https://bugzilla.redhat.com/show_bug.cgi?id=2279057 --- Comment #9 from wojnilowicz <lukasz.wojnilowicz@xxxxxxxxx> --- (In reply to Jerry James from comment #8) > Package Review > ============== > > Legend: > [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated > > Issues > ====== > - The License field is incomplete. In addition to MPL-2.0, these files have > different licenses: > src/visualizations/sunburst-clock.ts: Apache-2.0 > media-fonts/varela-round-latin.woff2: OFL-1.1-RFN I've found one more missing license. Could you check if it's OK now? > - Where is the bundled-licenses file produced by nodejs-packaging-bundler? > See > > https://docs.fedoraproject.org/en-US/packaging-guidelines/Node.js/ > #_bundled_licenses Since I don't bundle any npm package and it's marked as "recommended", I just didn't include it. I've included it now. > - I'm a little worried about Source3. The README.md file in that tarball > says > it contains media assets "included as a git submodule in repos like aw-qt > and aw-webui". So if we have other Fedora packages that include this, > we'll > duplicate these media assets. Wouldn't it be better to make that a > separate > package that can then be referenced from nodejs-aw-webui, and possibly > other > packages later? I investigated it further and here are my findings: 1) aw-qt uses logo.png and logo-128.png from Source3 2) aw-webui uses only logo.png and logo.svg from Source3 I just added linked those two files directly from the GitHub. Please take a look. Should it still ba a separate aw-media package, then I can do it. > - The varela-round-latin font is not being handled in accordance with the > font > packaging guidelines: > > https://docs.fedoraproject.org/en-US/packaging-guidelines/ > #_avoid_bundling_of_fonts_in_other_packages I removed it altogether and it works still. > - Should the spec file include "Requires: nodejs", as in the example spec? > > https://docs.fedoraproject.org/en-US/packaging-guidelines/Node.js/ > #_example_spec It's only a build dependency for aw-server-rust. aw-server-rust embeds it in its executable file. Do you think this package should require nodejs then? > - Just a suggestion: rpm now supports a syntax for conditionals that is a > little easier to understand: > > %bcond check 1 Yes. I know, but rust packages still use %bcond_without and I want to be consistent with them. Anyway, I removed it altogether. > ===== MUST items ===== > > Generic: > [!]: License field in the package spec file matches the actual license. > Note: Checking patched sources after %prep for licenses. Licenses > found: "Unknown or generated", "*No copyright* Mozilla Public License > 2.0", "BSD 3-Clause License", "*No copyright* BSD 3-Clause License", > "ISC License and/or MIT License", "*No copyright* ISC License", "MIT > License", "*No copyright* MIT License", "MIT License [generated > file]", "*No copyright* Apache License 2.0", "ISC License", "Apache > License 2.0 and/or MIT License", "BSD 2-Clause License", "*No > copyright* BSD 2-Clause License", "Apache License 2.0", "*No > copyright* Creative Commons Attribution 4.0", "Apache License 2.0 > and/or ISC License", "Apache License 2.0 and/or BSD 2-Clause License", > "*No copyright* Artistic License 2.0", "*No copyright* The Unlicense", > "*No copyright* DON'T BE A DICK PUBLIC LICENSE", "W3C License", "*No > copyright* W3C Software and Document Notice and License (2015-05-13)", > "Academic Free License v2.1 and/or BSD 3-Clause License", "*No > copyright* Academic Free License", "*No copyright* Academic Free > License v2.1", "*No copyright* Creative Commons CC0 1.0", "MIT License > and/or X11 License", "Do What The Fuck You Want To Public License, > Version 2 and/or MIT License", "*No copyright* MIT License and/or X11 > License", "Creative Commons CC0 1.0", "BSD 3-Clause License and/or MIT > License", "Creative Commons Attribution 3.0", "*No copyright* Creative > Commons Attribution 3.0", "*No copyright* BSD 2-Clause License and/or > BSD 3-Clause License and/or GNU Lesser General Public License, Version > 2.1 and/or MIT License", "*No copyright* BSD 3-Clause Clear License", > "BSD 0-Clause License", "*No copyright* BSD 0-Clause License", "BSD > 2-Clause with views sentence", "*No copyright* Creative Commons > Attribution-ShareAlike 4.0", "Apache License 2.0 and/or BSD 3-Clause > License", "GNU Library General Public License v2 or later", "*No > copyright* MIT License [generated file]". 42442 files have unknown > license. Detailed output of licensecheck in > /home/jamesjer/2279057-nodejs-aw-webui/licensecheck.txt Is it about all licenses listed above or only about missing Apache-2.0 and OFL-1.1-RFN? > [!]: Package contains no bundled libraries without FPC exception. Was it only about varela-round-latin? > ===== SHOULD items ===== > > Generic: > [!]: Latest version is packaged. > > There have been more commits since the commit referenced by this > package. Since it's provided as a git repository and not as releases it will be like that. I've just updated to the last commit and everything still works. > Rpmlint > ------- > Checking: nodejs-aw-webui-0^20240509.cb83d12-1.fc41.noarch.rpm > nodejs-aw-webui-0^20240509.cb83d12-1.fc41.src.rpm > ================================================ rpmlint session starts > ================================================ > rpmlint: 2.5.0 > configuration: > /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml > /etc/xdg/rpmlint/fedora-legacy-licenses.toml > /etc/xdg/rpmlint/fedora-spdx-licenses.toml > /etc/xdg/rpmlint/fedora.toml > /etc/xdg/rpmlint/scoring.toml > /etc/xdg/rpmlint/users-groups.toml > /etc/xdg/rpmlint/warn-on-functions.toml > rpmlintrc: [PosixPath('/tmp/tmpiwslrd2h')] > checks: 32, packages: 2 > > nodejs-aw-webui.src: W: strange-permission aw-webui-cb83d12-nm-dev.tgz 744 > nodejs-aw-webui.src: W: strange-permission aw-webui-cb83d12-nm-prod.tgz 744 > nodejs-aw-webui.src: W: strange-permission nodejs-aw-webui.spec 744 I've fixed those permissions. I've updated the spec file in my first comment. I hope that [fedora-review-service-build] will rebuild it. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2279057 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202279057%23c9 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
