https://bugzilla.redhat.com/show_bug.cgi?id=2304209 --- Comment #2 from Jerry James <loganjerry@xxxxxxxxx> --- Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= - Regarding the license, libstdlib/src/stub.sol has an Apache-2.0 comment at the top. Are the contents of libstdlib included in the binary rpm? - The declared license is GPL-3.0-only, but most source files contain the "any later version" language, for example: - liblangutil/Common.h - libsolc/libsolc.h - solc/main.cpp - Some source files are derived from V8 and carry a BSD-3-Clause declaration, in addition to the GPL-3.0-or-later declaration: - liblangutil/CharStream.{cpp,h} - liblangutil/Scanner.{cpp,h} - liblangutil/Token.{cpp,h} - Also, libsolutil/picosha2.h has an MIT declaration - Not necessarily an issue, but I want to make sure you know that upstream overrides the Fedora choice of -O2, adding -O3 to the build flags - I don't know how seriously we take the "American English" thing, but I will note that "behaviour" in %description is the British English spelling. We lazy Americans drop the "u": "behavior". (See the spelling-error rpmlint warning below.) - Is there any hope of doing something useful in %check; e.g., run the binary with some simple input just to verify that it doesn't crash? - Please consider generating man pages with help2man (see the no-manual-page-for-binary warning below) ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* MIT License", "GNU General Public License v3.0 or later", "*No copyright* GNU General Public License, Version 3", "MIT License", "*No copyright* GNU General Public License v3.0 or later", "BSD 3-Clause License and/or GNU General Public License v3.0 or later", "*No copyright* GNU General Public License v3.0 or later [generated file]", "GNU General Public License, Version 3 and/or MIT License", "*No copyright* Apache License 2.0", "GNU General Public License v3.0 or later and/or MIT License", "Apache License 2.0", "*No copyright* Boost Software License 1.0", "*No copyright* GNU General Public License, Version 2", "GNU General Public License, Version 3", "*No copyright* Creative Commons CC0 1.0", "*No copyright* GNU General Public License, Version 3 and/or MIT License", "*No copyright* Do What The Fuck You Want To Public License, Version 2". 9147 files have unknown license. Detailed output of licensecheck in /home/jamesjer/2304209-solidity/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 6814 bytes in 2 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [!]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [x]: Rpmlint is run on debuginfo package(s). Note: There are rpmlint messages (see attachment). [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (debuginfo) ------------------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- ================================================ rpmlint session starts ================================================ rpmlint: 2.5.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 solidity.x86_64: E: spelling-error ('behaviour', '%description -l en_US behaviour -> behavior') solidity.x86_64: W: no-manual-page-for-binary solc solidity.x86_64: W: no-manual-page-for-binary yul-phaser =========== 1 packages and 0 specfiles checked; 1 errors, 2 warnings, 3 filtered, 1 badness; has taken 0.1 s =========== Source checksums ---------------- https://github.com/ethereum/solidity/archive/v0.8.26/solidity-0.8.26.tar.gz : CHECKSUM(SHA256) this package : 5ffa31a4eae8770962e9f2941dd83578f033005109db2ffbba1ce7e10392fafc CHECKSUM(SHA256) upstream package : 5ffa31a4eae8770962e9f2941dd83578f033005109db2ffbba1ce7e10392fafc Requires -------- solidity (rpmlib, GLIBC filtered): cvc5 libboost_filesystem.so.1.83.0()(64bit) libboost_program_options.so.1.83.0()(64bit) libc.so.6()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3.1)(64bit) libm.so.6()(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(CXXABI_1.3.13)(64bit) libstdc++.so.6(CXXABI_1.3.15)(64bit) libstdc++.so.6(CXXABI_1.3.3)(64bit) libstdc++.so.6(CXXABI_1.3.5)(64bit) libstdc++.so.6(CXXABI_1.3.9)(64bit) libz3.so.4.13()(64bit) rtld(GNU_HASH) solidity-debuginfo (rpmlib, GLIBC filtered): solidity-debugsource (rpmlib, GLIBC filtered): Provides -------- solidity: solidity solidity(x86-64) solidity-debuginfo: debuginfo(build-id) solidity-debuginfo solidity-debuginfo(x86-64) solidity-debugsource: solidity-debugsource solidity-debugsource(x86-64) Diff spec file in url and in SRPM --------------------------------- --- /home/jamesjer/2304209-solidity/srpm/solidity.spec 2024-08-16 14:30:33.811171381 -0600 +++ /home/jamesjer/2304209-solidity/srpm-unpacked/solidity.spec 2024-08-11 18:00:00.000000000 -0600 @@ -1,3 +1,5 @@ +# Git hash of a tagged commit %global git_hash 8a97fa7a1db1ec509221ead6fea6802c684ee887 +#%%undefine _package_note_file Summary: Object-oriented, high-level language for implementing smart contracts Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2304209 -m fedora-rawhide-x86_64 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, C/C++, Generic Disabled plugins: PHP, Java, SugarActivity, Haskell, Python, Perl, Ocaml, fonts, Ruby, R Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2304209 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202304209%23c2 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
