https://bugzilla.redhat.com/show_bug.cgi?id=1512226
Bug ID: 1512226 Summary: Review Request: python3-flask-cors - Cross Origin Resource Sharing ( CORS ) support for Flask Product: Fedora Version: rawhide Component: Package Review Severity: medium Assignee: nobody@fedoraproject.org Reporter: ddavidcarlos1392@gmail.com QA Contact: extras-qa@fedoraproject.org CC: package-review@lists.fedoraproject.org
Spec URL: https://davidcarlos.fedorapeople.org/specs/python3-flask-cors.spec SRPM URL: https://davidcarlos.fedorapeople.org/srpms/python3-flask-cors-3.0.3-1.fc28.s... Description:
Hello!. I just finished packaging up python3-flask-cors. I would appreciate a review so that I can get it into Fedora.
flask-cors is a Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
Fedora Account System Username: davidcarlos
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
David Carlos ddavidcarlos1392@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ddavidcarlos1392@gmail.com Blocks| |177841 (FE-NEEDSPONSOR)
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=177841 [Bug 177841] Tracker: Review requests from new Fedora packagers who need a sponsor
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
Athos Ribeiro athoscribeiro@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |athoscribeiro@gmail.com Assignee|nobody@fedoraproject.org |athoscribeiro@gmail.com Flags| |fedora-review?
--- Comment #1 from Athos Ribeiro athoscribeiro@gmail.com --- Hi David,
As we have spoken before, I will sponsor you in the packagers group. While I review your package, it would be nice to see a few informal package reviews from you. [1] and [2] may help you with that. You can post the links for your informal reviews in this bug.
Also, please send an email to the devel mailing list introducing yourself with a link to this bug.
[1] https://fedoraproject.org/wiki/Packaging:ReviewGuidelines [2] https://fedoraproject.org/wiki/Package_Review_Process
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
--- Comment #2 from Athos Ribeiro athoscribeiro@gmail.com --- - You should use the python macros for building and installing the package. See [1].
- The docs directory contains the sources for the package documentation, not the actual documentation. You want to either compile the docs and provide them compiled or not provide them at all (I'd prefer the first option). Also, The README and CHANGELOG files should also go in %doc since they may contain useful information for users.
- Please, see [2] to set the proper Source URL for the package according to Fedora guidelines.
Note that the package does not build at the moment:
cd python3-flask-cors-3.0.3 /var/tmp/rpm-tmp.4frmkX: line 38: cd: python3-flask-cors-3.0.3: No such file or directory
It cannot find the proper directory. This will be fixed when you address the source name issue, but it could also be addressed by passing the source dir name to %autosetup (do stick with the first option: fix the source url).
When you make changes during this review, please bump the package release so I can see you can properly do so.
Please, provide a koji scratch build (or a copr build) of the package so I can see your package does build without the need to build it here (I will build the package during the review, but I want to see you took the time to make sure it does build correctly).
[1] https://fedoraproject.org/wiki/Packaging:Python [2] https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/SourceURL#Gi...
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
Miro Hrončok mhroncok@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mhroncok@redhat.com
--- Comment #3 from Miro Hrončok mhroncok@redhat.com --- Since python-flask-cors is not in Fedora, the source package should be named just python-flask-cors and the package should produce the python3-flask-cors subpackage (no need for python2-flask-cors at all, but the structure must allow it).
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
Aivar Annamaa aivar.annamaa@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |aivar.annamaa@gmail.com
--- Comment #4 from Aivar Annamaa aivar.annamaa@gmail.com --- Here is my unofficial review. (It is also my first package review.) I did not repeat the issues reported by Athos.
During review I also created an alternative spec-file which fixed some of the problems listed below. Should I post this as well?
General comments: I think it's a useful package. The spec file was clearly written but requires more work.
Package Review ==============
Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
Issues: ======= - Source package name should be python-flask-cors and python3-flask-cors should defined as subpackage (as Miro already said). See also https://fedoraproject.org/wiki/Packaging:Naming?rd=Packaging:NamingGuideline... This would allow providing binary packages for both Python 2 and Python 3 (I tried this approach and was able to build both).
- "Requres:" part is missing. I would use "Requires: %{py3_dist flask six}". Not sure how it should be if common Python 2 + Python 3 package is wanted. Looks like in some case it's done with conditionals (eg. https://apps.fedoraproject.org/packages/python-flask-wtf/sources/spec) but if I've understood correctly then "Requires: %{py2_dist flask six} %{py3_dist flask six}" would also do the right thing
(https://fedoraproject.org/wiki/Packaging:Python#Requires_and_BuildRequires_w...).
- I would use %py3_build instead of `%{__python3} setup.py build` and %py3_install instead of `%{__python3} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT`
- Sources used to build the package match the upstream source, as provided in the spec URL. Note: Upstream MD5sum check error, diff: - Only in upstream-unpacked/Source0: flask-cors-3.0.3 - Only in srpm-unpacked/3.0.3.tar.gz-extract: python3-flask-cors-3.0.3 Looks like in the tar.gz in srpm, the top directory has been renamed.
- Why are there spaces between CORS and parentheses in Summary?
===== MUST items =====
Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [!]: Package is named according to the Package Naming Guidelines. Note: See the "Issues" section above [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [!]: Requires correct, justified where necessary. Note: Requires is missing. See the "Issues" section above [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 30720 bytes in 4 files. [x]: Package complies to the Packaging Guidelines Note: Python specific problems listed separately. [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local
Python: [x]: Python eggs must not download any dependencies during the build process. [-]: A package which is used by another package via an egg interface should provide egg info. [!]: Package meets the Packaging Guidelines::Python Note: problem with package naming, see the "Issues" section. [x]: Package contains BR: python2-devel or python3-devel [x]: Binary eggs must be removed in %prep
===== SHOULD items =====
Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [!]: Package functions as described. Note: installed package is not usable because Flask doesn't get installed. See the "Issues" section about missing Requires. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [?]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified.
===== EXTRA items =====
Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM.
Rpmlint ------- Checking: python3-flask-cors-3.0.3-1.fc27.noarch.rpm python3-flask-cors-3.0.3-1.fc27.src.rpm python3-flask-cors.src: W: file-size-mismatch 3.0.3.tar.gz = 28464, https://github.com/corydolphin/flask-cors/archive/3.0.3.tar.gz = 28468 2 packages and 0 specfiles checked; 0 errors, 1 warnings.
Rpmlint (installed packages) ---------------------------- sh: /usr/bin/python: No such file or directory python3-flask-cors.noarch: W: invalid-url URL: https://github.com/corydolphin/flask-cors <urlopen error [Errno -2] Name or service not known> 1 packages and 0 specfiles checked; 0 errors, 1 warnings.
Note: I assume the first line here isn't an actual error.
Requires -------- python3-flask-cors (rpmlib, GLIBC filtered): python(abi)
Provides -------- python3-flask-cors: python3-flask-cors python3.6dist(flask-cors) python3dist(flask-cors)
Source checksums ---------------- https://github.com/corydolphin/flask-cors/archive/3.0.3.tar.gz : CHECKSUM(SHA256) this package : bd1584c6ddac6d5f0616ece50c7f2f7ae1c68e72c10e2ecadd7a02cbd8eafabe CHECKSUM(SHA256) upstream package : bbd7c63ed38f9ef3f096582408429dd65150e106006a87ad9fb86e854dd95b8e diff -r also reports differences
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
--- Comment #5 from Miro Hrončok mhroncok@redhat.com --- (In reply to Aivar Annamaa from comment #4)
- "Requres:" part is missing. I would use "Requires: %{py3_dist flask six}". Not sure how it should be if common Python 2 + Python 3 package is wanted. Looks like in some case it's done with conditionals (eg. https://apps.fedoraproject.org/packages/python-flask-wtf/sources/spec) but if I've understood correctly then "Requires: %{py2_dist flask six} %{py3_dist flask six}" would also do the
right thing
Each subpackage has it's own Requires. In this case, the only subpackage should have %{py3_dist flask six} (or similar).
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
--- Comment #6 from David Carlos ddavidcarlos1392@gmail.com --- Hello,
Thanks for the review. I have generated a new release of python-cors package, based on your reviews.
Copr build: https://copr.fedorainfracloud.org/coprs/davidcarlos/flask-cors/build/677573/ Spec: https://copr-be.cloud.fedoraproject.org/results/davidcarlos/flask-cors/fedor... Srpm: https://copr-be.cloud.fedoraproject.org/results/davidcarlos/flask-cors/fedor... Rpm: https://copr-be.cloud.fedoraproject.org/results/davidcarlos/flask-cors/fedor...
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
--- Comment #7 from David Carlos ddavidcarlos1392@gmail.com --- I have generated another build fixing some issues
Copr build: https://copr-be.cloud.fedoraproject.org/results/davidcarlos/flask-cors/fedor... Spec: https://copr-be.cloud.fedoraproject.org/results/davidcarlos/flask-cors/fedor... Srpm: https://copr-be.cloud.fedoraproject.org/results/davidcarlos/flask-cors/fedor...
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
--- Comment #8 from Aivar Annamaa aivar.annamaa@gmail.com --- This looks good to my (beginner) eye!
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
--- Comment #9 from Athos Ribeiro athoscribeiro@gmail.com --- Hi David,
Your package looks good to me and we are ready to moving forward on sponsoring you into the packagers group. Any news on those informal package reviews? You can link them here :)
https://bugzilla.redhat.com/show_bug.cgi?id=1512226
Robert-André Mauchin zebob.m@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |zebob.m@gmail.com Flags| |needinfo?(ddavidcarlos1392@ | |gmail.com)
--- Comment #10 from Robert-André Mauchin zebob.m@gmail.com --- Sell interested by packaging David?
I'm proposing you to review https://bugzilla.redhat.com/show_bug.cgi?id=1636111
Please be thorough. The guidelines are here to help you: https://docs.fedoraproject.org/en-US/packaging-guidelines
If you want to be extra diligent, you can look at the recent Packaging Committee issue: https://pagure.io/packaging-committee/issues
Please include a reference to the appropriate guideline for most errors you find.
Post the review here or send me an email.
package-review@lists.fedoraproject.org