https://bugzilla.redhat.com/show_bug.cgi?id=2231209 --- Comment #2 from Petr Pisar <ppisar@xxxxxxxxxx> --- URL and Souce0 addresses are Ok. Source0 archive (SHA-512: b64bbe12a63c0b138909022a6232c2ce65fa7cac2a2b08cdd9a49086df4403b6d9d37fb29692301b139461bafcb787cad39feb486038d51a4304e47a2a2150e9) is original. Ok. FIX: Follow a version scheme for snapshots <https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_snapshots>. I.e. "Version: 1.0^20230731git%{shortcommit}" and "Release: 1%{?dist}". Summary verified from README.md. Ok. TODO: Spell "Authentication" with a lower case "a". Description verified from README.md. Ok. Licenses found: LICENSE: GPL-3.0 text src/base32.c: Apache-2.0 src/base32.h: Apache-2.0 src/base64.c: APSL-2.0 AND Apache-1.0 src/base64.h: APSL-2.0 AND Apache-1.0 FATAL: Distribute APSL-2.0 license text <https://opensource.apple.com/apsl/> with the sources and within the binary RPM package. This is required by APSL-2.0 license and an upstream not doing it violates the license. Also report it to the upstream. FIX: Extract Apache-1.0 text from src/base64.h and package it in a binary package as required by the license. FATAL: Distribute Apache-2.0 license text <https://www.apache.org/licenses/LICENSE-2.0> with the sources and within the binary RPM package. This requires by Apache-2.0 license and an upstream not doing it violates the license. Also report it to the upstream. FIX: Correct License tag to "GPL-1.0-or-later AND Apache-2.0 AND Apache-1.0 AND APSL-2.0". Source code does not mention which GPL version to apply, hence with in compliance with the GPL-3.0 text, any version can be used. FIX: Build-require "bash" (autogen.sh:1). FIX: Build-require "coreutils" (autogen.sh:2). FIX: Build-require "autoconf" (autogen.sh:3). FIX: Build-require "automake" (configure.ac:3). TODO: Constrain "openssl-devel" build-dependency with ">= 1.1.0" (configure.ac:39). FIX: Build-require "make" (openvpn-otp.spec:30). TODO: Report to upstream that the codes uses functions (e.g. HMAC_CTX_new()) deprecated in OpenSSL 3.0. Distribution compiler and flags are respected. Ok. No tests, no %check phase. Ok. $ rpmlint openvpn-otp.spec ../SRPMS/openvpn-otp-1.0-1.20230731git47f8ccf.fc40.src.rpm ../RPMS/x86_64/openvpn-otp-* ======================================== rpmlint session starts ======================================= rpmlint: 2.4.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 5 ========= 4 packages and 1 specfiles checked; 0 errors, 0 warnings, 0 badness; has taken 0.3 s ======== rpmlint is Ok. $ rpm -q -lv -p ../RPMS/x86_64/openvpn-otp-1.0-1.20230731git47f8ccf.fc40.x86_64.rpm drwxr-xr-x 2 root root 0 Jul 31 02:00 /usr/lib/.build-id drwxr-xr-x 2 root root 0 Jul 31 02:00 /usr/lib/.build-id/6f lrwxrwxrwx 1 root root 52 Jul 31 02:00 /usr/lib/.build-id/6f/b58a8b2ab7db1e232741afef51f6b7a7f17b0c -> ../../../../usr/lib64/openvpn/plugins/openvpn-otp.so -rwxr-xr-x 1 root root 32504 Jul 31 02:00 /usr/lib64/openvpn/plugins/openvpn-otp.so drwxr-xr-x 2 root root 0 Jul 31 02:00 /usr/share/doc/openvpn-otp -rw-r--r-- 1 root root 13918 Aug 7 2021 /usr/share/doc/openvpn-otp/README.md drwxr-xr-x 2 root root 0 Jul 31 02:00 /usr/share/licenses/openvpn-otp -rw-r--r-- 1 root root 35121 Aug 7 2021 /usr/share/licenses/openvpn-otp/LICENSE File layout and permissions are Ok. $ rpm -q --requires -p ../RPMS/x86_64/openvpn-otp-1.0-1.20230731git47f8ccf.fc40.x86_64.rpm | sort -f | uniq -c 1 libc.so.6()(64bit) 1 libc.so.6(GLIBC_2.2.5)(64bit) 1 libc.so.6(GLIBC_2.3)(64bit) 1 libc.so.6(GLIBC_2.3.4)(64bit) 1 libc.so.6(GLIBC_2.4)(64bit) 1 openvpn >= 2.0 1 rpmlib(CompressedFileNames) <= 3.0.4-1 1 rpmlib(FileDigests) <= 4.6.0-1 1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 1 rpmlib(PayloadIsZstd) <= 5.4.18-1 1 rtld(GNU_HASH) Binary requires are Ok. $ rpm -q --provides -p ../RPMS/x86_64/openvpn-otp-1.0-1.20230731git47f8ccf.fc40.x86_64.rpm | sort -f | uniq -c 1 openvpn-otp = 1.0-1.20230731git47f8ccf.fc40 1 openvpn-otp(x86-64) = 1.0-1.20230731git47f8ccf.fc40 Binary provides are Ok. $ resolvedeps rawhide ../RPMS/x86_64/openvpn-otp-1.0-1.20230731git47f8ccf.fc40.x86_64.rpm Binary dependencies are resolvable. Ok. Building in F40 Koji build target will be verified after resolving the license issues. Otherwise, the package is in line with Fedora packaging guidelines. Please fix the FATAL issues. Without resolving this review cannot continue and Fedora cannot distribute the packages. Please correct all FIX items, consider fixing TODO items, and provide an updated spec file. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2231209 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202231209%23c2 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
