[Bug 1795077] Review Request: python-shodan - Python library and command-line utility for Shodan.io

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1795077



--- Comment #2 from Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> ---
(In reply to Fabio Valentini from comment #1)
> Hi, I'll review your package.

Thanks

> Some recommendations:
> 
> 1) I assume you're hiding tests behind the api_key bcond because they
> require an actual API key and internet access?
>    So do you run tests locally with "rpmbuild -bb --with api_key"? Maybe add
> a comment for the bcond or in %check.

Comment added. Also, create the file for the API key during the build process.

> 2) I recommend you use HTTPS for the URL as well. Then you can also replace
> the URL prefix of the Source0 with %{url}.

GitHub is making sure with a HTTP 301 message that one uses HTTPS. Changed
anyway. Seems to be coming from pyp2rpm as this is the URL that is used in the
setup.py file (https://github.com/achillean/shodan-python/pull/119).

%{url} could be an option. If the reviewer wants that then I will add it.
Otherwise I prefer to keep things "copy-and-pastable" for humans in the spec
file. 

>    Also, why are you not using %{pypi_source} directly? Do the pypi sources
> miss some files? If so, adding a comment why you're using the GitHub tarball
> instead would be helpful for anybody who's looking at the package.

GitHub is the upstream location for the source and not PyPI. As a long as the
project is providing proper tarballs I think that we should stick to the
original upstream location and not a third-party delivery mechanism. 

> 3) You could deduplicate the %description, with something like:
> 
> %global _description %{expand:
> The official Python library and CLI for Shodan Shodan is a search engine for 
> Internet-connected devices. Google lets you search for websites, Shodan lets
> you search for devices. This library provides developers easy access to all
> of the data stored in Shodan in order to automate tasks and integrate into
> existing tools.}
> 
> Then you can use:
> 
> %description %{_description}
> 
> and
> 
> %description python3-%{pypi_name} %{_description}

Again, this removes the possibility to re-use the description outside of the
spec file with copy-and-paste. It makes sense if you have a dozen of
subpackages and want to use the same text but for regular packages it doesn't
add much value from my point of view.

> 4) Since you're shipping both python3-shodan and shodan binary packages, you
> could just name the source package shodan directly.
>    But that's a matter of style, I guess.
>    If you'll keep the source package named python-shodan, then "%files -n
> python-%{pypi_name}-doc" is superfluous and could be just "%files doc".

>From my point of view, it's at the packager's discretion. This comes down to
the decision if it is more a tool or a lib. In most cases the CLI part is an
add-on to the lib. 

> 5) I guess you're removing a stray shebang line from worldmap.py in %prep?
> Adding a descriptive comment would be great.

I really think that we should not add comments to every standard/common
building block like remove shebang, fix permissions, remove the egg, remove the
left-overs from the docs generation, etc. 

https://github.com/achillean/shodan-python/pull/118

> 6) For listing python3 modules, please use trailing slashes:
> 
> %{python3_sitelib}/%{pypi_name}/
> %{python3_sitelib}/%{pypi_name}-*.egg-info/
> 
> This will prevent upgrade issues if these ever change from directories to
> files.
> 
> You could also use something like this instead of the second line:
> 
> %{python3_sitelib}/%{pypi_name}-%{version}-py%{python3_version}.egg-info/
> 
> Then you'd not even need the glob.

Fixed.

> Let me know if these points are helpful, and when the package is ready for
> final review.

Thank you for your feedback.

* Tue Jan 28 2020 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.21.3-2
- Fix ownership
- Improve the check workflow (rhbz#1795077)

Updated files:
Spec URL: https://fab.fedorapeople.org/packages/SRPMS/python-shodan.spec
SRPM URL:
https://fab.fedorapeople.org/packages/SRPMS/python-shodan-1.21.3-2.fc31.src.rpm

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux