From Fedora Project Wiki
No edit summary
No edit summary
Line 57: Line 57:
  done
  done
</code>
</code>
A more involved script that I use do to all of my mock builds which also installs the built packages into the chroot and runs rpmlint on the built and installed packages is available from http://www.math.uh.edu/~tibbs/dobuild.

Revision as of 16:12, 11 June 2008

Here is the template I use for doing package reviews. You're welcome to steal from it if you find it useful. Of course, you should only use the parts of this template for the package that you're reviewing. For example, there's no real point in checking compiler flags and debuginfo generation for noarch packages.

source files match upstream:
 (I generally include the checksum from the script below)
package meets naming and versioning guidelines.
specfile is properly named, is cleanly written and uses macros consistently.
dist tag is present.
build root is correct.
 (%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) is the recommended value, but not the only one)
license field matches the actual license.
license is open source-compatible.
 (include one of the below)
license text not included upstream.
license text included in package.
latest version is being packaged.
BuildRequires are proper.
compiler flags are appropriate.
%clean is present.
package builds in mock.
package installs properly.
debuginfo package looks complete.
rpmlint is silent.
final provides and requires are sane:
  (paste in the rpm -qp --provides and --requires output)
%check is present and all tests pass:
  (if possible, include some info indicating a successful test suite)
  (it's OK if there's no test suite, but if one is there it should be run if possible)
no shared libraries are added to the regular linker search paths.
  (or, if shared libraries are present, make sure ldconfig is run)
owns the directories it creates.
doesn't own any directories it shouldn't.
no duplicates in %files.
file permissions are appropriate.
no scriptlets present.
  (or, if scriptlets are present, compare them against the ScriptletSnippets page)
code, not content.
documentation is small, so no -docs subpackage is necessary.
%docs are not necessary for the proper functioning of the package.
no headers.
no pkgconfig files.
no libtool .la droppings.
not a GUI app.
 (or, if it's a GUI app, check that a desktop file is installed properly and is valid)

A quick script to grab the upstream source and compare it to what's in an (unpacked) srpm:

#!/bin/sh
mkdir source
cd source
spectool -g ../*spec
for i in *; do
  sha256sum $i
  sha256sum ../$i
done

A more involved script that I use do to all of my mock builds which also installs the built packages into the chroot and runs rpmlint on the built and installed packages is available from http://www.math.uh.edu/~tibbs/dobuild.