https://bugzilla.redhat.com/show_bug.cgi?id=587978 Michal Ambroz <rebus@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Flags|needinfo?(rebus@xxxxxxxxx) |needinfo?(oturpe@xxxxxx) --- Comment #32 from Michal Ambroz <rebus@xxxxxxxxx> --- (In reply to Otto Urpelainen from comment #31) SPEC URL: http://rebus.fedorapeople.org/SPECS/whatweb.spec SRPM URL: http://rebus.fedorapeople.org/SRPMS/whatweb-0.5.5-2.fc34.src.rpm > 1. What is the intent of fragment part #/%{name}-%{version}.tar.gz? > > Source0: https://github.com/%{gituser}/%{gitname}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz when you download with the spectool -g whatweb.spec, this is what renames boring v5.5.0.tar.gz to sexy whatweb-5.5.0.tar.gz > 2. Better %{_bindir}/ruby, since that is how rubypick package provides this > > Requires: /usr/bin/ruby Ok ... thanks > 3. Fixing env shebangs should not be required in Fedora anymore. If this is > still needed for some reason (RHEL perhaps?), comment should be updated to match > https://docs.fedoraproject.org/en-US/packaging-guidelines/Ruby/#_shebang_lines I consider env to be potential security problem and preffer to be explicit about the interpreter used in the packaged stuff. The guide is saying as well that it SHOULD use #!/usr/bin/ruby . The "env ruby" is not always only /usr/bin/ruby. Depending on environment settings it could be also /usr/local/bin/ruby or ~user/bin/ruby or even /tmp/you_have_been_hacked/ruby . > 4. I do not understand this. Is this an issue with upstream man pages? If > so, a fix or an issue should be submitted and referenced from the specfile. > > > # Unknown macros in manpage > > sed -i -e 's|^.ni||; s|^\./plugins-disabled|+\./plugins-disabled|' whatweb.1 Yes ... I guess that on Ubuntu they use different groff for formatting the man pages so it is ok for them. On Fedora it complains so I have to remove that tags. > 5. Is this still needed? PR282 has been merged before 0.5.5 was released, so > it should be ok. Again, if this is an upstream issue, a bug report or pull > request should be referenced from here. If Fedora-specific, the situation > should be explained. > > > # Add the whatweb shared directory + PR282 > > sed -i -e "s|expand_path(__dir__)), '.')|expand_path(__dir__)), '%{_datadir}/%{name}')|" whatweb Yes still needed. I do not consider this ustream bug, but it relies to Fedora packaging. > 6. Are both this and the earlier sed call that commnents off 'bundle install' needed? Nah ... Just the sed was working. The alias was not working I just forgot it there - thanks, removing the alias. > 7. This is not wrong, but could be handled with a single row > %{_datadir}/%{name}/addons, which would own the directory and include it and > all its content in one statement. The same goes for lib, plugins, > my-plugins, plugin-development and plugin-disabled folders. Also, I wonder > if a simple '%{_datadir}/%{name}' would correctly handle all this, is there > something in there that you do not want to own & include? At the time I was packaging I was probably trying to comply with the rule that all directories must be owned. So I was trying to explicitly list them. These days yes %{_datadir}/%{name} would do. > 8. There are tests in the source, but no %check in specfile. Tests should be > run. If is it too difficult to get them run inside the buildsystem, then > perhaps a %check section with commented off attempt and a comment explaining > why they cannot be run? Reference: > https://docs.fedoraproject.org/en-US/packaging-guidelines/#_test_suites During build there is no networking. The site used for tests - https://whatweb.net/ - is down. Adding conditional and comment to build with tests. > 9. my-plugins and plugin-development folders look like material for plugin > writing. Are they really needed at runtime? If not, they should not > installed. - my-plugins is meant for locally created plugins to separate them from the dozens of others. Its installed by upstream and searched for local libs - I do not want to change this. - moved plugin-development to documentation > 10. What about the shell scripts in addons folder? Are the intended to be > run by the user? If so, they should be installed to %{_bindir}. If not, and > are not otherwise needed at runtime, they should be dropped or perhaps moved > to documentation. - yes executables, but more like examples. Not core functionality. - moved to documentation > 11. Maybe a comment here explaining what is going on. > Is it just that RHEL does not support Recommends? Yes. RHEL7 doesn't know Recommends. Commented. > 12. Is the license really GPLv2 or is it GPLv2+? License is listed as such > in upstream home page, but many (not all!) files like lib/logging.rb contain > a notice that also allows any later version. You should probably contact > upstream to clarify the issue. yes gplv2+ ... changed in spec. doing that I have found in plugins ip2country.csv database with non-free (donationware) license from unreachable origin, changed spec to delete that one. -- You are receiving this mail because: You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
