2117954 – Review Request: rust-signature - Traits for cryptographic signature algorithms

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 2117954 - Review Request: rust-signature - Traits for cryptographic signature algorithms

Summary: Review Request: rust-signature - Traits for cryptographic signature algorithms

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Fabio Valentini
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	2118090
Blocks:	2121490
TreeView+	depends on / blocked

Reported:	2022-08-12 21:50 UTC by Stuart D Gathman
Modified:	2022-11-05 13:19 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-11-05 13:19:51 UTC
Type:	---
Embargoed:
Dependent Products:
Flags:	decathorpe: fedora-review+

Attachments	(Terms of Use)

Description Stuart D Gathman 2022-08-12 21:50:50 UTC

Spec URL: https://gathman.org/linux/SPECS/rust-signature.spec
SRPM URL: https://gathman.org/linux/f37/src/rust-signature-1.5.0-1.fc37.src.rpm
Description: Traits for cryptographic signature algorithms (e.g. ECDSA, Ed25519)
Fedora Account System Username: sdgathman

Comment 1 Fabio Valentini 2022-08-12 21:59:24 UTC

This package still is not installable after the build due to the same broken dependencies that got it orphaned / retired in the first place:
https://bugzilla.redhat.com/show_bug.cgi?id=2006269

Error: 
 Problem 1: conflicting requests
  - nothing provides crate(signature_derive/default) = 1.0.0~pre.4 needed by rust-signature+signature_derive-devel-1.5.0-1.fc37.noarch
 Problem 2: package rust-signature+derive-preview-devel-1.5.0-1.fc37.noarch requires crate(signature/signature_derive) = 1.5.0, but none of the providers can be installed
  - conflicting requests
  - nothing provides crate(signature_derive/default) = 1.0.0~pre.4 needed by rust-signature+signature_derive-devel-1.5.0-1.fc37.noarch

I recommend that you use "--postinstall" argument for mock when you build packages locally to catch such problems early.

There are two options to solve this:

1. disable the (disabled-by-default) derive feature and remove the (optional) signature_derive dependency.

This assumes that the package you want to package the "signature" crate for does not actually *use* this feature.

2. package the signature_derive crate.

Comment 2 Stuart D Gathman 2022-08-14 03:13:09 UTC

I went with #2 since rust2rpm output seems to work out of the box.  bz#2118080

Comment 3 Fabio Valentini 2022-10-11 09:23:14 UTC

Please update to the latest release (1.6.4 as of time of writing) and refresh the packaging with rust2rpm v22.

Comment 4 Stuart D Gathman 2022-10-11 17:26:24 UTC

Spec URL: https://gathman.org/linux/SPECS/rust-signature.spec
SRPM URL: https://gathman.org/linux/f37/src/rust-signature-1.6.4-1.fc37.src.rpm

Are these warnings normal?
RPM build warnings:
    File listed twice: /usr/share/cargo/registry/signature-1.6.4/CHANGELOG.md
    File listed twice: /usr/share/cargo/registry/signature-1.6.4/LICENSE-APACHE
    File listed twice: /usr/share/cargo/registry/signature-1.6.4/LICENSE-MIT
    File listed twice: /usr/share/cargo/registry/signature-1.6.4/README.md

Comment 5 Fabio Valentini 2022-10-11 17:30:18 UTC

Yes, these warnings are harmless, and can be ignored.
The built packages will contain the correct files, and the correct files will be marked as %doc and %license, respectively.
This change was implemented in rust2rpm to make RPM packages for Rust crates smaller by not including these files twice.

Comment 6 Stuart D Gathman 2022-10-12 23:58:08 UTC

I rebuilt with --postinstall after build new rust-signature_derive-1.0.0-pre.7

Comment 7 Fabio Valentini 2022-10-14 11:31:47 UTC

Package was generated with rust2rpm, simplifying the review.

- package builds and installs without errors on rawhide
- test suite is run and all unit tests pass (there are no tests)
- latest version of the crate is packaged
- license matches upstream specification (Apache-2.0 OR MIT) and is acceptable for Fedora
- license files are included with %license in %files
- package complies with Rust Packaging Guidelines

Package APPROVED.

===

Recommended post-import rust-sig tasks:

- add @rust-sig with "commit" access as package co-maintainer

- set bugzilla assignee overrides to @rust-sig (optional)

===

You can proceed with the package unretirement process now.
Please also request unretirement for the f36 and f37 branches.

Comment 8 Fabio Valentini 2022-11-05 13:19:51 UTC

I resubmitted the failed rawhide build:
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8c70c1eba4

Note You need to log in before you can comment on or make changes to this bug.