Bug 2217521

Summary: Afterburn FTBFS on fedora 38
Product: [Fedora] Fedora Reporter: Steven Presti <spresti>
Component: rust-afterburnAssignee: Steven Presti <spresti>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 38CC: bgilbert, bgilbert, decathorpe, dustymabe, jonathan, rust-sig, spresti, travier
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
URL: https://kojipkgs.fedoraproject.org//work/tasks/8102/102428102/build.log
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-28 02:49:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven Presti 2023-06-26 14:12:34 UTC
When trying to build afterburn's RPM on fedora 38 we get a failed 'sha2::Digest' error. This is odd because this package version was building for a while without any issues. We noticed that the upstream repo's CI started to fail with little information so we then kicked off the scratch build and got the URL which demonstrates the FTBFS. We have no idea what has caused this, we can speculate that some dependency is no longer compatible but not sure which one. 

Reproducible: Always

Steps to Reproduce:
1. procure a srpm
2. mock -r fedora-38-x86_64 --rebuild ~/workspace/rpms/upstream/rust-afterburn/rust-afterburn-5.4.2-1.fc38.src.rpm
Actual Results:  
Fails to build from source with an error pointing to sha::Digest.

Expected Results:  
Able to build from source RPM.

Comment 1 Fabio Valentini 2023-06-26 14:32:06 UTC
Note that the rawhide build started failing once openssh-keys was updated from v0.5 to v0.6:
It looks like while upstream afterburn *claims* to be compatible with both v0.5 and v0.6, it actually isn't.

Comment 2 Fabio Valentini 2023-06-26 14:37:59 UTC
Note: The error message suggests that two different versions of the RustCrypto stack are being used, and they are not inter-compatible.
Looking at the root.log of the latest koschei build, this indeed seems to be the case:

- both digest 0.9 and digest 0.10 are pulled in
- hmac 0.11 is pulled in instead of hmac 0.12
- sha1 0.10 is pulled in but not 0.9
- sha2 0.9 is pulled in but not 0.10

So it looks like afterburn (or one of its dependencies) needs to be updated to the newer versions of these crates - but you cannot mix-and-match.

Comment 3 Steven Presti 2023-06-26 15:22:02 UTC
Thank you so much for the quick feedback. Ok I will take a look at openssh-keys first.

Comment 4 Fabio Valentini 2023-06-26 15:39:46 UTC
I opened an issue with upstream openssh-keys where I tried to explain the problem and its cause:
https://github.com/coreos/openssh-keys/issues/89

Comment 5 Steven Presti 2023-06-26 16:12:21 UTC
Ah; I think I found it. 

libsystemd seems to requiring >=0.10.0, >=0.11.0 via a Caret requirement. 
Where ssh-keys as of v0.6.1 is requiring >= 0.9, < 0.11 

So I assume the best action is to just change ssh-keys to be the same as libsystemd ? 

And thank you so much for the issue report !

Comment 6 Fabio Valentini 2023-06-26 16:57:57 UTC
If those two are the only instance, there shouldn't be any problem, since it would resolve to only sha2 v0.10, which is compatible with both requirements.
But bumping openssh-keys to both sha2 v0.10 and md-5 v0.10 would be a good first step.

However, since both versions (v0.9 *and* v0.10 of sha2) end up in the dependency tree, it looks like different dependencies are pulling in different versions (possibly via hmac v0.11, which might need to be bumped to v0.12 as well), so this might end up being a required second step.

> And thank you so much for the issue report !

No problem! I've dealt with similar issues before, so at least I knew what to look for when I saw the cryptic error message in the build log.

Comment 7 Steven Presti 2023-06-26 20:56:20 UTC
So @bgilbert just pointed out that URL which demonstrates the problem (from the fedora bug template) is not visible. So for reference this is the failing scratch build https://koji.fedoraproject.org/koji/taskinfo?taskID=102428074.

I went ahead and created a pr upstream for the change in openssh-keys https://github.com/coreos/openssh-keys/pull/90.

Comment 8 Benjamin Gilbert 2023-06-28 02:49:01 UTC
Fixed by https://bodhi.fedoraproject.org/updates/FEDORA-2023-0f1fbda0a1.