On Tue, Jan 22, 2019 at 5:09 PM Troy Dawson <tdawson(a)redhat.com> wrote:
Hi Jared,
Sorry for this taking so long. I finally got some time to work on the
gateway rpm. Though really, I need a second opinion to see if I
should proceed with what I've done or try something else.
No worries on it taking a while -- I was on vacation all last week, and am
swamped with ${DAYJOB} work now that I'm back. That being said, here are a
few comments on the spec file as I see it.
1. Trying to build the package from this file (rpmbuild -ba gateway.spec)
fails. In particular, it's failing because several of the things you're
copying in line 37 of your spec file don't seem to come from the tarball
when it's unpackaged in line 28. Also, there are lots of those things that
we wouldn't necessarily want to include in our package, such as the
.gitignore file for the .travis.yml file, just to name a couple of examples.
2. The "license" field is wrong, for a couple of reasons. One, you should
use the abbreviation "MPLv2.0" as listed at
https://fedoraproject.org/wiki/Licensing:Main#Software_License_List.
Second, because you're bundling all of the dependencies, the license on
this package needs to reflect the licenses of *everything* that's bundled
with the package. Yes, that means doing a license audit of everything
that's being bundled. And yes, that's a lot of work.
3. Nothing seems to be showing that the dependencies are bundled. At a
minimum, I would expect a long list of lines that look something like:
"Provides: bundled(nodejs-abab)=1.0.4", "Provides:
bundled(nodejs-abbrev)=1.1.1", etc. See
https://fedoraproject.org/wiki/Bundled_Software_policy for the bundled
software policy itself.
4. I would assume that at least *some* of the necessary dependencies are
already in Fedora -- if so, we should use those if possible instead of
using the bundled versions, and if there's a reason we can't use the system
version, we should document it in the spec file.
I'll try to do a more thorough review of the spec file later this week.
Also, I'm all for renaming this to "things-gateway" or
"moz-iot-gateway" or
something more descriptive than just "gateway".
--
Jared Smith