https://bugzilla.redhat.com/show_bug.cgi?id=1615641 Bug ID: 1615641 Summary: Review Request: compliance-masonry - Security Documentation Builder Product: Fedora Version: rawhide Component: Package Review Severity: medium Assignee: nobody@xxxxxxxxxxxxxxxxx Reporter: redhatrises@xxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: extras-qa@xxxxxxxxxxxxxxxxx, nobody@xxxxxxxxxxxxxxxxx, package-review@xxxxxxxxxxxxxxxxxxxxxxx, projects.rg@xxxxxxxx, ralford@xxxxxxxxxx, redhatrises@xxxxxxxxx, zebob.m@xxxxxxxxx +++ This bug was initially created as a clone of Bug #1609038 +++ Spec URL: https://copr-be.cloud.fedoraproject.org/results/rga/compliance-masonry/fedora-rawhide-x86_64/00781200-compliance-masonry/compliance-masonry.spec SRPM URL: https://copr-be.cloud.fedoraproject.org/results/rga/compliance-masonry/fedora-rawhide-x86_64/00781200-compliance-masonry/compliance-masonry-1.1.4-2.src.rpm Koji Scratch build: https://koji.fedoraproject.org/koji/tasks?state=closed&owner=rga&view=tree&method=all&order=-id Copr Builds: https://copr.fedorainfracloud.org/coprs/rga/compliance-masonry/monitor/ Description: Compliance Masonry is a command-line interface (CLI) that allows users to construct certification documentation using the OpenControl Schema. Fedora Account System Username: rga --- Additional comment from on 2018-07-26 15:27:30 EDT --- This is my first package. I would like to add it to EPEL7, F27, F28, F29, and Rawhide. --- Additional comment from Robert-André Mauchin on 2018-07-26 16:23:57 EDT --- - Use a more meaningful name for your archive: Source0: https://%{provider_prefix}/archive/v%{version}/%{name}-%{version}.tar.gz - Add a comment above the patch describing why it is needed. - You should unbundle the dependencies and remove the vendor directory in %prep (might take a while). That implies packaging any missing dependency. - It is not ok to apply a patch on some architecture only. The arch detection if needed should be in the patched code itself. - with_bundled isn't defined anywhere. There's a new way to package the Go libraries, see https://fedoraproject.org/wiki/More_Go_packaging and samples: https://eclipseo.fedorapeople.org/golang/ It would be great to convert to the new style for F27-Rawhide and keep the old style for EPEL7. --- Additional comment from on 2018-07-26 18:59:36 EDT --- > - Use a more meaningful name for your archive: > > Source0: https://%{provider_prefix}/archive/v%{version}/%{name}-% {version}.tar.gz That results in the source url no longer being valid and doesn't that go against the Fedora url guidelines which wants the actual source url? > - Add a comment above the patch describing why it is needed. Will fix > - You should unbundle the dependencies and remove the vendor directory in %prep (might take a while). That implies packaging any missing dependency. This was recommended to me by one of the package wranglers as well as the cri-o people until the GO packaging guidelines are finalized > - It is not ok to apply a patch on some architecture only. The arch detection if needed should be in the patched code itself. Will fix > - with_bundled isn't defined anywhere. Will fix > There's a new way to package the Go libraries, see https://fedoraproject.org/wiki/More_Go_packaging and samples: https://eclipseo.fedorapeople.org/golang/ > > It would be great to convert to the new style for F27-Rawhide and keep the old style for EPEL7. That looks to be a proposal. Does the draft not have precedence? --- Additional comment from Robert-André Mauchin on 2018-07-26 19:13:34 EDT --- (In reply to ralford from comment #3) > > - Use a more meaningful name for your archive: > > > > Source0: https://%{provider_prefix}/archive/v%{version}/%{name}-% {version}.tar.gz > > That results in the source url no longer being valid and doesn't that go > against the Fedora url guidelines which wants the actual source url? > The source URL I provided is valid, check again. > > - Add a comment above the patch describing why it is needed. > > Will fix > > > - You should unbundle the dependencies and remove the vendor directory in %prep (might take a while). That implies packaging any missing dependency. > > This was recommended to me by one of the package wranglers as well as the > cri-o people until the GO packaging guidelines are finalized > Could take months, packages are already being unbundled. > > - It is not ok to apply a patch on some architecture only. The arch detection if needed should be in the patched code itself. > > Will fix > > > - with_bundled isn't defined anywhere. > > Will fix > > > There's a new way to package the Go libraries, see https://fedoraproject.org/wiki/More_Go_packaging and samples: https://eclipseo.fedorapeople.org/golang/ > > > > It would be great to convert to the new style for F27-Rawhide and keep the old style for EPEL7. > > That looks to be a proposal. Does the draft not have precedence? Most Go packages have already been converted to the new style this past year. --- Additional comment from on 2018-07-26 20:32:59 EDT --- > The source URL I provided is valid, check again. Doh! My bad. Typed it in wrong. > Could take months, packages are already being unbundled. Okay. Thanks for the review and answering questions. Will work through your comments. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx/message/SNVJM6AHDFFOSLWIAVLSRBW63256EBTZ/
