:37 EDT --- Package Review ============== Key: - = N/A x = Check ! = Problem ? = Not evaluated === REQUIRED ITEMS === [!] Rpmlint output: Output of rpmlint of the source package: $ rpmlint jboss-web-7.0.13-1.fc18.src.rpm jboss-web.src: E: description-line-too-long C JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat. jboss-web.src: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden jboss-web.src:60: W: macro-in-comment %{_javadocdir} jboss-web.src:60: W: macro-in-comment %{name} jboss-web.src:61: W: macro-in-comment %{_javadocdir} jboss-web.src:61: W: macro-in-comment %{name} jboss-web.src: W: invalid-url Source0: jboss-web-7.0.13.Final.tar.xz 1 packages and 0 specfiles checked; 1 errors, 6 warnings. Output of rpmlint of the binary packages: $ rpmlint jboss-web-7.0.13-1.fc18.noarch.rpm jboss-web-doc-7.0.13-1.fc18.noarch.rpm jboss-web.noarch: E: description-line-too-long C JBoss Web Server is an enterprise ready web server designed for medium and large applications, based on Tomcat. jboss-web.noarch: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden jboss-web-doc.noarch: W: invalid-url URL: http://www.jboss.org/jbossweb HTTP Error 403: Forbidden 2 packages and 0 specfiles checked; 1 errors, 2 warnings. URL warnings are acceptable. [x] Package is named according to the Package Naming Guidelines[1]. [x] Spec file name must match the base package name, in the format %{name}.spec. [x] Package meets the Packaging Guidelines[2]. [x] Package successfully compiles and builds into binary rpms. Koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3933281 [x] Buildroot definition is not present [!] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4]. Some of the source files state in their license header that they are covered by "CDDL or GPLv2+ or ASL 2.0", which are known to be imcompatible. This affects most of the files in the java/javax directory. See for example the file "java/javax/servlet/ServletContextListener.java". [!] License field in the package spec file matches the actual license. The license in the spec file is "LGPLv3+" but the package contains files with a mix of licenses. Some examples: LGPLv2.1+: java/org/jboss/servlet/http/HttpEventFilterChain.java LGPLv2+: java/org/jboss/web/php/PhpThread.java ASL 2.0: java/org/apache/jasper/* LGPLv2.1+ or ASL 2.0: java/org/apache/naming/resources/ProxyDirContext.java MIT: java/org/apache/tomcat/util/json/JSONTokener.java CDDL or LGPLv2+: java/javax/servlet/ServletContainerInitializer.java [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x] All independent sub-packages have license of their own [x] Spec file is legible and written in American English. [x] Sources used to build the package matches the upstream source, as provided in the spec URL. Checked using a recursive diff of the sources, which gives output like this: diff --recursive --unified t/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java t2/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java --- t/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2011-10-11 17:29:56.000000000 +0200 +++ t2/jboss-web-7.0.13.Final/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2011-10-11 17:29:56.818919000 +0200 @@ -70,7 +70,7 @@ * requests. Requests of any other type will simply be passed * through. * * @author Craig R. McClanahan - * @version $Revision: 1848 $ $Date: 2011-10-11 11:29:56 -0400 (Tue, 11 Oct 2011) $ + * @version $Revision: 1848 $ $Date: 2011-10-11 17:29:56 +0200 (Tue, 11 Oct 2011) $ */ These differences are acceptable, as they appear due to distinct time zones and subversion quirks. [x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5]. [x] Package must own all directories that it creates or must require other packages for directories it uses. [x] Package does not contain duplicates in %files. [x] File sections do not contain %defattr(-,root,root,-) unless changed with good reason [x] Permissions on files are set properly. [x] Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore) [x] Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing) [x] Package contains code, or permissable content. [-] Fully versioned dependency in subpackages, if present. [-] Package contains a properly installed %{name}.desktop file if it is a GUI application. [-] Package does not own files or directories owned by other packages. [!] Javadoc documentation files are generated and included in -javadoc subpackage [!] Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks) No javadoc is generated. [x] Packages have proper BuildRequires/Requires on jpackage-utils [-] Javadoc subpackages have Require: jpackage-utils [x] Package uses %global not %define [x] If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...) [x] If source tarball includes bundled jar/class files these need to be removed prior to building [x] All filenames in rpm packages must be valid UTF-8. [x] Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details) [x] If package contains pom.xml files install it (including depmaps) even when building with ant [x] pom files has correct add_maven_depmap === Maven === [x] Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms [-] If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment [-] If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment [x] Package DOES NOT use %update_maven_depmap in %post/%postun [x] Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro === Other suggestions === [x] If possible use upstream build method (maven/ant/javac) [x] Avoid having BuildRequires on exact NVR unless necessary [x] Package has BuildArch: noarch (if possible) [x] Latest version is packaged. [x] Reviewer should test that the package builds in mock. Tested on: http://koji.fedoraproject.org/koji/taskinfo?taskID=3933281 === Issues === 1. Description line is too long, please make it shorter than 79 characters. 2. Macros in comments, please remove them. 3. Several license issues, see above. 4. No javadocs. === Final Notes === My suggestion to move forward: 1. Contact upstream developers and inform them of the licensing issues, specially for the files stating several incompatible licenses. Contact legal@xxxxxxxxxxxxxxxxxxxxxxx for assistance. 2. Remove macros from comments (this is not strictly required). 3. As the licensing of the content in the "java/javax" is problematic you may want to replace it with dependencies on packages providing the same content. In this particular case that content can be obtained from the following packages (already in rawhide): jboss-annotations-1.1-api jboss-el-2.2-api jboss-jsp-2.1-api jboss-servlet-3.0-api You could add those to BuildRequires and Requires. Then in the %setup section you can remove the "java/javax" directory and replace it with links in the "lib" directory: %setup # Remove all the javax classes, as they should come from other packages: rm -rf java/javax ln -s $(build-classpath jboss-annotations-1.1-api) lib ln -s $(build-classpath jboss-el-2.2-api) lib ln -s $(build-classpath jboss-jsp-2.2-api) lib ln -s $(build-classpath jboss-servlet-3.0-api) lib If you do this you will need to add the dependencies to the POM file as well. This also reduces the number of different implementations of "javax" things that we have in Fedora. I would even suggest to remove that "java/javax" directory from the source tarball. Once the license issues are cleared with upstream and legal we can check what is the right license type. 4. In order to generate the javadoc you could add a new source file: Source2: build-javadoc.xml With the following content: <project name="javadoc" default="build"> <target name="build"> <mkdir dir="apidocs" /> <javadoc destdir="apidocs"> <fileset dir="java"/> </javadoc> </target> </project> Then in the spec you can add the following: %setup cp %{SOURCE2} . %build ant -f build-javadoc.xml %install install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name} cp -rp apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name} -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review