Re: [Mageia-dev] Some more new rpmlint warning on upload
Op woensdag 27 juli 2011 18:30:23 schreef nicolas vigier: > On Wed, 27 Jul 2011, Maarten Vanraes wrote: > > Op woensdag 27 juli 2011 15:50:58 schreef Christiaan Welvaart: > > > On Wed, 27 Jul 2011, Maarten Vanraes wrote: > > > > Op woensdag 27 juli 2011 14:10:06 schreef Michael Scherer: > > > >> Le mercredi 27 juillet 2011 à 13:37 +0200, Michael Scherer a écrit : > > > >> * no-url-tag > > > >> while not blocking, I see no good reason for that. > > > > > > > > Well, i do have a package that does NOT have an url tag, for the > > > > simple reason that i quickly wrote it myself, and there is no > > > > version control, no homepage, no nothing, i wouldn't even know what > > > > url i should put into it. > > > > > > So create a page for it on the wiki and use that for the URL tag. > > > > > > Christiaan > > > > well, that sounds nice, but i still would like some policies about such > > software? what are the rules, do these packages have some kind of impact > > on mageia itself? also, clearly not every such software could/would be > > allowed? > > Which software are you talking about ? any kind of software that has wiki pages on mageia for eg: url links (which is none atm; but then, that's the whole point of this discussion) if i have packaged software (eg: plasma-applet-launchbutton ) which has no URL field, Christiaan Welvaart suggested to put a wiki page up and put that page in the URL field. I just wonder if this is a good idea or not. i'm sure we don't want any type of software to be put on wiki and in URL fields of packages.
Re: [Mageia-dev] Some more new rpmlint warning on upload
On Wed, 27 Jul 2011, Maarten Vanraes wrote: > Op woensdag 27 juli 2011 15:50:58 schreef Christiaan Welvaart: > > On Wed, 27 Jul 2011, Maarten Vanraes wrote: > > > Op woensdag 27 juli 2011 14:10:06 schreef Michael Scherer: > > >> Le mercredi 27 juillet 2011 à 13:37 +0200, Michael Scherer a écrit : > > >> * no-url-tag > > >> while not blocking, I see no good reason for that. > > > > > > Well, i do have a package that does NOT have an url tag, for the simple > > > reason that i quickly wrote it myself, and there is no version control, > > > no homepage, no nothing, i wouldn't even know what url i should put into > > > it. > > > > So create a page for it on the wiki and use that for the URL tag. > > > > > > Christiaan > > well, that sounds nice, but i still would like some policies about such > software? what are the rules, do these packages have some kind of impact on > mageia itself? also, clearly not every such software could/would be allowed? Which software are you talking about ?
Re: [Mageia-dev] Some more new rpmlint warning on upload
Op woensdag 27 juli 2011 15:29:02 schreef Thierry Vignaud: > On 27 July 2011 13:37, Michael Scherer wrote: [...] > > * file-not-in-%lang > > this will result in more disk space used for file that are not needed > > ( like locales, etc ). However, this can be annoying to fix, and not a > > widespread errors. > > This is borderline. > Not a real blocking issue IMGO In My Godlike Opinion ?
Re: [Mageia-dev] Some more new rpmlint warning on upload
Op woensdag 27 juli 2011 15:50:58 schreef Christiaan Welvaart: > On Wed, 27 Jul 2011, Maarten Vanraes wrote: > > Op woensdag 27 juli 2011 14:10:06 schreef Michael Scherer: > >> Le mercredi 27 juillet 2011 à 13:37 +0200, Michael Scherer a écrit : > >> * no-url-tag > >> while not blocking, I see no good reason for that. > > > > Well, i do have a package that does NOT have an url tag, for the simple > > reason that i quickly wrote it myself, and there is no version control, > > no homepage, no nothing, i wouldn't even know what url i should put into > > it. > > So create a page for it on the wiki and use that for the URL tag. > > > Christiaan well, that sounds nice, but i still would like some policies about such software? what are the rules, do these packages have some kind of impact on mageia itself? also, clearly not every such software could/would be allowed? and further more, an url should have a fixed page preferably, so, perhaps wait until the new wiki is there?
Re: [Mageia-dev] Some more new rpmlint warning on upload
On Wed, 27 Jul 2011, Maarten Vanraes wrote: Op woensdag 27 juli 2011 14:10:06 schreef Michael Scherer: Le mercredi 27 juillet 2011 à 13:37 +0200, Michael Scherer a écrit : * no-url-tag while not blocking, I see no good reason for that. Well, i do have a package that does NOT have an url tag, for the simple reason that i quickly wrote it myself, and there is no version control, no homepage, no nothing, i wouldn't even know what url i should put into it. So create a page for it on the wiki and use that for the URL tag. Christiaan
Re: [Mageia-dev] Some more new rpmlint warning on upload
Le mercredi 27 juillet 2011 à 15:29 +0200, Thierry Vignaud a écrit : > On 27 July 2011 13:37, Michael Scherer wrote: > > * non-standard-group > > > > This one cause problem in rpmdrake display ( among others ), as this add > > category with 1 single package. There is no false positives. > > That's actually a conf regression on our side, I think most packagers are used > to such rejects for a couple years and nobody will complain In fact, it was already enabled and not checked. I fixed it this morning ( and blocked -debug upload by errors ). > > * version-control-internal-file > > same as previous, but there is maybe some use case, that should then be > > added to exception > > idem Well, that's not blocking until someone ship a complete svn checkout and the package become twice the size :) -- Michael Scherer
Re: [Mageia-dev] Some more new rpmlint warning on upload
On 27 July 2011 14:10, Michael Scherer wrote: > I also found some others : > * bogus-variable-use-in-%posttrans > ia_ora-gnome.i586: W: bogus-variable-use-in-%posttrans $RPM_BUILD_ROOT > > this one is clearly a bug. yes but on the other hand, the intended action will work (or should at least), I don't expect this var to be expanded when rpm run such script. On the other side, it's very very fishy. so let's say OK > * no-url-tag > while not blocking, I see no good reason for that. Some packages have no more upstream > * spurious-executable-perm > file in %doc and manpages should not be executable. And so this errors > ( if I am not wrong ) should block upload. Yet I am not sure, so let's > add to the 2nd list ( discuss and then act ). > > * update-menus-without-menu-file-in-%postun > AFAIK, menu is deprecated in favor of freedesktop menu. So there is > clearly something wrong ( from icewm-light ) Maybe should we blacklist packages still having old menu entries instead?
Re: [Mageia-dev] Some more new rpmlint warning on upload
On 27 July 2011 13:37, Michael Scherer wrote: > * non-standard-group > > This one cause problem in rpmdrake display ( among others ), as this add > category with 1 single package. There is no false positives. That's actually a conf regression on our side, I think most packagers are used to such rejects for a couple years and nobody will complain > * invalid-desktopfile > > rpmlint run desktop-file-validate, and any invalid file is detected. > Invalid file will in the best case work fine, and in the worst case, not > work. So better be safe and fix the file. > > There is also some more controversial : I think this one got enabled at one stage on mdv > * file-not-in-%lang > this will result in more disk space used for file that are not needed > ( like locales, etc ). However, this can be annoying to fix, and not a > widespread errors. This is borderline. Not a real blocking issue IMGO > * version-control-internal-file > same as previous, but there is maybe some use case, that should then be > added to exception idem > * standard-dir-owned-by-package > some package ( like gromacs ) do created /usr/bin/. This is unclean and > should be blocked. On the other hand, the problem are mostly theoric > ( like "having a directory with 2 differents modes or owners ). > I also found some stuff that would cause real problem : > hunspell-ca.noarch: W: > world-writable /usr/share/doc/hunspell-ca/LICENSES-en.txt 0666 > > Yet, there is maybe some good case to have a file to be world writable ? we can whitelist the good cases if any > Or : > hdf-java.i586: W: non-readable /usr/share/java/fits.jar 0700 > > There is also some good case to have a file non-readable, but in /usr, > there is none. ( and in this case, this seems like the package is broken > ) > > So, to summarize, the proposal is : > - block upload on : > * missing-lsb-keyword > * malformed-line-in-lsb-comment-block > * useless-provides > * non-standard-group > * empty-%postun > * empty-%post > * invalid-desktopfile > * unknown-lsb-keyword > * standard-dir-owned-by-package > > discuss for blocking : > * backup-file-in-package > * version-control-internal-file > > discuss and find a list of exceptions for : > * world-writable > * non-readable > ( especially the non-readable part ). > > If no one protest, the 1st list will be added before I take my vacation, > in a few days. Let's go!
Re: [Mageia-dev] Some more new rpmlint warning on upload
Le mercredi 27 juillet 2011 à 14:15 +0200, Christiaan Welvaart a écrit : > On Wed, 27 Jul 2011, Michael Scherer wrote: > > > * useless-provides > > > > that's when foo provide foo. There is no case where it would needed. > > AFAIK there are many packages in the i586 repository that are called > libfoo-devel and have a provides libfoo-devel. For x86-64 the packages are > called lib64foo-devel so the rpmlint warning doesn't show up there. We have some choice : - declare that this is wrong - add a exception for *-devel on that error - add %ifarch in spec. If we follow the policy that amhad proposed, the option 2 is the way to go. -- Michael Scherer
Re: [Mageia-dev] Some more new rpmlint warning on upload
On 27.07.2011 14:37, Michael Scherer wrote: > I also found some stuff that would cause real problem : > hunspell-ca.noarch: W: > world-writable /usr/share/doc/hunspell-ca/LICENSES-en.txt 0666 > > Yet, there is maybe some good case to have a file to be world writable ? Maybe, but I'd guess not in /usr. -- Anssi Hannula
Re: [Mageia-dev] Some more new rpmlint warning on upload
On 27.07.2011 15:15, Christiaan Welvaart wrote: > On Wed, 27 Jul 2011, Michael Scherer wrote: > >> * useless-provides >> >> that's when foo provide foo. There is no case where it would needed. > > AFAIK there are many packages in the i586 repository that are called > libfoo-devel and have a provides libfoo-devel. For x86-64 the packages > are called lib64foo-devel so the rpmlint warning doesn't show up there. Indeed. Somewhat related: http://rpm.org/ticket/80 -- Anssi Hannula
Re: [Mageia-dev] Some more new rpmlint warning on upload
Op woensdag 27 juli 2011 14:10:06 schreef Michael Scherer: > Le mercredi 27 juillet 2011 à 13:37 +0200, Michael Scherer a écrit : > * no-url-tag > while not blocking, I see no good reason for that. Well, i do have a package that does NOT have an url tag, for the simple reason that i quickly wrote it myself, and there is no version control, no homepage, no nothing, i wouldn't even know what url i should put into it. preferably i would put this in some kind of version control, eg: a mageia git with a simple homepage, or maybe even a simple file release system. I remember talking about this mageia "foundry" before mageia release, but of course, this is not one of the most important things to do imho... mvg, Maarten
Re: [Mageia-dev] Some more new rpmlint warning on upload
On Wed, 27 Jul 2011, Michael Scherer wrote: * useless-provides that's when foo provide foo. There is no case where it would needed. AFAIK there are many packages in the i586 repository that are called libfoo-devel and have a provides libfoo-devel. For x86-64 the packages are called lib64foo-devel so the rpmlint warning doesn't show up there. Christiaan
Re: [Mageia-dev] Some more new rpmlint warning on upload
Le mercredi 27 juillet 2011 à 13:37 +0200, Michael Scherer a écrit : > * of course, this one is backup-file-in-package > while having foo.c~ or #.foo.c are not causing problem, this usually > take space for nothing. But since the problem is often in upstream > tarball, this can be tricky to fix. I also found some others : * bogus-variable-use-in-%posttrans ia_ora-gnome.i586: W: bogus-variable-use-in-%posttrans $RPM_BUILD_ROOT this one is clearly a bug. * no-url-tag while not blocking, I see no good reason for that. * non-standard-dir-in-usr inn.i586: W: non-standard-dir-in-usr com no really compliant with FHS, but on the other hand, inn seems complex to use and fix ... * self-obsoletion lots of package obsoletes themself ( or just one of their provides ). While the goal was to rename them, this should be done with proper versionning ( ie Obsoletes: foo < X ), as some upstream have changed their mind, or some software can reuse the name. Most specs are just wrong on that point, and should be corrected. ( so in the 2nd list ). * use-tmp-in-%postun this one is likely a security problem. Look at ipxutils script to see what I mean. * statically-linked-binary While there is some case for static binary, this one is clearly wrong : statically-linked-binary /usr/lib/debug/usr/lib/ibus-engine-pinyin.debug So I would add that one to the 3rd list of the previous mail. * spurious-executable-perm file in %doc and manpages should not be executable. And so this errors ( if I am not wrong ) should block upload. Yet I am not sure, so let's add to the 2nd list ( discuss and then act ). * update-menus-without-menu-file-in-%postun AFAIK, menu is deprecated in favor of freedesktop menu. So there is clearly something wrong ( from icewm-light ) ( watch for the 3rd mail, as I have done only half of the rpm for now ) -- Michael Scherer
