Last modified 2 months ago Last modified on 02/03/15 07:14:27

Welcome to FedoraReview

FedoraReview: Tools to help review packages for inclusion in Fedora

This tool automates much of the dirty work when reviewing a package for the Fedora Package Collection.


  • Downloading SRPM & SPEC from Bugzilla or other websites.
  • Download upstream source.
  • Build and install package in mock.
  • Run rpmlint on package, also the installed version.
  • Checksum verification
  • Running licensecheck -r
  • Do an overall review template with both manual & automated checks, serving as a starting point for the review work.

FedoraReview is still under heavy development.


# yum install fedora-review

You can also try the development version or try the latest nightly build.


You will need to have mock installed and be member of the mock group for the build to work. Run as root:

# usermod -a -G mock [your user name]

After adding groups this way, you must either logout and login again or use the newgrp(1) command - the list of groups for a user is not read until a login (or newgrp). After doing this, try:

$ fedora-review -b <bugzilla report number>

It will download the SPEC & SRPM files from the Bugzilla report, build them in mock, run a number of test and generate a report template. That template is your starting point when doing your review.

Too see the other options of the tools:

$ fedora-review --help
$ man fedora-review

There is more usage info in using fedora-review.

New features

Last announce message:NEWS file


FedoraReview is licensed under GPLv2+, for more details check COPYING.



List of open tickets

Add interactive mode
Test package in Koji scratch build
Show date of guidelines tool is based on
show compile message if mock fail
CheckAddMavenDepmap could be automated easily
If deprecating check returns "not_applicable" deprecated check should be run instead
CheckDocRuntime could be semi-automated.
Download upstream sources in background
CheckReqPkgConfig could be run unconditionally.
Check that packages are 64-bit safe?
spec file is not EPEL6 compliant
check spec url file and spec file in srpm are in sync before creating or starting review
RubyCheckTestsRun doesn't work properly
old installed builds in Mock chroot are not updated prior to running rpmlint on them
EPEL5 does not require %defattr()
git version fails with KeyError: 'EPEL5'
fedora-review runs mock even if it shouldn't
ERROR: Cannot find usable urls here in certain bugs
fedora-create-review: bugzilla query for existing reviews doesn't work
support amending existing review request
false positives: gems should require rubygems package
Reported non existent links by java plugin
[RFE] support configs for koji, bugzilla URLs
RFE: provide a way to pass a custom repository
Compatibility with phpcompatinfo v4
Move to dnf

Fixed Problems Scheduled for next release (0.5.1)

Integrate rpm-chksec during the review
Add option for quick, limited tests not requiring mock build or install.
Add security checks for packages installing systemd unit files
RFE: Use repo-font-audit on font packages
ocaml packages not recognized
CheckStaticLibs: does npot comply w GL, more exceptions needed,
make_release fails if dist directory does not exist
Some test shows up as [x] instead of hidden (NA) where applicable.