[Bug 1615641] New: Review Request: compliance-masonry - Security Documentation Builder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1615641

            Bug ID: 1615641
           Summary: Review Request: compliance-masonry - Security
                    Documentation Builder
           Product: Fedora
           Version: rawhide
         Component: Package Review
          Severity: medium
          Assignee: nobody@xxxxxxxxxxxxxxxxx
          Reporter: redhatrises@xxxxxxxxx
        QA Contact: extras-qa@xxxxxxxxxxxxxxxxx
                CC: extras-qa@xxxxxxxxxxxxxxxxx, nobody@xxxxxxxxxxxxxxxxx,
                    package-review@xxxxxxxxxxxxxxxxxxxxxxx,
                    projects.rg@xxxxxxxx, ralford@xxxxxxxxxx,
                    redhatrises@xxxxxxxxx, zebob.m@xxxxxxxxx



+++ This bug was initially created as a clone of Bug #1609038 +++

Spec URL:
https://copr-be.cloud.fedoraproject.org/results/rga/compliance-masonry/fedora-rawhide-x86_64/00781200-compliance-masonry/compliance-masonry.spec
SRPM URL:
https://copr-be.cloud.fedoraproject.org/results/rga/compliance-masonry/fedora-rawhide-x86_64/00781200-compliance-masonry/compliance-masonry-1.1.4-2.src.rpm

Koji Scratch build:
https://koji.fedoraproject.org/koji/tasks?state=closed&owner=rga&view=tree&method=all&order=-id
Copr Builds:
https://copr.fedorainfracloud.org/coprs/rga/compliance-masonry/monitor/

Description: Compliance Masonry is a command-line interface (CLI) that allows
users to construct certification documentation using the OpenControl Schema.

Fedora Account System Username: rga

--- Additional comment from  on 2018-07-26 15:27:30 EDT ---

This is my first package.

I would like to add it to EPEL7, F27, F28, F29, and Rawhide.

--- Additional comment from Robert-André Mauchin on 2018-07-26 16:23:57 EDT ---

 - Use a more meaningful name for your archive:

Source0:       
https://%{provider_prefix}/archive/v%{version}/%{name}-%{version}.tar.gz

 - Add a comment above the patch describing why it is needed.

 - You should unbundle the dependencies and remove the vendor directory in
%prep (might take a while). That implies packaging any missing dependency.

 - It is not ok to apply a patch on some architecture only. The arch detection
if needed should be in the patched code itself.

 - with_bundled isn't defined anywhere.


There's a new way to package the Go libraries, see
https://fedoraproject.org/wiki/More_Go_packaging and samples:
https://eclipseo.fedorapeople.org/golang/

It would be great to convert to the new style for F27-Rawhide and keep the old
style for EPEL7.

--- Additional comment from  on 2018-07-26 18:59:36 EDT ---

> - Use a more meaningful name for your archive: 
>
> Source0:        https://%{provider_prefix}/archive/v%{version}/%{name}-% {version}.tar.gz

That results in the source url no longer being valid and doesn't that go
against the Fedora url guidelines which wants the actual source url?

> - Add a comment above the patch describing why it is needed.

Will fix

> - You should unbundle the dependencies and remove the vendor directory in %prep (might take a while). That implies packaging any missing dependency.

This was recommended to me by one of the package wranglers as well as the cri-o
people until the GO packaging guidelines are finalized

> - It is not ok to apply a patch on some architecture only. The arch detection if needed should be in the patched code itself.

Will fix

> - with_bundled isn't defined anywhere.

Will fix

> There's a new way to package the Go libraries, see https://fedoraproject.org/wiki/More_Go_packaging and samples: https://eclipseo.fedorapeople.org/golang/
>
> It would be great to convert to the new style for F27-Rawhide and keep the old style for EPEL7.

That looks to be a proposal. Does the draft not have precedence?

--- Additional comment from Robert-André Mauchin on 2018-07-26 19:13:34 EDT ---

(In reply to ralford from comment #3)
> > - Use a more meaningful name for your archive: 
> >
> > Source0:        https://%{provider_prefix}/archive/v%{version}/%{name}-% {version}.tar.gz
> 
> That results in the source url no longer being valid and doesn't that go
> against the Fedora url guidelines which wants the actual source url?
> 
The source URL I provided is valid, check again.


> > - Add a comment above the patch describing why it is needed.
> 
> Will fix
> 
> > - You should unbundle the dependencies and remove the vendor directory in %prep (might take a while). That implies packaging any missing dependency.
> 
> This was recommended to me by one of the package wranglers as well as the
> cri-o people until the GO packaging guidelines are finalized
> 
Could take months, packages are already being unbundled.

> > - It is not ok to apply a patch on some architecture only. The arch detection if needed should be in the patched code itself.
> 
> Will fix
> 
> > - with_bundled isn't defined anywhere.
> 
> Will fix
> 
> > There's a new way to package the Go libraries, see https://fedoraproject.org/wiki/More_Go_packaging and samples: https://eclipseo.fedorapeople.org/golang/
> >
> > It would be great to convert to the new style for F27-Rawhide and keep the old style for EPEL7.
> 
> That looks to be a proposal. Does the draft not have precedence?

Most Go packages have already been converted to the new style this past year.

--- Additional comment from  on 2018-07-26 20:32:59 EDT ---

> The source URL I provided is valid, check again.

Doh! My bad. Typed it in wrong.

> Could take months, packages are already being unbundled.

Okay. Thanks for the review and answering questions. Will work through your
comments.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx/message/SNVJM6AHDFFOSLWIAVLSRBW63256EBTZ/




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux