[Bug 226352] Merge Review: quagga

bugzilla at redhat.com bugzilla at redhat.com
Thu Oct 7 10:47:57 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=226352

--- Comment #5 from Vojtech Vitek <vvitek at redhat.com> 2010-10-07 06:47:53 EDT ---
Sources used when checking:
$ git log | head -n 7
commit bf8ff1430a11c72162ab5d9d0e8e3967915470a7
Author: Jiri Skala <jskala at localhost.localdomain>
Date:   Tue Aug 31 17:22:38 2010 +0200

    * Tue Aug 31 2010 Jiri Skala <jskala at redhat.com> - 0.99.17-1
    - update to latest upstream
    - fixes #628981 - CVE-2010-2948 and CVE-2010-2949

$ md5sum quagga.spec 
75e2780c6fa1f062edc10c91ca45604e  quagga.spec

Legend: + = PASSED, - = FAILED, 0 = Not Applicable

+ MUST: rpmlint must be run on every package. The output should be posted in
the review

$ rpmlint -v quagga.spec 
quagga.spec:242: W: macro-in-comment %if
quagga.spec:242: W: macro-in-comment %with_ipv6
quagga.spec:244: W: macro-in-comment %endif
quagga.spec:247: W: macro-in-comment %if
quagga.spec:247: W: macro-in-comment %with_ipv6
quagga.spec:249: W: macro-in-comment %endif
quagga.spec:250: W: macro-in-comment %if
quagga.spec:250: W: macro-in-comment %with_ospfapi
quagga.spec:252: W: macro-in-comment %endif

Could be ignored, but I would propose to delete those commented lines
completely.
For example:
  #zebra_spec_add_service ospfapi  2607/tcp "OSPF-API"
is imho out-of-date, as /etc/services lists
  connection      2607/tcp                # Dell Connection
instead.

quagga.spec:2: W: mixed-use-of-spaces-and-tabs (spaces: line 2, tab: line 2)

Ignored. (The space-tabs mess is everywhere, not just on this line.)

quagga.spec: I: checking-url
http://www.quagga.net/download/quagga-0.99.17.tar.gz (timeout 10 seconds)
0 packages and 1 specfiles checked; 0 errors, 10 warnings.

$ rpmlint quagga-0.99.17-1.fc15.src.rpm 
quagga.src: W: spelling-error %description -l en_US multi -> mulch, mufti
quagga.src: W: strange-permission quagga-filter-perl-requires.sh 0755L
quagga.src:242: W: macro-in-comment %if
quagga.src:242: W: macro-in-comment %with_ipv6
quagga.src:244: W: macro-in-comment %endif
quagga.src:247: W: macro-in-comment %if
quagga.src:247: W: macro-in-comment %with_ipv6
quagga.src:249: W: macro-in-comment %endif
quagga.src:250: W: macro-in-comment %if
quagga.src:250: W: macro-in-comment %with_ospfapi
quagga.src:252: W: macro-in-comment %endif
quagga.src:2: W: mixed-use-of-spaces-and-tabs (spaces: line 2, tab: line 2)
1 packages and 0 specfiles checked; 0 errors, 12 warnings.

Ignored.

+ MUST: package named according to the Package Naming Guidelines
+ MUST: The spec file name must match the base package %{name}
+ MUST: The package must meet the Packaging Guidelines .
+ MUST: The package licensed with a Fedora approved license and meets the
Licensing Guidelines
+ MUST: The License field in the package spec file matches the actual license
+ MUST: If (and only if) the source package includes the text of the license(s)
in its own file, then that file, containing the text of the license(s) for the
package must be included in %doc.
+ MUST: The spec file must be written in American English.
+ MUST: The spec file for the package MUST be legible.
+ MUST: The sources used to build the package must match the upstream
source, as provided in the spec URL. Reviewers should use md5sum for this task

>From sources:
$ cat sources 
37b9022adca04b03863d2d79787e643f  quagga-0.99.17.tar.gz

>From upstream:
$ md5sum quagga-0.99.17.tar.gz 
37b9022adca04b03863d2d79787e643f  quagga-0.99.17.tar.gz

= MATCHES

+ MUST: The package successfully compiles and builds into binary rpms on at
least one primary architecture
 - tested on x86_64, no problems
0 MUST: If the package does not successfully compile, build or work on an
architecture, then those architectures should be listed in the spec in
ExcludeArch
+ MUST: All build dependencies must be listed in BuildRequires, except for any
that are listed in the exceptions section of the Packaging Guidelines
0 MUST: The spec file handles locales properly. This is done by using the
%find_lang macro
0 MUST: Every binary RPM package (or subpackage) which stores shared library
files (not just symlinks) in any of the dynamic linker's default paths, must
call ldconfig in %post and %postun.

%define  _libdir  %{_exec_prefix}/%{_lib}/quagga
%files
%{_libdir}/*.so.*

It's not in linker's default paths, so I believe there is no need to run
ldconfig.

0 MUST: Packages must NOT bundle copies of system libraries
+ MUST: If the package is designed to be relocatable, the packager must state
this fact in the request for review, along with the rationalization for
relocation of that specific package. Without this, use of Prefix: /usr is
considered a blocker
+ MUST: Package must own all directories that it creates. If it does not create
a directory that it uses, then it should require a package which does create
that directory
+ MUST: Package must not list a file more than once in the spec file's %files
listings
+ MUST: Permissions on files must be set properly. Every %files section must
include a %defattr(...) line.
+ MUST: Each package must have a %clean section, which contains rm -rf
%{buildroot} (or $RPM_BUILD_ROOT).
+ MUST: Each package must consistently use macros
+ MUST: The package must contain code, or permissable content
+ MUST: Large documentation files must go in a -doc subpackage
+ MUST: If a package includes something as %doc, it must not affect the runtime
of the application
+ MUST: Header files must be in a -devel package
0 MUST: Static libraries must be in a -static package
0 MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig'
+ MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1),
then library files that end in .so (without suffix) must go in a -devel package
+ MUST: devel packages must require the base package using a fully versioned
dependency: Requires: %{name} = %{version}-%{release}
+ MUST: Packages must NOT contain any .la libtool archives, these must be
removed in the spec if they are built
0 MUST: Packages containing GUI applications must include a %{name}.desktop
file, and that file must be properly installed with desktop-file-install in the
%install section
+ MUST: Packages must not own files or directories already owned by other
packages
+ MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot}
(or $RPM_BUILD_ROOT)
+ MUST: All filenames in rpm packages must be valid UTF-8

All MUST things passed.


I need just one clarification before I'll set review+ :

qugga.spec:226: # /etc/services is already populated, so skip this

So there is /etc/services dependency, shouldn't we set Requires to setup
package as well?
$ rpmquery --whatprovides /etc/services
setup-2.8.20-1.fc13.noarch

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the package-review mailing list