[Bug 1186889] Review Request: geoipupdate - Update GeoIP2 and GeoIP Legacy binary databases from MaxMind

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1186889



--- Comment #15 from Philip Prindeville <philipp@xxxxxxxxxxxxxxxxxxxxx> ---
(In reply to Zbigniew Jędrzejewski-Szmek from comment #13)
> - Add %config(noreplace) to the cron tab file.
> - Add Requires: crontabs.

Done.

> ===== MUST items =====
> 
> C/C++:
> [x]: Package does not contain kernel modules.
> [x]: Package contains no static executables.
> [x]: Package does not contain any libtool archives (.la)
> [x]: Rpath absent or only used for internal libs.
> 
> Generic:
> [?]: Package is licensed with an open-source compatible license and meets
>      other legal requirements as defined in the legal section of Packaging
>      Guidelines.
> I cannot find the license statement anywhere.

There's a LICENSE file on github that somehow didn't make it into the release
tarball.

> [?]: If (and only if) the source package includes the text of the license(s)
>      in its own file, then that file, containing the text of the license(s)
>      for the package is included in %doc.
> Please ask upstream to include a license file and add a link to the bug
> report in the spec file.

Done.

> [x]: License field in the package spec file matches the actual license.
>      Note: Checking patched sources after %prep for licenses. Licenses found:
>      "GPL (v2 or later) (with incorrect FSF address)", "LGPL (v2.1 or
> later)",
>      "GPL (v2 or later)", "GPL (v3 or later)", "Unknown or generated". 5
> files
>      have unknown license. Detailed output of licensecheck in
>      /var/tmp/1186889-geoipupdate/licensecheck.txt
> [-]: License file installed when any subpackage combination is installed.

Upstream limitation... no LICENSE file.

> [x]: Package must own all directories that it creates.
>      Note: Directories without known owners: /etc/cron.weekly
> [!]: %build honors applicable compiler flags or justifies otherwise.
> Package processes untrusted input from the network. Add
> %global _hardened_build 1

Fixed.

> [x]: Package contains no bundled libraries without FPC exception.
> [x]: Changelog in prescribed format.
> [-]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
>      beginning of %install.
>      Note: rm -rf %{buildroot} present but not required
> EPEL5 compat.
> 
> [?]: Sources contain only permissible code or content.

Not sure why this was marked thusly.

> [-]: Package contains desktop file if it is a GUI application.
> [-]: Development files must be in a -devel package
> [-]: Package uses nothing in %doc for runtime.
> [x]: Package consistently uses macros (instead of hard-coded directory
> names).
> [x]: Package is named according to the Package Naming Guidelines.
> [x]: Package does not generate any conflict.
> [x]: Package obeys FHS, except libexecdir and /usr/target.
> [x]: If the package is a rename of another package, proper Obsoletes and
>      Provides are present.
> [x]: Requires correct, justified where necessary.
> [x]: Spec file is legible and written in American English.
> [-]: Package contains systemd file(s) if in need.
> [x]: Useful -debuginfo package or justification otherwise.
> [x]: Package is not known to require an ExcludeArch tag.
> [x]: Package complies to the Packaging Guidelines
> [x]: Package successfully compiles and builds into binary rpms on at least
> one
>      supported primary architecture.
> [x]: Package installs properly.
> [x]: Rpmlint is run on all rpms the build produces.
>      Note: There are rpmlint messages (see attachment).
> [x]: Package requires other packages for directories it uses.
> [x]: Package does not own files or directories owned by other packages.
> [x]: All build dependencies are listed in BuildRequires, except for any that
>      are listed in the exceptions section of Packaging Guidelines.
> [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
> [x]: %config files are marked noreplace or the reason is justified.
> [x]: Macros in Summary, %description expandable at SRPM build time.
> [x]: Package does not contain duplicates in %files.
> [x]: Permissions on files are set properly.
> [x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
>      work.
> [x]: Package is named using only allowed ASCII characters.
> [x]: No %config files under /usr.
> [x]: Package do not use a name that already exist
> [x]: Package is not relocatable.
> [x]: Sources used to build the package match the upstream source, as provided
>      in the spec URL.
> [x]: Spec file name must match the spec package %{name}, in the format
>      %{name}.spec.
> [x]: File names are valid UTF-8.
> [x]: Large documentation must go in a -doc subpackage. Large could be size
>      (~1MB) or number of files.
>      Note: Documentation size is 0 bytes in 0 files.
> [x]: Packages must not store files under /srv, /opt or /usr/local
> 
> ===== SHOULD items =====
> 
> Generic:
> [?]: If the source package does not include license text(s) as a separate
> file
>      from upstream, the packager SHOULD query upstream to include it.

Done:

https://github.com/maxmind/geoipupdate/issues/25

and indeed this was promptly fixed and will be in the next release.

> [x]: Final provides and requires are sane (see attachments).
> [!]: Fully versioned dependency in subpackages if applicable.
>      Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in
>      geoipupdate-cron
> This must be added.

Added %{?_isa}

> [?]: Package functions as described.
> I'll leave testing for the final version.
> 
> [x]: Latest version is packaged.
> [x]: Package does not include license text files separate from upstream.
> [-]: Description and summary sections in the package spec file contains
>      translations for supported Non-English languages, if available.
> [x]: Package should compile and build into binary rpms on all supported
>      architectures.
> [-]: %check is present and all tests pass.
> [x]: Packages should try to preserve timestamps of original installed files.
> [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
> [x]: Sources can be downloaded from URI in Source: tag
> [x]: Reviewer should test that the package builds in mock.
> [x]: Buildroot is not present
> [x]: Package has no %clean section with rm -rf %{buildroot} (or
>      $RPM_BUILD_ROOT)
> [x]: Dist tag is present (not strictly required in GL).
> [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
> [x]: Uses parallel make %{?_smp_mflags} macro.
> [x]: SourceX is a working URL.
> [x]: Spec use %global instead of %define unless justified.
> 
> ===== EXTRA items =====
> 
> Generic:
> [x]: Rpmlint is run on all installed packages.
>      Note: There are rpmlint messages (see attachment).
> [x]: Large data in /usr/share should live in a noarch subpackage if package
> is
>      arched.
> [x]: Spec file according to URL is the same as in SRPM.
> 
> 
> Rpmlint
> -------
> Checking: geoipupdate-2.1.0-1.fc22.i686.rpm
>           geoipupdate-cron-2.1.0-1.fc22.noarch.rpm
>           geoipupdate-2.1.0-1.fc22.src.rpm
> geoipupdate.i686: W: non-conffile-in-etc /etc/GeoIP.conf.default
> Please move this to the documentation directory.

Fixed.

> geoipupdate-cron.noarch: W: no-documentation
> geoipupdate.src: W: invalid-url Source0:
> http://github.com/maxmind/geoipupdate/releases/download/v2.1.0/geoipupdate-2.
> 1.0.tar.gz HTTP Error 403: Forbidden

This is limitation of rpmlint using HEAD request which github.com won't honor.

> 3 packages and 0 specfiles checked; 0 errors, 3 warnings.
> 
> 
> 
> 
> Rpmlint (installed packages)
> ----------------------------
> Cannot parse rpmlint output:
> 
> 
> Requires
> --------
> geoipupdate-cron (rpmlib, GLIBC filtered):
>     /bin/sh
>     geoipupdate
> 
> geoipupdate (rpmlib, GLIBC filtered):
>     config(geoipupdate)
>     libc.so.6
>     libcurl.so.4
>     libz.so.1
>     rtld(GNU_HASH)
> 
> 
> 
> Provides
> --------
> geoipupdate-cron:
>     geoipupdate-cron
> 
> geoipupdate:
>     GeoIP-update
>     config(geoipupdate)
>     geoipupdate
>     geoipupdate(x86-32)
> 
> 
> 
> Source checksums
> ----------------
> http://github.com/maxmind/geoipupdate/releases/download/v2.1.0/geoipupdate-2.
> 1.0.tar.gz :
>   CHECKSUM(SHA256) this package     :
> 7388c46f6c483ae609e5f5333a2585bc9713d56bb522da5c11b09d41c87aa5fb
>   CHECKSUM(SHA256) upstream package :
> 7388c46f6c483ae609e5f5333a2585bc9713d56bb522da5c11b09d41c87aa5fb
> 
> 
> Generated by fedora-review 0.5.2 (63c24cb) last change: 2014-07-14
> Command line :/usr/bin/fedora-review -m fedora-rawhide-i386 -b 1186889
> Buildroot used: fedora-rawhide-i386
> Active plugins: Generic, Shell-api, C/C++
> Disabled plugins: Java, Python, fonts, SugarActivity, Ocaml, Perl, Haskell,
> R, PHP, Ruby
> Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review





[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]