Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1290922 - Review Request: moose - Multiscale Neuroscience and Systems Biology Simulator
Summary: Review Request: moose - Multiscale Neuroscience and Systems Biology Simulator
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Antonio T. (sagitter)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: fedora-neuro, NeuroFedora
TreeView+ depends on / blocked
 
Reported: 2015-12-11 22:18 UTC by Zbigniew Jędrzejewski-Szmek
Modified: 2015-12-31 01:51 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-31 01:51:10 UTC
Type: ---
Embargoed:
anto.trande: fedora-review+


Attachments (Terms of Use)

Description Zbigniew Jędrzejewski-Szmek 2015-12-11 22:18:50 UTC
Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec
SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.1.fc24.beta.2.src.rpm
Fedora Account System Username: zbyszek

Description:
MOOSE is the base and numerical core for large, detailed simulations
including Computational Neuroscience and Systems Biology. MOOSE spans
the range from single molecules to subcellular networks, from single
cells to neuronal networks, and to still larger systems. It is
backwards-compatible with GENESIS, and forward compatible with Python
and XML-based model definition standards like SBML and NeuroML.

MOOSE uses Python as its primary scripting language. For backward
compatibility we have a GENESIS scripting module, but this is
deprecated. MOOSE numerical code is written in C++.

Comment 1 Antonio T. (sagitter) 2015-12-12 11:44:54 UTC
Please, take care of exonerate if you do not mind: https://bugzilla.redhat.com/show_bug.cgi?id=1290450

Comment 2 Antonio T. (sagitter) 2015-12-12 13:27:57 UTC
Linking of 'moose.bin' failed because of "undefined reference" errors.

Comment 3 Zbigniew Jędrzejewski-Szmek 2015-12-12 17:55:14 UTC
It seems to be the c++11 related errors. I was hoping that the libsbml rebuild will be enough, but apparently not. I'll work on a proper fix. You can use a F22 mock for now if you wish to build it.

Comment 4 Zbigniew Jędrzejewski-Szmek 2015-12-12 21:18:47 UTC
Yesterday I forgot to actually rebuild libsbml in non-scratch mode. I did that now. It builds fine here with the updated libsbml.

Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec
SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.2.fc24.beta.2.src.rpm

Also note: I didn't build documentation, because upstream has a separate repo for documentation, and I think they are in the process of splitting it out. So until the dust settles and it becomes clear which is the "right" source of docs, I don't think it makes sense to waste time on building it as part of the package.

Comment 5 Upstream Release Monitoring 2015-12-13 15:22:08 UTC
sagitter's scratch build of moose-3.0.2-0.2.fc24.beta.2.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12176320

Comment 6 Zbigniew Jędrzejewski-Szmek 2015-12-13 15:56:51 UTC
Oh, stupid bug. Should be fixed now.

Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec
SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.3.fc24.beta.2.src.rpm

Comment 7 Upstream Release Monitoring 2015-12-13 16:40:00 UTC
sagitter's scratch build of moose-3.0.2-0.3.fc24.beta.2.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12176821

Comment 8 Antonio T. (sagitter) 2015-12-13 17:07:54 UTC
(fedora-review is not reliable in these days)

Review:

===== MUST items =====

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Header files in -devel subpackage, if present.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[!]: Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.

biophysics/VClamp.cpp: *No copyright* LGPL (v3 or later)
builtins/Func.cpp: *No copyright* LGPL (v3 or later)
builtins/Function.cpp: *No copyright* LGPL (v3 or later)

are managed by compiler; i think guidelines for "Mixed Source Licensing Scenario" may be imposed here.
https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#Mixed_Source_Licensing_Scenario

[!]: License field in the package spec file matches the actual license.
[!]: License file installed when any subpackage combination is installed.

None license file is packaged.

[x]: Package must own all directories that it creates.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
     names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
     Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[-]: gtk-update-icon-cache is invoked in %postun and %posttrans if package
     contains icons.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
     (~1MB) or number of files.
     Note: Documentation size is 20480 bytes in 2 files.
[!]: Package complies to the Packaging Guidelines

--> See above.

[x]: Package successfully compiles and builds into binary rpms on at least
     one supported primary architecture.
[x]: Rpmlint is run on all rpms the build produces.

moose.src: W: spelling-error Summary(en_US) Multiscale -> Timescale
moose.src: W: spelling-error %description -l en_US subcellular -> sub cellular, sub-cellular, cellular
moose.x86_64: W: spelling-error Summary(en_US) Multiscale -> Timescale
moose.x86_64: W: spelling-error %description -l en_US subcellular -> sub cellular, sub-cellular, cellular
moose.x86_64: W: no-manual-page-for-binary moose
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.cpp
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.h
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.cpp
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/biophysics/MarkovChannel.h
moose-debuginfo.x86_64: W: spurious-executable-perm /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.h

--> Fix 'spurious-executable-perm' warnings.

[!]: If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %license.

--> See above.

[-]: Package requires other packages for directories it uses.
[-]: Package does not own files or directories owned by other packages.
[!]: All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.

--> gcc-c++ make can be removed as BR.

[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[-]: Package contains desktop file if it is a GUI application.
[-]: Package installs a %{name}.desktop using desktop-file-install or
     desktop-file-validate if there is such a file.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
     work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
     provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

===== SHOULD items =====

Generic:
[x]: Sources can be downloaded from URI in Source: tag
[-]: If the source package does not include license text(s) as a separate
     file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Fully versioned dependency in subpackages if applicable.
     Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv-
     debuginfo
[ ]: Package functions as described.
[x]: Latest version is packaged.
[?]: Package does not include license text files separate from upstream.
[!]: Patches link to upstream bugs/comments/lists or are otherwise
     justified.

--> Please, leave comments about patches.

[-]: SourceX tarball generation or download is documented.
[-]: Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[x]: Package should compile and build into binary rpms on all supported
     architectures.
[-]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed
     files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: Uses parallel make %{?_smp_mflags} macro.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.

===== EXTRA items =====

$ checksec --file ./moose
RELRO  STACK CANARY  NX       PIE      RPATH  RUNPATH      FILE
Full   Canary found  enabled  enabled  No     No RUNPATH   ./moose

I suggest to control whith 'checksec' in F22 if it's necessary.

>OpenMPI (1.8.x)     OPTIONAL For running moose in parallel on clusters

An OpenMPI implemented version is available even if optional.

Comment 9 Zbigniew Jędrzejewski-Szmek 2015-12-13 21:44:21 UTC
(In reply to Antonio Trande from comment #8)
> (fedora-review is not reliable in these days)
I run it with '-x CheckOwnDirs' and it's mostly OK...

> Generic:
> [!]: Package is licensed with an open-source compatible license and meets
>      other legal requirements as defined in the legal section of Packaging
>      Guidelines.
> 
> biophysics/VClamp.cpp: *No copyright* LGPL (v3 or later)
> builtins/Func.cpp: *No copyright* LGPL (v3 or later)
> builtins/Function.cpp: *No copyright* LGPL (v3 or later)
> 
> are managed by compiler; i think guidelines for "Mixed Source Licensing
> Scenario" may be imposed here.
> https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/
> LicensingGuidelines#Mixed_Source_Licensing_Scenario
I don't think this actually applies: that paragraph talks about the case
where sources have two different licenses, and to satisfy the license you have
to satisfy the constrains from both licenses (e.g. both "no advertising", and
"modifications as patches only"). But in this case we are mixing LGPL and GPL.
GPL is a superset of LGPL, and also, GPL does not allow any additional restrictions
to be added. So effectively, the binary package is distributed under the terms of GPL,
and no additional constraints exists and no different licensing is available.

> [!]: License field in the package spec file matches the actual license.
> [!]: License file installed when any subpackage combination is installed.
> 
> None license file is packaged.
Pull request with the license text: https://github.com/BhallaLab/moose-core/pull/50.


> [x]: Package must own all directories that it creates.
> [x]: %build honors applicable compiler flags or justifies otherwise.
> [x]: Package contains no bundled libraries without FPC exception.
> [x]: Changelog in prescribed format.
> [x]: Sources contain only permissible code or content.
> [-]: Development files must be in a -devel package
> [x]: Package uses nothing in %doc for runtime.
> [x]: Package consistently uses macros (instead of hard-coded directory
>      names).
> [x]: Package is named according to the Package Naming Guidelines.
> [x]: Package does not generate any conflict.
> [x]: Package obeys FHS, except libexecdir and /usr/target.
> [-]: If the package is a rename of another package, proper Obsoletes and
>      Provides are present.
> [x]: Requires correct, justified where necessary.
> [x]: Spec file is legible and written in American English.
> [-]: Package contains systemd file(s) if in need.
> [-]: gtk-update-icon-cache is invoked in %postun and %posttrans if package
>      contains icons.
> [x]: Useful -debuginfo package or justification otherwise.
> [x]: Package is not known to require an ExcludeArch tag.
> [-]: Large documentation must go in a -doc subpackage. Large could be size
>      (~1MB) or number of files.
>      Note: Documentation size is 20480 bytes in 2 files.
> [!]: Package complies to the Packaging Guidelines
> 
> --> See above.
> 
> [x]: Package successfully compiles and builds into binary rpms on at least
>      one supported primary architecture.
> [x]: Rpmlint is run on all rpms the build produces.
> 
> moose.src: W: spelling-error Summary(en_US) Multiscale -> Timescale
> moose.src: W: spelling-error %description -l en_US subcellular -> sub
> cellular, sub-cellular, cellular
> moose.x86_64: W: spelling-error Summary(en_US) Multiscale -> Timescale
> moose.x86_64: W: spelling-error %description -l en_US subcellular -> sub
> cellular, sub-cellular, cellular
> moose.x86_64: W: no-manual-page-for-binary moose
> moose-debuginfo.x86_64: W: spurious-executable-perm
> /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.cpp
> moose-debuginfo.x86_64: W: spurious-executable-perm
> /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.h
> moose-debuginfo.x86_64: W: spurious-executable-perm
> /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/utility/strutil.cpp
> moose-debuginfo.x86_64: W: spurious-executable-perm
> /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/biophysics/MarkovChannel.h
> moose-debuginfo.x86_64: W: spurious-executable-perm
> /usr/src/debug/moose-core-ghevar_3.0.2-beta.2/device/RC.h
Fixed, also https://github.com/BhallaLab/moose-core/pull/51.

> --> Fix 'spurious-executable-perm' warnings.
> 
> [!]: If (and only if) the source package includes the text of the
>      license(s) in its own file, then that file, containing the text of the
>      license(s) for the package is included in %license.
> 
> --> See above.
The way I understand this point, if the license is missing, it is not supposed
to be included from other sources.
 
> [-]: Package requires other packages for directories it uses.
> [-]: Package does not own files or directories owned by other packages.
> [!]: All build dependencies are listed in BuildRequires, except for any
>      that are listed in the exceptions section of Packaging Guidelines.
> 
> --> gcc-c++ make can be removed as BR.
That's an error in fedora-review. gcc-g++ might be removed from the default
build root, and this dependency future-proofs against that.

> [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
> [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
>      beginning of %install.
> [x]: Macros in Summary, %description expandable at SRPM build time.
> [-]: Package contains desktop file if it is a GUI application.
> [-]: Package installs a %{name}.desktop using desktop-file-install or
>      desktop-file-validate if there is such a file.
> [x]: Dist tag is present.
> [x]: Package does not contain duplicates in %files.
> [x]: Permissions on files are set properly.
> [x]: Package use %makeinstall only when make install DESTDIR=... doesn't
>      work.
> [x]: Package is named using only allowed ASCII characters.
> [x]: Package does not use a name that already exists.
> [x]: Package is not relocatable.
> [x]: Sources used to build the package match the upstream source, as
>      provided in the spec URL.
> [x]: Spec file name must match the spec package %{name}, in the format
>      %{name}.spec.
> [x]: File names are valid UTF-8.
> [x]: Packages must not store files under /srv, /opt or /usr/local
> 
> ===== SHOULD items =====
> 
> Generic:
> [x]: Sources can be downloaded from URI in Source: tag
> [-]: If the source package does not include license text(s) as a separate
>      file from upstream, the packager SHOULD query upstream to include it.
> [x]: Final provides and requires are sane (see attachments).
> [x]: Fully versioned dependency in subpackages if applicable.
>      Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv-
>      debuginfo
> [ ]: Package functions as described.
> [x]: Latest version is packaged.
> [?]: Package does not include license text files separate from upstream.
> [!]: Patches link to upstream bugs/comments/lists or are otherwise
>      justified.
> 
> --> Please, leave comments about patches.
> 
> [-]: SourceX tarball generation or download is documented.
> [-]: Description and summary sections in the package spec file contains
>      translations for supported Non-English languages, if available.
> [x]: Package should compile and build into binary rpms on all supported
>      architectures.
> [-]: %check is present and all tests pass.
> [x]: Packages should try to preserve timestamps of original installed
>      files.
> [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
> [x]: Reviewer should test that the package builds in mock.
> [x]: Buildroot is not present
> [x]: Package has no %clean section with rm -rf %{buildroot} (or
>      $RPM_BUILD_ROOT)
> [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
> [x]: Uses parallel make %{?_smp_mflags} macro.
> [x]: SourceX is a working URL.
> [x]: Spec use %global instead of %define unless justified.
> 
> ===== EXTRA items =====
> 
> $ checksec --file ./moose
> RELRO  STACK CANARY  NX       PIE      RPATH  RUNPATH      FILE
> Full   Canary found  enabled  enabled  No     No RUNPATH   ./moose
> 
> I suggest to control whith 'checksec' in F22 if it's necessary.
I don't understand: this checksec output looks OK, no?

> >OpenMPI (1.8.x)     OPTIONAL For running moose in parallel on clusters
> 
> An OpenMPI implemented version is available even if optional.

Yeah, but the MPI stuff is pretty new. I would prefer to get the non-MPI version working reliably first.

Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec
SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.4.fc24.beta.2.src.rpm

Comment 10 Upstream Release Monitoring 2015-12-13 21:52:57 UTC
zbyszek's scratch build of moose-3.0.2-0.4.fc24.beta.2.src.rpm for f23 failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12178938

Comment 11 Zbigniew Jędrzejewski-Szmek 2015-12-13 21:59:26 UTC
I fired off some builds. F23 will probably fail because of libsbml.

Comment 12 Upstream Release Monitoring 2015-12-13 22:17:28 UTC
zbyszek's scratch build of moose-3.0.2-0.4.fc24.beta.2.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12178937

Comment 13 Antonio T. (sagitter) 2015-12-13 22:31:34 UTC
(In reply to Zbigniew Jędrzejewski-Szmek from comment #9)
> (In reply to Antonio Trande from comment #8)
> > 
> > [!]: If (and only if) the source package includes the text of the
> >      license(s) in its own file, then that file, containing the text of the
> >      license(s) for the package is included in %license.
> > 
> > --> See above.
> The way I understand this point, if the license is missing, it is not
> supposed
> to be included from other sources.

Any license file must be tagged with '%license' macro. In this package there is not any license file but i think you can add a GPLv3 text file as long as upstream includes an own one.

>  
> > [-]: Package requires other packages for directories it uses.
> > [-]: Package does not own files or directories owned by other packages.
> > [!]: All build dependencies are listed in BuildRequires, except for any
> >      that are listed in the exceptions section of Packaging Guidelines.
> > 
> > --> gcc-c++ make can be removed as BR.
> That's an error in fedora-review. gcc-g++ might be removed from the default
> build root, and this dependency future-proofs against that.
> 
> > [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
> > [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
> >      beginning of %install.
> > [x]: Macros in Summary, %description expandable at SRPM build time.
> > [-]: Package contains desktop file if it is a GUI application.
> > [-]: Package installs a %{name}.desktop using desktop-file-install or
> >      desktop-file-validate if there is such a file.
> > [x]: Dist tag is present.
> > [x]: Package does not contain duplicates in %files.
> > [x]: Permissions on files are set properly.
> > [x]: Package use %makeinstall only when make install DESTDIR=... doesn't
> >      work.
> > [x]: Package is named using only allowed ASCII characters.
> > [x]: Package does not use a name that already exists.
> > [x]: Package is not relocatable.
> > [x]: Sources used to build the package match the upstream source, as
> >      provided in the spec URL.
> > [x]: Spec file name must match the spec package %{name}, in the format
> >      %{name}.spec.
> > [x]: File names are valid UTF-8.
> > [x]: Packages must not store files under /srv, /opt or /usr/local
> > 
> > ===== SHOULD items =====
> > 
> > Generic:
> > [x]: Sources can be downloaded from URI in Source: tag
> > [-]: If the source package does not include license text(s) as a separate
> >      file from upstream, the packager SHOULD query upstream to include it.
> > [x]: Final provides and requires are sane (see attachments).
> > [x]: Fully versioned dependency in subpackages if applicable.
> >      Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv-
> >      debuginfo
> > [ ]: Package functions as described.
> > [x]: Latest version is packaged.
> > [?]: Package does not include license text files separate from upstream.
> > [!]: Patches link to upstream bugs/comments/lists or are otherwise
> >      justified.
> > 
> > --> Please, leave comments about patches.
> > 
> > [-]: SourceX tarball generation or download is documented.
> > [-]: Description and summary sections in the package spec file contains
> >      translations for supported Non-English languages, if available.
> > [x]: Package should compile and build into binary rpms on all supported
> >      architectures.
> > [-]: %check is present and all tests pass.
> > [x]: Packages should try to preserve timestamps of original installed
> >      files.
> > [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
> > [x]: Reviewer should test that the package builds in mock.
> > [x]: Buildroot is not present
> > [x]: Package has no %clean section with rm -rf %{buildroot} (or
> >      $RPM_BUILD_ROOT)
> > [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
> > [x]: Uses parallel make %{?_smp_mflags} macro.
> > [x]: SourceX is a working URL.
> > [x]: Spec use %global instead of %define unless justified.
> > 
> > ===== EXTRA items =====
> > 
> > $ checksec --file ./moose
> > RELRO  STACK CANARY  NX       PIE      RPATH  RUNPATH      FILE
> > Full   Canary found  enabled  enabled  No     No RUNPATH   ./moose
> > 
> > I suggest to control whith 'checksec' in F22 if it's necessary.
> I don't understand: this checksec output looks OK, no?

'checksec' output of 'moose' bin file compiled in F24/F23 is good but hardened builds are not automatically activated on F22, so maybe you will have need to add compiler/linker flags manually.

Comment 14 Zbigniew Jędrzejewski-Szmek 2015-12-14 05:04:12 UTC
(In reply to Antonio Trande from comment #13)
> (In reply to Zbigniew Jędrzejewski-Szmek from comment #9)
> > (In reply to Antonio Trande from comment #8)
> > > 
> > > [!]: If (and only if) the source package includes the text of the
> > >      license(s) in its own file, then that file, containing the text of the
> > >      license(s) for the package is included in %license.
> > > 
> > > --> See above.
> > The way I understand this point, if the license is missing, it is not
> > supposed
> > to be included from other sources.
> 
> Any license file must be tagged with '%license' macro. In this package there
> is not any license file but i think you can add a GPLv3 text file as long as
> upstream includes an own one.

"If the source package does not include the text of the license(s), the packager should contact upstream and encourage them to correct this mistake. [...] It is important to reiterate that in situations where the indicated license does not imply a requirement that the license be distributed along with the source/binaries, Fedora packagers are NOT required to manually include the full license text when it is absent from the source code. but are still encouraged to point out this issue to upstream and encourage them to remedy it."

I submitted a pull request with the license text. Once upstream either merges it
or resolves this in some other way, I'll include the license in the package.

> > > [-]: Package requires other packages for directories it uses.
> > > [-]: Package does not own files or directories owned by other packages.
> > > [!]: All build dependencies are listed in BuildRequires, except for any
> > >      that are listed in the exceptions section of Packaging Guidelines.
> > > 
> > > --> gcc-c++ make can be removed as BR.
> > That's an error in fedora-review. gcc-g++ might be removed from the default
> > build root, and this dependency future-proofs against that.
> > 
> > > [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
> > > [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
> > >      beginning of %install.
> > > [x]: Macros in Summary, %description expandable at SRPM build time.
> > > [-]: Package contains desktop file if it is a GUI application.
> > > [-]: Package installs a %{name}.desktop using desktop-file-install or
> > >      desktop-file-validate if there is such a file.
> > > [x]: Dist tag is present.
> > > [x]: Package does not contain duplicates in %files.
> > > [x]: Permissions on files are set properly.
> > > [x]: Package use %makeinstall only when make install DESTDIR=... doesn't
> > >      work.
> > > [x]: Package is named using only allowed ASCII characters.
> > > [x]: Package does not use a name that already exists.
> > > [x]: Package is not relocatable.
> > > [x]: Sources used to build the package match the upstream source, as
> > >      provided in the spec URL.
> > > [x]: Spec file name must match the spec package %{name}, in the format
> > >      %{name}.spec.
> > > [x]: File names are valid UTF-8.
> > > [x]: Packages must not store files under /srv, /opt or /usr/local
> > > 
> > > ===== SHOULD items =====
> > > 
> > > Generic:
> > > [x]: Sources can be downloaded from URI in Source: tag
> > > [-]: If the source package does not include license text(s) as a separate
> > >      file from upstream, the packager SHOULD query upstream to include it.
> > > [x]: Final provides and requires are sane (see attachments).
> > > [x]: Fully versioned dependency in subpackages if applicable.
> > >      Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in freedv-
> > >      debuginfo
> > > [ ]: Package functions as described.
> > > [x]: Latest version is packaged.
> > > [?]: Package does not include license text files separate from upstream.
> > > [!]: Patches link to upstream bugs/comments/lists or are otherwise
> > >      justified.
> > > 
> > > --> Please, leave comments about patches.
I forgot to address this comment. Most patches are not really upstreamable,
they should be replaced with proper fixes to the build system.
I added some comments to the spec file.

> > > [-]: SourceX tarball generation or download is documented.
> > > [-]: Description and summary sections in the package spec file contains
> > >      translations for supported Non-English languages, if available.
> > > [x]: Package should compile and build into binary rpms on all supported
> > >      architectures.
> > > [-]: %check is present and all tests pass.
> > > [x]: Packages should try to preserve timestamps of original installed
> > >      files.
> > > [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
> > > [x]: Reviewer should test that the package builds in mock.
> > > [x]: Buildroot is not present
> > > [x]: Package has no %clean section with rm -rf %{buildroot} (or
> > >      $RPM_BUILD_ROOT)
> > > [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
> > > [x]: Uses parallel make %{?_smp_mflags} macro.
> > > [x]: SourceX is a working URL.
> > > [x]: Spec use %global instead of %define unless justified.
> > > 
> > > ===== EXTRA items =====
> > > 
> > > $ checksec --file ./moose
> > > RELRO  STACK CANARY  NX       PIE      RPATH  RUNPATH      FILE
> > > Full   Canary found  enabled  enabled  No     No RUNPATH   ./moose
> > > 
> > > I suggest to control whith 'checksec' in F22 if it's necessary.
> > I don't understand: this checksec output looks OK, no?
> 
> 'checksec' output of 'moose' bin file compiled in F24/F23 is good but
> hardened builds are not automatically activated on F22, so maybe you will
> have need to add compiler/linker flags manually.

I added checksec output to the build process. The output is not checked, but
it will show up in the logs.

It turns out that the python subpackage was incomplete, and it was missing proper
Requires. It seems that the rpm dependency generator ignores so files if they are
not executable. Should be fixed now. I also added a simple check that imports
the module to verify that at least it loads correctly.

Spec URL: https://in.waw.pl/~zbyszek/fedora/moose.spec
SRPM URL: https://in.waw.pl/~zbyszek/fedora/moose-3.0.2-0.4.fc24.beta.2.src.rpm

Comment 15 Upstream Release Monitoring 2015-12-14 05:37:29 UTC
zbyszek's scratch build of moose-3.0.2-0.4.fc24.beta.2.src.rpm for f22 completed http://koji.fedoraproject.org/koji/taskinfo?taskID=12179791

Comment 16 Antonio T. (sagitter) 2015-12-14 09:11:56 UTC
Package approved.

Comment 17 Zbigniew Jędrzejewski-Szmek 2015-12-14 13:18:21 UTC
Thanks!

BTW., the two pull requests I sent yesterday are already merged, so I'll update the license file before uploading.

Comment 18 Gwyn Ciesla 2015-12-14 14:22:05 UTC
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/moose

Comment 19 Fedora Update System 2015-12-14 15:56:24 UTC
moose-3.0.2-0.4.fc22.beta.2 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-44f4e1796a

Comment 20 Zbigniew Jędrzejewski-Szmek 2015-12-18 03:04:56 UTC
(In reply to Zbigniew Jędrzejewski-Szmek from comment #9)
> (In reply to Antonio Trande from comment #8)
> > Generic:
> > [!]: Package is licensed with an open-source compatible license and meets
> >      other legal requirements as defined in the legal section of Packaging
> >      Guidelines.
> > 
> > biophysics/VClamp.cpp: *No copyright* LGPL (v3 or later)
> > builtins/Func.cpp: *No copyright* LGPL (v3 or later)
> > builtins/Function.cpp: *No copyright* LGPL (v3 or later)
> > 
> > are managed by compiler; i think guidelines for "Mixed Source Licensing
> > Scenario" may be imposed here.
> > https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/
> > LicensingGuidelines#Mixed_Source_Licensing_Scenario
> I don't think this actually applies: that paragraph talks about the case
> where sources have two different licenses, and to satisfy the license you
> have
> to satisfy the constrains from both licenses (e.g. both "no advertising", and
> "modifications as patches only"). But in this case we are mixing LGPL and
> GPL.
> GPL is a superset of LGPL, and also, GPL does not allow any additional
> restrictions
> to be added. So effectively, the binary package is distributed under the
> terms of GPL,
> and no additional constraints exists and no different licensing is available.

While looking at a different review ticket, I found the relevant part of
guidelines in the FAQ:
https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What_is_.22effective_license.22_and_do_I_need_to_know_that_for_the_License:_tag.3F
It seems to match what I said above, but it's always good to have an
authoritative source.

Comment 21 Fedora Update System 2015-12-22 15:37:00 UTC
moose-3.0.2-0.4.fc22.beta.2 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-44f4e1796a

Comment 22 Fedora Update System 2015-12-31 01:51:08 UTC
moose-3.0.2-0.4.fc22.beta.2 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.