Bug#818974: RFS: gpvdm/4.40-1 – solar cell simulation tool

To: 818974@bugs.debian.org, Roderick MacKenzie <roderick.mackenzie@nottingham.ac.uk>
Subject: Bug#818974: RFS: gpvdm/4.40-1 – solar cell simulation tool
From: Paul Wise <pabs@debian.org>
Date: Fri, 25 Mar 2016 22:49:34 +0800
Message-id: <[🔎] 1458917374.18423.39.camel@debian.org>
Reply-to: Paul Wise <pabs@debian.org>, 818974@bugs.debian.org
In-reply-to: <[🔎] 1458649798.5013.9.camel@nottingham.ac.uk>
References: <[🔎] 1458649798.5013.9.camel@nottingham.ac.uk>
On Tue, 22 Mar 2016 12:29:58 +0000 Roderick MacKenzie wrote:

> I am looking for a sponsor for my package gpvdm.  To download the
> package please visit:  http://gpvdm.com/debian.php
> 
> Gpvdm is a tool to design and optimize solar cells.

I don't intend to sponsor this, but here are some thoughts:

The package fails to build under pbuilder due to the Build-Depends
issue I mentioned below, see below for the logs.

I would suggest joining the Debian Science team, they might sponsor it:

https://wiki.debian.org/Teams/DebianScience

Since you are upstream I would suggest reading Debian's upstream guide:

https://wiki.debian.org/UpstreamGuide

I would suggest publishing the upstream source code in a distributed
version control system like git.

https://git-scm.com/

Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata

Please add a debian/watch file: https://wiki.debian.org/debian/watch

You might want to publish tarballs upstream and publish OpenPGP
signatures for them and look at the OpenPGP best practices.

https://help.riseup.net/en/security/message-security/openpgp/best-practices

*.mo are generated files and should not be present in the source.

You may want to fuzz test C based programs using zzuf and afl.

You may want to fuzz test Python based programs using python-afl.

Unless your build system doesn't work with `make -j4`, I would suggest
using --parallel in the arguments to dh in debian/rules.

The manual pages should not be compressed in the source tree since they
can't easily be modified/patched. Also one has a typo: "Releced"

The manual pages should be installed by the upstream build system
rather than having dh_install install them.

You have overridden possible-gpl-code-linked-with-openssl (which
usually indicates a serious issue) without any explanation.

I would suggest Section: science instead of Section: misc.

-dev packages usually go in Build-Depends instead of Depends, since
they are needed at build time instead of runtime. You are also missing
a Build-Depends on pkg-config, see the build errors below.

The debian/changelog should have unstable as the suite instead
of UNRELEASED, which implies it isn't ready for upload.

Some parts of the code are GPLv2-only and some are GPLv2+, is that
intentional or should all the code be under the same terms?

Please publish the SVG/XCF files for your PNG images if they still
exist and render the PNG files at build time with rsvg/inkscape.

Personally I would put all the .c/.h files into a src subdir.

Personally I would wrap the README files at 80 columns.

The README references opvdm, is that the old name for gpvdm?

I would suggest running this command to make diffs of the Debian
packaging more readable.

wrap-and-sort --short-indent --wrap-always --sort-binary-packages --trailing-comma --verbose

Please read the upgrading checklist and update Standards-Version when
you have made the requisite changes.

https://www.debian.org/doc/debian-policy/upgrading-checklist

Automatic checks:

build

...
make[1]: Entering directory '/build/gpvdm-4.40'
gcc -c -D full_time_domain -D enable_fx -D LONGDOUBLE -D dos_bin -D linux    `pkg-config --cflags dbus-1` -I/usr/include/suitesparse/ -Werror -Wall -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -D dbus  solver_interface.c -o solver_interface.o
/bin/sh: 1: pkg-config: not found
gcc -c -D full_time_domain -D enable_fx -D LONGDOUBLE -D dos_bin -D linux    `pkg-config --cflags dbus-1` -I/usr/include/suitesparse/ -Werror -Wall -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -D dbus  light_utils.c -o light_utils.o
/bin/sh: 1: pkg-config: not found
gcc -c -D full_time_domain -D enable_fx -D LONGDOUBLE -D dos_bin -D linux    `pkg-config --cflags dbus-1` -I/usr/include/suitesparse/ -Werror -Wall -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -D dbus  gui_hooks.c -o gui_hooks.o
/bin/sh: 1: pkg-config: not found
gui_hooks.c:31:23: fatal error: dbus/dbus.h: No such file or directory
compilation terminated.
makefile:67: recipe for target 'gui_hooks.o' failed
make[1]: *** [gui_hooks.o] Error 1
make[1]: Leaving directory '/build/gpvdm-4.40'
dh_auto_build: make -j1 returned exit code 2

lintian

I: gpvdm source: missing-debian-source-format
P: gpvdm source: no-homepage-field
P: gpvdm source: no-dep5-copyright
W: gpvdm source: out-of-date-standards-version 3.9.6 (current is 3.9.7)
I: gpvdm source: debian-watch-file-is-missing

check-all-the-things:

$ find -type f \( -iname '*.sh' -o -iname '*.bash' \) -exec bashate --ignore E002,E003 {} +
E010: Do not on same line as for: 'for i in `find -type f` ; do md5sum $i; done >list.dat'
 - ./update.sh : L23
E001: Trailing Whitespace: 'mkdir ${rpmdir} '
 - ./make_rpm.sh : L33
E001: Trailing Whitespace: 'cd ${rpmdir} '
 - ./make_rpm.sh : L34
E010: Do not on same line as for: 'for i in `find|grep -v .git|grep -v .o$|grep -v ~$|grep -v materials|grep -v dll$|grep -v .so$`'
 - ./to_github.sh : L123
4 bashate error(s) found

# Check with upstream where the GIMP XCF source files are.
$ find -type f \( -iname '*.png' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' \) -exec grep -iF gimp {} +
Binary file ./images/image.jpg matches
Binary file ./images/icon.png matches
Binary file ./images/splash.png matches

# Check with upstream where the Inkscape SVG source files are.
$ find -type f \( -iname '*.png' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' \) -exec grep -iF inkscape {} +
Binary file ./images/dir_file.png matches
Binary file ./images/book.png matches
Binary file ./images/play.png matches
...

$ find -type f -iname '*.sh' -exec checkbashisms {} +
could not find any possible bashisms in bash script ./clean_all.sh
could not find any possible bashisms in bash script ./update.sh
could not find any possible bashisms in bash script ./winpub.sh
could not find any possible bashisms in bash script ./buildplugins.sh
could not find any possible bashisms in bash script ./make_rpm.sh
could not find any possible bashisms in bash script ./get_elec_plugins.sh

$ cme check dpkg
...
Warning in 'control source Standards-Version' value '3.9.6': Current standards version is 3.9.7
File debian/copyright line 1 has a syntax error:
	DpkgSyntax error: Invalid line (missing ':' ?) : Copyright 2015 Roderick Charles Ian MacKenzie <r.c.i.mackenzie@googlemail.com>

$ codespell --quiet-level=3
./inp.c:577: compatability  ==> compatibility
./dump_dynamic.c:399: efficency  ==> efficiency
./makefile:17: inital  ==> initial
./LICENSE:169: publically  ==> publicly
./make_rpm.sh:159: automaticly  ==> automatically
./make_rpm.sh:205: intergration  ==> integration
./gui/update.py:101: forbiden  ==> forbidden
./gui/update.py:145: avaliable  ==> available
./gui/copying.py:48: nTo  ==> not  | disable due to \n
./gui/listen_for_files_on_network.py:70: recived  ==> received
./gui/cmp_class.py:234: extention  ==> extension
./gui/qe.py:234: Efficency  ==> Efficiency
./solvers/newton_norm/newton.c:1470: propper  ==> proper
./solvers/newton/newton.c:1572: propper  ==> proper

$ find -type f -iname '*.c' -exec complexity {} +
<lots>

$ cppcheck -j1 --quiet -f .
[complex_solver.c:131]: (error) Common realloc mistake: 'x' nulled but not freed upon failure
[complex_solver.c:132]: (error) Common realloc mistake: 'xz' nulled but not freed upon failure
[complex_solver.c:133]: (error) Common realloc mistake: 'Ap' nulled but not freed upon failure
[complex_solver.c:134]: (error) Common realloc mistake: 'Ai' nulled but not freed upon failure
<lots>

$ find -type f -iname '*.desktop' -exec desktop-file-validate {} \;
./gui/gpvdm.desktop: error: line "	Name=gpvdm" starts with a space. Comment, group and key-value lines should not start with a space. The validation will continue, with the leading spaces ignored.
./gui/gpvdm.desktop: error: line "	Icon=/usr/share/gpvdm/gui/image.jpg" starts with a space. Comment, group and key-value lines should not start with a space. The validation will continue, with the leading spaces ignored.
./gui/gpvdm.desktop: error: line "	Type=Application" starts with a space. Comment, group and key-value lines should not start with a space. The validation will continue, with the leading spaces ignored.
./gui/gpvdm.desktop: error: line "	MimeType=application/gpvdm" starts with a space. Comment, group and key-value lines should not start with a space. The validation will continue, with the leading spaces ignored.
./gui/gpvdm.desktop: error: line "	Exec=gpvdm %F" starts with a space. Comment, group and key-value lines should not start with a space. The validation will continue, with the leading spaces ignored.
./gui/gpvdm.desktop: error: line "	Terminal=true" starts with a space. Comment, group and key-value lines should not start with a space. The validation will continue, with the leading spaces ignored.
./gui/gpvdm.desktop: error: line "	Categories=GTK;GNOME;Education;Science;" starts with a space. Comment, group and key-value lines should not start with a space. The validation will continue, with the leading spaces ignored.
./gui/gpvdm.desktop: error: value "application/gpvdm" for string list key "MimeType" in group "Desktop Entry" does not have a semicolon (';') as trailing character
./gui/gpvdm.desktop: hint: value "GTK;GNOME;Education;Science;" for key "Categories" in group "Desktop Entry" contains more than one main category; application might appear more than once in the application menu

$ find \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name .hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer \) -prune -o -empty -print
./plugins/pulse/build.inp
./plugins/jv/build.inp
./plugins/fxdomain/build.inp
./solvers/umfpack/build.inp
./solvers/newton_norm/build.inp
./solvers/newton/build.inp
./exp
./build_fit_plugins.sh
./main_args.c

$ fdupes -q -r . | grep -vE '/(\.(git|svn|bzr|hg|sgdrawer)|_(darcs|FOSSIL_)|CVS)(/|$)' | cat -s
<lots>

$ grep -Er '/(home|srv|opt)(\W|$)' .
<lots>

$ flawfinder -Q -c .
<lots>

$ find -type f \( -iname '*.po' -o -iname '*.pot' \) -exec
POFileChecker {} +
<po-file-checker>
  <file name="./po/de.po" allow="0">
    <error line="638" message="118">missing .</error>
    <error line="1210" message="249">missing : </error>
    <error line="1347" message="276">extra \n</error>
  </file>
</po-file-checker>

$ find -type f \( -iname '*.po' -o -iname '*.pot' \) -exec POFileSpell {} +
<lots>

# check if these can be switched to https://
$ grep -rF http: .
<lots>

$ find -type f \( -iname '*.po' -o -iname '*.pot' -o -iname '*.mo' -o -iname '*.gmo' \) -exec i18nspector {} +
W: ./lang/de_DE/LC_MESSAGES/gpvdm.mo: language-disparity de_DE (pathname) != de (Language header field)
I: ./lang/de_DE/LC_MESSAGES/gpvdm.mo: no-package-name-in-project-id-version (empty string)
P: ./lang/de_DE/LC_MESSAGES/gpvdm.mo: no-version-in-project-id-version (empty string)
W: ./lang/de_DE/LC_MESSAGES/gpvdm.mo: no-report-msgid-bugs-to-header-field
W: ./lang/de_DE/LC_MESSAGES/gpvdm.mo: invalid-last-translator (empty string)
I: ./po/gpvdm.pot: boilerplate-in-initial-comments "Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER"
I: ./po/gpvdm.pot: boilerplate-in-initial-comments 'This file is distributed under the same license as the PACKAGE package.'
W: ./po/gpvdm.pot: boilerplate-in-project-id-version 'PACKAGE VERSION'
W: ./po/gpvdm.pot: no-report-msgid-bugs-to-header-field
I: ./po/de.mo: no-package-name-in-project-id-version (empty string)
P: ./po/de.mo: no-version-in-project-id-version (empty string)
W: ./po/de.mo: no-report-msgid-bugs-to-header-field
W: ./po/de.mo: invalid-last-translator (empty string)
I: ./po/de.po: boilerplate-in-initial-comments "Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER"
I: ./po/de.po: boilerplate-in-initial-comments 'This file is distributed under the same license as the PACKAGE package.'
I: ./po/de.po: boilerplate-in-initial-comments 'FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.'
I: ./po/de.po: no-package-name-in-project-id-version (empty string)
P: ./po/de.po: no-version-in-project-id-version (empty string)
W: ./po/de.po: no-report-msgid-bugs-to-header-field
W: ./po/de.po: invalid-last-translator (empty string)

$ find -type f \( -iname '*.c' -o -iname '*.cc' -o -iname '*.cxx' -o -iname '*.cpp' -o -iname '*.h' -o -iname '*.hh' -o -iname '*.hxx' -o -iname '*.hpp' \) -exec include-what-you-use {} \;
<lots>

$ license-reconcile
FormatSpec: Cannot recognize format: Copyright 2015 Roderick Charles Ian MacKenzie <r.c.i.mackenzie@googlemail.com> at /usr/share/perl5/Debian/LicenseReconcile/App.pm line 222.
CopyrightParsing: Parse error: invalid key/value stansa at line 1 of data ("Copyright 2015 Roderick Charles Ian MacKenzie <r.c.i.mackenzie@googlemail.com>").

$ find -type f \( -iname '*.po' -o -iname '*.pot' \) -exec msgfmt --check --check-compatibility --check-accelerators --output-file=/dev/null {} \;
<lots>

$ find -type f -iname '*.py' -exec pep8 --ignore W191 {} +
<lots>

$ find -type f -iname '*.py' -exec pyflakes {} +
<lots>

$ find -type f -iname '*.py' -exec pyflakes3 {} +
<lots>

$ find -type f -iname '*.py' -exec pylint --msg-template='{path}:{line}:{column}: [{category}:{symbol}] {obj}: {msg}' --reports=n {} +
<lots>

$ find -type f \( -iname '*.sh' -o -iname '*.bash' -o -iname '*.zsh' \) -exec shellcheck {} +
<lots>

$ find -type d \( -iname .bzr -o -iname .git -o -iname .hg -o -iname .svn -o -iname CVS -o -iname RCS -o -iname SCCS -o -iname _MTN -o -iname _darcs -o -iname .pc -o -iname .cabal-sandbox -o -iname .cdv -o -iname .metadata -o -iname CMakeFiles -o -iname _build -o -iname _sgbak -o -iname autom4te.cache -o -iname blib -o -iname cover_db -o -iname node_modules -o -iname '~.dep' -o -iname '~.dot' -o -iname '~.nib' -o -iname '~.plst' \) -prune -o -type f ! \( -iname '*.bak' -o -iname '*.swp' -o -iname '#.*' -o -iname '#*#' -o -iname 'core.*' -o -iname '*~' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' -o -iname '*.png' -o -iname '*.min.js' -o -iname '*.js.map' -o -iname '*.js.min' -o -iname '*.min.css' -o -iname '*.css.map' -o -iname '*.css.min' \) -exec spellintian --picky {} +
...
./gui/qe.py: Efficency -> Efficiency
./inp.c: compatability -> compatibility
./LICENSE: GNU Public Licence -> GNU General Public License
./lang/de_DE/LC_MESSAGES/gpvdm.mo: python -> Python
./make_rpm.sh: automaticly -> automatically
./make_rpm.sh: python -> Python
./po/gpvdm.pot: python -> Python
./po/de.mo: python -> Python
./po/de.po: python -> Python

$ suspicious-source
./sim.gpvdm
./lang/de_DE/LC_MESSAGES/gpvdm.mo
./man_pages/gpvdm_core.1.gz
./man_pages/gpvdm.1.gz
./device_lib/silicon.gpvdm
./device_lib/a-silicon.gpvdm
./device_lib/p3htpcbm.gpvdm
./device_lib/cigs.gpvdm
./device_lib/default.gpvdm
./device_lib/oled.gpvdm
./po/de.mo


-- 
bye,
pabs

https://wiki.debian.org/PaulWise
Attachment: signature.asc
Description: This is a digitally signed message part
Reply to:
References:
- Bug#818974: RFS: gpvdm/4.40-1 – solar cell simulation tool
  - From: Roderick MacKenzie <roderick.mackenzie@nottingham.ac.uk>
Prev by Date: Package openBVE requires a new maintainer
Next by Date: Bug#818788: marked as done (RFS: gmp-ecm/7.0+ds-1 [NEW MAJOR VERSION] -- Factor integers using the Elliptic Curve Method)
Previous by thread: Bug#818974: RFS: gpvdm/4.40-1 – solar cell simulation tool
Next by thread: Request service reload after package install
Index(es):
- Date
- Thread