[Bug 784156] Review Request: uwsgi - Fast, self-healing, application container server

bugzilla at redhat.com bugzilla at redhat.com
Sun Feb 19 00:16:47 UTC 2012 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=784156

--- Comment #15 from Steven Dake <sdake at redhat.com> 2012-02-18 19:16:46 EST ---
(In reply to comment #13)
> (In reply to comment #11)
> > Gal
> > 
> > couple comments inline
> > 
> > 
> > (In reply to comment #9)
> > > I've been asked to publish a full review report.
> > > 
> > > [PASS] MUST: rpmlint must be run on the source rpm and all binary rpms the
> > > build produces. The output should be posted in the review.
> > > 
> > 
> > The review process requires that the output of rpmlint on all binaries and
> > source rpm files be posted in the review.
> > 
> > > [PASS] MUST: The package must be named according to the Package Naming
> > > Guidelines.
> > > 
> > > [PASS] MUST: The spec file name must match the base package %{name}, in the
> > > format %{name}.spec unless your package has an exemption.
> > > 
> > > [PASS] MUST: The package must meet the Packaging Guidelines.
> > > 
> > > [PASS] MUST: The package must be licensed with a Fedora approved license and
> > > meet the Licensing Guidelines.
> > > 
> > > [PASS] MUST: The License field in the package spec file must match the actual
> > > license.
> > > 
> > > [PASS] MUST: If (and only if) the source package includes the text of the
> > > license(s) in its own file, then that file, containing the text of the
> > > license(s) for the package must be included in %doc.
> > > 
> > 
> > This is only done for the main package.  It should be done for every package
> > (devel, plugin-*, so this requirement FAILS.
> > 
> 
> from
> http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Subpackage_Licensing:
> "If a subpackage is dependent (either implicitly or explicitly) upon a base
> package (where a base package is defined as a resulting binary package from the
> same source RPM which contains the appropriate license texts as %doc), it is
> not necessary for that subpackage to also include those license texts as %doc."
> 
> The -devel package is depending on the main uwsgi package, and all -plugin
> packages depend on -plugin-common, which depends on the main uwsgi package.
> 

Thanks your right - learning experience for everyone ;)

> > > [PASS] MUST: The spec file must be written in American English.
> > > 
> > > [PASS] MUST: The spec file for the package MUST be legible.
> > > 
> > > [PASS] MUST: The sources used to build the package must match the upstream
> > > source, as provided in the spec URL. Reviewers should use md5sum for this task.
> > > If no upstream URL can be specified for this package, please see the Source URL
> > > Guidelines for how to deal with this.
> > > 
> > 
> > Typically you would show the sha256sum in the review.  For example:
> > [root at beast SOURCES]# sha256sum uwsgi-1.0.2.1.tar.gz
> > 78280b57a970db7842e4481f8b00f13d011f27b340c869dc1ad28d564d716439 
> > uwsgi-1.0.2.1.tar.gz
> > [root at beast SPECS]# wget
> > http://projects.unbit.it/downloads/uwsgi-1.0.2.1.tar.gz
> > --2012-02-14 09:06:35-- 
> > http://projects.unbit.it/downloads/uwsgi-1.0.2.1.tar.gz
> > Resolving projects.unbit.it... 81.174.68.52
> > Connecting to projects.unbit.it|81.174.68.52|:80... connected.
> > HTTP request sent, awaiting response... 200 OK
> > Length: 465250 (454K) [application/x-gzip]
> > Saving to: “uwsgi-1.0.2.1.tar.gz”
> > 
> > 100%[======================================>] 465,250     93.5K/s   in 5.9s    
> > 
> > 2012-02-14 09:06:41 (76.9 KB/s) - “uwsgi-1.0.2.1.tar.gz” saved [465250/465250]
> > 
> > [root at beast SPECS]# sha256sum uwsgi-1.0.2.1.tar.gz
> > 78280b57a970db7842e4481f8b00f13d011f27b340c869dc1ad28d564d716439 
> > uwsgi-1.0.2.1.tar.gz
> > 
> > 
> > > [PASS] MUST: The package MUST successfully compile and build into binary rpms
> > > on at least one primary architecture.
> > > 
> > > [IRRELEVANT] MUST: If the package does not successfully compile, build or work
> > > on an architecture, then those architectures should be listed in the spec in
> > > ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in
> > > bugzilla, describing the reason that the package does not compile/build/work on
> > > that architecture. The bug number MUST be placed in a comment, next to the
> > > corresponding ExcludeArch line.
> > > 
> > > [PASS] MUST: All build dependencies must be listed in BuildRequires, except for
> > > any that are listed in the exceptions section of the Packaging Guidelines ;
> > > inclusion of those as BuildRequires is optional. Apply common sense.
> > > 
> > > [IRRELEVANT] MUST: The spec file MUST handle locales properly. This is done by
> > > using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.
> > > 
> > > [IRRELEVANT] MUST: Every binary RPM package (or subpackage) which stores shared
> > > library files (not just symlinks) in any of the dynamic linker's default paths,
> > > must call ldconfig in %post and %postun.
> > 
> > rather then irrelevant, NA (not applicable) makes more sense here.
> > > 
> > > [PASS] MUST: Packages must NOT bundle copies of system libraries.
> > > 
> > > [IRRELEVANT] MUST: If the package is designed to be relocatable, the packager
> > > must state this fact in the request for review, along with the rationalization
> > > for relocation of that specific package. Without this, use of Prefix: /usr is
> > > considered a blocker.
> > > 
> > > [PASS] MUST: A package must own all directories that it creates. If it does not
> > > create a directory that it uses, then it should require a package which does
> > > create that directory.
> > > 
> > 
> > are you sure about this?  %{_libdir}/%name doesn't appear to be owned by any
> > package although it is used by a variety of packages.  A recommendation on what
> > package should own this directory would be helpful for the packager as well.
> > 
> 
> I'm a bit confused here, I agree %{_libdir}/%{name} should be owned by some
> package (most likely -plugins-common) but I am not sure how to include that dir
> and *not* including the rest of the .so files within. If I do this in the spec:
> 
> %files -n %{name}-plugin-common
> %doc ChangeLog LICENSE README
> %{_libdir}/%{name}
> %{_libdir}/%{name}/cache_plugin.so
> %{_libdir}/%{name}/cgi_plugin.so
> %{_libdir}/%{name}/rpc_plugin.so
> %{_libdir}/%{name}/ugreen_plugin.so
> 
> It includes %{_libdir}/%{name} and *.so right in the first entry. Any clues how
> to do this?
> 

try %dir %{_libdir}/%name

> > > [PASS]  MUST: A Fedora package must not list a file more than once in the spec
> > > file's %files listings. (Notable exception: license texts in specific
> > > situations)
> > > 
> > > [PASS] MUST: Permissions on files must be set properly. Executables should be
> > > set with executable permissions, for example.
> > > 
> > > [PASS] MUST: Each package must consistently use macros.
> > > 
> > > [PASS] MUST: The package must contain code, or permissable content.
> > > 
> > > [IRRELEVANT] MUST: Large documentation files must go in a -doc subpackage. (The
> > > definition of large is left up to the packager's best judgement, but is not
> > > restricted to size. Large can refer to either size or quantity). [18]
> > > MUST: If a package includes something as %doc, it must not affect the runtime
> > > of the application. To summarize: If it is in %doc, the program must run
> > > properly if it is not present.
> > > 
> > > [IRRELEVANT] MUST: Static libraries must be in a -static package.
> > > 
> > > [PASS] MUST: Development files must be in a -devel package. [20]
> > > MUST: In the vast majority of cases, devel packages must require the base
> > > package using a fully versioned dependency: Requires: %{name}%{?_isa} =
> > > %{version}-%{release}
> > > 
> > > [PASS] MUST: Packages must NOT contain any .la libtool archives, these must be
> > > removed in the spec if they are built.
> > > 
> > > [IRRELEVANT] MUST: Packages containing GUI applications must include a
> > > %{name}.desktop file, and that file must be properly installed with
> > > desktop-file-install in the %install section. If you feel that your packaged
> > > GUI application does not need a .desktop file, you must put a comment in the
> > > spec file with your explanation. 
> > > 
> > > [PASS] MUST: Packages must not own files or directories already owned by other
> > > packages. The rule of thumb here is that the first package to be installed
> > > should own the files or directories that other packages may rely upon. This
> > > means, for example, that no package in Fedora should ever share ownership with
> > > any of the files or directories owned by the filesystem or man package. If you
> > > feel that you have a good reason to own a file or directory that another
> > > package owns, then please present that at package review time. [23]
> > > 
> > > [PASS] MUST: All filenames in rpm packages must be valid UTF-8.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list