Bug 2364276

Summary: Review Request: rust-nng-c-sys - Bindings nng C library
Product: [Fedora] Fedora Reporter: solomoncyj
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: code, package-review
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://crates.io/crates/nng-c-sys
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2359652, 2364277    

Description solomoncyj 2025-05-06 02:31:36 UTC 
Spec URL: https://solomoncyj.fedorapeople.org/reviews/rust-nng-c-sys/rust-nng-c-sys.spec
SRPM URL: https://solomoncyj.fedorapeople.org/reviews/rust-nng-c-sys/rust-nng-c-sys-1.10.1-1.fc42.src.rpm

Description:
Bindings nng C library.

Fedora Account System Username: solomoncyj
Comment 1 Fedora Review Service 2025-05-06 02:39:36 UTC 
Copr build:
https://copr.fedorainfracloud.org/coprs/build/8999728
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2364276-rust-nng-c-sys/fedora-rawhide-x86_64/08999728-rust-nng-c-sys/fedora-review/review.txt

Found issues:

- No gcc, gcc-c++ or clang found in BuildRequires
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/

Please know that there can be false-positives.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.
Comment 2 Ben Beasley 2025-05-16 11:53:39 UTC 
I see some reason for caution here. This bundles mbedtls, which is a TLS implementation, so may require special handling under https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/. As for any bundled library, there should also be a serious effort to patch build.rs to link the system copy at https://src.fedoraproject.org/rpms/mbedtls. Hopefully the differences between the packaged 3.6.3 and the bundled 2.28.9 aren’t too significant. On the bright side, successfully linking the system copy would avoid most of the extra scrutiny that would apply to this package for bundling a crypo implementation.
Comment 3 Ben Beasley 2025-05-16 11:58:53 UTC 
Note that when adjusting a -sys library to use the external/system copy of a library it normally bundles, it’s a good idea to also patch it (downstream-only) so that bindgen is a non-optional dependency and binding re-generation happens unconditionally (here, governed by the build-bindgen feature). You can still have the feature, but it shouldn’t actually control anything anymore. That makes sure that we don’t have issues with bindings that were based on the bundled version rather than the system version of the wrapped library.