https://bugzilla.redhat.com/show_bug.cgi?id=1665480 --- Comment #3 from Dusty Mabe <dustymabe@xxxxxxxxxx> --- A few things to address I believe: (In reply to Dusty Mabe from comment #2) > review output generated by: `fedora-review -b 1665480` > > Package Review > ============== > > Legend: > [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated > [ ] = Manual review needed > > > > ===== MUST items ===== > > C/C++: > [ ]: Package does not contain kernel modules. > [ ]: Package contains no static executables. [x]: Package does not contain kernel modules. [-]: Package contains no static executables. Not a C/C++ package > [x]: Package does not contain any libtool archives (.la) > [x]: Rpath absent or only used for internal libs. > > Generic: > [ ]: Package is licensed with an open-source compatible license and meets > other legal requirements as defined in the legal section of Packaging > Guidelines. [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. > [ ]: License field in the package spec file matches the actual license. > Note: Checking patched sources after %prep for licenses. Licenses > found: "GNU Lesser General Public License (v3)", "Unknown or > generated", "BSD 3-clause "New" or "Revised" License", "Apache License > (v2.0)", "Expat License BSD 3-clause "New" or "Revised" License", > "Expat License", "BSD 2-clause "Simplified" License", "*No copyright* > Apache License (v2.0)". 1302 files have unknown license. Detailed > output of licensecheck in /home/vagrant/1665480-golang-github-coreos- > mantle/1665480-golang-github-coreos-mantle/licensecheck.txt [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "GNU Lesser General Public License (v3)", "Unknown or generated", "BSD 3-clause "New" or "Revised" License", "Apache License (v2.0)", "Expat License BSD 3-clause "New" or "Revised" License", "Expat License", "BSD 2-clause "Simplified" License", "*No copyright* Apache License (v2.0)". 1302 files have unknown license. Detailed output of licensecheck in /home/vagrant/1665480-golang-github-coreos-mantle/1665480-golang Most license issues are vendored files. So ignoring those. These two are legitimate: Expat License ------------- mantle-490b74e13080d984385ccc2daec22d995a483d3f/platform/api/azure/storage_mit.go BSD 3-clause "New" or "Revised" License --------------------------------------- mantle-490b74e13080d984385ccc2daec22d995a483d3f/update/metadata/LICENSE opened https://github.com/coreos/mantle/issues/966 to discuss. We might have to make this package dual license. > [ ]: License file installed when any subpackage combination is installed. [!]: License file installed when any subpackage combination is installed. Sayan can you make it so that the license file gets installed with all subpackages? > [ ]: Package does not own files or directories owned by other packages. > Note: Dirs in package are owned also by: /usr/lib/.build- > id/a3(coreutils, glibc, util-linux, systemd-udev, vim-enhanced), > /usr/lib/.build-id(libtevent, openssh-clients, libuser, > python3-cccolutils, lmdb-libs, less, libpipeline, iputils, lz4-libs, > deltarpm, libfdisk, libusbx, iproute, rpm-build-libs, libnghttp2, > libsmartcols, perl-Unicode-Normalize, popt, zstd, vim-common, gdbm, > dbus-daemon, pkgconf, openssl-libs, libsss_idmap, gobject- > introspection, rpm-plugin-selinux, util-linux, libpwquality, libpcap, > python3-rpm, python3-pycurl, libnfsidmap, ykpers, libacl, gdb- > headless, krb5-workstation, trousers, libnl3, libsecret, os-prober, > gmp, policycoreutils, bzip2-libs, python3-dbus, python3-gpg, freetype, > unzip, polkit-pkla-compat, kpartx, parted, sssd-kcm, libdb-utils, > systemd-libs, perl-Socket, cpio, python3-libsemanage, python2-rpm, > libcom_err, grubby, libtool-ltdl, libkcapi-hmaccalc, lzo, libseccomp, > gnutls, pcre2, python3, perl-Digest-SHA, libini_config, xz, libss, > perl-Params-Util, libtirpc, p11-kit, libyaml, iptables-libs, rpm- > build, libpath_utils, file-libs, python3-gobject-base, cryptsetup- > libs, krb5-libs, perl-MIME-Base64, sqlite-libs, perl-threads, > syslinux-extlinux, perl-Params-Validate, libarchive, gc, libldb, > enchant, libselinux-utils, dbus-tools, findutils, shared-mime-info, > python3-audit, fipscheck-lib, json-c, libblkid, compat-openssl10, > audit-libs, perl-Data-Dumper, fuse-libs, polkit, sed, libgcc, > libsigsegv, libkadm5, libsss_autofs, libsss_sudo, libssh, perl- > threads-shared, libmodulemd, gettext-libs, python2-cffi, libicu, kmod, > rsync, libyubikey, sssd-common, python3-hawkey, libunistring, > keyutils-libs, perl-Encode, glibc, python2-cryptography, device- > mapper, libgpg-error, fakeroot-libs, shadow-utils, lua-libs, dbus- > libs, libpng, gpgme, grub2-tools-extra, python3-cryptography, sssd- > client, perl-interpreter, net-tools, python3-unbound, systemd, gawk, > dhcp-libs, libzstd, libbasicobjects, c-ares, usermode, libgcrypt, > bash, glibc-common, linux-atm-libs, libsolv, libedit, libxkbcommon, > openssh, libuuid, rpm-plugin-systemd-inhibit, fuse3-libs, dwz, acl, > libmount, jansson, perl-Unicode-UTF8, hardlink, hostname, guile, > e2fsprogs-libs, glib2, binutils, libattr, perl-Digest-MD5, bind- > export-libs, perl-Variable-Magic, libsss_nss_idmap, brotli, gnupg2, > libstdc++, libcollection, libmnl, gnupg2-smime, mtools, grub2-tools, > perl-Filter, trousers-lib, systemd-container, perl-IO, rpm, pigz, > mozjs52, pcre, vim-minimal, syslinux, librepo, python3-libcomps, zip, > ima-evm-utils, libxcrypt, systemd-bootchart, systemd-pam, perl- > PathTools, NetworkManager-libnm, libverto, polkit-libs, > python3-libselinux, NetworkManager, vim-enhanced, dracut, git-core, > libkcapi, cracklib, procps-ng, audit, groff-base, libcroco, drpm, > npth, python3-psutil, ncurses, qrencode-libs, python3-libs, > python3-kerberos, perl-libs, unbound-libs, libevent, fipscheck, perl- > Scalar-List-Utils, sudo, createrepo_c-libs, libtalloc, info, libtdb, > grep, elfutils-libs, perl-Sort-Key, zlib, libtasn1, patch, rpm-sign- > libs, initscripts, fuse3, libbabeltrace, hunspell, libdnf, > libsemanage, perl-PerlIO-utf8_strict, kbd, libselinux, python2-libs, > libnsl2, python2-lxml, libndp, xfsprogs, libassuan, tar, libcomps, > libxml2, expat, systemd-udev, iproute-tc, python3-lxml, openssl, > python3-setools, python3-libdnf, dhcp-client, e2fsprogs, file, > libxslt, curl, chkconfig, xz-libs, btrfs-progs, bzip2, libargon2, > timedatex, perl-Package-Stash-XS, libcurl, make, python3-markupsafe, > gettext, perl-Storable, man-db, coreutils, python3-cffi, python2, > libcap-ng, which, gpm-libs, elfutils-libelf, libcap, pam, libgomp, > openssh-server, sssd-nfs-idmap, libatomic_ops, p11-kit-trust, libdb, > libpkgconf, passwd, device-mapper-libs, pinentry, python2-pycurl, > fuse-sshfs, libutempter, kmod-libs, ncurses-libs, libidn2, openldap, > perl-Net-SSLeay, libmetalink, libffi, desktop-file-utils, readline, > python3-pyyaml, checkpolicy, fakeroot, libpsl, libsss_certmap, rpm- > libs, libref_array, gdbm-libs, diffutils, openssl-pkcs11, ipcalc, > nettle, chrony, createrepo_c, grub2-tools-minimal, libipt, cyrus-sasl- > lib, libsepol, libdhash, gzip, perl-version, libksba, elfutils, mpfr), > /usr/lib/.build-id/37(coreutils, openldap, btrfs-progs, libevent), > /usr/lib/.build-id/e2(nettle, glibc, linux-atm-libs, openssl-pkcs11, > bzip2-libs), /usr/lib/.build-id/ff(xfsprogs, python3-psutil, zstd, > glibc, shadow-utils, git-core), /usr/lib/.build-id/e9(systemd, libldb, > elfutils-libs, glibc, binutils, libuser, libkcapi-hmaccalc, dbus- > tools) [x]: Package does not own files or directories owned by other packages. fedora-review reports build-id dirs as being shared when it shouldn't: https://bugzilla.redhat.com/show_bug.cgi?id=1542507 > [ ]: %build honors applicable compiler flags or justifies otherwise. [x]: %build honors applicable compiler flags or justifies otherwise. > [ ]: Package contains no bundled libraries without FPC exception. [x]: Package contains no bundled libraries without FPC exception. This is a go package with bundled libraries. I don't think we need an FPC exception for that?? > [ ]: Changelog in prescribed format. > [ ]: Sources contain only permissible code or content. > [ ]: Package contains desktop file if it is a GUI application. > [ ]: Development files must be in a -devel package > [ ]: Package uses nothing in %doc for runtime. > [ ]: Package consistently uses macros (instead of hard-coded directory > names). [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory > [ ]: Package is named according to the Package Naming Guidelines. Since this package isn't intended to be used as a library should we rename it to just mantle - then the subpackages would be mantle-kola, mantle-ore, etc. ? https://fedoraproject.org/wiki/PackagingDrafts/Go#Packaging_Binaries > [ ]: Package does not generate any conflict. > [ ]: Package obeys FHS, except libexecdir and /usr/target. > [ ]: If the package is a rename of another package, proper Obsoletes and > Provides are present. > [ ]: Requires correct, justified where necessary. > [ ]: Spec file is legible and written in American English. > [ ]: Package contains systemd file(s) if in need. > [ ]: Useful -debuginfo package or justification otherwise. > [ ]: Package is not known to require an ExcludeArch tag. > [ ]: Large documentation must go in a -doc subpackage. Large could be size > (~1MB) or number of files. > Note: Documentation size is 40960 bytes in 5 files. > [ ]: Package complies to the Packaging Guidelines [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 40960 bytes in 5 files. [x]: Package complies to the Packaging Guidelines > [x]: Package successfully compiles and builds into binary rpms on at least > one supported primary architecture. > [x]: Package installs properly. > [x]: Rpmlint is run on all rpms the build produces. > Note: There are rpmlint messages (see attachment). There are a few messages I think we should address: golang-github-coreos-mantle.x86_64: W: summary-ended-with-dot C Collection of tools for managi golang-github-coreos-mantle.x86_64: W: no-version-in-last-changelog golang-github-coreos-mantle.x86_64: W: invalid-license ASL2.0 golang-github-coreos-mantle.x86_64: E: no-binary - let's remove the period from the end of the summary in the spec file - let's make the top level package noarch since it doesn't contain any binaries. - I think we probably need to change the line in the spec from `ASL2.0` to `ASL 2.0` with a space in between. > [x]: If (and only if) the source package includes the text of the > license(s) in its own file, then that file, containing the text of the > license(s) for the package is included in %license. > [x]: Package requires other packages for directories it uses. > [x]: Package must own all directories that it creates. > [x]: All build dependencies are listed in BuildRequires, except for any > that are listed in the exceptions section of Packaging Guidelines. > [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT > [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the > beginning of %install. > [x]: Macros in Summary, %description expandable at SRPM build time. > [x]: Dist tag is present. > [x]: Package does not contain duplicates in %files. > [x]: Permissions on files are set properly. > [x]: Package use %makeinstall only when make install DESTDIR=... doesn't > work. > [x]: Package is named using only allowed ASCII characters. > [x]: Package does not use a name that already exists. > [x]: Package is not relocatable. > [x]: Sources used to build the package match the upstream source, as > provided in the spec URL. > [x]: Spec file name must match the spec package %{name}, in the format > %{name}.spec. > [x]: File names are valid UTF-8. > [x]: Packages must not store files under /srv, /opt or /usr/local > > ===== SHOULD items ===== > > Generic: > [ ]: If the source package does not include license text(s) as a separate > file from upstream, the packager SHOULD query upstream to include it. > [ ]: Final provides and requires are sane (see attachments). > [ ]: Fully versioned dependency in subpackages if applicable. > Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in golang- > github-coreos-mantle-kola , golang-github-coreos-mantle-kolet , > golang-github-coreos-mantle-ore , golang-github-coreos-mantle-plume , > golang-github-coreos-mantle-gangue , golang-github-coreos-mantle- > debugsource > [ ]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. > [ ]: Latest version is packaged. > [ ]: Package does not include license text files separate from upstream. > [ ]: Description and summary sections in the package spec file contains > translations for supported Non-English languages, if available. > [ ]: %check is present and all tests pass. > [ ]: Packages should try to preserve timestamps of original installed > files. > [ ]: Spec use %global instead of %define unless justified. > Note: %define requiring justification: %define gobuild(o:) go build > -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d > ' \\n')" -a -v -x %{?**}; > [x]: Reviewer should test that the package builds in mock. > [x]: Buildroot is not present > [x]: Package has no %clean section with rm -rf %{buildroot} (or > $RPM_BUILD_ROOT) > [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. > [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file > [x]: Sources can be downloaded from URI in Source: tag > [x]: SourceX is a working URL. > [x]: Package should compile and build into binary rpms on all supported > architectures. > > ===== EXTRA items ===== > > Generic: > [x]: Rpmlint is run on debuginfo package(s). > Note: There are rpmlint messages (see attachment). > [x]: Rpmlint is run on all installed packages. > Note: There are rpmlint messages (see attachment). > [x]: Large data in /usr/share should live in a noarch subpackage if package > is arched. > [x]: Spec file according to URL is the same as in SRPM. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
