From Fedora Project Wiki

< User:Tibbs

Revision as of 15:20, 11 June 2008 by Tibbs (talk | contribs) (New page: Here is the template I use for doing package reviews. You're welcome to steal from it if you find it useful. Of course, you should only use the parts of this template for the package tha...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Here is the template I use for doing package reviews. You're welcome to steal from it if you find it useful. Of course, you should only use the parts of this template for the package that you're reviewing. For example, there's no real point in checking compiler flags and debuginfo generation for noarch packages.

source files match upstream:
 (I generally include the checksum from the script below)
package meets naming and versioning guidelines.
specfile is properly named, is cleanly written and uses macros consistently.
dist tag is present.
build root is correct.
 (%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) is the recommended value, but not the only one)
license field matches the actual license.
license is open source-compatible.
 (include one of the below)
license text not included upstream.
license text included in package.
latest version is being packaged.
BuildRequires are proper.
compiler flags are appropriate.
%clean is present.
package builds in mock.
package installs properly.
debuginfo package looks complete.
rpmlint is silent.
final provides and requires are sane:
  (paste in the rpm -qp --provides and --requires output)
%check is present and all tests pass:
  (if possible, include some info indicating a successful test suite)
  (it's OK if there's no test suite, but if one is there it should be run if possible)
no shared libraries are added to the regular linker search paths.
  (or, if shared libraries are present, make sure ldconfig is run)
owns the directories it creates.
doesn't own any directories it shouldn't.
no duplicates in %files.
file permissions are appropriate.
no scriptlets present.
code, not content.
documentation is small, so no -docs subpackage is necessary.
%docs are not necessary for the proper functioning of the package.
no headers.
no pkgconfig files.
no libtool .la droppings.
not a GUI app.

A quick script to grab the upstream source and compare it to what's in an (unpacked) srpm:

  1. !/bin/sh

mkdir source cd source spectool -g ../*spec for i in *; do

 sha256sum $i
 sha256sum ../$i

done