https://bugzilla.redhat.com/show_bug.cgi?id=2264719 Michal Ambroz <rebus@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |MODIFIED --- Comment #5 from Michal Ambroz <rebus@xxxxxxxxx> --- Thank you for preparing the package. I have found these 6 areas, which would deserve some discussion/improvement. === 1 Sources The package release ble-0.4.0-devel3.tar.xz is already pre-compiled scripts and not the source code. I believe for building the fedora package the original source code should be used. I understand that the ble-0.4.0-devel3.tar.xz is still readable set of scripts, but I believe long-term it would be difficult to make any patches to the package (if needed) and report them in the same shape to upstream. I mean we should be using the source code from https://github.com/akinomyoga/ble.sh/archive/refs/tags/v0.4.0-devel3.tar.gz#/blesh-%{version}.tar.gz and run the pre-processing during the build phase instead of just copying the the pre-compiled files from https://github.com/akinomyoga/ble.sh/releases/download/v0.4.0-devel3/ble-0.4.0-devel3.tar.xz. === 2 License This is bit related to the previous one - there is separate license file LICENSE.md in the source tar.gz release (or github), which could have been used in %license, but such file is not published in the pre-compiled tar.xz tarball ble-0.4.0-devel3.tar.xz. I have reported upstream that the pre-compiled tar.xz ball doesn't include the standalone license file - https://github.com/akinomyoga/ble.sh/issues/475, but still I would recommend building from source and taking the file there. === 3 Documentation RPM Package provides only brief usage guide relevant for Fedora (good). But it doesn't provide any documentation provided by upstream - README.md README-ja_JP.md doc/* . === 4 Check The check in the spec file is missing. I would recommend to add at least dummy sanity check %check bash -c "source %{buildroot}%{_libexecdir}/blesh/ble.sh" === 5 Reporting issues to upstream In the spec file I can see that you fix some file duplicities in the release by linking the files, but I have not found that issue reported to the upstream. Please have you reported that somehow? If not can you report the issue to upstream and note it in the spec file? == 6 Requirements There is one script with ksh in its shabang ... is ble.sh library meant to run also in ksh or not? BUILD/blesh-0.4.0_devel3-build/ble-0.4.0-devel3/lib/benchmark.ksh Should the ksh package one of the strong requirements (currently the build makes requirement to /usr/bin/ksh) or rather some weak dependency of Recommends perhaps ? Talking about that ... dependency to bash is not explicitly stated and is surprisingly not created same way as the /usr/bin/ksh dependency. I know bash is in most/all RedHat/Fedora Linux systems, but maybe the explicit requirement would not hurt, when we talk about functionality, which extends the working of bash. Some kind of dependency (Recommends?) should be also added to the tools used in the blesh scripts. Util - package gzip - gzip awk,gawk - awk sed - sed tput - ncurses gzip - gzip bzcat - bzip2 lzcat - xz-lzma-compat nroff,groff - groff-base date,stty,sort,readlink... - coreutils - probably not needed to be explicit about coreutils Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== Generic: [X]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. Note: Using prebuilt source from github [X]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [X]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: BSD-3-Clause AND MIT [X]: License file installed when any subpackage combination is installed. [X]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [!]: Package requires other packages for directories it uses. [X]: Package must own all directories that it creates. [X]: Package contains no bundled libraries without FPC exception. [X]: Changelog in prescribed format. [?]: Sources contain only permissible code or content. I believe the situation is on the edge. Package contains pre-processed bash scripts, which are technically still readable, but it is not the original source snapshot. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [-]: Package uses nothing in %doc for runtime. [X]: Package consistently uses macros (instead of hard-coded directory names). [?]: Package is named according to the Package Naming Guidelines. https://docs.fedoraproject.org/en-US/packaging-guidelines/Naming/#_addon_packages Package is providing another functionality to bash, so should be possibly named bash-blesh as addon package. But it sounds kinda silly and there are no other bash module packages besides the bash-argsparse, where already the upstream package is named bash-argsparse and not just argsparse. Checked also for the prior art in other distributions - this package is so far only in Arch, where the name "ble.sh" is also renamed to "blesh" for the package name. I leave this on the consideration of submitter and I tend to agree that blesh is better alternative to bash-blesh. [X]: Package does not generate any conflict. [X]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [X]: Requires correct, justified where necessary. [X]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [-]: Package is not known to require an ExcludeArch tag. [X]: Package complies to the Packaging Guidelines [X]: Package installs properly. [X]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [X]: The License field must be a valid SPDX expression. [X]: Package does not own files or directories owned by other packages. [X]: Package uses either %{buildroot} or $RPM_BUILD_ROOT Note: uses %{buildroot} consistently [X]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [X]: Macros in Summary, %description expandable at SRPM build time. [X]: Dist tag is present. [X]: Package does not contain duplicates in %files. [X]: Permissions on files are set properly. [X]: Package must not depend on deprecated() packages. [-]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [X]: Package is named using only allowed ASCII characters. Note: upstream "ble.sh" renamed to "blesh" [X]: Package does not use a name that already exists. [X]: Package is not relocatable. [X]: Sources used to build the package match the upstream source, as provided in the spec URL. [X]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [X]: File names are valid UTF-8. [X]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 2280 bytes in 1 files. [X]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [X]: Reviewer should test that the package builds in mock. [!]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [X]: Final provides and requires are sane (see attachments). [-]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in python3-xlrd2 [X]: Package functions as described. [X]: Latest version is packaged. Note: lates tagged release is packed, however there is 1 year of fixes on git head [X]: Package does not include license text files separate from upstream. [!]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [X]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. I would recommend adding at least a sanity %check of bash running " [X]: Packages should try to preserve timestamps of original installed files. [-]: Buildroot is not present [X]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [X]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [X]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [X]: Sources can be downloaded from URI in Source: tag [X]: SourceX is a working URL. [X]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [X]: Rpmlint is run on all installed packages. Note: No rpmlint messages. Source checksums ---------------- srpm c8612ee612bc6b10dbfd6e85c6cbdfd7caf152a12d1f9de22ea0a9d735b3080c ble-0.4.0-devel3.tar.xz upstream https://github.com/akinomyoga/ble.sh/releases/download/v0.4.0-devel3/ble-0.4.0-devel3.tar.xz c8612ee612bc6b10dbfd6e85c6cbdfd7caf152a12d1f9de22ea0a9d735b3080c ble-0.4.0-devel3.tar.xz Requires -------- Provides -------- Rpmlint ------- $ rpmlint blesh-0.4.0~devel3-2.fc41.src.rpm blesh-0.4.0~devel3-2.fc40.noarch.rpm blesh.spec ============================================================================================== rpmlint session starts ============================================================================================= rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 3 blesh.src: E: unknown-key 4e2a1f01 blesh.noarch: E: spelling-error ('zsh', '%description -l en_US zsh -> sh, ssh, ash') blesh.noarch: E: spelling-error ('autosuggestions', '%description -l en_US autosuggestions -> autosuggestion, auto suggestions, auto-suggestions') blesh.noarch: E: spelling-error ('dabbrev', '%description -l en_US dabbrev -> abbrev, d abbrev') blesh.noarch: E: spelling-error ('sabbrev', '%description -l en_US sabbrev -> abbrev, s abbrev') blesh.noarch: E: spelling-error ("readline's", "%description -l en_US readline's -> breadline's, deadline's, headline's") blesh.src: E: spelling-error ('zsh', '%description -l en_US zsh -> sh, ssh, ash') blesh.src: E: spelling-error ('autosuggestions', '%description -l en_US autosuggestions -> autosuggestion, auto suggestions, auto-suggestions') blesh.src: E: spelling-error ('dabbrev', '%description -l en_US dabbrev -> abbrev, d abbrev') blesh.src: E: spelling-error ('sabbrev', '%description -l en_US sabbrev -> abbrev, s abbrev') blesh.src: E: spelling-error ("readline's", "%description -l en_US readline's -> breadline's, deadline's, headline's") ===> spelling errors not relevant, otherwise package is clean $ scancode --license --copyright --license-references -n6 --html /tmp/scan.html ./ ===> license of BSD-3-Clause AND MIT seems to be correct -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2264719 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202264719%23c5 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
