49 new Go packages to review to review : don't worry, it's easy! [4 remaining]

Team Workflows Package Review Swaps
1

Hello folks!

So I need to update golang-github-acme-lego, and it happens to have new dependencies :

https://bugzilla.redhat.com/buglist.cgi?bug_id=2009869&bug_id_type=anddependson&format=tvp&list_id=13276966#

Basically I have 49 new Go packages to get reviewed.

Go packages are following a standard templates, so you don’t need to do the whole fedora-review thingie.

What I usually check for templated Rust and Go package is :

  • License ok
  • Latest version packaged
  • Builds in mock
  • No rpmlint errors
  • Conforms to Go Packaging Guidelines

The entire set of packages is built in this COPR :

https://copr.fedorainfracloud.org/coprs/eclipseo/golang5/

You can add it in your mock file :

[copr:copr.fedorainfracloud.org:eclipseo:golang5]
name=Copr repo for golang5 owned by eclipseo
baseurl=https://download.copr.fedorainfracloud.org/results/eclipseo/golang5/fedora-rawhide-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://download.copr.fedorainfracloud.org/results/eclipseo/golang5/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1

so you don’t have to bother with dependencies to check if it builds.

1 Like
2

Do you have a tool that you use to generate the spec files for all these packages?

3

go2rpm Golang Packaging Guidelines :: Fedora Docs

4

I wonder if we should change the policy to waive the review requirement for packages that are generated using this tool. I feel like having manual reviews of these packages creates a lot of unnecessary work.

5

The things Robert mentioned still need to be checked for tool-generated specs. We still need to check the content is acceptable, the license is OK, and all of that stuff. A spec generator does not and cannot check that for us.

6

Could someone self-review these things?

7

I think it kind of defeats the purpose.

Sure experienced packagers from the SIG could probably do it, but another pair of eyes is always a good thing. And the licensing can be tricky sometimes.

For newcomers, I don’t think saying you can self review Go/Rust packages is a good thing.

2 Likes
8

Perhaps “batch reviews” would be a more appropriate means of streamlining the review process? Templated Go and Rust packages often show up in big bundles, like @eclipseo’s 49 here, because they’re all pulled in as new dependencies for some other package that’s the “real” final target. So perhaps there’s a way those here-because-they’re-needed-more-than-wanted dependency packages could be bundled up into a single Review Request ticket and done all together, even though they’re not actually related (beyond all being dependencies of the same also-unrelated package)?

Perhaps even a slightly-modified form of perfunctory, streamlined “Templated Packages Review Request”, where it focuses exclusively on the things mentioned in the OP, and cuts out all the other chaff that normally has to be ignored while performing reviews of such packages.

9

I approved the following:

golang-github-bmatcuk-doublestar
golang-github-deepmap-oapi-codegen
golang-github-exoscale-egoscale
golang-github-hashicorp-hc-install
golang-github-hashicorp-terraform-exec
golang-github-hashicorp-terraform-json
golang-github-invopop-yaml
golang-github-jedib0t-pretty
golang-github-jose-3-3.0.0
golang-github-juju-gnuflag
golang-github-lestrrat-backoff
golang-github-lestrrat-blackmagic
golang-github-lestrrat-codegen
golang-github-lestrrat-httpcc
golang-github-lestrrat-iter
golang-github-lestrrat-option
golang-github-lestrrat-xstrings
golang-github-nrdcg-freemyip
golang-github-nrdcg-nodion
golang-github-perimeterx-marshmallow
golang-github-ravenox-jsoncommentstrip
golang-github-sacloud-api-client
golang-github-sacloud-http
golang-github-sacloud-iaas-api
golang-github-sacloud-packages
golang-github-segmentio-asm
golang-github-segmentio-encoding
golang-github-simplesurance-bunny
golang-github-softlayer
golang-github-spkg-bom
golang-github-tencentcloud-sdk
golang-github-ultradns-sdk
golang-github-wi2l-jettison
golang-github-yandex-cloud-genproto
golang-github-yandex-cloud-sdk
golang-software-sslmate-src-pkcs12

2 Likes
10

Self-review sets up an inherent conflict of interest. When the submitter’s goal is to get their package added to Fedora in a short time frame, it is inevitable that shortcuts will be taken; even with experienced packagers this happens. Effective review needs an independent 3rd party whose primary motivation is analysing the packaging guidelines, not adding the package.

3 Likes
11

Thank you very much! Let me know if I can review something for you!

12
2224749 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-valyala-fastjson - Fast JSON parser and validator for Go. No custom structs, no code generation, no reflection 2023-07-27T02:33:00Z unspecified
2224623 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-softlayer-xmlrpc - Implementation of XMLRPC protocol in Go language with some changes to interact with the SoftLayer api 2023-07-27T02:32:04Z unspecified
2224846 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-lestrrat-jwx - Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies 2023-07-27T02:31:34Z unspecified
2224627 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-c2h5oh-datasize - Golang helpers for data sizes (kilobytes, petabytes), human readable sizes, parsing 2023-07-27T02:30:36Z unspecified
2224084 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-mimuret-iij-dpf - None 2023-07-27T02:29:18Z unspecified
2224863 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-hashicorp-checkpoint - None 2023-07-27T02:28:10Z unspecified
2224065 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-civo-civogo - Golang client to interact with Civo’s API 2023-07-27T02:11:49Z unspecified
2110196 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-transparency-dev-merkle - Go code to help create and manipulate Merkle trees 2023-07-25T00:45:28Z unspecified
2110189 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-getsentry-sentry - Official Sentry SDK for Go 2023-07-25T00:45:26Z unspecified
2224877 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-zclconf-cty-debug - Debugging and inspection utilities for cty 2023-07-23T20:00:00Z unspecified
2224867 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-sebdah-goldie-1 - Golden file testing for Go 2023-07-23T20:00:00Z unspecified
2224616 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-gofiber-fiber-2 - :zap: Express inspired web framework written in Go 2023-07-23T16:44:09Z unspecified
2224713 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-apapsch-jsonmerge-2 - Merge JSON objects 2023-07-23T16:44:09Z unspecified
2224838 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-goccy-json - Fast JSON encoder/decoder compatible with encoding/json for Go 2023-07-23T15:02:28Z unspecified
2224692 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-ravenox-jsonmerge - Merge JSON objects to one (replaces only existent values) 2023-07-22T11:31:47Z unspecified
2224621 Fedora Package Review Nobody’s working on this, feel free to take it NEW Review Request: golang-github-jedib0t-pretty-6 - Table-writer and more in golang 2023-07-21T17:34:08Z unspecified
13

Yeah, self-review isn’t even really review. I mean, we’re all supposed to look over our packages and ensure they meet the guidelines before submitting them anyway, so self-review is really already part of the process. But a second, independent pair of eyes is the critical check that keeps us from getting lazy.

14
15
16

How do I generate the rpmlint output? I know I’ve done it before but can’t find the command.

Edit: Looks like all of these packages have reviews but I’d still like to find out the command line for rpmlint.

17

I just run fedora-review on the package and it does it log the rpmlint output in the results.

Otherwise you run the rpmlint command on all the artifacts (*.rpm, *. spec).

18

@eclipseo

if it help you, please review these ones:

https://bugzilla.redhat.com/show_bug.cgi?id=2188762
https://bugzilla.redhat.com/show_bug.cgi?id=2188675
https://bugzilla.redhat.com/show_bug.cgi?id=2188676

19

I have comment each one. Ping me when you have updated the files.

20

4 Remaining packages:

golang-github-goccy-json 2224838 – (golang-github-goccy-json) Review Request: golang-github-goccy-json - Fast JSON encoder/decoder compatible with encoding/json for Go
golang-github-mitchellh-testing-interface 2232833 – (golang-github-mitchellh-testing-interfac) Review Request: golang-github-mitchellh-testing-interface - Go library to expose *testing.T as an interface
golang-github-mimuret-iij-dpf 2224084 – (golang-github-mimuret-iij-dpf) Review Request: golang-github-mimuret-iij-dpf - None
golang-github-civo-civogo 2224065 – (golang-github-civo-civogo) Review Request: golang-github-civo-civogo - Golang client to interact with Civo's API

If anyone has the time pretty please.