1532772 – Review Request: libsodium13 - Compatibility version of the Sodium crypto library

Bug 1532772 - Review Request: libsodium13 - Compatibility version of the Sodium crypto library

Summary: Review Request: libsodium13 - Compatibility version of the Sodium crypto library

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	epel7
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Neal Gompa
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-01-09 19:01 UTC by Carl George
Modified:	2018-09-08 14:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-09-08 14:46:00 UTC
Type:	---
Embargoed:
Flags:	ngompa13: fedora-review+

Attachments	(Terms of Use)

Description Carl George 2018-01-09 19:01:37 UTC

Spec URL: https://carlwgeorge.fedorapeople.org/libsodium13.spec
SRPM URL: https://carlwgeorge.fedorapeople.org/libsodium13-1.0.5-1.el7.centos.src.rpm
Fedora Account System Username: carlwgeorge
Description:
Sodium is a new, easy-to-use software library for encryption, decryption, 
signatures, password hashing and more. It is a portable, cross-compilable, 
installable, packageable fork of NaCl, with a compatible API, and an extended 
API to improve usability even further. Its goal is to provide all of the core 
operations needed to build higher-level cryptographic tools. The design 
choices emphasize security, and "magic constants" have clear rationales.

The same cannot be said of NIST curves, where the specific origins of certain 
constants are not described by the standards. And despite the emphasis on 
higher security, primitives are faster across-the-board than most 
implementations of the NIST standards.

This is a compatibility package containing libsodium.so.13.

Comment 1 Carl George 2018-01-09 19:09:17 UTC

This package is for EPEL7 only.  libsodium 1.0.5 (libsodium.so.13) is already packaged for EPEL7.  However, other software requires newer versions.  The goal here is to freeze that library version in this package for software that currently links against it, which will allow us to update the main libsodium package to the latest version without causing any ABI breakage.  I have tested these steps in COPR and it works without issue.

https://copr.fedorainfracloud.org/coprs/carlwgeorge/libsodium13/

Comment 2 Neal Gompa 2018-01-10 01:11:35 UTC

Taking this review.

Comment 3 Neal Gompa 2018-01-16 20:48:16 UTC

Review notes:

As this is a versioned variant of an existing package, it doesn't require a full review. That said, I've reviewed over the changes from the existing package, and it looks solid.

* Conflicts are properly structured for transitioning libsodium packages
* Conflicts are structured to prevent both libsodium-devel packages being installed
* Files are installed correctly
* License is correctly marked and license file is properly installed.

PACKAGE APPROVED.

Comment 4 Gwyn Ciesla 2018-01-16 22:26:43 UTC

(fedrepo-req-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/libsodium13. You may commit to the branch "epel7" in about 10 minutes.

Note You need to log in before you can comment on or make changes to this bug.