[Bug 784156] Review Request: uwsgi - Fast, self-healing, application container server

Sat Feb 18 19:03:17 UTC 2012

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=784156

--- Comment #13 from Jorge A Gallegos <kad at blegh.net> 2012-02-18 14:03:16 EST ---
(In reply to comment #11)
> Gal
> 
> couple comments inline
> 
> 
> (In reply to comment #9)
> > I've been asked to publish a full review report.
> > 
> > [PASS] MUST: rpmlint must be run on the source rpm and all binary rpms the
> > build produces. The output should be posted in the review.
> > 
> 
> The review process requires that the output of rpmlint on all binaries and
> source rpm files be posted in the review.
> 
> > [PASS] MUST: The package must be named according to the Package Naming
> > Guidelines.
> > 
> > [PASS] MUST: The spec file name must match the base package %{name}, in the
> > format %{name}.spec unless your package has an exemption.
> > 
> > [PASS] MUST: The package must meet the Packaging Guidelines.
> > 
> > [PASS] MUST: The package must be licensed with a Fedora approved license and
> > meet the Licensing Guidelines.
> > 
> > [PASS] MUST: The License field in the package spec file must match the actual
> > license.
> > 
> > [PASS] MUST: If (and only if) the source package includes the text of the
> > license(s) in its own file, then that file, containing the text of the
> > license(s) for the package must be included in %doc.
> > 
> 
> This is only done for the main package.  It should be done for every package
> (devel, plugin-*, so this requirement FAILS.
> 

from
http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Subpackage_Licensing:
"If a subpackage is dependent (either implicitly or explicitly) upon a base
package (where a base package is defined as a resulting binary package from the
same source RPM which contains the appropriate license texts as %doc), it is
not necessary for that subpackage to also include those license texts as %doc."

The -devel package is depending on the main uwsgi package, and all -plugin
packages depend on -plugin-common, which depends on the main uwsgi package.

> > [PASS] MUST: The spec file must be written in American English.
> > 
> > [PASS] MUST: The spec file for the package MUST be legible.
> > 
> > [PASS] MUST: The sources used to build the package must match the upstream
> > source, as provided in the spec URL. Reviewers should use md5sum for this task.
> > If no upstream URL can be specified for this package, please see the Source URL
> > Guidelines for how to deal with this.
> > 
> 
> Typically you would show the sha256sum in the review.  For example:
> [root at beast SOURCES]# sha256sum uwsgi-1.0.2.1.tar.gz
> 78280b57a970db7842e4481f8b00f13d011f27b340c869dc1ad28d564d716439 
> uwsgi-1.0.2.1.tar.gz
> [root at beast SPECS]# wget
> http://projects.unbit.it/downloads/uwsgi-1.0.2.1.tar.gz
> --2012-02-14 09:06:35-- 
> http://projects.unbit.it/downloads/uwsgi-1.0.2.1.tar.gz
> Resolving projects.unbit.it... 81.174.68.52
> Connecting to projects.unbit.it|81.174.68.52|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 465250 (454K) [application/x-gzip]
> Saving to: “uwsgi-1.0.2.1.tar.gz”
> 
> 100%[======================================>] 465,250     93.5K/s   in 5.9s    
> 
> 2012-02-14 09:06:41 (76.9 KB/s) - “uwsgi-1.0.2.1.tar.gz” saved [465250/465250]
> 
> [root at beast SPECS]# sha256sum uwsgi-1.0.2.1.tar.gz
> 78280b57a970db7842e4481f8b00f13d011f27b340c869dc1ad28d564d716439 
> uwsgi-1.0.2.1.tar.gz
> 
> 
> > [PASS] MUST: The package MUST successfully compile and build into binary rpms
> > on at least one primary architecture.
> > 
> > [IRRELEVANT] MUST: If the package does not successfully compile, build or work
> > on an architecture, then those architectures should be listed in the spec in
> > ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in
> > bugzilla, describing the reason that the package does not compile/build/work on
> > that architecture. The bug number MUST be placed in a comment, next to the
> > corresponding ExcludeArch line.
> > 
> > [PASS] MUST: All build dependencies must be listed in BuildRequires, except for
> > any that are listed in the exceptions section of the Packaging Guidelines ;
> > inclusion of those as BuildRequires is optional. Apply common sense.
> > 
> > [IRRELEVANT] MUST: The spec file MUST handle locales properly. This is done by
> > using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.
> > 
> > [IRRELEVANT] MUST: Every binary RPM package (or subpackage) which stores shared
> > library files (not just symlinks) in any of the dynamic linker's default paths,
> > must call ldconfig in %post and %postun.
> 
> rather then irrelevant, NA (not applicable) makes more sense here.
> > 
> > [PASS] MUST: Packages must NOT bundle copies of system libraries.
> > 
> > [IRRELEVANT] MUST: If the package is designed to be relocatable, the packager
> > must state this fact in the request for review, along with the rationalization
> > for relocation of that specific package. Without this, use of Prefix: /usr is
> > considered a blocker.
> > 
> > [PASS] MUST: A package must own all directories that it creates. If it does not
> > create a directory that it uses, then it should require a package which does
> > create that directory.
> > 
> 
> are you sure about this?  %{_libdir}/%name doesn't appear to be owned by any
> package although it is used by a variety of packages.  A recommendation on what
> package should own this directory would be helpful for the packager as well.
> 

I'm a bit confused here, I agree %{_libdir}/%{name} should be owned by some
package (most likely -plugins-common) but I am not sure how to include that dir
and *not* including the rest of the .so files within. If I do this in the spec:

%files -n %{name}-plugin-common
%doc ChangeLog LICENSE README
%{_libdir}/%{name}
%{_libdir}/%{name}/cache_plugin.so
%{_libdir}/%{name}/cgi_plugin.so
%{_libdir}/%{name}/rpc_plugin.so
%{_libdir}/%{name}/ugreen_plugin.so

It includes %{_libdir}/%{name} and *.so right in the first entry. Any clues how
to do this?

> > [PASS]  MUST: A Fedora package must not list a file more than once in the spec
> > file's %files listings. (Notable exception: license texts in specific
> > situations)
> > 
> > [PASS] MUST: Permissions on files must be set properly. Executables should be
> > set with executable permissions, for example.
> > 
> > [PASS] MUST: Each package must consistently use macros.
> > 
> > [PASS] MUST: The package must contain code, or permissable content.
> > 
> > [IRRELEVANT] MUST: Large documentation files must go in a -doc subpackage. (The
> > definition of large is left up to the packager's best judgement, but is not
> > restricted to size. Large can refer to either size or quantity). [18]
> > MUST: If a package includes something as %doc, it must not affect the runtime
> > of the application. To summarize: If it is in %doc, the program must run
> > properly if it is not present.
> > 
> > [IRRELEVANT] MUST: Static libraries must be in a -static package.
> > 
> > [PASS] MUST: Development files must be in a -devel package. [20]
> > MUST: In the vast majority of cases, devel packages must require the base
> > package using a fully versioned dependency: Requires: %{name}%{?_isa} =
> > %{version}-%{release}
> > 
> > [PASS] MUST: Packages must NOT contain any .la libtool archives, these must be
> > removed in the spec if they are built.
> > 
> > [IRRELEVANT] MUST: Packages containing GUI applications must include a
> > %{name}.desktop file, and that file must be properly installed with
> > desktop-file-install in the %install section. If you feel that your packaged
> > GUI application does not need a .desktop file, you must put a comment in the
> > spec file with your explanation. 
> > 
> > [PASS] MUST: Packages must not own files or directories already owned by other
> > packages. The rule of thumb here is that the first package to be installed
> > should own the files or directories that other packages may rely upon. This
> > means, for example, that no package in Fedora should ever share ownership with
> > any of the files or directories owned by the filesystem or man package. If you
> > feel that you have a good reason to own a file or directory that another
> > package owns, then please present that at package review time. [23]
> > 
> > [PASS] MUST: All filenames in rpm packages must be valid UTF-8.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.