[Bug 784156] Review Request: uwsgi - Fast, self-healing, application container server

bugzilla at redhat.com bugzilla at redhat.com
Tue Feb 14 16:13:48 UTC 2012 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=784156

--- Comment #11 from Steven Dake <sdake at redhat.com> 2012-02-14 11:13:46 EST ---
Gal

couple comments inline


(In reply to comment #9)
> I've been asked to publish a full review report.
> 
> [PASS] MUST: rpmlint must be run on the source rpm and all binary rpms the
> build produces. The output should be posted in the review.
> 

The review process requires that the output of rpmlint on all binaries and
source rpm files be posted in the review.

> [PASS] MUST: The package must be named according to the Package Naming
> Guidelines.
> 
> [PASS] MUST: The spec file name must match the base package %{name}, in the
> format %{name}.spec unless your package has an exemption.
> 
> [PASS] MUST: The package must meet the Packaging Guidelines.
> 
> [PASS] MUST: The package must be licensed with a Fedora approved license and
> meet the Licensing Guidelines.
> 
> [PASS] MUST: The License field in the package spec file must match the actual
> license.
> 
> [PASS] MUST: If (and only if) the source package includes the text of the
> license(s) in its own file, then that file, containing the text of the
> license(s) for the package must be included in %doc.
> 

This is only done for the main package.  It should be done for every package
(devel, plugin-*, so this requirement FAILS.

> [PASS] MUST: The spec file must be written in American English.
> 
> [PASS] MUST: The spec file for the package MUST be legible.
> 
> [PASS] MUST: The sources used to build the package must match the upstream
> source, as provided in the spec URL. Reviewers should use md5sum for this task.
> If no upstream URL can be specified for this package, please see the Source URL
> Guidelines for how to deal with this.
> 

Typically you would show the sha256sum in the review.  For example:
[root at beast SOURCES]# sha256sum uwsgi-1.0.2.1.tar.gz
78280b57a970db7842e4481f8b00f13d011f27b340c869dc1ad28d564d716439 
uwsgi-1.0.2.1.tar.gz
[root at beast SPECS]# wget
http://projects.unbit.it/downloads/uwsgi-1.0.2.1.tar.gz
--2012-02-14 09:06:35-- 
http://projects.unbit.it/downloads/uwsgi-1.0.2.1.tar.gz
Resolving projects.unbit.it... 81.174.68.52
Connecting to projects.unbit.it|81.174.68.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 465250 (454K) [application/x-gzip]
Saving to: “uwsgi-1.0.2.1.tar.gz”

100%[======================================>] 465,250     93.5K/s   in 5.9s    

2012-02-14 09:06:41 (76.9 KB/s) - “uwsgi-1.0.2.1.tar.gz” saved [465250/465250]

[root at beast SPECS]# sha256sum uwsgi-1.0.2.1.tar.gz
78280b57a970db7842e4481f8b00f13d011f27b340c869dc1ad28d564d716439 
uwsgi-1.0.2.1.tar.gz


> [PASS] MUST: The package MUST successfully compile and build into binary rpms
> on at least one primary architecture.
> 
> [IRRELEVANT] MUST: If the package does not successfully compile, build or work
> on an architecture, then those architectures should be listed in the spec in
> ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in
> bugzilla, describing the reason that the package does not compile/build/work on
> that architecture. The bug number MUST be placed in a comment, next to the
> corresponding ExcludeArch line.
> 
> [PASS] MUST: All build dependencies must be listed in BuildRequires, except for
> any that are listed in the exceptions section of the Packaging Guidelines ;
> inclusion of those as BuildRequires is optional. Apply common sense.
> 
> [IRRELEVANT] MUST: The spec file MUST handle locales properly. This is done by
> using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.
> 
> [IRRELEVANT] MUST: Every binary RPM package (or subpackage) which stores shared
> library files (not just symlinks) in any of the dynamic linker's default paths,
> must call ldconfig in %post and %postun.

rather then irrelevant, NA (not applicable) makes more sense here.
> 
> [PASS] MUST: Packages must NOT bundle copies of system libraries.
> 
> [IRRELEVANT] MUST: If the package is designed to be relocatable, the packager
> must state this fact in the request for review, along with the rationalization
> for relocation of that specific package. Without this, use of Prefix: /usr is
> considered a blocker.
> 
> [PASS] MUST: A package must own all directories that it creates. If it does not
> create a directory that it uses, then it should require a package which does
> create that directory.
> 

are you sure about this?  %{_libdir}/%name doesn't appear to be owned by any
package although it is used by a variety of packages.  A recommendation on what
package should own this directory would be helpful for the packager as well.

> [PASS]  MUST: A Fedora package must not list a file more than once in the spec
> file's %files listings. (Notable exception: license texts in specific
> situations)
> 
> [PASS] MUST: Permissions on files must be set properly. Executables should be
> set with executable permissions, for example.
> 
> [PASS] MUST: Each package must consistently use macros.
> 
> [PASS] MUST: The package must contain code, or permissable content.
> 
> [IRRELEVANT] MUST: Large documentation files must go in a -doc subpackage. (The
> definition of large is left up to the packager's best judgement, but is not
> restricted to size. Large can refer to either size or quantity). [18]
> MUST: If a package includes something as %doc, it must not affect the runtime
> of the application. To summarize: If it is in %doc, the program must run
> properly if it is not present.
> 
> [IRRELEVANT] MUST: Static libraries must be in a -static package.
> 
> [PASS] MUST: Development files must be in a -devel package. [20]
> MUST: In the vast majority of cases, devel packages must require the base
> package using a fully versioned dependency: Requires: %{name}%{?_isa} =
> %{version}-%{release}
> 
> [PASS] MUST: Packages must NOT contain any .la libtool archives, these must be
> removed in the spec if they are built.
> 
> [IRRELEVANT] MUST: Packages containing GUI applications must include a
> %{name}.desktop file, and that file must be properly installed with
> desktop-file-install in the %install section. If you feel that your packaged
> GUI application does not need a .desktop file, you must put a comment in the
> spec file with your explanation. 
> 
> [PASS] MUST: Packages must not own files or directories already owned by other
> packages. The rule of thumb here is that the first package to be installed
> should own the files or directories that other packages may rely upon. This
> means, for example, that no package in Fedora should ever share ownership with
> any of the files or directories owned by the filesystem or man package. If you
> feel that you have a good reason to own a file or directory that another
> package owns, then please present that at package review time. [23]
> 
> [PASS] MUST: All filenames in rpm packages must be valid UTF-8.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list