Diretrizes para revisão de pacotes

Este é um conjunto de diretrizes para Revisões de Pacotes. Observe que uma lista completa de itens a serem verificados seria impossível, mas todos os esforços foram feitos para tornar este documento o mais abrangente possível. Revisores e colaboradores (empacotadores) devem usar seu melhor julgamento sempre que os itens não estiverem claros e, em caso de dúvida, pergunte sobre o lista de empacotamento do Fedora .

Processo de revisão de pacotes

Contributors and reviewers MUST follow the Package Review Process, with the following exceptions:

  • FPC concede isenção explícita do processo, conforme indicado aqui.

  • O pacote está sendo criado para que várias versões do mesmo pacote possam coexistir na distribuição (ou coexistir entre EPEL e RHEL). O pacote DEVE ser nomeado apropriadamente de acordo com o diretrizes de nomenclatura e NÃO DEVE entrar em conflito com todas as outras versões do mesmo pacote.

  • O pacote existe no Fedora e no RHEL, mas o empacotador deseja enviá-lo em EPEL com um nome alternativo (conforme exigido pela política de EPEL) para fornecer um subpacote que existe no Fedora, mas não existe (ou não é fornecido) no RHEL.

Coisas para verificar na revisão

Há muitas coisas a verificar para uma revisão. Esta lista é fornecida para ajudar os novos revisores a identificar as áreas que eles devem procurar, mas não está completa. Os revisores devem usar seu próprio bom senso ao revisar os pacotes. Os itens listados se enquadram em duas categorias: DEVERIA e OBRIGATÓRIO.

  • OBRIGATÓRIO: rpmlint deve ser executado no rpm fonte e em todos os rpms binários que a compilação produz. A saída deve ser publicada na revisão.[1]

  • OBRIGATÓRIO: O pacote deve estar nomeado em conformidade com as Diretrizes de nomenclatura de pacotes.+

  • MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [2] .

  • MUST: The package must meet the Packaging Guidelines .

  • MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines .

  • MUST: The License field in the package spec file must match the actual license. [3]

  • MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %license.[4]

  • MUST: The spec file must be written in American English. [5]

  • MUST: The spec file for the package MUST be legible. [6]

  • MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use sha256sum for this task as it is used by the sources file once imported into git. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this.

  • MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [7]

  • MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [8]

  • MUST: All build dependencies must be listed in BuildRequires. [9]

  • MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.[10]

  • MUST: Packages must NOT bundle copies of system libraries.[11]

  • MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [12]

  • MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [13]

  • MUST: A Fedora package must not list a file more than once in the spec file’s %files listings. (Notable exception: license texts in specific situations)[14]

  • MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. [15]

  • MUST: Each package must consistently use macros. [16]

  • MUST: The package must contain code, or permissible content. [17]

  • MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager’s best judgement, but is not restricted to size. Large can refer to either size or quantity). [18]

  • MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [19]

  • MUST: Static libraries must be in a -static package. [20]

  • MUST: Development files must be in a -devel package. [21]

  • MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name}%{?_isa} = %{version}-%{release} [22]

  • MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.[23]

  • MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [24]

  • MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [25]

  • MUST: All filenames in rpm packages must be valid UTF-8. [26]

  • MUST: Packages being added to the distribution MUST NOT depend on any packages which have been marked as being deprecated. [27]

  • SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [28]

  • SHOULD: The reviewer should test that the package builds in mock. [29]

  • SHOULD: The package should compile and build into binary rpms on all supported architectures. [30]

  • SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example.

  • SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. [31]

  • SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. [32]

  • SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. [33]

  • SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. [34]

  • SHOULD: your package should contain man pages for binaries/scripts. If it doesn’t, work with upstream to add them where they make sense.[35]

A note on dependencies

It is often useful to submit a package for review along with its dependencies in separate tickets. As long as the submitter sets up the Depends on: and Blocks: fields in bugzilla properly, this is not an issue, and it is perfectly possible to review these packages before the full dependency chain is in the distribution (by maintaining a local repository, building and installing the packages locally, or maintaining a Copr).

However, please keep in mind that you cannot do koji builds if all of the build dependencies are not met (because you cannot provide additional dependencies to koji) and when the time comes to build these packages, they must be built in order and you must wait between builds for the dependencies to make it into the appropriate branch of the distribution. For the devel branch (Rawhide) this happens frequently and can be automated using chain builds, but for release branches each package must make it all the way to stable before the next package in the chain can be built.

Please also note that while you may actually be able to build a package because all of its build-time dependencies are met, the package may still be non-installable (and thus useless) if its runtime dependencies are not met. A package MUST not be built if any of its runtime dependencies are unsatisfied.

References to the Fedora Packaging Guidelines