https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Bug ID: 1821120 Summary: Review Request: wlogout - wayland based logout menu Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: Package Review Severity: medium Assignee: nobody@fedoraproject.org Reporter: bob.hepple@gmail.com QA Contact: extras-qa@fedoraproject.org CC: package-review@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
Spec URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86... SRPM URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86...
Description: A wayland based logout menu.
Fedora Account System Username: wef
Note that fedora-review incorrectly flags the /etc/wlogout/* files as 'not configuration'. They are exactly that - configuration files.
Package Review ==============
Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed
===== MUST items =====
C/C++: [ ]: Package does not contain kernel modules. [ ]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs.
Generic: [ ]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [ ]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [ ]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Expat License", "*No copyright* Expat License", "Unknown or generated". 24 files have unknown license. Detailed output of licensecheck in /home/bhepple/tmp/wlogout/licensecheck.txt [ ]: License file installed when any subpackage combination is installed. [ ]: Package does not own files or directories owned by other packages. Note: Dirs in package are owned also by: /usr/share/bash- completion(flatpak, breezy, libmbim, chocolate-doom, cpu-x, clevis, kmod, python3-trezor, docopt, lightdm, ffsend, the_silver_searcher, etckeeper, darcs, buildah, devscripts-checkbashisms, sway, maven, swaylock, tio, vagrant, beaker-client, yadifa-tools, calf, source- highlight, reprepro, toolbox, filesystem, licensecheck, zeitgeist, exa, rpmlint, bash-completion, tracker, cowsay, dotnet-host, mercurial-py3, zola, restic, dnf, swayidle, lxi-tools, mtr, pdfgrep, why3, glib2, pbuilder, cmake-data, python3-catkin_tools, awscli, bubblewrap, lxc, zypper, falkon, unar, tealdeer, skim, rtags, skopeo, cobbler, fedpkg, nitrokey-app, yadifa, exercism, clufter-cli, eg, devscripts, mercurial-py2, docker-compose, nnn, git-core, ethtool, git-annex, rkt, task, plowshare, ModemManager, dconf-editor, ripgrep, policycoreutils, datamash, hstr, ldc, stratis-cli, subversion, bodhi- client, python-django-bash-completion, gammu, gpaste, rpmspectool, fd- find, rpmdevtools, fedmod, libqmi, driverctl), /usr/share/bash- completion/completions(flatpak, breezy, libmbim, chocolate-doom, cpu-x, clevis, libappstream-glib, kmod, python3-trezor, docopt, lightdm, nbdkit-bash-completion, ffsend, firewalld, the_silver_searcher, etckeeper, buildah, devscripts-checkbashisms, sway, maven, swaylock, tio, vagrant, coccinelle-bash-completion, kompose, beaker-client, yadifa-tools, calf, source-highlight, reprepro, toolbox, filesystem, licensecheck, zeitgeist, exa, rpmlint, bash-completion, tracker, cowsay, dotnet-host, mercurial-py3, zola, restic, dnf, swayidle, lxi-tools, mtr, pdfgrep, why3, glib2, pbuilder, cmake-data, ndctl, python3-catkin_tools, awscli, libguestfs-bash- completion, bubblewrap, libnbd-bash-completion, lxc, zypper, lastpass- cli, falkon, unar, tealdeer, skim, rtags, skopeo, gtatool, cobbler, fedpkg, nitrokey-app, yadifa, exercism, clufter-cli, eg, devscripts, mercurial-py2, docker-compose, nnn, git-core, ethtool, git-annex, rkt, tig, task, firejail, plowshare, opensc, ModemManager, dconf-editor, ripgrep, calibre, datamash, nordugrid-arc-hed, minipro, hstr, ldc, GMT-common, python3-pip, xss-lock, stratis-cli, subversion, bodhi- client, python-django-bash-completion, gammu, gpaste, rpmspectool, fd- find, rpmdevtools, fedmod, libqmi, driverctl), /usr/share/fish(zola, bat, flatpak, fish, ffsend, exercism, tealdeer, fd-find, cpu-x, ripgrep, task, swayidle, ocrmypdf, sway, fedmod, docker-compose, exa, swaylock), /usr/share/fish/completions(task, fish), /usr/share/zsh(pulseaudio, reprepro, ripgrep, osmium-tool, cpu-x, awscli, python3-wstool, exa, polybar, ffsend, skim, curl, zola, kde- connect, etckeeper, exercism, xss-lock, stratis-cli, libinput, swayidle, mercurial-py2, sway, docker-compose, creds, zsh, swaylock, gpaste, pdfgrep, fd-find, mako, task, vcsh, why3, fedmod, ninja-build, mercurial-py3), /usr/share/zsh/site-functions(googler, flatpak, podman, pulseaudio, reprepro, osmium-tool, cpu-x, ripgrep, awscli, python3-wstool, exa, lastpass-cli, arch-install-scripts, polybar, ffsend, khard, skim, curl, firewalld, zola, buku, kde-connect, exercism, restic, xss-lock, stratis-cli, libinput, imgp, mercurial- py2, sway, swayidle, xpanes, docker-compose, creds, nnn, zsh, swaylock, ddgr, gpaste, pdfgrep, fd-find, mako, task, vcsh, why3, fzf, kompose, ninja-build, mercurial-py3) [ ]: %build honors applicable compiler flags or justifies otherwise. [ ]: Package contains no bundled libraries without FPC exception. [ ]: Changelog in prescribed format. [ ]: Sources contain only permissible code or content. [ ]: Package contains desktop file if it is a GUI application. [ ]: Development files must be in a -devel package [ ]: Package uses nothing in %doc for runtime. [ ]: Package consistently uses macros (instead of hard-coded directory names). [ ]: Package is named according to the Package Naming Guidelines. [ ]: Package does not generate any conflict. [ ]: Package obeys FHS, except libexecdir and /usr/target. [ ]: If the package is a rename of another package, proper Obsoletes and Provides are present. [ ]: Requires correct, justified where necessary. [ ]: Spec file is legible and written in American English. [ ]: Package contains systemd file(s) if in need. [ ]: Useful -debuginfo package or justification otherwise. [ ]: Package is not known to require an ExcludeArch tag. [ ]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [ ]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local
===== SHOULD items =====
Generic: [ ]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [ ]: Final provides and requires are sane (see attachments). [ ]: Package functions as described. [ ]: Latest version is packaged. [ ]: Package does not include license text files separate from upstream. [ ]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [ ]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [ ]: Package should compile and build into binary rpms on all supported architectures. [ ]: %check is present and all tests pass. [ ]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified.
===== EXTRA items =====
Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched.
Rpmlint ------- Checking: wlogout-1.1.1-2.fc33.x86_64.rpm wlogout-debuginfo-1.1.1-2.fc33.x86_64.rpm wlogout-debugsource-1.1.1-2.fc33.x86_64.rpm wlogout-1.1.1-2.fc33.src.rpm wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/layout wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/style.css wlogout.src: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out wlogout.src: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out 4 packages and 0 specfiles checked; 0 errors, 6 warnings.
Rpmlint (debuginfo) ------------------- Checking: wlogout-debuginfo-1.1.1-2.fc33.x86_64.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings.
Rpmlint (installed packages) ---------------------------- wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out wlogout.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known> wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/layout wlogout.x86_64: W: non-conffile-in-etc /etc/wlogout/style.css wlogout-debuginfo.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known> wlogout-debugsource.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known> 3 packages and 0 specfiles checked; 0 errors, 7 warnings.
Source checksums ---------------- https://github.com/ArtsyMacaw/wlogout/archive/1.1.1/wlogout-1.1.1.tar.gz : CHECKSUM(SHA256) this package : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940 CHECKSUM(SHA256) upstream package : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940
Requires -------- wlogout (rpmlib, GLIBC filtered): libc.so.6()(64bit) libgdk-3.so.0()(64bit) libglib-2.0.so.0()(64bit) libgobject-2.0.so.0()(64bit) libgtk-3.so.0()(64bit) libgtk-layer-shell.so.0()(64bit) rtld(GNU_HASH)
wlogout-debuginfo (rpmlib, GLIBC filtered):
wlogout-debugsource (rpmlib, GLIBC filtered):
Provides -------- wlogout: wlogout wlogout(x86-64)
wlogout-debuginfo: debuginfo(build-id) wlogout-debuginfo wlogout-debuginfo(x86-64)
wlogout-debugsource: wlogout-debugsource wlogout-debugsource(x86-64)
Generated by fedora-review 0.7.5 (5fa5b7e) last change: 2020-02-16 Command line :/usr/bin/fedora-review --rpm-spec -n /home/bhepple/rpmbuild/SRPMS/wlogout-1.1.1-2.fc31.src.rpm Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, C/C++, Shell-api Disabled plugins: fonts, Python, SugarActivity, PHP, Java, Haskell, R, Perl, Ocaml Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Lyes Saadi fedora@lyes.eu changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fedora@lyes.eu
--- Comment #1 from Lyes Saadi fedora@lyes.eu --- Hi !
Note that fedora-review incorrectly flags the /etc/wlogout/* files as 'not configuration'. They are exactly that - configuration files.
No, that's not what it means:
W: foo-package non-conffile-in-etc /etc/xdg/menus/applications-merged/foo-package.menu
A non-executable file in your package is being installed in /etc, but is not a configuration file. All non-executable files in /etc should be configuration files. Mark the file as %config in the spec file.
From "Common Rpmlint issues": https://fedoraproject.org/wiki/Common_Rpmlint_issues#non-conffile-in-etc
You need to change this in your spec file:
%config(noreplace) %{_sysconfdir}/%{name}/layout %config(noreplace) %{_sysconfdir}/%{name}/style.css
(you could keep the %config macro on the whole directory, but it is better not to...)
More about that here: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_configuration_fi...
Also, you should just remove the %check section if you have to tests to run...
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #2 from Bob Hepple bob.hepple@gmail.com --- Hi Lyes,
Thanks for taking a look at this.
I now understand the point about %config and I've changed the spec file accordingly. I also added (noreplace) as advised in the reference that you gave.
%check is gone as suggested as it's meaningless.
I was a bit worried about /etc/wlogout being orphaned - at least in my reading of https://docs.fedoraproject.org/en-US/packaging-guidelines/UnownedDirectories... - so I have listed /etc/wlogout under %dir and the individual files under %config. I saw a similar arrangement in anaconda.spec
Here's another build:
SPEC URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86... SRPM URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86...
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Lyes Saadi fedora@lyes.eu changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |fedora-review? | |needinfo?(bob.hepple@gmail. | |com)
--- Comment #3 from Lyes Saadi fedora@lyes.eu --- Package Review ==============
Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
Issues: ======= - JSMN is bundled, but it is not declared as such. The addition of: `Provides: bundled(jsmn)` should be enough. The bundled version of JSMN is unknown. See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling - Upstream provide OpenPGP signatures as wlogout.tar.gz.sig in the GitHub Release section. See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_veri...
===== MUST items =====
C/C++: [x]: Package does not contain kernel modules. [x]: Package contains no static executables. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs.
Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Expat License", "*No copyright* Expat License", "Unknown or generated". 24 files have unknown license. Detailed output of licensecheck in /home/lyes/Documents/reviews/1821120-wlogout/licensecheck.txt [-]: License file installed when any subpackage combination is installed. [x]: Package does not own files or directories owned by other packages. Note: wlogout nor any of it dependencies does requires bash, zsh or fish. Note: Dirs in package are owned also by: /usr/share/bash- completion(lxc, clufter-cli, toolbox, nnn, task, skim, reprepro, datamash, zeitgeist, nitrokey-app, bodhi-client, ethtool, eg, bubblewrap, rtags, maven, lightdm, vagrant, flatpak, swayidle, zola, dotnet-host, zypper, git-annex, git-core, sway, pdfgrep, swaylock, exa, rpmlint, dnf, devscripts-checkbashisms, darcs, kmod, licensecheck, cowsay, cmake-data, dconf-editor, awscli, buildah, stratis-cli, skopeo, fd-find, ModemManager, rkt, docker-compose, yadifa-tools, ldc, cobbler, rpmspectool, chocolate-doom, policycoreutils, libmbim, etckeeper, restic, python3-trezor, plowshare, the_silver_searcher, cpu-x, pbuilder, docopt, python3-catkin_tools, python-django-bash-completion, subversion, source-highlight, gpaste, tio, beaker-client, mtr, filesystem, tealdeer, glib2, breezy, fedpkg, calf, libqmi, falkon, fedmod, ffsend, rpmdevtools, devscripts, unar, tracker, gammu, clevis, hstr, ripgrep, why3, yadifa, exercism, driverctl, mercurial-py3, lxi-tools, bash- completion, mercurial-py2), /usr/share/bash- completion/completions(lxc, clufter-cli, toolbox, nnn, task, skim, reprepro, coccinelle-bash-completion, datamash, libnbd-bash- completion, zeitgeist, nitrokey-app, bodhi-client, ethtool, eg, bubblewrap, python3-pip, rtags, maven, lightdm, vagrant, flatpak, swayidle, calibre, zola, dotnet-host, zypper, git-annex, git-core, sway, pdfgrep, swaylock, exa, rpmlint, dnf, devscripts-checkbashisms, kmod, licensecheck, nordugrid-arc-hed, cowsay, cmake-data, dconf- editor, awscli, buildah, stratis-cli, skopeo, fd-find, ModemManager, rkt, libappstream-glib, docker-compose, yadifa-tools, ldc, cobbler, rpmspectool, chocolate-doom, libmbim, packit, etckeeper, restic, python3-trezor, ndctl, plowshare, the_silver_searcher, kompose, cpu-x, pbuilder, docopt, python3-catkin_tools, python-django-bash-completion, subversion, firejail, source-highlight, gpaste, lastpass-cli, tio, beaker-client, nbdkit-bash-completion, mtr, filesystem, tig, tealdeer, glib2, breezy, fedpkg, calf, libqmi, falkon, fedmod, GMT-common, xss- lock, ffsend, rpmdevtools, devscripts, minipro, unar, tracker, gammu, clevis, hstr, ripgrep, gtatool, why3, firewalld, yadifa, exercism, driverctl, mercurial-py3, opensc, lxi-tools, libguestfs-bash- completion, bash-completion, mercurial-py2), /usr/share/fish(exa, fedmod, ocrmypdf, task, cpu-x, ffsend, fish, fd-find, ikona-cli-fish- completions, ripgrep, docker-compose, flatpak, swayidle, zola, exercism, bat, tealdeer, sway, swaylock), /usr/share/fish/completions(fish, ikona-cli-fish-completions, task), /usr/share/zsh(exa, libinput, etckeeper, vcsh, polybar, fedmod, kde- connect, mako, task, cpu-x, reprepro, skim, ffsend, xss-lock, osmium- tool, awscli, stratis-cli, creds, python3-wstool, fd-find, pulseaudio, ripgrep, why3, gpaste, docker-compose, ninja-build, zsh, swayidle, zola, exercism, pdfgrep, curl, mercurial-py3, mercurial-py2, sway, swaylock), /usr/share/zsh/site-functions(exa, libinput, vcsh, buku, restic, polybar, kde-connect, nnn, podman, imgp, mako, task, kompose, cpu-x, reprepro, skim, ffsend, xss-lock, osmium-tool, awscli, ddgr, creds, stratis-cli, python3-wstool, khard, fd-find, pulseaudio, ripgrep, why3, gpaste, docker-compose, flatpak, ninja-build, lastpass- cli, firewalld, zsh, swayidle, arch-install-scripts, zola, googler, exercism, pdfgrep, curl, mercurial-py3, xpanes, fzf, mercurial-py2, sway, swaylock) [x]: %build honors applicable compiler flags or justifies otherwise. [!]: Package contains no bundled libraries without FPC exception. Note: jsmn is bundled. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 1 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: %config files are marked noreplace or the reason is justified. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: No %config files under /usr. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local
===== SHOULD items =====
Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [!]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: upstream publishes OpenPGP signatures in the Release section. Note: gpgverify is not used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [?]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified.
===== EXTRA items =====
Generic: [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. [x]: Spec file according to URL is the same as in SRPM.
Rpmlint ------- Checking: wlogout-1.1.1-3.fc33.x86_64.rpm wlogout-debuginfo-1.1.1-3.fc33.x86_64.rpm wlogout-debugsource-1.1.1-3.fc33.x86_64.rpm wlogout-1.1.1-3.fc33.src.rpm wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out wlogout.src: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out wlogout.src: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out 4 packages and 0 specfiles checked; 0 errors, 4 warnings.
Rpmlint (debuginfo) ------------------- Checking: wlogout-debuginfo-1.1.1-3.fc33.x86_64.rpm 1 packages and 0 specfiles checked; 0 errors, 0 warnings.
Rpmlint (installed packages) ---------------------------- wlogout-debugsource.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known> wlogout.x86_64: W: spelling-error Summary(en_US) logout -> lo gout, lo-gout, log out wlogout.x86_64: W: spelling-error %description -l en_US logout -> lo gout, lo-gout, log out wlogout.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known> wlogout-debuginfo.x86_64: W: invalid-url URL: https://github.com/ArtsyMacaw/wlogout <urlopen error [Errno -2] Name or service not known> 3 packages and 0 specfiles checked; 0 errors, 5 warnings.
Source checksums ---------------- https://github.com/ArtsyMacaw/wlogout/archive/1.1.1/wlogout-1.1.1.tar.gz : CHECKSUM(SHA256) this package : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940 CHECKSUM(SHA256) upstream package : cc79c9e2ff1bd225b051a34ccb352bcf8a1991b83414a7db623fce7c49566940
Requires -------- wlogout (rpmlib, GLIBC filtered): config(wlogout) libc.so.6()(64bit) libgdk-3.so.0()(64bit) libglib-2.0.so.0()(64bit) libgobject-2.0.so.0()(64bit) libgtk-3.so.0()(64bit) libgtk-layer-shell.so.0()(64bit) rtld(GNU_HASH)
wlogout-debuginfo (rpmlib, GLIBC filtered):
wlogout-debugsource (rpmlib, GLIBC filtered):
Provides -------- wlogout: config(wlogout) wlogout wlogout(x86-64)
wlogout-debuginfo: debuginfo(build-id) wlogout-debuginfo wlogout-debuginfo(x86-64)
wlogout-debugsource: wlogout-debugsource wlogout-debugsource(x86-64)
Generated by fedora-review 0.7.5 (5fa5b7e) last change: 2020-02-16 Command line :/usr/bin/fedora-review -b 1821120 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api, C/C++ Disabled plugins: Python, Perl, R, Java, PHP, Haskell, SugarActivity, Ocaml, fonts Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Bob Hepple bob.hepple@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(bob.hepple@gmail. | |com) |
--- Comment #4 from Bob Hepple bob.hepple@gmail.com --- Hi Lyes,
I've spent most of this morning studying up on the %gpgverify issue and I just can't get it to work.
Note that AFAICS the .sig on the releases page does not refer to Source0 but to some arbitrary tarball wlogout.tar.gz that the author uploaded:
$ ll wlogout-1.1.1.tar.gz wlogout.tar.gz -rw-rw-r--. 1 bhepple bhepple 540189 Apr 6 14:07 wlogout-1.1.1.tar.gz -rw-rw-r--. 1 bhepple bhepple 624640 Apr 20 11:39 wlogout.tar.gz
Having downloaded the author's public key, it does not verify that file:
$ gpgv --keyring ./gpg-key-F4FDB18A9937358364B276E9E25D679AF73C6D2F.gpg wlogout.tar.gz.sig wlogout.tar.gz gpgv: Signature made Sat 14 Mar 2020 15:37:44 AEST gpgv: using RSA key F4FDB18A9937358364B276E9E25D679AF73C6D2F gpgv: [don't know]: invalid packet (ctb=2d) gpgv: keydb_search failed: Invalid packet gpgv: [don't know]: invalid packet (ctb=2d) gpgv: keydb_search failed: Invalid packet gpgv: Can't check signature: No public key
The wlogout.tar.gz does not actually download as a gzipped tarball but as a plain tarball - so it's pretty suspicious!
In any case I think we want to be working with Source0 as that's a tarball generated by github from the repo automatically.
Any ideas?
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #5 from Lyes Saadi fedora@lyes.eu --- That's... That's weird indeed...
Let's just skip that... You should continue to use the github-generated tarball. It's only a SHOULD item.
You may ask the maintainer to provide a valid signature for the github-generated tarball instead of an arbitrary one. And preferably to host his public key in an appropriate place as well.
Either way, could you please provide a new spec file with an updated "Provide" to reflect the bundling of JSMN (and associated SRPM)?
I won't be able to accept the review right now though, this is my first time reviewing a package, and I have some issues regarding my Bugzilla permissions related to this infrastructure issue: https://pagure.io/fedora-infrastructure/issue/8628#comment-642931 (that's why I haven't assigned this bug to myself...).
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #6 from Bob Hepple bob.hepple@gmail.com --- Sure Lyes,
Here's the latest:
SPEC URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86... SRPM URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86...
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #7 from Lyes Saadi fedora@lyes.eu --- Hello Bob,
I see that you changed this:
``` %{_datadir}/zsh/* %{_datadir}/fish/* %{_datadir}/bash-completion/* ```
But, according to the guidelines, you were right to own the entire directory: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_the_directory_is...
Except for that, your package is good to go! But I'm still waiting for my Bugzilla permissions to be fixed. I'll ask someone else to approve it for me if that takes a long time...
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Lyes Saadi fedora@lyes.eu changed:
What |Removed |Added ---------------------------------------------------------------------------- Doc Type|--- |If docs needed, set a value
--- Comment #8 from Lyes Saadi fedora@lyes.eu --- Hi!
So, for now at least, I have Bugzilla permissions!
Could you please send me a final-final-final version of the package :P? I know that's just an extra "*", but it's a MUST item in Packaging Guidelines: « Packages must own all directories they put files in »...
I also wanted to thank you for your work and for packaging this program!
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Lyes Saadi fedora@lyes.eu changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|nobody@fedoraproject.org |fedora@lyes.eu
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Lyes Saadi fedora@lyes.eu changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #9 from Bob Hepple bob.hepple@gmail.com --- Hi Lyes,
Thanks for your patience and keen eyes. New build below.
I'm going to have to re-read and reassess my understanding on that ownership thing.
SPEC URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86... SRPM URL: https://download.copr.fedorainfracloud.org/results/wef/wlogout/fedora-31-x86...
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Lyes Saadi fedora@lyes.eu changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|fedora-review? |fedora-review+
--- Comment #10 from Lyes Saadi fedora@lyes.eu --- Package Approved!
Thank you as well for your patience :).
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #11 from Gwyn Ciesla gwync@protonmail.com --- (fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/wlogout
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|POST |MODIFIED
--- Comment #12 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-d755c36129 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d755c36129
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #13 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-105f9d6381 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-105f9d6381
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #14 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-d755c36129 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2020-d755c36129 *` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d755c36129
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #15 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-105f9d6381 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2020-105f9d6381 *` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-105f9d6381
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed| |2020-05-01 04:05:53
--- Comment #16 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-d755c36129 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1821120
--- Comment #17 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-105f9d6381 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.
package-review@lists.fedoraproject.org
-
bugzilla@redhat.com