[Bug 2248784] Review Request: rust-cargo-deny - Cargo plugin to help you manage large dependency graphs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2248784

blinxen <h-k-81@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |h-k-81@xxxxxxxxxxx
           Assignee|nobody@xxxxxxxxxxxxxxxxx    |h-k-81@xxxxxxxxxxx
           Doc Type|---                         |If docs needed, set a value
             Status|NEW                         |ASSIGNED
              Flags|                            |fedora-review?



--- Comment #3 from blinxen <h-k-81@xxxxxxxxxxx> ---
Taking this review

General comments:

- Package was generated with rust2rpm
- Some tests were skipped because of missing files --> OK
- Some dependencies were manually updated to the latest version --> OK but
maybe consider patching this upstream
- I assume

Questions:

- Why is the SPDX license list data updated? Looking at upstream, it seems the
file is 4 years old. Should this be reported?
- What is the license under which the license list is published? I could not
find any information about that (looked in
https://github.com/spdx/license-list-data and
https://github.com/spdx/license-list-XML).

Problems:

- False requires on `/usr/bin/bash`, excluding `scripts` should probably fix
this

Full review:

Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


===== MUST items =====

C/C++:
[-]: Provides: bundled(gnulib) in place as required.
     Note: Sources not installed
[x]: Package does not contain kernel modules.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Package contains no static executables.
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
     Note: Using prebuilt packages
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. No licenses
     found. Please check the source files for licenses manually.
[x]: License file installed when any subpackage combination is installed.
[x]: If the package is under multiple licenses, the licensing breakdown
     must be documented in the spec.
[x]: %build honors applicable compiler flags or justifies otherwise.
[!]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 73246 bytes in 5 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: The License field must be a valid SPDX expression.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[x]: Reviewer should test that the package builds in mock.
[x]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in cargo-
     deny , rust-cargo-deny-devel , rust-cargo-deny+default-devel , rust-
     cargo-deny+native-certs-devel
[?]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[-]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: gpgverify is not used.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[!]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on all installed packages.
     Note: No rpmlint messages.
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.


Rpmlint
-------
Checking: cargo-deny-0.14.3-1.fc40.aarch64.rpm
          rust-cargo-deny-devel-0.14.3-1.fc40.noarch.rpm
          rust-cargo-deny+default-devel-0.14.3-1.fc40.noarch.rpm
          rust-cargo-deny+native-certs-devel-0.14.3-1.fc40.noarch.rpm
          rust-cargo-deny-debugsource-0.14.3-1.fc40.aarch64.rpm
          rust-cargo-deny-0.14.3-1.fc40.src.rpm
============================ rpmlint session starts
============================
rpmlint: 2.4.0
configuration:
    /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
rpmlintrc: [PosixPath('/tmp/tmpsd9rvj_t')]
checks: 31, packages: 6

cargo-deny.aarch64: W: no-manual-page-for-binary cargo-deny
rust-cargo-deny+default-devel.noarch: W: no-documentation
rust-cargo-deny+native-certs-devel.noarch: W: no-documentation
 6 packages and 0 specfiles checked; 0 errors, 3 warnings, 0 badness; has taken
0.5 s




Rpmlint (installed packages)
----------------------------
(none): E: there is no installed rpm "rust-cargo-deny-devel".
(none): E: there is no installed rpm "rust-cargo-deny+native-certs-devel".
(none): E: there is no installed rpm "rust-cargo-deny+default-devel".
(none): E: there is no installed rpm "cargo-deny".
(none): E: there is no installed rpm "rust-cargo-deny-debugsource".
There are no files to process nor additional arguments.
Nothing to do, aborting.
============================ rpmlint session starts
============================
rpmlint: 2.4.0
configuration:
    /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
checks: 31, packages: 5

 0 packages and 0 specfiles checked; 0 errors, 0 warnings, 0 badness; has taken
0.0 s



Source checksums
----------------
https://crates.io/api/v1/crates/cargo-deny/0.14.3/download#/cargo-deny-0.14.3.crate
:
  CHECKSUM(SHA256) this package     :
60deefd7de37636520d2d0b6ea167f84b934d2bd557ee3c079b36f87614be5cd
  CHECKSUM(SHA256) upstream package :
60deefd7de37636520d2d0b6ea167f84b934d2bd557ee3c079b36f87614be5cd


Requires
--------
cargo-deny (rpmlib, GLIBC filtered):
    ld-linux-aarch64.so.1()(64bit)
    libc.so.6()(64bit)
    libgcc_s.so.1()(64bit)
    libgcc_s.so.1(GCC_3.0)(64bit)
    libgcc_s.so.1(GCC_3.3)(64bit)
    libgcc_s.so.1(GCC_4.2.0)(64bit)
    libm.so.6()(64bit)
    libzstd.so.1()(64bit)
    rtld(GNU_HASH)

rust-cargo-deny-devel (rpmlib, GLIBC filtered):
    (crate(anyhow/default) >= 1.0.0 with crate(anyhow/default) < 2.0.0~)
    (crate(askalono/default) >= 0.4.0 with crate(askalono/default) < 0.5.0~)
    (crate(bitvec/alloc) >= 1.0.0 with crate(bitvec/alloc) < 2.0.0~)
    (crate(bitvec/default) >= 1.0.0 with crate(bitvec/default) < 2.0.0~)
    (crate(camino/default) >= 1.1.0 with crate(camino/default) < 2.0.0~)
    (crate(clap/default) >= 4.3.0 with crate(clap/default) < 5.0.0~)
    (crate(clap/derive) >= 4.3.0 with crate(clap/derive) < 5.0.0~)
    (crate(clap/env) >= 4.3.0 with crate(clap/env) < 5.0.0~)
    (crate(codespan-reporting/default) >= 0.11.0 with
crate(codespan-reporting/default) < 0.12.0~)
    (crate(codespan/default) >= 0.11.0 with crate(codespan/default) < 0.12.0~)
    (crate(crossbeam/default) >= 0.8.0 with crate(crossbeam/default) < 0.9.0~)
    (crate(fern/default) >= 0.6.0 with crate(fern/default) < 0.7.0~)
    (crate(gix) >= 0.55.0 with crate(gix) < 0.56.0~)
    (crate(gix/blocking-http-transport-reqwest) >= 0.55.0 with
crate(gix/blocking-http-transport-reqwest) < 0.56.0~)
    (crate(gix/blocking-network-client) >= 0.55.0 with
crate(gix/blocking-network-client) < 0.56.0~)
    (crate(gix/interrupt) >= 0.55.0 with crate(gix/interrupt) < 0.56.0~)
    (crate(gix/reqwest-for-configuration-only) >= 0.55.0 with
crate(gix/reqwest-for-configuration-only) < 0.56.0~)
    (crate(gix/worktree-mutation) >= 0.55.0 with crate(gix/worktree-mutation) <
0.56.0~)
    (crate(globset/default) >= 0.4.0 with crate(globset/default) < 0.5.0~)
    (crate(goblin) >= 0.7.0 with crate(goblin) < 0.8.0~)
    (crate(goblin/elf32) >= 0.7.0 with crate(goblin/elf32) < 0.8.0~)
    (crate(goblin/elf64) >= 0.7.0 with crate(goblin/elf64) < 0.8.0~)
    (crate(goblin/mach32) >= 0.7.0 with crate(goblin/mach32) < 0.8.0~)
    (crate(goblin/mach64) >= 0.7.0 with crate(goblin/mach64) < 0.8.0~)
    (crate(goblin/pe32) >= 0.7.0 with crate(goblin/pe32) < 0.8.0~)
    (crate(goblin/pe64) >= 0.7.0 with crate(goblin/pe64) < 0.8.0~)
    (crate(home/default) >= 0.5.0 with crate(home/default) < 0.6.0~)
    (crate(krates/default) >= 0.15.0 with crate(krates/default) < 0.16.0~)
    (crate(krates/targets) >= 0.15.0 with crate(krates/targets) < 0.16.0~)
    (crate(log/default) >= 0.4.0 with crate(log/default) < 0.5.0~)
    (crate(nu-ansi-term/default) >= 0.49.0 with crate(nu-ansi-term/default) <
0.50.0~)
    (crate(parking_lot/default) >= 0.12.0 with crate(parking_lot/default) <
0.13.0~)
    (crate(rayon/default) >= 1.4.0 with crate(rayon/default) < 2.0.0~)
    (crate(reqwest) >= 0.11.0 with crate(reqwest) < 0.12.0~)
    (crate(ring/default) >= 0.17.0 with crate(ring/default) < 0.18.0~)
    (crate(rustsec) >= 0.28.0 with crate(rustsec) < 0.29.0~)
    (crate(semver/default) >= 1.0.0 with crate(semver/default) < 2.0.0~)
    (crate(serde/default) >= 1.0.0 with crate(serde/default) < 2.0.0~)
    (crate(serde/derive) >= 1.0.0 with crate(serde/derive) < 2.0.0~)
    (crate(serde_json/default) >= 1.0.0 with crate(serde_json/default) <
2.0.0~)
    (crate(smallvec/default) >= 1.9.0 with crate(smallvec/default) < 2.0.0~)
    (crate(spdx/default) >= 0.10.0 with crate(spdx/default) < 0.11.0~)
    (crate(strum/default) >= 0.25.0 with crate(strum/default) < 0.26.0~)
    (crate(strum/derive) >= 0.25.0 with crate(strum/derive) < 0.26.0~)
    (crate(tame-index) >= 0.7.0 with crate(tame-index) < 0.8.0~)
    (crate(tame-index/git) >= 0.7.0 with crate(tame-index/git) < 0.8.0~)
    (crate(tame-index/sparse) >= 0.7.0 with crate(tame-index/sparse) < 0.8.0~)
    (crate(time) >= 0.3.0 with crate(time) < 0.4.0~)
    (crate(time/formatting) >= 0.3.0 with crate(time/formatting) < 0.4.0~)
    (crate(time/macros) >= 0.3.0 with crate(time/macros) < 0.4.0~)
    (crate(toml/default) >= 0.8.0 with crate(toml/default) < 0.9.0~)
    (crate(twox-hash) >= 1.5.0 with crate(twox-hash) < 2.0.0~)
    (crate(url/default) >= 2.1.0 with crate(url/default) < 3.0.0~)
    (crate(walkdir/default) >= 2.3.0 with crate(walkdir/default) < 3.0.0~)
    /usr/bin/bash
    cargo
    rust

rust-cargo-deny+default-devel (rpmlib, GLIBC filtered):
    (crate(reqwest/rustls-tls-webpki-roots) >= 0.11.0 with
crate(reqwest/rustls-tls-webpki-roots) < 0.12.0~)
    (crate(tame-index/default) >= 0.7.0 with crate(tame-index/default) <
0.8.0~)
    cargo
    crate(cargo-deny)

rust-cargo-deny+native-certs-devel (rpmlib, GLIBC filtered):
    (crate(reqwest/rustls-tls-native-roots) >= 0.11.0 with
crate(reqwest/rustls-tls-native-roots) < 0.12.0~)
    (crate(tame-index/native-certs) >= 0.7.0 with
crate(tame-index/native-certs) < 0.8.0~)
    cargo
    crate(cargo-deny)

rust-cargo-deny-debugsource (rpmlib, GLIBC filtered):



Provides
--------
cargo-deny:
    bundled(spdx-license-list-data)
    cargo-deny
    cargo-deny(aarch-64)

rust-cargo-deny-devel:
    crate(cargo-deny)
    rust-cargo-deny-devel

rust-cargo-deny+default-devel:
    crate(cargo-deny/default)
    rust-cargo-deny+default-devel

rust-cargo-deny+native-certs-devel:
    crate(cargo-deny/native-certs)
    rust-cargo-deny+native-certs-devel

rust-cargo-deny-debugsource:
    rust-cargo-deny-debugsource
    rust-cargo-deny-debugsource(aarch-64)



Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24
Command line :/usr/bin/fedora-review --no-colors --prebuilt --rpm-spec --name
rust-cargo-deny --mock-config /var/lib/copr-rpmbuild/results/configs/child.cfg
Buildroot used: fedora-rawhide-aarch64
Active plugins: Generic, C/C++, Shell-api
Disabled plugins: Java, Haskell, Perl, fonts, Python, SugarActivity, R, PHP,
Ocaml
Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH


-- 
You are receiving this mail because:
You are always notified about changes to this product and component
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2248784

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202248784%23c3
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux