Bug 2133

$ rpmlint libspotify.spec 
libspotify.spec: W: no-%build-section
0 packages and 1 specfiles checked; 0 errors, 1 warnings.

$ rpmlint ../RPMS/x86_64/libspotify-10.1.16-1.fc16.x86_64.rpm 
libspotify.x86_64: W: invalid-license Proprietary
libspotify.x86_64: W: shared-lib-calls-exit /usr/lib64/libspotify.so.10.1.16 _exit@GLIBC_2.2.5
libspotify.x86_64: W: no-documentation
1 packages and 0 specfiles checked; 0 errors, 3 warnings.

$ rpmlint ../SRPMS/libspotify-10.1.16-1.fc16.src.rpm 
libspotify.src: W: invalid-license Proprietary
libspotify.src: W: no-%build-section
1 packages and 0 specfiles checked; 0 errors, 2 warnings.

(In reply to comment #0)

> Why not in Fedora:
> libspotify is available under a proprietary license for non-commercial use only
More noteworthy than this: No source code inside your srpm

Proprietary, closed source?

Yes, sorry that that wasn't clear.

Few quick things I noticed while skimming through your SPEC:

*It seems a little redundant to do prep on both sources, if only one is required, it seems unnecessary. I'm not sure how one should handle this but it did strike me as odd when I saw it.

*You have not included documentation in your package. At a quick glance of the source, I have noticed there is license files and a readme in the tar's. All of these are documentation and should be included, no?

*You haven't given any reason for ignoring the warnings you did. It makes it a little difficult to review a package with warnings that has no explanation of such warnings being ignored. Only the warning of lack of documentation is what I would think needs explaining, but definitely something to note next time to avoid things from being unclear to the reviewers.

(In reply to comment #4)
> Few quick things I noticed while skimming through your SPEC:
> 
> *It seems a little redundant to do prep on both sources, if only one is
> required, it seems unnecessary. I'm not sure how one should handle this but it
> did strike me as odd when I saw it.

Yeah, good catch.  I've fixed it to prep only the necessary source.

> *You have not included documentation in your package. At a quick glance of the
> source, I have noticed there is license files and a readme in the tar's. All of
> these are documentation and should be included, no?

Yes, again you're right.  I assumed that, because it's a proprietary closed-source package, it wouldn't include any documentation.  I've fixed the package to include the documentation.

> *You haven't given any reason for ignoring the warnings you did. It makes it a
> little difficult to review a package with warnings that has no explanation of
> such warnings being ignored. Only the warning of lack of documentation is what
> I would think needs explaining, but definitely something to note next time to
> avoid things from being unclear to the reviewers.

Ok, "invalid-license" is because it's not an open-source license.  Not sure if Ralf was looking for clarification in comment #2 or whether the license tag should actually read "Proprietary, closed source".

The "no-%build-section" is because there is nothing to build.

The "shared-lib-calls-exit" isn't something we can work around given that the library is closed-source.

And I've fixed the "no-documentation" bug.

Updated package:
Spec URL: http://www.lesbg.com/jdieter/libspotify.spec
SRPM URL: http://www.lesbg.com/jdieter/libspotify-10.1.16-2.fc16.src.rpm

(In reply to comment #5)
> (In reply to comment #4)
> > Few quick things I noticed while skimming through your SPEC:
> > 
> > *It seems a little redundant to do prep on both sources, if only one is
> > required, it seems unnecessary. I'm not sure how one should handle this but it
> > did strike me as odd when I saw it.
> 
> Yeah, good catch.  I've fixed it to prep only the necessary source.
> 
> > *You have not included documentation in your package. At a quick glance of the
> > source, I have noticed there is license files and a readme in the tar's. All of
> > these are documentation and should be included, no?
> 
> Yes, again you're right.  I assumed that, because it's a proprietary
> closed-source package, it wouldn't include any documentation.  I've fixed the
> package to include the documentation.
> 
> ...
> ...I've fixed the "no-documentation" bug.
> 
> Updated package:
> Spec URL: http://www.lesbg.com/jdieter/libspotify.spec
> SRPM URL: http://www.lesbg.com/jdieter/libspotify-10.1.16-2.fc16.src.rpm

Looks good, although you posted the SPEC for 10.1.16-1 instead of 10.1.16-2.

Also maybe "Redistributable, no modification permitted" would be a better/clearer license? (as used in numerous packages in rpmfusion non-free use this) I honestly would not know as I am not an official reviewer or sponsor.

This the review:

MUST: rpmlint must be run on the source rpm and all binary rpms the build produces. The output should be posted in the review.
rpmlint -iv libspotify.spec 
libspotify.spec: W: no-%build-section
The spec file does not contain a %build section.  Even if some packages don't
directly need it, section markers may be overridden in rpm's configuration to
provide additional "under the hood" functionality, such as injection of
automatic -debuginfo subpackages.  Add the section, even if empty.

libspotify.spec: I: checking-url http://developer.spotify.com/download/libspotify/libspotify-10.1.16-Linux-x86_64-release.tar.gz (timeout 10 seconds)
libspotify.spec: I: checking-url http://developer.spotify.com/download/libspotify/libspotify-10.1.16-Linux-i686-release.tar.gz (timeout 10 seconds)
0 packages and 1 specfiles checked; 0 errors, 1 warnings.

rpmlint -iv libspotify-10.1.16-2.fc16.src.rpm 
libspotify.src: I: checking
libspotify.src: I: enchant-dictionary-not-found en_US
A dictionary for the Enchant spell checking library is not available for the
language given in the info message.  Spell checking will proceed with
rpmlint's built-in implementation for localized tags in this language. For
better spell checking results in this language, install the appropriate
dictionary that Enchant will use for this language, often for example
hunspell-* or aspell-*.

libspotify.src: W: invalid-license Proprietary
The value of the License tag was not recognized.  Known values are: "AAL",
"Abstyles", "Adobe", "ADSL", "AFL", "AGPLv1", "AGPLv3", "AGPLv3 with
exceptions", "AMDPLPA", "AML", "AMPAS BSD", "APSL 2.0", "APSL 2.0+", "ARL",
"Artistic 2.0", "Artistic clarified", "ASL 1.0", "ASL 1.0+", "ASL 1.1", "ASL
1.1+", "ASL 2.0", "ASL 2.0+", "Barr", "Beerware", "BeOpen", "BitTorrent",
"Boost", "Borceux", "BSD", "BSD Protection", "BSD with advertising", "BSD with
attribution", "CATOSL", "CC0", "CeCILL", "CeCILL-B", "CeCILL-C", "CDDL",
"CNRI", "Condor", "Copyright only", "CPAL", "CPL", "Crossword", "Crystal
Stacker", "DOC", "Dotseqn", "DSDP", "dvipdfm", "ECL 1.0", "ECL 2.0", "eCos",
"EFL 2.0", "EFL 2.0+", "eGenix", "Entessa", "EPL", "ERPL", "EU Datagrid",
"EUPL 1.1", "Eurosym", "Fair", "FTL", "Giftware", "GL2PS", "Glide", "Glulxe",
"gnuplot", "GPL+", "GPL+ or Artistic", "GPL+ with exceptions", "GPLv1", "GPLv2
or Artistic", "GPLv2+ or Artistic", "GPLv2", "GPLv2 with exceptions",
"GPLv2+", "GPLv2+ with exceptions", "GPLv3", "GPLv3 with exceptions",
"GPLv3+", "GPLv3+ with exceptions", "IBM", "IJG", "ImageMagick", "iMatix",
"Imlib2", "Intel ACPI", "Interbase", "ISC", "Jabber", "JasPer", "JPython",
"Knuth", "Latex2e", "LBNL BSD", "LGPLv2", "LGPLv2 with exceptions", "LGPLv2+",
"LGPLv2+ or Artistic", "LGPLv2+ with exceptions", "LGPLv3", "LGPLv3 with
exceptions", "LGPLv3+", "LGPLv3+ with exceptions", "Lhcyr", "libtiff",
"LLGPL", "Logica", "LPL", "LPPL", "mecab-ipadic", "MirOS", "MIT", "MIT with
advertising", "mod_macro", "Motosoto", "MPLv1.0", "MPLv1.0+", "MPLv1.1",
"MPLv1.1+", "MS-PL", "MS-RL", "Naumen", "NCSA", "NetCDF", "Netscape",
"Newmat", "Newsletr", "NGPL", "Nokia", "NOSL", "Noweb", "OML", "OpenLDAP",
"OpenPBS", "OpenSSL", "OReilly", "OSL 1.0", "OSL 1.0+", "OSL 1.1", "OSL 1.1+",
"OSL 2.0", "OSL 2.0+", "OSL 2.1", "OSL 2.1+", "OSL 3.0", "OSL 3.0+", "Phorum",
"PHP", "PlainTeX", "Plexus", "PostgreSQL", "psutils", "Public Domain",
"Python", "Qhull", "QPL", "Rdisc", "RiceBSD", "Romio", "RPSL", "Rsfs", "Ruby",
"Saxpath", "SCEA", "SCRIP", "Sendmail", "Sleepycat", "SISSL", "SLIB", "SNIA",
"SPL", "TCL", "Teeworlds", "Threeparttable", "TMate", "TORQUEv1.1", "TOSL",
"TPL", "UCD", "Vim", "VNLSL", "VOSTROM", "VSL", "W3C", "Webmin", "Wsuipa",
"WTFPL", "wxWidgets", "Xerox", "xinetd", "XSkat", "YPLv1.1", "Zed", "Zend",
"zlib", "zlib with acknowledgement", "ZPLv1.0", "ZPLv1.0+", "ZPLv2.0",
"ZPLv2.0+", "ZPLv2.1", "ZPLv2.1+", "CDL", "FBSDDL", "GFDL", "IEEE", "LDPL",
"OFSFDL", "Open Publication", "Public Use", "CC-BY", "CC-BY-ND", "CC-BY-SA",
"DMTF", "DSL", "EFML", "Free Art", "GeoGratis", "Green OpenMusic", "OAL",
"AMS", "Arphic", "Baekmuk", "Bitstream Vera", "DoubleStroke", "Hershey",
"IPA", "Liberation", "Lucida", "MgOpen", "mplus", "OFL", "PTFL", "STIX",
"Utopia", "Wadalab", "XANO", "Redistributable, no modification permitted",
"Freely redistributable without restriction".

libspotify.src: I: checking-url http://developer.spotify.com/en/libspotify/overview/ (timeout 10 seconds)
libspotify.src: W: no-%build-section
The spec file does not contain a %build section.  Even if some packages don't
directly need it, section markers may be overridden in rpm's configuration to
provide additional "under the hood" functionality, such as injection of
automatic -debuginfo subpackages.  Add the section, even if empty.

libspotify.src: I: checking-url http://developer.spotify.com/download/libspotify/libspotify-10.1.16-Linux-x86_64-release.tar.gz (timeout 10 seconds)
libspotify.src: I: checking-url http://developer.spotify.com/download/libspotify/libspotify-10.1.16-Linux-i686-release.tar.gz (timeout 10 seconds)
1 packages and 0 specfiles checked; 0 errors, 2 warnings.

rpmlint -iv libspotify-10.1.16-2.fc17.x86_64.rpm 
libspotify.x86_64: I: checking
libspotify.x86_64: I: enchant-dictionary-not-found en_US
A dictionary for the Enchant spell checking library is not available for the
language given in the info message.  Spell checking will proceed with
rpmlint's built-in implementation for localized tags in this language. For
better spell checking results in this language, install the appropriate
dictionary that Enchant will use for this language, often for example
hunspell-* or aspell-*.

libspotify.x86_64: W: invalid-license Proprietary
The value of the License tag was not recognized.  Known values are: "AAL",
"Abstyles", "Adobe", "ADSL", "AFL", "AGPLv1", "AGPLv3", "AGPLv3 with
exceptions", "AMDPLPA", "AML", "AMPAS BSD", "APSL 2.0", "APSL 2.0+", "ARL",
"Artistic 2.0", "Artistic clarified", "ASL 1.0", "ASL 1.0+", "ASL 1.1", "ASL
1.1+", "ASL 2.0", "ASL 2.0+", "Barr", "Beerware", "BeOpen", "BitTorrent",
"Boost", "Borceux", "BSD", "BSD Protection", "BSD with advertising", "BSD with
attribution", "CATOSL", "CC0", "CeCILL", "CeCILL-B", "CeCILL-C", "CDDL",
"CNRI", "Condor", "Copyright only", "CPAL", "CPL", "Crossword", "Crystal
Stacker", "DOC", "Dotseqn", "DSDP", "dvipdfm", "ECL 1.0", "ECL 2.0", "eCos",
"EFL 2.0", "EFL 2.0+", "eGenix", "Entessa", "EPL", "ERPL", "EU Datagrid",
"EUPL 1.1", "Eurosym", "Fair", "FTL", "Giftware", "GL2PS", "Glide", "Glulxe",
"gnuplot", "GPL+", "GPL+ or Artistic", "GPL+ with exceptions", "GPLv1", "GPLv2
or Artistic", "GPLv2+ or Artistic", "GPLv2", "GPLv2 with exceptions",
"GPLv2+", "GPLv2+ with exceptions", "GPLv3", "GPLv3 with exceptions",
"GPLv3+", "GPLv3+ with exceptions", "IBM", "IJG", "ImageMagick", "iMatix",
"Imlib2", "Intel ACPI", "Interbase", "ISC", "Jabber", "JasPer", "JPython",
"Knuth", "Latex2e", "LBNL BSD", "LGPLv2", "LGPLv2 with exceptions", "LGPLv2+",
"LGPLv2+ or Artistic", "LGPLv2+ with exceptions", "LGPLv3", "LGPLv3 with
exceptions", "LGPLv3+", "LGPLv3+ with exceptions", "Lhcyr", "libtiff",
"LLGPL", "Logica", "LPL", "LPPL", "mecab-ipadic", "MirOS", "MIT", "MIT with
advertising", "mod_macro", "Motosoto", "MPLv1.0", "MPLv1.0+", "MPLv1.1",
"MPLv1.1+", "MS-PL", "MS-RL", "Naumen", "NCSA", "NetCDF", "Netscape",
"Newmat", "Newsletr", "NGPL", "Nokia", "NOSL", "Noweb", "OML", "OpenLDAP",
"OpenPBS", "OpenSSL", "OReilly", "OSL 1.0", "OSL 1.0+", "OSL 1.1", "OSL 1.1+",
"OSL 2.0", "OSL 2.0+", "OSL 2.1", "OSL 2.1+", "OSL 3.0", "OSL 3.0+", "Phorum",
"PHP", "PlainTeX", "Plexus", "PostgreSQL", "psutils", "Public Domain",
"Python", "Qhull", "QPL", "Rdisc", "RiceBSD", "Romio", "RPSL", "Rsfs", "Ruby",
"Saxpath", "SCEA", "SCRIP", "Sendmail", "Sleepycat", "SISSL", "SLIB", "SNIA",
"SPL", "TCL", "Teeworlds", "Threeparttable", "TMate", "TORQUEv1.1", "TOSL",
"TPL", "UCD", "Vim", "VNLSL", "VOSTROM", "VSL", "W3C", "Webmin", "Wsuipa",
"WTFPL", "wxWidgets", "Xerox", "xinetd", "XSkat", "YPLv1.1", "Zed", "Zend",
"zlib", "zlib with acknowledgement", "ZPLv1.0", "ZPLv1.0+", "ZPLv2.0",
"ZPLv2.0+", "ZPLv2.1", "ZPLv2.1+", "CDL", "FBSDDL", "GFDL", "IEEE", "LDPL",
"OFSFDL", "Open Publication", "Public Use", "CC-BY", "CC-BY-ND", "CC-BY-SA",
"DMTF", "DSL", "EFML", "Free Art", "GeoGratis", "Green OpenMusic", "OAL",
"AMS", "Arphic", "Baekmuk", "Bitstream Vera", "DoubleStroke", "Hershey",
"IPA", "Liberation", "Lucida", "MgOpen", "mplus", "OFL", "PTFL", "STIX",
"Utopia", "Wadalab", "XANO", "Redistributable, no modification permitted",
"Freely redistributable without restriction".

libspotify.x86_64: I: checking-url http://developer.spotify.com/en/libspotify/overview/ (timeout 10 seconds)
libspotify.x86_64: W: shared-lib-calls-exit /usr/lib64/libspotify.so.10.1.16 _exit@GLIBC_2.2.5
This library package calls exit() or _exit(), probably in a non-fork()
context. Doing so from a library is strongly discouraged - when a library
function calls exit(), it prevents the calling program from handling the
error, reporting it to the user, closing files properly, and cleaning up any
state that the program has. It is preferred for the library to return an
actual error code and let the calling program decide how to handle the
situation.

1 packages and 0 specfiles checked; 0 errors, 2 warnings.

NOT-OK, see comment 6

MUST: The package must be named according to the Package Naming Guidelines .
OK

MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption.

OK
MUST: The package must meet the Packaging Guidelines .
OK
MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines .
OK if changed to "Redistributable, no modification permitted"

MUST: The License field in the package spec file must match the actual license.
OK

MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.
OK

MUST: The spec file must be written in American English.
OK

MUST: The spec file for the package MUST be legible.
OK

MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this.
OK

src.rpm:
eaec871b27dc46087681337b6992d787  libspotify-10.1.16-Linux-i686-release.tar.gz
263c17a6f74268217fab7300db12b017  libspotify-10.1.16-Linux-x86_64-release.tar.gz

upstream:
eaec871b27dc46087681337b6992d787  libspotify-10.1.16-Linux-i686-release.tar.gz
263c17a6f74268217fab7300db12b017  libspotify-10.1.16-Linux-x86_64-release.tar.gz

MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [7]
OK

MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line.
OK

MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun.
OK

MUST: Packages must NOT bundle copies of system libraries.
OK

MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker.
OK

MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory.
OK

MUST: A Fedora package must not list a file more than once in the spec file's %files listings. (Notable exception: license texts in specific situations)
OK

MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line.
OK

MUST: Each package must consistently use macros.
OK

MUST: The package must contain code, or permissable content.
OK

MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity).
OK

MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present.
OK

MUST: Header files must be in a -devel package.
OK

MUST: Static libraries must be in a -static package.
OK

MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package.
OK

MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release}
OK

MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.
OK

MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation.
OK

MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time.
OK

MUST: All filenames in rpm packages must be valid UTF-8.
OK


SHOULD Items:
Items marked as SHOULD are things that the package (or reviewer) SHOULD do, but is not required to do.
SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it.
SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available.
SHOULD: The reviewer should test that the package builds in mock.
OK

SHOULD: The package should compile and build into binary rpms on all supported architectures.
OK

SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example.
OK

SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity.
SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency.
SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb.
SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself.
SHOULD: your package should contain man pages for binaries/scripts. If it doesn't, work with upstream to add them where they make sense.
References to the Fedora Packaging Guidelines

All looking good to me and the package works as described. Only thing is the License that I think would be better as "Redistributable, no modification permitted", like comment 6 said earlier.

Ok, I've updated the license and added an empty %build section

Spec:
http://www.lesbg.com/jdieter/libspotify.spec
SRPM:
http://www.lesbg.com/jdieter/libspotify-10.1.16-3.fc16.src.rpm

If you're happy with it, could you have the bug block RF_ACCEPTED?  Thanks much!

Al looking good to me, approving!

Package CVS request
======================
Package Name: libspotify
Short Description: Official spotify API
Owners: jdieter
Branches: f15 f16 f17 el5 el6
InitialCC:
----------------------
License tag: nonfree

This is now a part of RPMFusion, so I'm closing this