[Bug 2297781] Review Request: ocaml-spdx-licenses - SPDX License Expression parser in OCaml

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2297781



--- Comment #2 from Richard W.M. Jones <rjones@xxxxxxxxxx> ---
Package Review
==============

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


Issues:
=======

[Some issues were found but they were all bogus]

===== MUST items =====

Generic:
[x]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.
[x]: License field in the package spec file matches the actual license.
     Note: Checking patched sources after %prep for licenses. Licenses
     found: "Unknown or generated", "MIT License", "*No copyright* MIT
     License", "*No copyright* MIT License [generated file]". 12 files have
     unknown license. Detailed output of licensecheck in
     /var/tmp/review/2297781-ocaml-spdx-licenses/licensecheck.txt

The upstream sources have some generate files without licenses at the
top, but it's obvious the whole thing is intended to be MIT.

[x]: License file installed when any subpackage combination is installed.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: %build honors applicable compiler flags or justifies otherwise.

Uses dune to build.

[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.

Uses autochangelog.

[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.

Debuginfo is generated on all platforms that have the native OCaml
compiler.

[x]: Package is not known to require an ExcludeArch tag.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
     Note: There are rpmlint messages (see attachment).
[x]: The License field must be a valid SPDX expression.
[x]: Package does not own files or directories owned by other packages.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package must not depend on deprecated() packages.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 797 bytes in 2 files.
[x]: Packages must not store files under /srv, /opt or /usr/local

Ocaml:
[x]: This should never happen

===== SHOULD items =====

Generic:
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[?]: Package functions as described.
[x]: Latest version is packaged.

Latest upstream is also 1.2.0.

[x]: Package does not include license text files separate from upstream.
[-]: Sources are verified with gpgverify first in %prep if upstream
     publishes signatures.
     Note: gpgverify is not used.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[x]: %check is present and all tests pass.
[-]: Packages should try to preserve timestamps of original installed
     files.
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Fully versioned dependency in subpackages if applicable.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

Generic:
[x]: Rpmlint is run on debuginfo package(s).
     Note: No rpmlint messages.
[x]: Rpmlint is run on all installed packages.
     Note: There are rpmlint messages (see attachment).
[x]: Large data in /usr/share should live in a noarch subpackage if package
     is arched.
[x]: Spec file according to URL is the same as in SRPM.


Rpmlint
-------
Checking: ocaml-spdx-licenses-1.2.0-1.fc41.x86_64.rpm
          ocaml-spdx-licenses-devel-1.2.0-1.fc41.x86_64.rpm
          ocaml-spdx-licenses-1.2.0-1.fc41.src.rpm
============================ rpmlint session starts
============================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
rpmlintrc: [PosixPath('/tmp/tmpn7sn8duy')]
checks: 32, packages: 3

ocaml-spdx-licenses-devel.x86_64: E: static-library-without-debuginfo
/usr/lib64/ocaml/spdx_licenses/spdx_licenses.a
ocaml-spdx-licenses-devel.x86_64: W: no-documentation
ocaml-spdx-licenses-devel.x86_64: W: files-duplicate
/usr/lib64/ocaml/spdx_licenses/licenseIDs.mli
/usr/lib64/ocaml/spdx_licenses/exceptionIDs.mli

I think it's just a coincidence that these files are duplicates.

 3 packages and 0 specfiles checked; 1 errors, 2 warnings, 11 filtered, 1
badness; has taken 0.2 s 




Rpmlint (debuginfo)
-------------------
Checking: ocaml-spdx-licenses-debuginfo-1.2.0-1.fc41.x86_64.rpm
============================ rpmlint session starts
============================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
rpmlintrc: [PosixPath('/tmp/tmpqxji89qt')]
checks: 32, packages: 1

 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 5 filtered, 0
badness; has taken 0.1 s 





Rpmlint (installed packages)
----------------------------
============================ rpmlint session starts
============================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
checks: 32, packages: 3

ocaml-spdx-licenses-devel.x86_64: E: static-library-without-debuginfo
/usr/lib64/ocaml/spdx_licenses/spdx_licenses.a
ocaml-spdx-licenses-devel.x86_64: W: no-documentation
ocaml-spdx-licenses-devel.x86_64: W: files-duplicate
/usr/lib64/ocaml/spdx_licenses/licenseIDs.mli
/usr/lib64/ocaml/spdx_licenses/exceptionIDs.mli
 3 packages and 0 specfiles checked; 1 errors, 2 warnings, 13 filtered, 1
badness; has taken 0.3 s 



Source checksums
----------------
https://github.com/kit-ty-kate/spdx_licenses/archive/v1.2.0/spdx_licenses-1.2.0.tar.gz
:
  CHECKSUM(SHA256) this package     :
d2fd1fcc2da4dea294333f00ef43021fb40baf30cc3cc3814272101120f19195
  CHECKSUM(SHA256) upstream package :
d2fd1fcc2da4dea294333f00ef43021fb40baf30cc3cc3814272101120f19195


Requires
--------
ocaml-spdx-licenses (rpmlib, GLIBC filtered):
    ocaml(CamlinternalFormatBasics)
    ocaml(Spdx_licenses__)
    ocaml(Spdx_licenses__ExceptionIDs)
    ocaml(Spdx_licenses__Lexer)
    ocaml(Spdx_licenses__LicenseIDs)
    ocaml(Spdx_licenses__Parser)
    ocaml(Spdx_licenses__Types)
    ocaml(Stdlib)
    ocaml(Stdlib__Array)
    ocaml(Stdlib__Either)
    ocaml(Stdlib__Int32)
    ocaml(Stdlib__Lexing)
    ocaml(Stdlib__List)
    ocaml(Stdlib__Obj)
    ocaml(Stdlib__Parsing)
    ocaml(Stdlib__Result)
    ocaml(Stdlib__Seq)
    ocaml(Stdlib__String)
    ocaml(Stdlib__Uchar)
    rtld(GNU_HASH)

ocaml-spdx-licenses-devel (rpmlib, GLIBC filtered):
    ocaml(CamlinternalFormatBasics)
    ocaml(Spdx_licenses__)
    ocaml(Spdx_licenses__ExceptionIDs)
    ocaml(Spdx_licenses__Lexer)
    ocaml(Spdx_licenses__LicenseIDs)
    ocaml(Spdx_licenses__Parser)
    ocaml(Spdx_licenses__Types)
    ocaml(Stdlib)
    ocaml(Stdlib__Array)
    ocaml(Stdlib__Either)
    ocaml(Stdlib__Int32)
    ocaml(Stdlib__Lexing)
    ocaml(Stdlib__List)
    ocaml(Stdlib__Obj)
    ocaml(Stdlib__Parsing)
    ocaml(Stdlib__Result)
    ocaml(Stdlib__Seq)
    ocaml(Stdlib__String)
    ocaml(Stdlib__Uchar)
    ocaml-spdx-licenses(x86-64)
    ocamlx(Spdx_licenses__ExceptionIDs)
    ocamlx(Spdx_licenses__Lexer)
    ocamlx(Spdx_licenses__LicenseIDs)
    ocamlx(Spdx_licenses__Parser)
    ocamlx(Stdlib)
    ocamlx(Stdlib__Array)
    ocamlx(Stdlib__Bytes)
    ocamlx(Stdlib__Lexing)
    ocamlx(Stdlib__List)
    ocamlx(Stdlib__Parsing)
    ocamlx(Stdlib__Result)
    ocamlx(Stdlib__String)



Provides
--------
ocaml-spdx-licenses:
    ocaml(Spdx_licenses)
    ocaml(Spdx_licenses__)
    ocaml(Spdx_licenses__ExceptionIDs)
    ocaml(Spdx_licenses__Lexer)
    ocaml(Spdx_licenses__LicenseIDs)
    ocaml(Spdx_licenses__Parser)
    ocaml(Spdx_licenses__Types)
    ocaml-spdx-licenses
    ocaml-spdx-licenses(x86-64)

ocaml-spdx-licenses-devel:
    ocaml(Spdx_licenses)
    ocaml(Spdx_licenses__)
    ocaml(Spdx_licenses__ExceptionIDs)
    ocaml(Spdx_licenses__Lexer)
    ocaml(Spdx_licenses__LicenseIDs)
    ocaml(Spdx_licenses__Parser)
    ocaml-spdx-licenses-devel
    ocaml-spdx-licenses-devel(x86-64)
    ocamlx(Spdx_licenses)
    ocamlx(Spdx_licenses__)
    ocamlx(Spdx_licenses__ExceptionIDs)
    ocamlx(Spdx_licenses__Lexer)
    ocamlx(Spdx_licenses__LicenseIDs)
    ocamlx(Spdx_licenses__Parser)



Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24
Command line :/usr/bin/fedora-review -b 2297781
Buildroot used: fedora-rawhide-x86_64
Active plugins: Shell-api, C/C++, Generic, Ocaml
Disabled plugins: Perl, Python, fonts, Java, Haskell, R, PHP, SugarActivity
Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=2297781

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202297781%23c2

-- 
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux