Bug 1987153

Summary: Review Request: rust-cargo-edit - Utility for managing cargo dependencies from the command line
Product: [Fedora] Fedora Reporter: Davide Cavalca <davide>
Component: Package ReviewAssignee: Zbigniew Jędrzejewski-Szmek <zbyszek>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: decathorpe, package-review, zbyszek
Target Milestone: ---Flags: zbyszek: fedora-review+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-10 16:53:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1982510, 1987149, 1987150    
Bug Blocks:    

Description Davide Cavalca 2021-07-29 05:21:39 UTC 
Spec URL: https://dcavalca.fedorapeople.org/review/rust-cargo-edit/rust-cargo-edit.spec
SRPM URL: https://dcavalca.fedorapeople.org/review/rust-cargo-edit/rust-cargo-edit-0.7.0-1.fc35.src.rpm

Description:
This extends Cargo to allow you to add and remove dependencies by modifying
your `Cargo.toml` file from the command line. It contains `cargo add`, `cargo
rm`, and `cargo upgrade`.

Fedora Account System Username: dcavalca
Comment 1 Zbigniew Jędrzejewski-Szmek 2021-12-05 14:52:02 UTC 
+ package name is OK (rust-cargo-edit, cargo-edit)
+ %description and Summary are legible
+ rust2rpm was used, so I'm only checking the license and if the package builds
+ license is acceptable for Fedora (ASL 2.0 or MIT)
+ builds and installs OK
+ fedora-review finds no issues
+ rpmlint false positives mostly

One interesting warning:
cargo-edit.x86_64: W: crypto-policy-non-compliance-openssl /usr/bin/cargo-add SSL_CTX_set_cipher_list
I don't know what to make of this. The string does not appear in the unpackaged crate, so I don't know
how rpmlint figures that it is called. 

Package is APPROVED.
Comment 2 Fabio Valentini 2021-12-05 16:22:53 UTC 
> The string does not appear in the unpackaged crate, so I don't know how rpmlint figures that it is called.

Well ... Rust is a statically linked language, so this could come from any of the dependencies.

In fact, cross-referencing the string SSL_CTX_set_cipher_list against "cargo tree" of cargo-edit, this function could be coming from either git2, libgit2-sys, openssl, or openssl-sys crate code somewhere. Not sure if rpmlint checks whether the function is *present* or if it's actually called.
Comment 3 Davide Cavalca 2021-12-05 23:25:58 UTC 
Thanks!

$ fedpkg request-repo rust-cargo-edit 1987153
https://pagure.io/releng/fedora-scm-requests/issue/38877
Comment 4 Tomas Hrcka 2021-12-06 08:21:20 UTC 
(fedscm-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/rust-cargo-edit
Comment 5 Package Review 2022-12-10 16:53:57 UTC 
Package is now in repositories, closing review.