https://bugzilla.redhat.com/show_bug.cgi?id=2258366 Arthur Bols <arthur@xxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |fedora-review? Status|NEW |ASSIGNED CC| |arthur@xxxxxxxx Doc Type|--- |If docs needed, set a value Assignee|nobody@xxxxxxxxxxxxxxxxx |arthur@xxxxxxxx --- Comment #4 from Arthur Bols <arthur@xxxxxxxx> --- I've never packaged or reviewed a Java package, so I'm completely going off the packaging guidelines. Please correct and explain if you disagree. :) Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Suggestions: ============ - Use %autorelease and %autochangelog macros Issues: ======= - Incorrect License 'BSD' (also not SPDX) I can't find any files licensed as BSD. A quick look using the licensecheck tool shows the following licenses: GPL-2, GPL-2.0-or-later, LGPL-2.1, Apache-2.0, Apache-2.0 and/or LGPL-2.1, GPL, MIT Some of these files are maybe not included in the binary rpm, so those licenses may be omitted. - ExclusiveArch: %{java_arches} This is required for architecture-dependend java packages. You can also remove the `ExcludeArch:` as `%{java_arches}` only contains 64-bit arches. - The License field must be a valid SPDX expression. Note: Not a valid SPDX expression 'BSD'. It seems that you are using the old Fedora license abbreviations. Try `license-fedora2spdx' for converting it to SPDX. See: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 - Spec file could use some cleanup Many useless comments - pom.xml file not installed See: https://docs.fedoraproject.org/en-US/packaging-guidelines/Java/#_maven_pom_xml_files - bundled(bouncycastle) and bundled(json_simple) Bundled libraries are not allowed: https://docs.fedoraproject.org/en-US/packaging-guidelines/Java/#_pre_built_dependencies - Patches link to upstream bugs/comments/lists or are otherwise justified. Are all patches Fedora specific or can you upstream some of them? - rpmlint warning class-path-in-manifest /usr/share/java/biglybt/BiglyBT.jar - Package must own all directories that it creates. Note: Directories without known owners: /usr/share/application-registry Is this still used in newer gnome versions? I suggest removing the biglybt.applications file ===== MUST items ===== Generic: [!]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "GNU General Public License, Version 2", "*No copyright* Apache License 2.0", "GNU General Public License v2.0 or later", "GNU General Public License v2.0 or later [obsolete FSF postal address (Temple Place)]", "*No copyright* GNU General Public License v2.0 or later [obsolete FSF postal address (Temple Place)]", "MIT License", "GNU Lesser General Public License, Version 2.1", "GNU General Public License v2.0 or later and/or Public domain", "*No copyright* GNU General Public License v2.0 or later", "GNU General Public License", "*No copyright* GNU General Public License, Version 2 [obsolete FSF postal address (Temple Place)]", "GNU General Public License v2.0 only [obsolete FSF postal address (Temple Place)]", "GNU General Public License, Version 2 [obsolete FSF postal address (Temple Place)]". 1091 files have unknown license. Detailed output of licensecheck in /home/arthur/fedora- review/2258366-biglybt/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: Package requires other packages for directories it uses. Note: No known owner of /usr/share/application-registry, /usr/share/javadoc, /usr/share/java [!]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/application- registry [-]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 13231 bytes in 3 files. [!]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package contains desktop file if it is a GUI application. [x]: Package installs a %{name}.desktop using desktop-file-install or desktop-file-validate if there is such a file. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Java: [x]: Bundled jar/class files should be removed before build [x]: Packages have proper BuildRequires/Requires on javapackages-tools (jpackage-utils) Note: Maven packages do not need to (Build)Require jpackage-utils. It is pulled in by maven-local [x]: Javadoc documentation files are generated and included in -javadoc subpackage [x]: Javadoc subpackages should not have Requires: javapackages-tools (jpackage-utils) [x]: Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlink) Maven: [!]: If package contains pom.xml files install it (including metadata) even when building with ant [x]: Maven packages should use new style packaging [x]: Old add_to_maven_depmap macro is not being used ===== SHOULD items ===== Generic: [!]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [!]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [!]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [?]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. Java: [x]: Package uses upstream build method (ant/maven/etc.) [x]: Packages are noarch unless they use JNI ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: biglybt-3.5.0.0-1.fc41.noarch.rpm biglybt-javadoc-3.5.0.0-1.fc41.noarch.rpm biglybt-3.5.0.0-1.fc41.src.rpm =================================================================================================================== rpmlint session starts =================================================================================================================== rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp9cz27ogl')] checks: 32, packages: 3 biglybt-javadoc.noarch: W: package-with-huge-docs 99% biglybt.spec:120: W: macro-in-comment %{buildroot} biglybt.spec:120: W: macro-in-comment %{_bindir} biglybt.noarch: W: class-path-in-manifest /usr/share/java/biglybt/BiglyBT.jar ============================================================================= 3 packages and 0 specfiles checked; 0 errors, 4 warnings, 11 filtered, 0 badness; has taken 5.8 s ============================================================================== Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 2 biglybt-javadoc.noarch: W: package-with-huge-docs 99% biglybt.noarch: W: class-path-in-manifest /usr/share/java/biglybt/BiglyBT.jar 2 packages and 0 specfiles checked; 0 errors, 2 warnings, 7 filtered, 0 badness; has taken 5.2 s Source checksums ---------------- https://github.com/BiglySoftware/BiglyBT/archive/v3.5.0.0/BiglyBT-3.5.0.0.tar.gz : CHECKSUM(SHA256) this package : 71637043a8bb33243857f2e743aa2bf5091418656067d552992f75893a99a870 CHECKSUM(SHA256) upstream package : 71637043a8bb33243857f2e743aa2bf5091418656067d552992f75893a99a870 Requires -------- biglybt (rpmlib, GLIBC filtered): /usr/bin/bash mvn(org.apache.commons:commons-cli) mvn(org.apache.commons:commons-lang3) mvn(org.eclipse.swt:org.eclipse.swt) biglybt-javadoc (rpmlib, GLIBC filtered): javapackages-filesystem Provides -------- biglybt: application() application(biglybt.desktop) biglybt bundled(bouncycastle) bundled(json_simple) mimehandler(application/x-biglybt) mimehandler(application/x-bittorrent) mimehandler(x-scheme-handler/biglybt) mimehandler(x-scheme-handler/magnet) biglybt-javadoc: biglybt-javadoc Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2258366 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Java, Generic Disabled plugins: PHP, fonts, Perl, Ocaml, Python, SugarActivity, C/C++, Haskell, R Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2258366 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202258366%23c4 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
