https://bugzilla.redhat.com/show_bug.cgi?id=1936772
Aleksei Bavshin alebastr89@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |alebastr89@gmail.com Assignee|nobody@fedoraproject.org |alebastr89@gmail.com Doc Type|--- |If docs needed, set a value Flags| |fedora-review?
--- Comment #1 from Aleksei Bavshin alebastr89@gmail.com ---
Name: sixel
Upstream name is libsixel and all other distributions are unanimously using it[1]. Let's avoid renaming the package without a good reason.
Source0: https://github.com/saitoha/lib%%7Bname%7D/releases/download/v%%7Bversion%7D/...
You can shorten Source to %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz. But the release archive lacks license files[2] so you'd really want to use %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
BuildRequires: git
Unnecessary. Noting in the build process requires git.
BuildRequires: gcc BuildRequires: pkgconfig(libjpeg) BuildRequires: pkgconfig(libpng)
Missing `BuildRequires: make` [3].
There's an optional dependency on libcurl, but given that there are at least 2 known CVEs[4][5] in the file loaders it's better to keep network support disabled.
%package devel Summary: Development files for %{name} Provides: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Uh... what? You are trying to tell that the main package with libraries is not necessary if -devel is installed. I believe you meant `Requires: %{name}%{?_isa} = %{version}-%{release}`. Rpmlint agrees with me: sixel-devel.x86_64: W: no-dependency-on sixel/sixel-libs/libsixel
%package utils Summary: Binaries from the libsixel project
How about `SIXEL decoder and encoder utilities`?
License: MIT
You don't need to repeat the license for subpackage if it doesn't differ from the main one.
%description utils Binaries from libsixel.
sixel-utils.x86_64: W: description-shorter-than-summary Let's make that at least `%{summary}.`
make %{?_smp_mflags}
%make_build
make install DESTDIR=$RPM_BUILD_ROOT
%make_install
Source archive contains unit tests. Consider running them at build time with %check %make_build test
%files %doc ChangeLog NEWS
Please, add license files. For example: %license LICENSE LICENSE.{pnmcolormap,sdump,sixel,stb}
Some of those are MIT and it's important to distribute these along with the binaries.
%{_mandir}/man5/*.5*
The man file could be more suitable for devel or utils subpackage. It's just a generic description of a SIXEL format.
%files utils # we don't want libsixel-config
We really want it in -devel package. Some applications may call libsixel-config instead of using pkg-config at build time.
%{_datadir}/bash-completion/* %{_datadir}/zsh/*
Please, be more explicit. Also, you need to own the zsh completion directories (bash-completion is already owned by filesystem):
%{_datadir}/bash-completion/completions/* %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_*
--- [1] https://repology.org/project/libsixel/versions [2] https://github.com/saitoha/libsixel/pull/129 [3] https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot [4] https://github.com/saitoha/libsixel/issues/134 (CVE-2020-11721) [5] https://github.com/saitoha/libsixel/issues/136 (CVE-2020-19668)