https://bugzilla.redhat.com/show_bug.cgi?id=1914292 code@xxxxxxxxxxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(ti.eugene@gmail.c | |om) --- Comment #1 from code@xxxxxxxxxxxxxxxxxx --- Thanks for submitting this. I have listed quite a few issues, but please don’t give up! They can all be fixed. Let me know if you are having trouble with any of them. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= [!]: License field is wrong. Use the standard abbreviations from https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#SoftwareLicenses. Apache License 2.0 should be abbreviated ASL 2.0. [!]: Shared libraries in %files should be listed without globs/wildcards, or with a more restrictive glob, to reduce the likelihood of missing an SONAME bump in an update. See https://docs.fedoraproject.org/en-US/packaging-guidelines/#_listing_shared_library_files. [!]: Is there a reason for tkrzw-libs to provide tkrzw-lib? I suspect this is copied from the kyotocabinet spec file, where it may have been needed at one time, but in my opinion it is just unnecessary noise for a new package. If it was intentional and there is a concrete reason I am missing, please let me know. [!]: Build system injects “-O0” when you pass --enable-debug and/or --disable-opt to the configure script, which disables optimizations and certain hardening options. Even without these, the build system overrides compiler flags that it should not; see https://docs.fedoraproject.org/en-US/packaging-guidelines/#_compiler_flags. My testing shows that you can fix this with tkrzw-0.9.3-do-not-override-build-flags.patch, to be attached. Per https://docs.fedoraproject.org/en-US/packaging-guidelines/PatchUpstreamStatus/, you would at least need a comment explaining that this patch is specific to Fedora. I’m not sure it’s suitable for offering upstream as-is, although it wouldn’t hurt to ask upstream for a way to build without any unnecessary compiler flag overrides. (It shouldn’t have been necessary to still add -fPIC in this patch; -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 should have taken care of it. I am not sure why. Nor am I sure why using -fPIE instead doesn’t work.) [!]: You can build in parallel even better with “%make_build apidoc all” instead of “%make_build” followed by “make apidoc”. [!}: The HTML docs from doc/ should not be installed in two places; currently they are in both the -libs subpackage and the -devel subpackage. Plus, while they are only about half a MB, that is enough to significantly increase the size of each of those packages. I think they should be combined with the API docs in a single documentation subpackage. See the following issue. [!]: I don’t think the idiosyncratic -apidocs subpackage name from kyotocabinet should be maintained here. The guidelines imply that -doc is the proper name for a documentation subpackage (https://docs.fedoraproject.org/en-US/packaging-guidelines/#_separate_documentation_packages), and existing practice matches. There are only eight -apidocs packages in Fedora 33, compared to 128 -docs packages and 5259 -doc packages. Personally, I would rename -apidocs to -doc, add “cp -rp doc html” and “mv api-doc api” at the end of %build, and then have “%doc html api” in the %files section for the -doc subpackage. fedora-review said: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 6000640 bytes in 303 files. See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_documentation [!]: Documentation subpackage should mark COPYING as %license, not %doc. [!}: The HTML docs from doc/ should not be installed in two places; currently they are in both the -libs subpackage and the -devel subpackage. Plus, while they are only about half a MB, that is enough to significantly increase the size of each of those packages. Personally, I would tend to rename the -apidocs subpackage to -doc (there are only eight -apidocs packages in Fedora 33, compared to 128 -docs packages and 5259 -doc packages); add “cp -rp doc html” and do think it is strange to already have a documentation subpackage but then install some documentation elsewhere. [!]: You need to run the test suite in %check. The comment says “Koji err: "no enough memory". This is not a general out-of-memory error, but an attempt to lock too many pages with mlock. This is mentioned in the HTML documentation (search for mlock). The limit is controlled by root, so your only choice is probably to find the offending tests and patch them out. My testing found that patching out only the four entries with “--buckets 100000 --lock_mem_buckets” in Makefile.in sufficed. The ones with “--buckets 10000” or less were fine. See tkrzw-0.9.3-skip-excessive-mlock-pages-tests.patch, to be attached. [!]: You should normally run tests with “%make_build check” instead of “make check” so they can run in parallel. However, in this case, that may cause unpredictable failures when multiple tests that use mlock run at the same time. You could still use “%make_build check -j1” to disable parallelization but benefit from any other default make options. [!]: You can pass --disable-static to the configure script; then you will not have to remove the .a file. [!]: Too-long description line reported by rpmlint. Please wrap “durability” onto the next line. [!]: Installed commands should contain man pages if possible. Upstream does not provide them, but help2man can generate reasonable output here. Something like: for bin in \ tkrzw_build_util tkrzw_str_perf tkrzw_file_perf tkrzw_dbm_perf \ tkrzw_dbm_util do LD_LIBRARY_PATH=$PWD help2man --no-info --no-discard-stderr \ --version-string='%{version}' --output="${bin}.1" \ "./${bin}" done in %build, and install -d %{buildroot}%{_mandir}/man1 install -t %{buildroot}%{_mandir}/man1 -m 0644 -p *.1 in %install, plus a corresponding entry in the main package’s %files. Even better is to clean up the output by hand, if you are comfortable with the language. You SHOULD (not MUST) suggest that upstream include them, and offering the help2man output as a starting point is a nice approach. [x]: The %ldconfig_scriptlets macro is obsolete in Fedora, but acceptable since you are targeting EPEL8. ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. [x]: Development (unversioned) .so files in -devel subpackage, if present. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* Apache License 2.0", "FSF Unlimited License [generated file]", "Apache License 2.0". 15 files have unknown license. Detailed output of licensecheck in /home/ben/src/fedora/reviews/tkrzw/1914292-tkrzw/licensecheck.txt Should be “ASL 2.0” [!]: License file installed when any subpackage combination is installed. It is installed with the documentation subpackage, which is correct since that subpackage (correctly) does not require the main package, but you should mark it %license instead of %doc. [!]: %build honors applicable compiler flags or justifies otherwise. See the Issues section for details. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [!]: Useful -debuginfo package or justification otherwise. These are also broken by the build system overriding compiler flags. [x]: Package is not known to require an ExcludeArch tag. [!]: Package complies to the Packaging Guidelines (See Issues section) [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [!]: Uses parallel make %{?_smp_mflags} macro. Actually, you do use it, via %make_build, for the main build; this is catching “make apidoc” below. However, you could “%make_build apidoc all” to do everything in parallel (with apidoc first since Doxygen takes longer than most individual compiler invocations), which would be even better. [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in tkrzw- libs , tkrzw-devel , tkrzw-apidocs tkrzw and tkrzw-devel have correct fully-versioned dependencies on tkrzw-libs, and tkrzw-apidocs correctly has no such dependency [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. Comment says “Koji err: "no enough memory". You should either fix this or patch out the offending test(s). See Issues section. You should normally run tests with “%make_build check” instead of “make check” so they can run in parallel. However, in this case, that may cause unpredictable failures when multiple tests that use mlock run at the same time. You could still use “%make_build check -j1” to disable parallelization but benefit from any other default make options. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: The placement of pkgconfig(.pc) files are correct. [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Large data in /usr/share should live in a noarch subpackage if package is arched. Note: Arch-ed rpms have a total of 1116160 bytes in /usr/share See the Issues section. This is the contents of doc/, installed in two different arched subpackages when it should really be part of the documentation subpackage. [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Package should not use obsolete m4 macros [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: tkrzw-0.9.3-1.fc34.x86_64.rpm tkrzw-libs-0.9.3-1.fc34.x86_64.rpm tkrzw-devel-0.9.3-1.fc34.x86_64.rpm tkrzw-apidocs-0.9.3-1.fc34.noarch.rpm tkrzw-debuginfo-0.9.3-1.fc34.x86_64.rpm tkrzw-debugsource-0.9.3-1.fc34.x86_64.rpm tkrzw-0.9.3-1.fc34.src.rpm tkrzw.x86_64: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability tkrzw.x86_64: E: description-line-too-long C It features high degrees of performance, concurrency, scalability and durability. tkrzw.x86_64: W: invalid-license APLv2.0 tkrzw.x86_64: W: no-documentation tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_build_util tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_dbm_perf tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_dbm_util tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_file_perf tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_str_perf tkrzw-libs.x86_64: W: invalid-license APLv2.0 tkrzw-devel.x86_64: W: invalid-license APLv2.0 tkrzw-apidocs.noarch: W: invalid-license APLv2.0 tkrzw-debuginfo.x86_64: W: invalid-license APLv2.0 tkrzw-debugsource.x86_64: W: invalid-license APLv2.0 tkrzw.src: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability tkrzw.src: E: description-line-too-long C It features high degrees of performance, concurrency, scalability and durability. tkrzw.src: W: invalid-license APLv2.0 7 packages and 0 specfiles checked; 2 errors, 15 warnings. Rpmlint (debuginfo) ------------------- Checking: tkrzw-libs-debuginfo-0.9.3-1.fc34.x86_64.rpm tkrzw-debuginfo-0.9.3-1.fc34.x86_64.rpm tkrzw-libs-debuginfo.x86_64: W: invalid-license APLv2.0 tkrzw-debuginfo.x86_64: W: invalid-license APLv2.0 2 packages and 0 specfiles checked; 0 errors, 2 warnings. Rpmlint (installed packages) ---------------------------- tkrzw-devel.x86_64: W: invalid-license APLv2.0 tkrzw-debugsource.x86_64: W: invalid-license APLv2.0 tkrzw-apidocs.noarch: W: invalid-license APLv2.0 tkrzw-libs.x86_64: W: invalid-license APLv2.0 tkrzw-debuginfo.x86_64: W: invalid-license APLv2.0 tkrzw.x86_64: W: spelling-error %description -l en_US scalability -> availability, sociability, implacability tkrzw.x86_64: E: description-line-too-long C It features high degrees of performance, concurrency, scalability and durability. tkrzw.x86_64: W: invalid-license APLv2.0 tkrzw.x86_64: W: no-documentation tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_build_util tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_dbm_perf tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_dbm_util tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_file_perf tkrzw.x86_64: W: no-manual-page-for-binary tkrzw_str_perf tkrzw-libs-debuginfo.x86_64: W: invalid-license APLv2.0 7 packages and 0 specfiles checked; 1 errors, 14 warnings. Source checksums ---------------- https://dbmx.net/tkrzw/pkg/tkrzw-0.9.3.tar.gz : CHECKSUM(SHA256) this package : 945b978402425de6f4cb156544ddf34d928b28100ff93d931816eec3b51be9aa CHECKSUM(SHA256) upstream package : 945b978402425de6f4cb156544ddf34d928b28100ff93d931816eec3b51be9aa Requires -------- tkrzw (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libpthread.so.0()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.9)(64bit) libtkrzw.so.0()(64bit) rtld(GNU_HASH) tkrzw-libs(x86-64) tkrzw-libs (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libm.so.6()(64bit) libpthread.so.0()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.5)(64bit) libstdc++.so.6(CXXABI_1.3.8)(64bit) libstdc++.so.6(CXXABI_1.3.9)(64bit) rtld(GNU_HASH) tkrzw-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config libtkrzw.so.0()(64bit) pkgconfig tkrzw-libs(x86-64) tkrzw-apidocs (rpmlib, GLIBC filtered): tkrzw-debuginfo (rpmlib, GLIBC filtered): tkrzw-debugsource (rpmlib, GLIBC filtered): Provides -------- tkrzw: tkrzw tkrzw(x86-64) tkrzw-libs: libtkrzw.so.0()(64bit) tkrzw-lib tkrzw-lib(x86-64) tkrzw-libs tkrzw-libs(x86-64) tkrzw-devel: pkgconfig(tkrzw) tkrzw-devel tkrzw-devel(x86-64) tkrzw-apidocs: tkrzw-api-doc tkrzw-apidocs tkrzw-debuginfo: debuginfo(build-id) tkrzw-debuginfo tkrzw-debuginfo(x86-64) tkrzw-debugsource: tkrzw-debugsource tkrzw-debugsource(x86-64) Generated by fedora-review 0.7.6 (b083f91) last change: 2020-11-10 Command line :/usr/bin/fedora-review -b 1914292 Buildroot used: fedora-rawhide-x86_64 Active plugins: C/C++, Generic, Shell-api Disabled plugins: Java, SugarActivity, Perl, R, fonts, Python, PHP, Haskell, Ocaml Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
