https://bugzilla.redhat.com/show_bug.cgi?id=2269411 --- Comment #41 from Daniel Mellado <dmellado@xxxxxxxxxx> --- (In reply to Fabio Valentini from comment #39) > Doing another review round: > > 1. > > > SourceLicense: Apache-2.0 > > License: Apache-2.0 > > # LICENSE.dependencies contains a full license breakdown > > Both SourceLicense and License are wrong here. > > The SourceLicense tag doesn't apply here (it would need to cover the vendor > tarball), so it's better to not specify it at all. > The License tag doesn't account for statically linked dependencies, i.e. the > output of the `%{cargo_license_summary}` macro. > > 2. > > > BuildRequires: openssl-devel > > BuildRequires: pkgconfig(zlib) > > BuildRequires: gcc > > It would be great to get these documented, something like this: > > """ > # dependency for the bundled openssl-sys crate > BuildRequires: openssl-devel > # dependency for the bundled libz-sys crate > BuildRequires: pkgconfig(zlib) > # dependency for the bundled cc crate > BuildRequires: gcc > """ > > 3. > > > # Remove references to p434 curve in fiat-crypto > > sed -i '/^pub mod p434_64;/d' vendor/fiat-crypto-0.2.9/src/lib.rs > > The source code is still in the vendor tarball. Fedora is not allowed to > distribute that. You will need to remove the file from the vendored > fiat-crypto sources and recompress the vendor tarball. > > 4. > > > # Skip image_pull_* tests as require Internet to pull images from a registry > > %cargo_test -- -- --skip oci_utils::image_manager::tests::image_pull_failure --skip oci_utils::image_manager::tests::image_pull_and_bytecode_verify --skip oci_utils::image_manager::tests::private_image_pull_and_bytecode_verify --skip oci_utils::image_manager::tests::image_pull_policy_never_failure > > If all you need to do is skip all tests that match "image_pull_", then this > is equivalent: > > > %cargo_test -- -- --skip image_pull_ > > Since cargo does substring matching on test names by default (to use exact > string matches, the "--exact" flag needs to be passed). Thanks for the detailed review! I addressed your points and added a few more comments in the specfile for extra clarification. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2269411 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202269411%23c41 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
