https://bugzilla.redhat.com/show_bug.cgi?id=1194798 --- Comment #15 from Paul Howarth <paul@xxxxxxxxxxxx> --- (In reply to Philip Prindeville from comment #14) > (In reply to Paul Howarth from comment #13) > > (In reply to Philip Prindeville from comment #11) > > > Issues: > > > ======= > > > - No %config files under /usr. > > > Note: %config(noreplace) /usr/share/GeoIP/GeoIP.dat > > > See: http://fedoraproject.org/wiki/Packaging/Guidelines#Configuration_files > > > > This file is a symlink to GeoLiteCountry.dat, the default free database. > > Upstream also provides commercial versions of the databases, which users may > > wish to install to /usr/share/GeoIP/GeoIP.dat so that the library uses that > > instead of the default free database. Marking this file as > > %config(noreplace) means that rpm package updates won't blow away the user's > > paid-for database file. This approach has been present in the existing GeoIP > > package for a long time now, and is being carried forward to this package. > > I get all of that, I was just wondering if we could use %verify(...) instead > of %config(noreplace) so that we have fewer rpmlint warnings. No, the %verify and %config(noreplace) are doing two very different things: By using %verify, we tell rpm that we may change files underneath it and not to worry about it. It has no effect on whether rpm will itself overwrite those files on updates. By using %config(noreplace), rpm notices if we change a file underneath it and will then not overwrite it on updates, creating a .rpmnew file with the updated content instead. So for the free database files we're providing from upstream, %verify is the right approach as we want people to be able to update the databases using the cron scripts, not be worried by "rpm --verify" output, and get new versions of the files when we push updates. However, for the GeoIP.dat symlink, we don't want to overwrite it if the end user has replaced it with their own database. Using %config(noreplace) is the way we have traditionally done this in the GeoIP package. There is another way though: instead of shipping GeoIP.dat as part of the package, create the symlink in %posttrans if it did not already exist. It can't be done in %post as it would break updates, where the old GeoIP.dat was still present during %post but deleted before %posttrans. An added complication during updates is that rpm will rename a modified GeoIP.dat to GeoIP.dat.rpmsave when the file is no longer packaged, so we have to rename it back again if necessary. This is the approach I've now taken, with the result that we get rid of the rpmlint warning about %config files outside /etc and replace it with one about running the "dangerous command" "mv" in %posttrans: GeoIP-GeoLite-data.noarch: W: dangerous-command-in-%posttrans mv I think this is the right thing to do though, as GeoIP.dat really isn't a config file. > > > Why does the %files section treat GeoIP.dat differently from > > > GeoLiteCountry.dat ? > > > > GeoLiteCountry.dat and the other database files from upstream are expected > > to be rpm-maintained, or updated by the cron scripts. The GeoIP.dat symlink > > is never touched after being installed in case the user wants to use a > > different default database, as explained above. > > Right, right, I get that. It's just that it's not a config file, so I hate > abusing that directive. And if tools like etckeeper pay attention to files > marked %config, I don't want the file being checked into SCM, either. This is addressed in the new approach. > > > Also, the .spec files says that the license is CC-BY-SA but I can’t > > > find explicit licensing on the databases anywhere. > > > > See the license statement at the upstream URL: > > http://dev.maxmind.com/geoip/legacy/geolite/ > > > > "The GeoLite databases are distributed under the Creative Commons > > Attribution-ShareAlike 3.0 Unported License" > > Can you wget that file and bundle it as a license file? The guidelines sort of discourage this: https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Text "It is important to reiterate that in situations where the indicated license does not imply a requirement that the license be distributed along with the source/binaries, Fedora packagers are NOT required to manually include the full license text when it is absent from the source code. but are still encouraged to point out this issue to upstream and encourage them to remedy it." http://fedoraproject.org/wiki/Packaging:ReviewGuidelines "MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %license." Given that upstream is distributing raw database files rather than tarballs, it's not practical for them to distribute a separate license file. I've added a comment in the spec pointing to the URL where upstream declares the license. > > > Why does the %install section need "rm -rf %{buildroot}”? > > > > The following spec elements are needed for EL-5 support: > > * BuildRoot: and Group: tags > > * Cleaning of %{buildroot} in %install and %clean > > Okay, right. Thought so. Can you add a comment to that effect? Done. Package updated: Spec URL: http://subversion.city-fan.org/repos/cfo-repo/GeoIP-GeoLite-data/trunk/GeoIP-GeoLite-data.spec SRPM URL: http://www.city-fan.org/~paul/extras/GeoIP-GeoLite-data/GeoIP-GeoLite-data-2015.03-3.fc23.src.rpm -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review