https://bugzilla.redhat.com/show_bug.cgi?id=1882547 --- Comment #4 from Petr Pisar <ppisar@xxxxxxxxxx> --- > Disagree here, this is normal to use GitHub API for downloading release tarballs like that in Fedora https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/#_git_tags > If all sources will named like that ("2.0.tar.gz") there will be a real mess and file naming conflicts in rpmbuild/SOURCES or just hard to find necessary source if there are many. The guidelines are about a snapshot from a git tree identified by a tag. I can now see that the upstream actually did not make a regular release. In case of Githab file names of a regular release are under the upstream's control and reside on releases/download path in case. > TODO: I recommend listing ./configure --with-curl --with-gsf options explicitly instead of relying on an autodetection. Ok. > FIX: Build-require autoconf (osslsigncode.spec:29). > FIX: Build-require make (osslsigncode.spec:31). > FIX: Build-require coreutils (configure.ac:45). > FIX: Build-require sed (configure.ac:48). Ok. > TODO: Constrain 'pkgconfig(libcrypto)' dependency with '>= 1.1.0' (configure.ac:96). > TODO: Constrain 'pkgconfig(libcurl)' dependency with '>= 7.12.0' (configure.ac:114). Ok. > I've added tests now and they are passed. Network not required during tests. But you need to review this and i'm not sure how you feel about it. :) Anyway we can improve this in future. %if %{with tests} +# To prevent network access during tests +Patch0: %{name}-preventnetwork-access-during-tests.patch +%endif FIX: Patch tags must be unconditional. This is to ensure that a source package will contain all the patches regardless of macros defined when creating the source package. +# Required for tests +# * https://github.com/mtrojnar/osslsigncode/blob/master/tests/testsign.sh#L5 +Source1: http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe The executable is identential to <https://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe> (SHA-256: dc8d3ab6669b0a634de3e48477e7eb1282a770641194de2171ee9f3ec970c088). License (MIT) verifified from <https://git.tartarus.org/?p=simon/putty.git;a=blob_plain;f=LICENCE;hb=refs/tags/0.64>. FIX: Putty license requires that its copyright statement and license are distributed together with the executable. To resolve it, you need to copy that text to a file and add it at as another Source tag. TODO: I don't feel comfortable with including a binary. Although it's only used as a data and not included into a binary package. We never know what proprietary code could be inside. It's also a magnitude larger than the osslsigncode sources. Could you please instead build a PE executable from a known source using a crosscompiler? The test really does not need care whether it's Putty or not. Here is a spec that does that: --- osslsigncode.spec.orig 2020-10-11 05:35:50.000000000 +0200 +++ osslsigncode.spec 2020-10-12 10:38:14.233000000 +0200 @@ -9,14 +9,8 @@ URL: https://github.com/mtrojnar/osslsigncode Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -# Required for tests -# * https://github.com/mtrojnar/osslsigncode/blob/master/tests/testsign.sh#L5 -Source1: http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe - -%if %{with tests} # To prevent network access during tests Patch0: %{name}-preventnetwork-access-during-tests.patch -%endif BuildRequires: autoconf BuildRequires: automake @@ -31,6 +25,7 @@ %if %{with tests} BuildRequires: java-1.8.0-openjdk-headless +BuildRequires: mingw32-gcc BuildRequires: openssl >= 1.1.0 %endif @@ -61,7 +56,7 @@ # https://bugzilla.redhat.com/show_bug.cgi?id=1882547#c2 %if %{with tests} pushd tests -install -Dp -m0644 %{SOURCE1} putty.exe +echo 'int main(void) {return 0;}' | i686-w64-mingw32-gcc -x c -o putty.exe - ./testsign.sh popd %endif All test pass. Ok. $ rpmlint osslsigncode.spec ../SRPMS/osslsigncode-2.0-3.fc34.src.rpm ../RPMS/x86_64/osslsigncode-*2.0-3.fc34.x86_64.rpm sh: /usr/bin/python2: No such file or directory osslsigncode.src: W: spelling-error %description -l en_US signtool -> sign tool, sign-tool, signatory osslsigncode.src: W: spelling-error %description -l en_US exe -> ex, exes, exec osslsigncode.src: W: spelling-error %description -l en_US timestamping -> time stamping, time-stamping, times tamping osslsigncode.src: W: spelling-error %description -l en_US cURL -> curl, URL, c URL osslsigncode.x86_64: W: spelling-error %description -l en_US signtool -> sign tool, sign-tool, signatory osslsigncode.x86_64: W: spelling-error %description -l en_US exe -> ex, exes, exec osslsigncode.x86_64: W: spelling-error %description -l en_US timestamping -> time stamping, time-stamping, times tamping osslsigncode.x86_64: W: spelling-error %description -l en_US cURL -> curl, URL, c URL osslsigncode.x86_64: W: no-manual-page-for-binary osslsigncode 4 packages and 1 specfiles checked; 0 errors, 9 warnings. rpmlint is Ok. Package builds in F34 (https://koji.fedoraproject.org/koji/taskinfo?taskID=53276555). OK. Please correct the 'FIX' items, consider fixing the 'TODO' item, and provide a new spec file. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
