https://bugzilla.redhat.com/show_bug.cgi?id=1868845 --- Comment #3 from Qiyu Yan <yanqiyu01@xxxxxxxxx> --- (In reply to Andy Mender from comment #1) > Koji build: https://koji.fedoraproject.org/koji/taskinfo?taskID=49309699 > > > License: LGPLv2 > > licensecheck picked up a couple of files with a different license: > xcb-imdkit/src/xlibi18n/XlcPubI.h: NTP License (legal disclaimer) > xcb-imdkit/src/xlibi18n/XlcPublic.h: NTP License (legal disclaimer) > xcb-imdkit/src/xlibi18n/lcCT.c: NTP License (legal disclaimer) > xcb-imdkit/src/xlibi18n/lcCharSet.c: NTP License (legal disclaimer) > xcb-imdkit/src/xlibi18n/lcUTF8.c: NTP License (legal disclaimer) > > Here's the text of the license for reference: > https://opensource.org/licenses/NTP > > I checked the files and indeed the license comments in them match the NTP > license. The problem is that NTP is not an official license tag: > https://fedoraproject.org/wiki/Licensing: > Main?rd=Licensing#Software_License_List > > I will contact Fedora Legal to get some feedback on this. Upstream should > also be informed, I think, since they do not mention the NTP license in the > README. They mention the BSD license, but licensecheck didn't pick up any > BSD-licensed files. > > > BuildRequires: cmake, extra-cmake-modules > > BuildRequires: gcc-c++ > > BuildRequires: libxcb-devel, xcb-util-devel, xcb-util-keysyms-devel > > Could you split these into separate lines and sort them alphabetically? > Also, could you check whether it's possible to use the "pkgconfig(foo)" > format for the -devel packages? > > > %files > > %license LICENSES/LGPL-2.1-only.txt > > %doc README.md > > %{_libdir}/*.so.* > > I would be more explicit in the final line, like this: > %{_libdir}/lib%{name}.so.* > > You can also use "%{_libdir}/lib%{name}.so.0*" so that soname bumps across > package updates are captured more easily. > > > %files devel > > %{_includedir}/xcb-imdkit > > %{_libdir}/cmake/XCBImdkit > > %{_libdir}/*.so > > Same here - "%{_libdir}/lib%{name}.so" instead of "%{_libdir}/*.so" Above are fixed > > The full review matrix: > Package Review > ============== > > Legend: > [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated > [ ] = Manual review needed > > > > ===== MUST items ===== > > C/C++: > [x]: Package does not contain kernel modules. > [x]: Package contains no static executables. > [x]: If your application is a C or C++ application you must list a > BuildRequires against gcc, gcc-c++ or clang. > [x]: Header files in -devel subpackage, if present. > [x]: ldconfig not called in %post and %postun for Fedora 28 and later. > [x]: Package does not contain any libtool archives (.la) > [x]: Rpath absent or only used for internal libs. > [x]: Development (unversioned) .so files in -devel subpackage, if present. > > Generic: > [x]: Package successfully compiles and builds into binary rpms on at least > one supported primary architecture. > Note: Using prebuilt packages > [x]: Package is licensed with an open-source compatible license and meets > other legal requirements as defined in the legal section of Packaging > Guidelines. > Review: Theoretically yes, but the NTP license doesn't have a dedicated > license tag. > [!]: License field in the package spec file matches the actual license. > Note: Checking patched sources after %prep for licenses. Licenses > found: "Unknown or generated", "NTP License (legal disclaimer)", > "Expat License GNU Lesser General Public License". 87 files have > unknown license. Detailed output of licensecheck in > /home/amender/rpmbuild/SPECS/xcb-imdkit/xcb-imdkit/licensecheck.txt > Review: see comment above. > [x]: License file installed when any subpackage combination is installed. > [x]: %build honors applicable compiler flags or justifies otherwise. > [x]: Package contains no bundled libraries without FPC exception. > [?]: Changelog in prescribed format. > Review: Not sure about this. rpmlint complains > and package uses commit hashes for versioning. This is because %forgemeta did something tricky, the snapshot date generated can be different. Anyway, changed to 20200811, should silent the warning. > [x]: Sources contain only permissible code or content. > Review: Yes, but see comments about licenses. > [-]: Package contains desktop file if it is a GUI application. > [x]: Development files must be in a -devel package > [?]: Package uses nothing in %doc for runtime. > [x]: Package consistently uses macros (instead of hard-coded directory > names). > [x]: Package is named according to the Package Naming Guidelines. > [x]: Package does not generate any conflict. > [x]: Package obeys FHS, except libexecdir and /usr/target. > [-]: If the package is a rename of another package, proper Obsoletes and > Provides are present. > [x]: Requires correct, justified where necessary. > [x]: Spec file is legible and written in American English. > [-]: Package contains systemd file(s) if in need. > [x]: Useful -debuginfo package or justification otherwise. > [x]: Package is not known to require an ExcludeArch tag. > [-]: Large documentation must go in a -doc subpackage. Large could be size > (~1MB) or number of files. > Note: Documentation size is 10240 bytes in 1 files. > [x]: Package complies to the Packaging Guidelines > [x]: Package installs properly. > [x]: Rpmlint is run on all rpms the build produces. > Note: There are rpmlint messages (see attachment). > [x]: If (and only if) the source package includes the text of the > license(s) in its own file, then that file, containing the text of the > license(s) for the package is included in %license. > [x]: Package requires other packages for directories it uses. > [x]: Package must own all directories that it creates. > [x]: Package does not own files or directories owned by other packages. > [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT > [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the > beginning of %install. > [x]: Macros in Summary, %description expandable at SRPM build time. > [x]: Dist tag is present. > [x]: Package does not contain duplicates in %files. > [x]: Permissions on files are set properly. > [x]: Package must not depend on deprecated() packages. > [x]: Package use %makeinstall only when make install DESTDIR=... doesn't > work. > [x]: Package is named using only allowed ASCII characters. > [x]: Package does not use a name that already exists. > [x]: Package is not relocatable. > [x]: Sources used to build the package match the upstream source, as > provided in the spec URL. > [x]: Spec file name must match the spec package %{name}, in the format > %{name}.spec. > [x]: File names are valid UTF-8. > [x]: Packages must not store files under /srv, /opt or /usr/local > > ===== SHOULD items ===== > > Generic: > [x]: Reviewer should test that the package builds in mock. > Review: Tested in mock and in Koji. > [-]: If the source package does not include license text(s) as a separate > file from upstream, the packager SHOULD query upstream to include it. > [x]: Final provides and requires are sane (see attachments). > [x]: Fully versioned dependency in subpackages if applicable. > Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in xcb- > imdkit-devel > Review: Not true - the Requires line is there. > [?]: Package functions as described. > [x]: Latest version is packaged. > [x]: Package does not include license text files separate from upstream. > [-]: Sources are verified with gpgverify first in %prep if upstream > publishes signatures. > Note: gpgverify is not used. > [x]: Description and summary sections in the package spec file contains > translations for supported Non-English languages, if available. > [x]: Package should compile and build into binary rpms on all supported > architectures. > Review: Tested in Koji. > [x]: %check is present and all tests pass. > [x]: Packages should try to preserve timestamps of original installed > files. > [x]: Buildroot is not present > [x]: Package has no %clean section with rm -rf %{buildroot} (or > $RPM_BUILD_ROOT) > [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. > [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file > [x]: The placement of pkgconfig(.pc) files are correct. > [x]: Sources can be downloaded from URI in Source: tag > [x]: SourceX is a working URL. > [x]: Spec use %global instead of %define unless justified. > > ===== EXTRA items ===== > > Generic: > [x]: Rpmlint is run on debuginfo package(s). > Note: No rpmlint messages. > [x]: Rpmlint is run on all installed packages. > Note: No rpmlint messages. > [x]: Large data in /usr/share should live in a noarch subpackage if package > is arched. > > > Rpmlint > ------- > Checking: xcb-imdkit-0-0.1.20200811gitd6609a7.fc33.x86_64.rpm > xcb-imdkit-devel-0-0.1.20200811gitd6609a7.fc33.x86_64.rpm > xcb-imdkit-debuginfo-0-0.1.20200811gitd6609a7.fc33.x86_64.rpm > xcb-imdkit-debugsource-0-0.1.20200811gitd6609a7.fc33.x86_64.rpm > xcb-imdkit-0-0.1.20200811gitd6609a7.fc33.src.rpm > xcb-imdkit.x86_64: W: spelling-error %description -l en_US xim -> mix, xi, > xis > xcb-imdkit.x86_64: W: incoherent-version-in-changelog > 0-0.1.20200812gitd6609a7 ['0-0.1.20200811gitd6609a7.fc33', > '0-0.1.20200811gitd6609a7'] > xcb-imdkit-devel.x86_64: W: description-shorter-than-summary > xcb-imdkit-devel.x86_64: W: no-documentation > xcb-imdkit.src: W: spelling-error %description -l en_US xim -> mix, xi, xis > 5 packages and 0 specfiles checked; 0 errors, 5 warnings. > > > > > Rpmlint (debuginfo) > ------------------- > Checking: xcb-imdkit-debuginfo-0-0.1.20200811gitd6609a7.fc33.x86_64.rpm > 1 packages and 0 specfiles checked; 0 errors, 0 warnings. > > > > > > Rpmlint (installed packages) > ---------------------------- > (none): E: no installed packages by name xcb-imdkit-devel > (none): E: no installed packages by name xcb-imdkit-debugsource > (none): E: no installed packages by name xcb-imdkit > (none): E: no installed packages by name xcb-imdkit-debuginfo > 0 packages and 0 specfiles checked; 0 errors, 0 warnings. > > > > Source checksums > ---------------- > https://github.com/fcitx/xcb-imdkit/archive/ > d6609a72465cf7e0479aea075a4d2e5d7ca018eb/xcb-imdkit- > d6609a72465cf7e0479aea075a4d2e5d7ca018eb.tar.gz : > CHECKSUM(SHA256) this package : > f0878788d35407842d3cf0f33be9b50671a92365c61118d383cd700f8153d8f8 > CHECKSUM(SHA256) upstream package : > f0878788d35407842d3cf0f33be9b50671a92365c61118d383cd700f8153d8f8 > > > Requires > -------- > xcb-imdkit (rpmlib, GLIBC filtered): > libc.so.6()(64bit) > libxcb-util.so.1()(64bit) > libxcb.so.1()(64bit) > rtld(GNU_HASH) > > xcb-imdkit-devel (rpmlib, GLIBC filtered): > /usr/bin/pkg-config > cmake-filesystem(x86-64) > libxcb-imdkit.so.0()(64bit) > pkgconfig(xcb) > pkgconfig(xcb-util) > xcb-imdkit(x86-64) > > xcb-imdkit-debuginfo (rpmlib, GLIBC filtered): > > xcb-imdkit-debugsource (rpmlib, GLIBC filtered): > > > > Provides > -------- > xcb-imdkit: > libxcb-imdkit.so.0()(64bit) > xcb-imdkit > xcb-imdkit(x86-64) > > xcb-imdkit-devel: > cmake(XCBImdkit) > cmake(xcbimdkit) > pkgconfig(xcb-imdkit) > xcb-imdkit-devel > xcb-imdkit-devel(x86-64) > > xcb-imdkit-debuginfo: > debuginfo(build-id) > xcb-imdkit-debuginfo > xcb-imdkit-debuginfo(x86-64) > > xcb-imdkit-debugsource: > xcb-imdkit-debugsource > xcb-imdkit-debugsource(x86-64) -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
