https://bugzilla.redhat.com/show_bug.cgi?id=2334976 --- Comment #12 from Ben Beasley <code@xxxxxxxxxxxxxxxxxx> --- Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Notes: ====== - Since meson always uses ninja, this is harmless but unnecessary: BuildRequires: ninja-build - While rpmlint flags cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CambalachePrivate-3.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CambalachePrivate-4.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-3.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-4.0.gir cambalache.x86_64: E: devel-dependency gtksourceview5-devel I suspect that these may be legitimate. Normally these %{_datadir}/gir-1.0/CambalachePrivate-3.0.gir %{_datadir}/gir-1.0/CambalachePrivate-4.0.gir %{_datadir}/gir-1.0/CmbCatalogUtils-3.0.gir %{_datadir}/gir-1.0/CmbCatalogUtils-4.0.gir and at least some of the Requires on -devel packages would belong in a cambalache-devel package, with .typelib files used for runtime introspection from dynamic languages. On the other hand, since this is a developer tool, all bets are off – it really might need things that would normally go in a -devel package at runtime. It’s worth having a second look at this, but in the end, you know the package better than I do, and I have only so much time to study it. I have to assume you’ve made a reasonable choice. If including these in the base package does turn out to be an error, then it’s one that causes very little harm. Issues: ======= - Package must not depend on deprecated() packages. Note: python3-pytest7 is deprecated, you must not depend on it. See: https://docs.fedoraproject.org/en-US/packaging- guidelines/deprecating-packages/ This is spurious; the package built with pytest 8.3.4. - The following CSS files have licenses other than License: LGPL-2.1-only AND GPL-2.0-only GPL-2.0-or-later: - cambalache/app/cambalache.css - cambalache/cambalache.css Since these files are packed into .gresource files, e.g. /usr/share/cambalache/cambalache.gresource, they *do* contribute to the licenses of the binary RPMs, and "AND GPL-2.0-or-later" should be added to the License. The CSS file cambalache/merengue/merengue.css is LGPL-2.1-only, which is already covered. I agree that at least tools/cmb_catalog_gen/cmb_catalog_utils.{c,h}, which are GPL-2.0-only, do appear to contribute to the licenses of the binary RPMs. Therefore, overall, I think the License should be: License: LGPL-2.1-only AND GPL-2.0-only AND GPL-2.0-or-later - It would be nice to have a breakdown of which files are under which licenses in the spec file. This would make auditing future updates easier. Since this is no longer formally required by policy (https://gitlab.com/fedora/legal/fedora-legal-docs/-/issues/64), this change is NOT required for package approval. - The following comment contains a spec-file macro, which will be expanded: # Needed for ownsership of %{_datadir}/gir-1.0 This produces warnings. It doesn’t hurt anything in practice because the expansion of %{_datadir} does not contain newlines, but a better practice would be: # Needed for ownership of %%{_datadir}/gir-1.0 (Also, the comment contains a minor typo, ownsership for ownership.) - I tried mock -r fedora-rawhide-x86_64 --scrub=all, then I installed the cambalache RPM into the chroot and tried: # cambalache --help Traceback (most recent call last): File "/usr/bin/cambalache", line 42, in <module> from cambalache.app import CmbApplication File "/usr/lib/python3.13/site-packages/cambalache/__init__.py", line 26, in <module> import gi ModuleNotFoundError: No module named 'gi' So it looks like you need at least: Requires: python3-gobject-base and perhaps a corresponding BuildRequires for symmetry, although this would seem to be covered by pkgconfig(pygobject-3.0). This corresponds to the following line in meson.build: ['gi', '>= 3.48.0'], With python3-gobject-base installed: # cambalache --help (process:32): Gtk-CRITICAL **: 11:49:09.678: gtk_icon_theme_get_for_display: assertion 'GDK_IS_DISPLAY (display)' failed (process:32): Gtk-CRITICAL **: 11:49:09.678: gtk_icon_theme_get_for_display: assertion 'GDK_IS_DISPLAY (display)' failed (process:32): Gtk-CRITICAL **: 11:49:09.678: gtk_icon_theme_get_for_display: assertion 'GDK_IS_DISPLAY (display)' failed Traceback (most recent call last): File "/usr/bin/cambalache", line 42, in <module> from cambalache.app import CmbApplication File "/usr/lib/python3.13/site-packages/cambalache/__init__.py", line 58, in <module> Gtk.StyleContext.add_provider_for_display(display, provider, Gtk.STYLE_PROVIDER_PRIORITY_APPLICATION) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: Argument 0 does not allow None as a value That’s better! Now let’s try with xwayland-run installed: # wlheadless-run -- cambalache File "/usr/lib/python3.13/site-packages/cambalache/utils.py", line 28, in <module> from lxml import etree ModuleNotFoundError: No module named 'lxml' [11:53:13.721] caught signal 15 [11:53:13.721] no-op renderer SHM seed: 2 Ok, so you also need: Requires: python3-lxml or, perhaps better: Requires: %{py3_dist lxml} corresponding to the following line in meson.build: ['lxml', '>= 4.5.0'], # wlheadless-run -- cambalache File "/usr/lib64/python3.13/site-packages/gi/__init__.py", line 122, in require_version raise ValueError('Namespace %s not available' % namespace) ValueError: Namespace Adw not available [11:55:45.960] caught signal 15 [11:55:45.960] no-op renderer SHM seed: 2 Ok, now I guess we are hitting these lines in meson.build: ['gi.repository.GLib', '>= 2.80.0'], ['gi.repository.Gtk', '>= 3.24.0', '3.0'], ['gi.repository.Gtk', '>= 4.16.0', '4.0'], ['gi.repository.WebKit2', '>= 2.44.0', '4.1'], ['gi.repository.WebKit', '>= 2.44.0', '6.0'], ['gi.repository.GtkSource', '', '5'], ['gi.repository.Handy'], ['gi.repository.Adw'], The interesting thing here is that we don’t seem to link libadwaita, but we still need its GObject introspection data. That seems to be the reason this wasn’t handled by automatic dependency generation. We only need the .typelib file, not the .gir file, so it’s sufficient to add: Requires: libadwaita Now we try again: # wlheadless-run -- cambalache (cambalache:36): Gtk-WARNING **: 12:01:28.382: Unable to acquire session bus: Cannot autolaunch D-Bus without X11 $DISPLAY (cambalache:36): Gdk-CRITICAL **: 12:01:28.422: gdk_seat_get_keyboard: assertion 'GDK_IS_SEAT (seat)' failed (cambalache:36): Gtk-WARNING **: 12:01:28.504: CmbGResourceEditor 0x5560aebe6980 (CmbGResourceEditor) reported min height 179 and natural height 148 in measure() with for_size=420; natural size must be >= min size [Hangs until Ctrl+C, no further output] Similarly, with xorg-x11-server-Xvfb installed: # xvfb-run cambalache (cambalache:45): Gtk-WARNING **: 12:04:57.774: Unable to acquire session bus: Failed to execute child process “dbus-launch” (No such file or directory) (cambalache:45): Gtk-WARNING **: 12:04:57.867: CmbGResourceEditor 0x558b46a5aec0 (CmbGResourceEditor) reported min height 179 and natural height 148 in measure() with for_size=420; natural size must be >= min size [Hangs until Ctrl+C, no further output] So it *looks* like these are sufficient, in addition to the Requires already present: Requires: libadwaita Requires: python3-gobject-base Requires: python3-lxml - At ~1.3 MB, the contents of /usr/share/cambalache are large enough that you might consider separating them into a noarch -data subpackage upon which the base package depends, so that the noarch package can be shared across architectures (saving storage on Fedora mirrors). However, this directory is still small enough that I wouldn’t consider separating it to be *necessary*. - Could you please add a comment to the spec file briefly summarizing the reason for packaging a post-release snaphsot? ===== MUST items ===== C/C++: [x]: Package does not contain kernel modules. [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. None of these is in the default linker path: %{_libdir}/cambalache/libcambalacheprivate-3.so %{_libdir}/cambalache/libcambalacheprivate-4.so %{_libdir}/cmb_catalog_gen/libcmbcatalogutils-3.so %{_libdir}/cmb_catalog_gen/libcmbcatalogutils-4.so They appear to be correctly installed, and they do not belong in a -devel subpackage. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "GNU Lesser General Public License, Version 2.1", "GNU General Public License, Version 2", "*No copyright* GNU General Public License and/or GNU Lesser General Public License", "GNU General Public License v2.0 or later". 162 files have unknown license. Detailed output of licensecheck in /home/ben/fedora/review/2334976-cambalache/licensecheck.txt See Issues, above. Some files that contribute to the binary RPMs are GPL-2.0-or-later. [!]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. This would be nice, and would make auditing future updates easier, although it is no longer formally required (https://gitlab.com/fedora/legal/fedora-legal-docs/-/issues/64). [x]: Package must own all directories that it creates. Note: Directories without known owners: /usr/lib/python3.13, /usr/lib/python3.13/site-packages These diagnostics are spurious; python3-libs owns those directories. [-]: Package does not own files or directories owned by other packages. Note: Dirs in package are owned also by: /usr/share/mime(shared-mime- info, systemd), /usr/share/mime/packages(lterm, systemd, shared-mime- info, gsequencer, cmake-gui, luminance-hdr) It’s appropriate for these directories to be co-owned if shared-mime-info is not a natural dependency of cambalache, i.e., shared-mime-info is not required for cambalache to function. I think that is the case here, which would make co-ownership the correct approach. https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_ownership [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: The spec file handles locales properly. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [!]: Requires correct, justified where necessary. See Issues. [x]: Spec file is legible and written in American English. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Package contains desktop file if it is a GUI application. [x]: Package installs a %{name}.desktop using desktop-file-install or desktop-file-validate if there is such a file. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local Python: [x]: Python eggs must not download any dependencies during the build process. [-]: A package which is used by another package via an egg interface should provide egg info. [x]: Package meets the Packaging Guidelines::Python [x]: Package contains BR: python2-devel or python3-devel [x]: Packages MUST NOT have dependencies (either build-time or runtime) on packages named with the unversioned python- prefix unless no properly versioned package exists. Dependencies on Python packages instead MUST use names beginning with python2- or python3- as appropriate. [x]: Python packages must not contain %{pythonX_site(lib|arch)}/* in %files [x]: Binary eggs must be removed in %prep ===== SHOULD items ===== Generic: [ ]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [ ]: Final provides and requires are sane (see attachments). [ ]: Package functions as described. [ ]: Latest version is packaged. [ ]: Package does not include license text files separate from upstream. [ ]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [ ]: Package should compile and build into binary rpms on all supported architectures. [ ]: %check is present and all tests pass. [ ]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [ ]: Large data in /usr/share should live in a noarch subpackage if package is arched. Note: Arch-ed rpms have a total of 1710080 bytes in /usr/share [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). Rpmlint ------- Checking: cambalache-0.94.1^20250115.31b93cef-1.fc42.x86_64.rpm cambalache-0.94.1^20250115.31b93cef-1.fc42.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.6.1 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp1hsoaopa')] checks: 32, packages: 2 cambalache.x86_64: W: no-manual-page-for-binary cambalache cambalache.x86_64: W: no-manual-page-for-binary cmb-catalog-gen cambalache.spec:45: W: macro-in-comment %{_datadir} cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CambalachePrivate-3.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CambalachePrivate-4.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-3.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-4.0.gir cambalache.x86_64: E: devel-dependency gtksourceview5-devel 2 packages and 0 specfiles checked; 1 errors, 7 warnings, 7 filtered, 1 badness; has taken 0.5 s Rpmlint (debuginfo) ------------------- Checking: cambalache-debuginfo-0.94.1^20250115.31b93cef-1.fc42.x86_64.rpm ============================ rpmlint session starts ============================ rpmlint: 2.6.1 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp9h1xvtsg')] checks: 32, packages: 1 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 16 filtered, 0 badness; has taken 0.2 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.6.1 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 2 cambalache.x86_64: W: no-manual-page-for-binary cambalache cambalache.x86_64: W: no-manual-page-for-binary cmb-catalog-gen cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CambalachePrivate-3.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CambalachePrivate-4.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-3.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-4.0.gir cambalache.x86_64: E: devel-dependency gtksourceview5-devel 2 packages and 0 specfiles checked; 1 errors, 6 warnings, 23 filtered, 1 badness; has taken 1.3 s Unversioned so-files -------------------- cambalache: /usr/lib64/cambalache/libcambalacheprivate-3.so cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-3.0.gir cambalache.x86_64: W: devel-file-in-non-devel-package /usr/share/gir-1.0/CmbCatalogUtils-4.0.gir cambalache.x86_64: E: devel-dependency gtksourceview5-devel 2 packages and 0 specfiles checked; 1 errors, 6 warnings, 23 filtered, 1 badness; has taken 1.3 s Unversioned so-files -------------------- cambalache: /usr/lib64/cambalache/libcambalacheprivate-3.so cambalache: /usr/lib64/cambalache/libcambalacheprivate-4.so cambalache: /usr/lib64/cmb_catalog_gen/libcmbcatalogutils-3.so cambalache: /usr/lib64/cmb_catalog_gen/libcmbcatalogutils-4.so Source checksums ---------------- https://gitlab.gnome.org/jpu/cambalache/-/archive/31b93cef8241bbba8cb232edcc5fd96b24584942/cambalache-31b93cef.tar.gz : CHECKSUM(SHA256) this package : b30f5a771fd6300e02f1b3f6fa7163f4c79148992ed4363de80a5834a386f8b7 CHECKSUM(SHA256) upstream package : b30f5a771fd6300e02f1b3f6fa7163f4c79148992ed4363de80a5834a386f8b7 Requires -------- cambalache (rpmlib, GLIBC filtered): /usr/bin/python3 gobject-introspection-devel(x86-64) gtksourceview5-devel hicolor-icon-theme libatk-1.0.so.0()(64bit) libc.so.6()(64bit) libgdk-3.so.0()(64bit) libglib-2.0.so.0()(64bit) libgobject-2.0.so.0()(64bit) libgtk-3.so.0()(64bit) libgtk-4.so.1()(64bit) pkgconfig(casilda-0.1) python(abi) rtld(GNU_HASH) webkit2gtk4.1-devel webkitgtk6.0-devel Provides -------- cambalache: application() application(ar.xjuan.Cambalache.desktop) cambalache cambalache(x86-64) libcambalacheprivate-3.so()(64bit) libcambalacheprivate-4.so()(64bit) libcmbcatalogutils-3.so()(64bit) libcmbcatalogutils-4.so()(64bit) metainfo() metainfo(ar.xjuan.Cambalache.metainfo.xml) mimehandler(application/x-cambalache-project) mimehandler(application/x-glade) mimehandler(application/x-gtk-builder) Diff spec file in url and in SRPM --------------------------------- --- /home/ben/fedora/review/2334976-cambalache/srpm/cambalache.spec 2025-01-31 18:11:32.083774315 -0500 +++ /home/ben/fedora/review/2334976-cambalache/srpm-unpacked/cambalache.spec 2025-01-28 19:00:00.000000000 -0500 @@ -1,2 +1,12 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.7.3) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 1; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + %global commit 31b93cef8241bbba8cb232edcc5fd96b24584942 %global shortcommit %(c=%{commit}; echo ${c:0:8}) @@ -105,3 +115,6 @@ %changelog -%autochangelog +## START: Generated by rpmautospec +* Wed Jan 29 2025 John Doe <packager@xxxxxxxxxxx> - 0.94.1^20250115.31b93cef-1 +- Uncommitted changes +## END: Generated by rpmautospec Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2334976 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Python, C/C++, Shell-api Disabled plugins: Haskell, Perl, R, SugarActivity, PHP, fonts, Ocaml, Java Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2334976 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202334976%23c12 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
