From Fedora Project Wiki

No edit summary
(Update to current Packaging Guidelines)
 
Line 11: Line 11:
? = Not evaluated
? = Not evaluated


=== REQUIRED ITEMS ===
[ ]  Rpmlint output:
[ ]  Package is named according to the Package Naming Guidelines[1].
[ ]  Spec file name must match the base package name, in the format %{name}.spec.
[ ]  Package meets the Packaging Guidelines[2].
[ ]  Package successfully compiles and builds into binary rpms.
[ ]  Buildroot definition is not present
[ ]  Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].
[ ]  License field in the package spec file matches the actual license.
License type:
[ ]  If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[ ]  All independent sub-packages have license of their own
[ ]  Spec file is legible and written in American English.
[ ]  Sources used to build the package matches the upstream source, as provided in the spec URL.
MD5SUM this package    :
MD5SUM upstream package:
[ ]  All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[ ]  Package must own all directories that it creates or must require other packages for directories it uses.
[ ]  Package does not contain duplicates in %files.
[ ]  File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[ ]  Permissions on files are set properly.
[ ]  Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[ ]  Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[ ]  Package contains code, or permissable content.
[ ]  Fully versioned dependency in subpackages, if present.
[ ]  Package contains a properly installed %{name}.desktop file if it is a GUI application.
[ ]  Package does not own files or directories owned by other packages.
[ ]  Javadoc documentation files are generated and included in -javadoc subpackage
[ ]  Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)
[ ]  Packages have proper BuildRequires/Requires on jpackage-utils
[ ]  Javadoc subpackages have Require: jpackage-utils
[ ]  Package uses %global not %define
[ ]  If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[ ]  If source tarball includes bundled jar/class files these need to be removed prior to building
[ ]  All filenames in rpm packages must be valid UTF-8.
[ ]  Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[ ]  If package contains pom.xml files install it (including depmaps) even when building with ant
[ ]  pom files has correct add_maven_depmap


=== Maven ===
=== Generic reqired items ===
[ ]  Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[ ]  If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[ ]  If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[ ]  Package DOES NOT use %update_maven_depmap in %post/%postun
[ ]  Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro


=== Other suggestions ===
[ ] rpmlint must be run on the source rpm and all binary rpms the
[ ] If possible use upstream build method (maven/ant/javac)
    build produces. The output should be posted in the review.
[ ] Avoid having BuildRequires on exact NVR unless necessary
 
[ ] Package has BuildArch: noarch (if possible)
[ ] The package must be named according to the Package Naming
[ ] Latest version is packaged.
    Guidelines.
[ ] Reviewer should test that the package builds in mock.
 
Tested on:
[ ] The spec file name must match the base package %{name}, in the
    format %{name}.spec unless your package has an exemption.
 
[ ] The package must meet the Packaging Guidelines.
 
[ ] The package must be licensed with a Fedora approved license and
    meet the Licensing Guidelines.
 
[ ] The License field in the package spec file must match the actual
    license.
 
[ ] If (and only if) the source package includes the text of the
    license(s) in its own file, then that file, containing the text of
    the license(s) for the package must be included in %license.
 
[ ] The spec file must be written in American English.
 
[ ] The spec file for the package MUST be legible.
 
[ ] The sources used to build the package must match the upstream
    source, as provided in the spec URL. Reviewers should use
    sha256sum for this task as it is used by the sources file once
    imported into git. If no upstream URL can be specified for this
    package, please see the Source URL Guidelines for how to deal with
    this.
 
[ ] The package MUST successfully compile and build into binary rpms
    on at least one primary architecture.
 
[ ] If the package does not successfully compile, build or work on an
    architecture, then those architectures should be listed in the
    spec in ExcludeArch. Each architecture listed in ExcludeArch MUST
    have a bug filed in bugzilla, describing the reason that the
    package does not compile/build/work on that architecture. The bug
    number MUST be placed in a comment, next to the corresponding
    ExcludeArch line.
 
[ ] All build dependencies must be listed in BuildRequires.
 
[ ] The spec file MUST handle locales properly. This is done by using
    the %find_lang macro. Using %{_datadir}/locale/* is strictly
    forbidden.
 
[ ] Packages must NOT bundle copies of system libraries.
 
[ ] If the package is designed to be relocatable, the packager must
    state this fact in the request for review, along with the
    rationalization for relocation of that specific package. Without
    this, use of Prefix: /usr is considered a blocker.
 
[ ] A package must own all directories that it creates. If it does not
    create a directory that it uses, then it should require a package
    which does create that directory.
 
[ ] A Fedora package must not list a file more than once in the spec
    file’s %files listings. (Notable exception: license texts in
    specific situations)
 
[ ] Permissions on files must be set properly. Executables should be
    set with executable permissions, for example.
 
[ ] Each package must consistently use macros.
 
[ ] The package must contain code, or permissible content.
 
[ ] Large documentation files must go in a -doc subpackage. (The
    definition of large is left up to the packager’s best judgement,
    but is not restricted to size. Large can refer to either size or
    quantity).
 
[ ] If a package includes something as %doc, it must not affect the
    runtime of the application. To summarize: If it is in %doc, the
    program must run properly if it is not present.
 
[ ] Static libraries must be in a -static package.
 
[ ] Development files must be in a -devel package.
 
[ ] In the vast majority of cases, devel packages must require the
    base package using a fully versioned dependency: Requires:
    %{name}%{?_isa} = %{version}-%{release}
 
[ ] Packages must NOT contain any .la libtool archives, these must be
    removed in the spec if they are built.
 
[ ] Packages containing GUI applications must include a
    %{name}.desktop file, and that file must be properly installed
    with desktop-file-install in the %install section. If you feel
    that your packaged GUI application does not need a .desktop file,
    you must put a comment in the spec file with your
    explanation.
 
[ ] Packages must not own files or directories already owned by other
    packages. The rule of thumb here is that the first package to be
    installed should own the files or directories that other packages
    may rely upon. This means, for example, that no package in Fedora
    should ever share ownership with any of the files or directories
    owned by the filesystem or man package. If you feel that you have
    a good reason to own a file or directory that another package
    owns, then please present that at package review time.
 
[ ] All filenames in rpm packages must be valid UTF-8.
 
[ ] Packages being added to the distribution MUST NOT depend on any
    packages which have been marked as being deprecated.
 
 
=== Generic optional items ===
 
[ ] If the source package does not include license text(s) as a
    separate file from upstream, the packager SHOULD query upstream to
    include it.
 
[ ] The reviewer should test that the package builds in mock.
 
[ ] The package should compile and build into binary rpms on all
    supported architectures.
 
[ ] The reviewer should test that the package functions as
    described. A package should not segfault instead of running, for
    example.
 
[ ] If scriptlets are used, those scriptlets must be sane. This is
    vague, and left up to the reviewers judgement to determine sanity.
 
[ ] Usually, subpackages other than devel should require the base
    package using a fully versioned dependency.
 
[ ] The placement of pkgconfig(.pc) files depends on their usecase,
    and this is usually for development purposes, so should be placed
    in a -devel pkg. A reasonable exception is that the main pkg
    itself is a devel tool not installed in a user runtime, e.g. gcc
    or gdb.
 
[ ] If the package has file dependencies outside of /etc, /bin, /sbin,
    /usr/bin, or /usr/sbin consider requiring the package which
    provides the file instead of the file itself.
 
[ ] The package should contain man pages for binaries/scripts. If it
    doesn’t, work with upstream to add them where they make sense.
 
 
=== Java required items  ===
 
[ ] Binary *.class and *.jar files from upstream releases MUST NOT be
    used during build of Fedora packages and they MUST NOT be included
    in binary RPM.
 
[ ] All architecture-independent JAR files MUST go into %{_javadir} or
    its subdirectory.
 
[ ] Java packages MUST BuildRequire their respective build system:
 
[ ] Java binary packages MUST have transitive Requires on:
    java-headless, java, java-devel
 
[ ] Java binary packages MUST have transitive Requires on:
    javapackages-filesystem, javapackages-tools
 
[ ] If javadoc documentation is generated it MUST be installed into a
    directory of %{_javadocdir}/%{name} as part of %{name}-javadoc
    subpackage
 
[ ] Compatibility packages MUST be named in the same way as original
    except addition of version to package name,
 
[ ] Any compatibility JAR and POM files MUST be versioned.
 
 
=== Java optional items  ===
 
[ ] If the package provides a single JAR file installed filename
    SHOULD be %{name}.jar.
 
[ ] If the package provides multiple JAR files, they SHOULD be
    installed in a %{name} subdirectory.
 
[ ] Applications wishing to provide a convenient method of execution
    SHOULD provide a wrapper script in %{_bindir}. Packages SHOULD use
    %jpackage_script to create these wrapper scripts.
 
 
=== rpmlint output ===




=== Issues ===
=== Issues ===
1.
1.


=== Final Notes ===
=== Final Notes ===
Line 82: Line 222:
*** REJECTED ***
*** REJECTED ***
================
================
[1] https://fedoraproject.org/wiki/Packaging:NamingGuidelines
[2] https://fedoraproject.org/wiki/Packaging:Guidelines
[3] https://fedoraproject.org/wiki/Packaging:LicensingGuidelines
[4] https://fedoraproject.org/wiki/Licensing:Main
[5] https://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2
[6] https://fedoraproject.org/wiki/Packaging:Java#Filenames
</pre>
</pre>


[[Category:Package Maintainers/Review Template]]
[[Category:Package Maintainers/Review Template]]

Latest revision as of 11:51, 10 October 2021

Following template can be used by reviewers to simplify their reviews of Java packages and by packagers to double-check they haven't forgotten something.

Package Review
==============

Key:
- = N/A
x = Check
! = Problem
? = Not evaluated


=== Generic reqired items ===

[ ] rpmlint must be run on the source rpm and all binary rpms the
    build produces. The output should be posted in the review.

[ ] The package must be named according to the Package Naming
    Guidelines.

[ ] The spec file name must match the base package %{name}, in the
    format %{name}.spec unless your package has an exemption.

[ ] The package must meet the Packaging Guidelines.

[ ] The package must be licensed with a Fedora approved license and
    meet the Licensing Guidelines.

[ ] The License field in the package spec file must match the actual
    license.

[ ] If (and only if) the source package includes the text of the
    license(s) in its own file, then that file, containing the text of
    the license(s) for the package must be included in %license.

[ ] The spec file must be written in American English.

[ ] The spec file for the package MUST be legible.

[ ] The sources used to build the package must match the upstream
    source, as provided in the spec URL. Reviewers should use
    sha256sum for this task as it is used by the sources file once
    imported into git. If no upstream URL can be specified for this
    package, please see the Source URL Guidelines for how to deal with
    this.

[ ] The package MUST successfully compile and build into binary rpms
    on at least one primary architecture.

[ ] If the package does not successfully compile, build or work on an
    architecture, then those architectures should be listed in the
    spec in ExcludeArch. Each architecture listed in ExcludeArch MUST
    have a bug filed in bugzilla, describing the reason that the
    package does not compile/build/work on that architecture. The bug
    number MUST be placed in a comment, next to the corresponding
    ExcludeArch line.

[ ] All build dependencies must be listed in BuildRequires.

[ ] The spec file MUST handle locales properly. This is done by using
    the %find_lang macro. Using %{_datadir}/locale/* is strictly
    forbidden.

[ ] Packages must NOT bundle copies of system libraries.

[ ] If the package is designed to be relocatable, the packager must
    state this fact in the request for review, along with the
    rationalization for relocation of that specific package. Without
    this, use of Prefix: /usr is considered a blocker.

[ ] A package must own all directories that it creates. If it does not
    create a directory that it uses, then it should require a package
    which does create that directory.

[ ] A Fedora package must not list a file more than once in the spec
    file’s %files listings. (Notable exception: license texts in
    specific situations)

[ ] Permissions on files must be set properly. Executables should be
    set with executable permissions, for example.

[ ] Each package must consistently use macros.

[ ] The package must contain code, or permissible content.

[ ] Large documentation files must go in a -doc subpackage. (The
    definition of large is left up to the packager’s best judgement,
    but is not restricted to size. Large can refer to either size or
    quantity).

[ ] If a package includes something as %doc, it must not affect the
    runtime of the application. To summarize: If it is in %doc, the
    program must run properly if it is not present.

[ ] Static libraries must be in a -static package.

[ ] Development files must be in a -devel package.

[ ] In the vast majority of cases, devel packages must require the
    base package using a fully versioned dependency: Requires:
    %{name}%{?_isa} = %{version}-%{release}

[ ] Packages must NOT contain any .la libtool archives, these must be
    removed in the spec if they are built.

[ ] Packages containing GUI applications must include a
    %{name}.desktop file, and that file must be properly installed
    with desktop-file-install in the %install section. If you feel
    that your packaged GUI application does not need a .desktop file,
    you must put a comment in the spec file with your
    explanation.

[ ] Packages must not own files or directories already owned by other
    packages. The rule of thumb here is that the first package to be
    installed should own the files or directories that other packages
    may rely upon. This means, for example, that no package in Fedora
    should ever share ownership with any of the files or directories
    owned by the filesystem or man package. If you feel that you have
    a good reason to own a file or directory that another package
    owns, then please present that at package review time.

[ ] All filenames in rpm packages must be valid UTF-8.

[ ] Packages being added to the distribution MUST NOT depend on any
    packages which have been marked as being deprecated.


=== Generic optional items ===

[ ] If the source package does not include license text(s) as a
    separate file from upstream, the packager SHOULD query upstream to
    include it.

[ ] The reviewer should test that the package builds in mock.

[ ] The package should compile and build into binary rpms on all
    supported architectures.

[ ] The reviewer should test that the package functions as
    described. A package should not segfault instead of running, for
    example.

[ ] If scriptlets are used, those scriptlets must be sane. This is
    vague, and left up to the reviewers judgement to determine sanity.

[ ] Usually, subpackages other than devel should require the base
    package using a fully versioned dependency.

[ ] The placement of pkgconfig(.pc) files depends on their usecase,
    and this is usually for development purposes, so should be placed
    in a -devel pkg. A reasonable exception is that the main pkg
    itself is a devel tool not installed in a user runtime, e.g. gcc
    or gdb.

[ ] If the package has file dependencies outside of /etc, /bin, /sbin,
    /usr/bin, or /usr/sbin consider requiring the package which
    provides the file instead of the file itself.

[ ] The package should contain man pages for binaries/scripts. If it
    doesn’t, work with upstream to add them where they make sense.


=== Java required items  ===

[ ] Binary *.class and *.jar files from upstream releases MUST NOT be
    used during build of Fedora packages and they MUST NOT be included
    in binary RPM.

[ ] All architecture-independent JAR files MUST go into %{_javadir} or
    its subdirectory.

[ ] Java packages MUST BuildRequire their respective build system:

[ ] Java binary packages MUST have transitive Requires on:
    java-headless, java, java-devel

[ ] Java binary packages MUST have transitive Requires on:
    javapackages-filesystem, javapackages-tools

[ ] If javadoc documentation is generated it MUST be installed into a
    directory of %{_javadocdir}/%{name} as part of %{name}-javadoc
    subpackage

[ ] Compatibility packages MUST be named in the same way as original
    except addition of version to package name,

[ ] Any compatibility JAR and POM files MUST be versioned.


=== Java optional items  ===

[ ] If the package provides a single JAR file installed filename
    SHOULD be %{name}.jar.

[ ] If the package provides multiple JAR files, they SHOULD be
    installed in a %{name} subdirectory.

[ ] Applications wishing to provide a convenient method of execution
    SHOULD provide a wrapper script in %{_bindir}. Packages SHOULD use
    %jpackage_script to create these wrapper scripts.


=== rpmlint output ===


=== Issues ===
1.


=== Final Notes ===
1.


================
*** APPROVED ***
================

or

================
*** REJECTED ***
================