From Fedora Project Wiki
(Created page with 'Mandatory review guidelines: - rpmlint output - rpmlint output that probably doesn't need correcting for - Package meets naming guidelines - Spec file matches base package na...')
 
 
(28 intermediate revisions by the same user not shown)
Line 1: Line 1:
This page contains copypasteable templates for package reviews.  The [[#Core Guidelines|Core Guidelines]] section contains the rules that apply to every package.  The rest contain rules that apply to specific types of packages.  Those can be appended to the core guidelines.
== Core Guidelines ==
Core guidelines, which apply to every package, incorporate the following:
* [[Packaging:ReviewGuidelines|Review guidelines]]
* [[Packaging:NamingGuidelines|Naming guidelines]]
* [[Packaging:Guidelines|Packaging guidelines]]
<pre>
Mandatory review guidelines:
Mandatory review guidelines:
  - rpmlint output
  - rpmlint output:
  - rpmlint output that probably doesn't need correcting for
  ...
  - Package meets naming guidelines
- Spec file name matches base package name
  - Spec file matches base package name
- License is acceptable (...)
- License field in spec is correct
  - License files included in package if included in source package
  - License files installed when any subpackage combination is installed
  - Spec written in American English
  - Spec is legible
  - Spec is legible
- Spec written in American English
  - Sources match upstream unless altered to fix permissibility issues
- License is acceptable (MIT)
  Upstream SHA256: ...
- License field in spec is correct
  Your SHA256:    ...
- License file included in package %docs or not included in upstream source
  - Build succeeds on at least one primary arch
  - Sources match upstream (unless altered due to fix permissibility issues)
  - Build succeeds on all primary arches or has ExcludeArch + justification
- Sources contain only permissible code or content
  - BuildRequires correct, justified where necessary
  - Build succeeds on at least one supported platform
  - Locales handled with %find_lang, not %_datadir/locale/*
  - Build succeeds on all supported platforms or has ExcludeArch + bugs filed
  - BuildRequires correct
  - Package handles locales w/find_lang
  - %post, %postun call ldconfig if package contains shared .so files
  - %post, %postun call ldconfig if package contains shared .so files
  - No bundled libs
  - No bundled libs
  - Relocatability is justified
  - Relocatability is justified
  - Package owns all directories it creates
  - Package owns all directories it creates
  - Package requires those that create directories it requires
  - Package requires others for directories it uses but does not own
- Package's files and directories don't conflict with others'
  - No duplication in %files unless necessary for license files
  - No duplicate files in %files
- Each %files section contains %defattr
  - File permissions are sane
  - File permissions are sane
  - Consistent use of macros
  - Package contains permissible code or content
  - Large documentation files go in -doc package
  - Large docs go in -doc subpackage
  - Missing %doc files do not affect runtime
  - %doc files not required at runtime
- Headers go in -devel package
  - Static libs go in -static package or virtual Provides
  - Static libs go in -static package
  - Development files go in -devel package
  - Unversioned .so files go in -devel package
  - -devel packages Require base with fully-versioned dependency, %_isa
  - Devel packages require base w/ fully-versioned dependency
  - No .la files
  - Package contains no .la files
  - GUI app uses .desktop file, installs it with desktop-file-install
  - GUI app installs .desktop file w/ desktop-file-install or has justification
- File list does not conflict with other packages' without justification
  - File names are valid UTF-8
  - File names are valid UTF-8
Optional review guidelines:
- Query upstream about including missing license files
- Translations of description, summary
- Builds in mock
- Builds on all arches
- Functions as described (e.g. no crashes)
- Scriptlets are sane
- Subpackages require base with fully-versioned dependency if sensible
- .pc file subpackage placement is sensible
- No file deps outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin
- Include man pages if available
Naming guidelines:
- Package names use only a-zA-Z0-9-._+ subject to restrictions on -._+
- Package names are sane
- No naming conflicts
- Version is sane
- Version does not contain ~
- Release is sane
- %dist tag
- Case used only when necessary
- Package names follow applicable language/addon rules


Packaging guidelines:
Packaging guidelines:
  - license file installed when any subpackage combination is installed
  - Useful without external bits
  - Package obeys FHS, except libexecdir and /usr/target
- No kmods
  - Changelog in prescribed format
- Pre-built binaries, libs removed in %prep
  - Spec file lacks Packager, Vendor, PreReq tags
- Sources contain only redistributable code or content
  - BuildRoot tag included on < F10/EL5
- Pre-generated code contains original sources
  - Correct %clean section on < F13
- Spec format is sane
- noarch package with unported deps has correct ExclusiveArch
- Arch-specific sources/patches are applied, not included, conditionally
  - Package obeys FHS, except libexecdir, /run, /usr/target
  - %{_prefix}/lib only used for multilib-exempt packages
- Programs run before FS mounting use /run instead of /var/run
  - No files under /srv, /usr/local, /home
- Files under /opt constrained to an approved /opt/fedora subdir
  - File dependencies not broken by /usr move
  - No BuildRoot, Group, %clean, Packager, Vendor, Copyright, Prereq
- Summary does not end in a period
  - Requires correct, justified where necessary
  - Requires correct, justified where necessary
  - %build honors applicable compiler flags or justifies otherwise
  - Recommends, Suggests, Supplements, Enhances are sane
  - Useful -debuginfo package or justification otherwise
- No boolean dependencies
  - No static executables
- Automatic Requires, Provides filtered if necessary
- BuildRequires lack %{_isa}
- BuildRequires: pkgconfig(foo) where necessary
- Summary, description do not use trademarks incorrectly
- All relevant documentation is packaged, appropriately marked with %doc
- Relative path %doc files and %_pkgdocdir not mixed
- Doc files do not drag in extra dependencies (e.g. due to +x)
- Changelog in a prescribed format
- Code compilable with gcc is compiled with gcc
- Build honors applicable compiler flags or justifies otherwise
- PIE used for long-running/root daemons, setuid/filecap programs
  - Useful -debuginfo package or disabled and justified
- Shared libs are versioned
  - No static executables (except OCaml)
- System libraries used when supported by upstream
- Bundled libraries have Provides, link to upstream refusal to unbundle
- No bundled fonts
  - Rpath absent or only used for internal libs
  - Rpath absent or only used for internal libs
  - %config files marked noreplace or justified
  - Config files marked with %config(noreplace) or justified %config
  - No %config files under /usr
  - No config files under /usr
  - SysV-style init script
  - Third party package manager configs acceptable, only in %_docdir
  - Spec uses macros instead of hard-coded directory names
- Per-product configs handled correctly
  - %makeinstall used only when ``make install DESTDIR=...'' doesn't work
- No init scripts
  - Macros in Summary, %description expandable at SRPM build time
- .desktop files are sane
- desktop-file-install/validate run on .desktop files, as appropriate
- No desktop-file-install --vendor on >= F19
- AppData files included if possible
- Spec uses macros consistently
  - Spec uses macros instead of hard-coded names where appropriate
- Spec uses macros for executables only when configurability is needed
  - %makeinstall used only when alternatives don't work
  - Macros in Summary, description are expandable at srpm build time
- Spec uses %{SOURCE#} instead of $RPM_SOURCE_DIR and %sourcedir
- SCL macros limited to SCL-specific packages
- Macro files go under %_rpmconfigdir/macros.d or %_sysconfdir/rpm
- Macro files named macros.%name
- Macro files not marked with %config
- Build uses only python/perl/shell+coreutils/lua/BuildRequired langs
- %global, not %define
- Package translating with gettext BuildRequires it
- Package translating with Linguist BuildRequires qt-devel
- Log file locations are sane
- Log files are rotated
- File ops preserve timestamps
- Parallel make
- Scriptlets write only to allowed locations
- %pretrans written in lua
- User, group creation handled correctly (See Packaging:UsersAndGroups)
- Web apps go in /usr/share/%name, not /var/www
  - Conflicts are justified
  - Conflicts are justified
  - No kernel modules
  - Patches have appropriate commentary
- Patches not applied directly from RPM_SOURCE_DIR
- Available test suites executed in %check
- sysctl.d files applied in %post with %sysctl_apply
- binfmt.d files applied in %post with %binfmt_apply
- tmpfiles.d used for /run, /run/lock
- Package renaming/replacement handled correctly
- IPv6 enabled if supported and IPv4 remains functional
- Changelogs for CVE fixes mention CVE numbers
- Package builds without network access
- Dependency bootstrapping handled correctly
- TLS-using code follows crypto policies (See Packaging:CryptoPolicies)
</pre>
 
== [[Packaging:Systemd|Systemd Guidelines]] ==
<pre>
Systemd guidelines:
- Traditional service uses a unit file
- Non-standard service commands converted to standalone scripts
- Unit names are sane
- Description= lines do not exceed 80 characters
- Documentation field has correct URI format
- Service Type= declarations are correct
- Service has sane [Service], [Install] sections
- Requires=, Wants= used only when necessary
- Units do not refer to runlevel*.target
- Symlinks used instead of Name=
- StandardOutput=, StandardError= used only when necessary
- Hardware-activated service not activated by package
- Socket-activated service has FESCo approval, correct unit files
- Package prefers timer units to cron jobs iff systemd-dependent
- Unit files go in %_unitdir
- BuildRequires: systemd for %_unitdir macro
- Packaged unit files are not %config files
- Unit file scriptlets are correct
- tmpfiles.d used where needed
</pre>
 
== [[Packaging:SysVInitScript|SysV Init Script Guidelines]] ==
<pre>
SysVInitScript guidelines:
- Init scripts go in /etc/rc.d/init.d
- Init scripts not marked with %config
- Init script configuration in /etc/sysconfig
- Init scripts have 0755 permissions
- Packages with unit files put init scripts in -sysvinit subpackage
- chkconfig, initscripts Requires, init scripts correct
- Daemon-spawning init scripts manage /var/lock/subsys/%name
- Init scripts have chkconfig headers
- Init script environment variables have reasonable defaults
- Init scripts implement all required actions
- Init script behavior is sensible
- Init script return codes are correct
</pre>
 
== [[Packaging:CronFiles|Cron File Guidelines]] ==
<pre>
Cron file guidelines:
- Custom crontabs in /etc/cron.d have 0640 permissions
- Custom crontabs in /etc/cron.d refer to executables in normal places
- Cron jobs marked with %config(noreplace)
- Cron job file names match package name, lack + and .
- Package with cron job Requires: crontabs
</pre>


Optional review guidelines:
== [[Packaging:Java|Java Guidelines]] ==
  - Query upstream about including license files
<pre>
  - Translations of description, Summary
Java guidelines:
  - Builds in mock
  - Javadocs go in javadoc subpackage
  - Functions as described
- Prefer split JARs over monolithic
  - Scriptlets are sane
- JAR file names correct
  - Non-devel subpackages require base w/ fully-versioned dependencies
- JAR files go in %{_javadir} or %{_javadir}-$version
  - .pc files go in -devel unless main package is a development tool
  - Compat package jar, pom files are versioned
  - No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin
  - Javadocs go in unversioned %{_javadocdir}/%{name}
  - Man pages included for all executables
  - javadoc subpackage is noarch
  - Latest version
  - BuildRequires java-devel, jpackage-utils
  - Has dist tag
- Requires java, jpackage-utils
  - %global instead of %define
  - Dependencies on java/java-devel >= 1.6.0 add epoch 1
  - File timestamps preserved by file ops
- pom.xml files, if available, are installed along with their depmaps
  - Parallel make
- Spec contains correct maven code
  - Patches link to upstream bugs/comments/lists or are otherwise justified
  - pom.xml files, if patched, are patched sanely
- Wrapper script in %{_bindir}
- GCJ AOT bits follow GCJ guidelines
- No devel package
- EE API-providing packages have correct Provides
- EE API-using packages mage appropriate Requires, build-classpath
- JNI-using JARs go in %_jnidir
- JNI shared objects go in %{_libdir}/%{name}
- Calls to System.loadLibrary replaced w/ System.load w/ full .so path
- Bundled JAR files not included or used for build
  - No Javadoc %post/%ghost
- No class-path elements in JAR manifests
</pre>
 
== [[Packaging:Perl|Perl Guidelines]] ==
<pre>
Perl guidelines:
- "GPL+ or Artistic", not "Artistic or GPL+"
- Module requirements use virtual perl(modname) syntax
- Spec BuildRequires correct core modules, not perl-devel
- Spec contains correct MODULE_COMPAT_ Requires
- Requires/Provides are sane
- CPAN URL tag is not versioned
- All tests enabled where possible
- Use Build.PL if present unless justified otherwise
- .h files not split into -devel package
</pre>
 
== [[Packaging:Python|Python Guidelines]] ==
<pre>
Python guidelines:
- Runtime Requires correct
- BuildRequires: python2-devel and/or python3-devel
- Python 2 modules Provide: python2-*
  - Python 3 modules Provide: python3-*
  - Main python version modules Provide: python-*
  - Spec uses versioned path macros
- All .py files packaged with .pyc, .pyo counterparts
  - INSTALLED_FILES not used for %files list
- Includes .egg-info files/directories when generated
- Bytecode only optimized with appropriate optimization levels
- .py not under site-libs byte-compiled against correct runtimes
- Non-split packages named python2-* and python3-*
- Unversioned executables use OS-preferred runtime when possible
- Versioned executables provided with both -X and -X.Y suffixes
  - Eggs built from source
  - Eggs do not download deps during build
  - Compat packages use easy_install -m to avoid conflicts
- At least one version of each module is importable w/o version
- Provides/Requires properly filtered
</pre>
 
[[Category:Package Maintainers/Review Template]]

Latest revision as of 23:49, 11 August 2016

This page contains copypasteable templates for package reviews. The Core Guidelines section contains the rules that apply to every package. The rest contain rules that apply to specific types of packages. Those can be appended to the core guidelines.

Core Guidelines

Core guidelines, which apply to every package, incorporate the following:

Mandatory review guidelines:
 - rpmlint output:
   ...
 - Spec file name matches base package name
 - License is acceptable (...)
 - License field in spec is correct
 - License files included in package if included in source package
 - License files installed when any subpackage combination is installed
 - Spec written in American English
 - Spec is legible
 - Sources match upstream unless altered to fix permissibility issues
   Upstream SHA256: ...
   Your SHA256:     ...
 - Build succeeds on at least one primary arch
 - Build succeeds on all primary arches or has ExcludeArch + justification
 - BuildRequires correct, justified where necessary
 - Locales handled with %find_lang, not %_datadir/locale/*
 - %post, %postun call ldconfig if package contains shared .so files
 - No bundled libs
 - Relocatability is justified
 - Package owns all directories it creates
 - Package requires others for directories it uses but does not own
 - No duplication in %files unless necessary for license files
 - File permissions are sane
 - Package contains permissible code or content
 - Large docs go in -doc subpackage
 - %doc files not required at runtime
 - Static libs go in -static package or virtual Provides
 - Development files go in -devel package
 - -devel packages Require base with fully-versioned dependency, %_isa
 - No .la files
 - GUI app uses .desktop file, installs it with desktop-file-install
 - File list does not conflict with other packages' without justification
 - File names are valid UTF-8

Optional review guidelines:
 - Query upstream about including missing license files
 - Translations of description, summary
 - Builds in mock
 - Builds on all arches
 - Functions as described (e.g. no crashes)
 - Scriptlets are sane
 - Subpackages require base with fully-versioned dependency if sensible
 - .pc file subpackage placement is sensible
 - No file deps outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin
 - Include man pages if available

Naming guidelines:
 - Package names use only a-zA-Z0-9-._+ subject to restrictions on -._+
 - Package names are sane
 - No naming conflicts
 - Version is sane
 - Version does not contain ~
 - Release is sane
 - %dist tag
 - Case used only when necessary
 - Package names follow applicable language/addon rules

Packaging guidelines:
 - Useful without external bits
 - No kmods
 - Pre-built binaries, libs removed in %prep
 - Sources contain only redistributable code or content
 - Pre-generated code contains original sources
 - Spec format is sane
 - noarch package with unported deps has correct ExclusiveArch
 - Arch-specific sources/patches are applied, not included, conditionally
 - Package obeys FHS, except libexecdir, /run, /usr/target
 - %{_prefix}/lib only used for multilib-exempt packages
 - Programs run before FS mounting use /run instead of /var/run
 - No files under /srv, /usr/local, /home
 - Files under /opt constrained to an approved /opt/fedora subdir
 - File dependencies not broken by /usr move
 - No BuildRoot, Group, %clean, Packager, Vendor, Copyright, Prereq
 - Summary does not end in a period
 - Requires correct, justified where necessary
 - Recommends, Suggests, Supplements, Enhances are sane
 - No boolean dependencies
 - Automatic Requires, Provides filtered if necessary
 - BuildRequires lack %{_isa}
 - BuildRequires: pkgconfig(foo) where necessary
 - Summary, description do not use trademarks incorrectly
 - All relevant documentation is packaged, appropriately marked with %doc
 - Relative path %doc files and %_pkgdocdir not mixed
 - Doc files do not drag in extra dependencies (e.g. due to +x)
 - Changelog in a prescribed format
 - Code compilable with gcc is compiled with gcc
 - Build honors applicable compiler flags or justifies otherwise
 - PIE used for long-running/root daemons, setuid/filecap programs
 - Useful -debuginfo package or disabled and justified
 - Shared libs are versioned
 - No static executables (except OCaml)
 - System libraries used when supported by upstream
 - Bundled libraries have Provides, link to upstream refusal to unbundle
 - No bundled fonts
 - Rpath absent or only used for internal libs
 - Config files marked with %config(noreplace) or justified %config
 - No config files under /usr
 - Third party package manager configs acceptable, only in %_docdir
 - Per-product configs handled correctly
 - No init scripts
 - .desktop files are sane
 - desktop-file-install/validate run on .desktop files, as appropriate
 - No desktop-file-install --vendor on >= F19
 - AppData files included if possible
 - Spec uses macros consistently
 - Spec uses macros instead of hard-coded names where appropriate
 - Spec uses macros for executables only when configurability is needed
 - %makeinstall used only when alternatives don't work
 - Macros in Summary, description are expandable at srpm build time
 - Spec uses %{SOURCE#} instead of $RPM_SOURCE_DIR and %sourcedir
 - SCL macros limited to SCL-specific packages
 - Macro files go under %_rpmconfigdir/macros.d or %_sysconfdir/rpm
 - Macro files named macros.%name
 - Macro files not marked with %config
 - Build uses only python/perl/shell+coreutils/lua/BuildRequired langs
 - %global, not %define
 - Package translating with gettext BuildRequires it
 - Package translating with Linguist BuildRequires qt-devel
 - Log file locations are sane
 - Log files are rotated
 - File ops preserve timestamps
 - Parallel make
 - Scriptlets write only to allowed locations
 - %pretrans written in lua
 - User, group creation handled correctly (See Packaging:UsersAndGroups)
 - Web apps go in /usr/share/%name, not /var/www
 - Conflicts are justified
 - Patches have appropriate commentary
 - Patches not applied directly from RPM_SOURCE_DIR
 - Available test suites executed in %check
 - sysctl.d files applied in %post with %sysctl_apply
 - binfmt.d files applied in %post with %binfmt_apply
 - tmpfiles.d used for /run, /run/lock
 - Package renaming/replacement handled correctly
 - IPv6 enabled if supported and IPv4 remains functional
 - Changelogs for CVE fixes mention CVE numbers
 - Package builds without network access
 - Dependency bootstrapping handled correctly
 - TLS-using code follows crypto policies (See Packaging:CryptoPolicies)

Systemd Guidelines

Systemd guidelines:
 - Traditional service uses a unit file
 - Non-standard service commands converted to standalone scripts
 - Unit names are sane
 - Description= lines do not exceed 80 characters
 - Documentation field has correct URI format
 - Service Type= declarations are correct
 - Service has sane [Service], [Install] sections
 - Requires=, Wants= used only when necessary
 - Units do not refer to runlevel*.target
 - Symlinks used instead of Name=
 - StandardOutput=, StandardError= used only when necessary
 - Hardware-activated service not activated by package
 - Socket-activated service has FESCo approval, correct unit files
 - Package prefers timer units to cron jobs iff systemd-dependent
 - Unit files go in %_unitdir
 - BuildRequires: systemd for %_unitdir macro
 - Packaged unit files are not %config files
 - Unit file scriptlets are correct
 - tmpfiles.d used where needed

SysV Init Script Guidelines

SysVInitScript guidelines:
 - Init scripts go in /etc/rc.d/init.d
 - Init scripts not marked with %config
 - Init script configuration in /etc/sysconfig
 - Init scripts have 0755 permissions
 - Packages with unit files put init scripts in -sysvinit subpackage
 - chkconfig, initscripts Requires, init scripts correct
 - Daemon-spawning init scripts manage /var/lock/subsys/%name
 - Init scripts have chkconfig headers
 - Init script environment variables have reasonable defaults
 - Init scripts implement all required actions
 - Init script behavior is sensible
 - Init script return codes are correct

Cron File Guidelines

Cron file guidelines:
 - Custom crontabs in /etc/cron.d have 0640 permissions
 - Custom crontabs in /etc/cron.d refer to executables in normal places
 - Cron jobs marked with %config(noreplace)
 - Cron job file names match package name, lack + and .
 - Package with cron job Requires: crontabs

Java Guidelines

Java guidelines:
 - Javadocs go in javadoc subpackage
 - Prefer split JARs over monolithic
 - JAR file names correct
 - JAR files go in %{_javadir} or %{_javadir}-$version
 - Compat package jar, pom files are versioned
 - Javadocs go in unversioned %{_javadocdir}/%{name}
 - javadoc subpackage is noarch
 - BuildRequires java-devel, jpackage-utils
 - Requires java, jpackage-utils
 - Dependencies on java/java-devel >= 1.6.0 add epoch 1
 - pom.xml files, if available, are installed along with their depmaps
 - Spec contains correct maven code
 - pom.xml files, if patched, are patched sanely
 - Wrapper script in %{_bindir}
 - GCJ AOT bits follow GCJ guidelines
 - No devel package
 - EE API-providing packages have correct Provides
 - EE API-using packages mage appropriate Requires, build-classpath
 - JNI-using JARs go in %_jnidir
 - JNI shared objects go in %{_libdir}/%{name}
 - Calls to System.loadLibrary replaced w/ System.load w/ full .so path
 - Bundled JAR files not included or used for build
 - No Javadoc %post/%ghost
 - No class-path elements in JAR manifests

Perl Guidelines

Perl guidelines:
 - "GPL+ or Artistic", not "Artistic or GPL+"
 - Module requirements use virtual perl(modname) syntax
 - Spec BuildRequires correct core modules, not perl-devel
 - Spec contains correct MODULE_COMPAT_ Requires
 - Requires/Provides are sane
 - CPAN URL tag is not versioned
 - All tests enabled where possible
 - Use Build.PL if present unless justified otherwise
 - .h files not split into -devel package

Python Guidelines

Python guidelines:
 - Runtime Requires correct
 - BuildRequires: python2-devel and/or python3-devel
 - Python 2 modules Provide: python2-*
 - Python 3 modules Provide: python3-*
 - Main python version modules Provide: python-*
 - Spec uses versioned path macros
 - All .py files packaged with .pyc, .pyo counterparts
 - INSTALLED_FILES not used for %files list
 - Includes .egg-info files/directories when generated
 - Bytecode only optimized with appropriate optimization levels
 - .py not under site-libs byte-compiled against correct runtimes
 - Non-split packages named python2-* and python3-*
 - Unversioned executables use OS-preferred runtime when possible
 - Versioned executables provided with both -X and -X.Y suffixes
 - Eggs built from source
 - Eggs do not download deps during build
 - Compat packages use easy_install -m to avoid conflicts
 - At least one version of each module is importable w/o version
 - Provides/Requires properly filtered