https://bugzilla.redhat.com/show_bug.cgi?id=1936772 Aleksei Bavshin <alebastr89@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |alebastr89@xxxxxxxxx Assignee|nobody@xxxxxxxxxxxxxxxxx |alebastr89@xxxxxxxxx Doc Type|--- |If docs needed, set a value Flags| |fedora-review? --- Comment #1 from Aleksei Bavshin <alebastr89@xxxxxxxxx> --- > Name: sixel Upstream name is libsixel and all other distributions are unanimously using it[1]. Let's avoid renaming the package without a good reason. > Source0: https://github.com/saitoha/lib%{name}/releases/download/v%{version}/libsixel-%{version}.tar.gz You can shorten Source to %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz. But the release archive lacks license files[2] so you'd really want to use %{url}/archive/v%{version}/%{name}-%{version}.tar.gz > BuildRequires: git Unnecessary. Noting in the build process requires git. > BuildRequires: gcc > BuildRequires: pkgconfig(libjpeg) > BuildRequires: pkgconfig(libpng) Missing `BuildRequires: make` [3]. There's an optional dependency on libcurl, but given that there are at least 2 known CVEs[4][5] in the file loaders it's better to keep network support disabled. > %package devel > Summary: Development files for %{name} > Provides: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} Uh... what? You are trying to tell that the main package with libraries is not necessary if -devel is installed. I believe you meant `Requires: %{name}%{?_isa} = %{version}-%{release}`. Rpmlint agrees with me: sixel-devel.x86_64: W: no-dependency-on sixel/sixel-libs/libsixel > %package utils > Summary: Binaries from the libsixel project How about `SIXEL decoder and encoder utilities`? > License: MIT You don't need to repeat the license for subpackage if it doesn't differ from the main one. > %description utils > Binaries from libsixel. sixel-utils.x86_64: W: description-shorter-than-summary Let's make that at least `%{summary}.` > make %{?_smp_mflags} %make_build > make install DESTDIR=$RPM_BUILD_ROOT %make_install Source archive contains unit tests. Consider running them at build time with %check %make_build test > %files > %doc ChangeLog NEWS Please, add license files. For example: %license LICENSE LICENSE.{pnmcolormap,sdump,sixel,stb} Some of those are MIT and it's important to distribute these along with the binaries. > %{_mandir}/man5/*.5* The man file could be more suitable for devel or utils subpackage. It's just a generic description of a SIXEL format. > %files utils > # we don't want libsixel-config We really want it in -devel package. Some applications may call libsixel-config instead of using pkg-config at build time. > %{_datadir}/bash-completion/* > %{_datadir}/zsh/* Please, be more explicit. Also, you need to own the zsh completion directories (bash-completion is already owned by filesystem): %{_datadir}/bash-completion/completions/* %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_* --- [1] https://repology.org/project/libsixel/versions [2] https://github.com/saitoha/libsixel/pull/129 [3] https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot [4] https://github.com/saitoha/libsixel/issues/134 (CVE-2020-11721) [5] https://github.com/saitoha/libsixel/issues/136 (CVE-2020-19668) -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
