https://bugzilla.redhat.com/show_bug.cgi?id=1947031
Bug ID: 1947031 Summary: Review Request: bitwarden - cli - Command line password manager Product: Fedora Version: rawhide Status: NEW Component: Package Review Assignee: nobody@fedoraproject.org Reporter: mikewoj97@gmail.com QA Contact: extras-qa@fedoraproject.org CC: package-review@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
SPEC URL: https://raw.githubusercontent.com/Nycticoraci/FriendlyFedora/gerry/bitwarden... SRPM URL: https://raw.githubusercontent.com/Nycticoraci/FriendlyFedora/gerry/bitwarden... Koji URL: https://koji.fedoraproject.org/koji/taskinfo?taskID=65242411
Description: Bitwarden CLI is a command line interface tool for accessing and managing a Bitwarden vault. The two languages used for the source code/dependencies are TypeScript and Node.js.
The dependencies for Bitwarden have been bundled together using nodejs-packaging-bundler.
The Bitwarden CLI was requested for package review in the past and I was told to submit a new ticket. The previous request's ticket number is 1918111, submitted by Michel Alexandre Salim in January 2021.
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
--- Comment #1 from Robert-André Mauchin 🐧 zebob.m@gmail.com --- What's you FAS id? Why the changelog doesn't contain your name?
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
--- Comment #2 from Robert-André Mauchin 🐧 zebob.m@gmail.com --- - Add a newline between changelog entries
- Uncomment this:
%dir %{nodejs_sitelib}/@bitwarden
- 0BSD → BSD
Package Review ==============
Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed
===== MUST items =====
Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 7 files have unknown license. Detailed output of licensecheck in /home/bob/packaging/review/bitwarden- cli/review-bitwarden-cli/licensecheck.txt [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [!]: Package requires other packages for directories it uses. Note: No known owner of /usr/lib/node_modules/@bitwarden [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local
===== SHOULD items =====
Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: Spec use %global instead of %define unless justified.
===== EXTRA items =====
Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM.
Rpmlint ------- Checking: bitwarden-cli-1.15.1-1.fc35.noarch.rpm bitwarden-cli-1.15.1-1.fc35.src.rpm bitwarden-cli.noarch: W: spelling-error %description -l en_US js -> dis, ks, j bitwarden-cli.noarch: W: invalid-license 0BSD bitwarden-cli.noarch: W: only-non-binary-in-usr-lib bitwarden-cli.noarch: W: hidden-file-or-dir /usr/lib/node_modules/@bitwarden/cli/node_modules/.bin bitwarden-cli.noarch: W: hidden-file-or-dir /usr/lib/node_modules/@bitwarden/cli/node_modules_prod/.bin bitwarden-cli.noarch: W: hidden-file-or-dir /usr/lib/node_modules/@bitwarden/cli/node_modules_prod/.bin bitwarden-cli.noarch: W: no-manual-page-for-binary bw bitwarden-cli.src: W: spelling-error %description -l en_US js -> dis, ks, j bitwarden-cli.src: W: invalid-license 0BSD bitwarden-cli.src: W: invalid-url Source1: @bitwarden-cli-1.15.1-nm-prod.tgz 2 packages and 0 specfiles checked; 0 errors, 10 warnings.
Please get back to me with your FAS info.
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
--- Comment #4 from Michael Wojcik mikewoj97@gmail.com --- FAS ID: michael_wojcik
SPEC URL: https://raw.githubusercontent.com/Nycticoraci/FriendlyFedora/main/bitwarden-...
SRPM URL: https://raw.githubusercontent.com/Nycticoraci/FriendlyFedora/main/bitwarden-...
Koji URL: https://koji.fedoraproject.org/koji/taskinfo?taskID=65421133
I uncommented %dir %{nodejs_sitelib}/@bitwarden and added new lines between changelogs.
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
Robert-André Mauchin 🐧 zebob.m@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |177841 (FE-NEEDSPONSOR)
--- Comment #5 from Robert-André Mauchin 🐧 zebob.m@gmail.com --- - You didn't change 0BSD to BSD
- You don't seem to be part of the packager group (https://accounts.fedoraproject.org/user/michael_wojcik/), you'll need to be sponsored into it, see https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=177841 [Bug 177841] Tracker: Review requests from new Fedora packagers who need a sponsor
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
--- Comment #6 from Robert-André Mauchin 🐧 zebob.m@gmail.com --- (In reply to Fabio Valentini from comment #3)
(In reply to Robert-André Mauchin 🐧 from comment #2)
Sorry for interrupting. :)
[...]
- 0BSD → BSD
[...]
bitwarden-cli.src: W: invalid-license 0BSD
Note that this is a false positive warning in rpmlint; "0BSD" is a valid license specifier in Fedora, denoting the Zero-Clause BSD License.
See: https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses (sixth one from the bottom in the "Good" list), or: https://fedoraproject.org/wiki/Licensing/ZeroClauseBSD
(In reply to Robert-André Mauchin 🐧 from comment #5)
- You didn't change 0BSD to BSD
oops sorry I didn't catch that.
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
Robert-André Mauchin 🐧 zebob.m@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|nobody@fedoraproject.org |zebob.m@gmail.com Flags| |fedora-review+
--- Comment #7 from Robert-André Mauchin 🐧 zebob.m@gmail.com --- The package is approved, but you still need to find a sponsor.
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
--- Comment #8 from Michael Wojcik mikewoj97@gmail.com --- Excellent, I will speak with my project sponsor.
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
Major Hayden 🤠 mhayden@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mhayden@redhat.com
--- Comment #9 from Major Hayden 🤠 mhayden@redhat.com --- Any update on this one? I'd love to see this packaged. 😉
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
--- Comment #10 from Maxwell G gotmax@e.email --- Robert-Andre, it looks like you are now a sponsor[1]. Are you able to sponsor Michael? I'd really like to see this packaged.
Thanks, Maxwell
[1]: https://accounts.fedoraproject.org/group/packager/
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
--- Comment #11 from Maxwell G gotmax@e.email --- Michael,
There also seems to be a new upstream version[1].
[1]: https://github.com/bitwarden/cli/releases/tag/v1.20.0
https://bugzilla.redhat.com/show_bug.cgi?id=1947031
Robert-André Mauchin 🐧 zebob.m@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(mikewoj97@gmail.c | |om)
--- Comment #12 from Robert-André Mauchin 🐧 zebob.m@gmail.com --- I haven't heard back from @mikewoj97@gmail.com I am willing to sponsor him if he does some reviews/contribute some PR or anything that shows the packaging guidelines are understood. If your hear no answer from him, consider starting a FE:DEADREVIEW process.
package-review@lists.fedoraproject.org