Spec URL: https://decathorpe.fedorapeople.org/rust-sequoia-cert-store.spec SRPM URL: https://decathorpe.fedorapeople.org/rust-sequoia-cert-store-0.2.0-1.fc38.src.rpm Description: A certificate database interface. Fedora Account System Username: decathorpe
Copr build: https://copr.fedorainfracloud.org/coprs/build/5785275 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2186844-rust-sequoia-cert-store/fedora-rawhide-x86_64/05785275-rust-sequoia-cert-store/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Taking this review Generic comments: - Package was generated with rust2rpm and a manual patch was applied - `sequoia-net` was bumped to `0.27.0` because this is the latest version in fedora --> Manual patch is OK (This is not needed in the latest version) - I assume that you want to support multiple backends, and not just the default one, in this package --> Manual patch is OK Issues: - Latest version is `0.3.2`, packaged version is `0.2.0`. Can this be updated to the latest version or is `0.2.0` required? - fedora-review shows (see below) that `rust-sequoia-cert-store-devel` requires `/usr/bin/bash`. I am not sure where it got that as this is not mentioned in the spec file. Is this some rpm auto require magic? Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed ===== MUST items ===== Generic: [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. Note: Using prebuilt packages [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* GNU Library General Public License, Version 2.0", "GNU Library General Public License v2 or later", "*No copyright* GNU Library General Public License v2 or later". 45 files have unknown license. Detailed output of licensecheck in /var/lib/copr-rpmbuild/results/rust-sequoia-cert- store/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [!]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [-]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 0 bytes in 0 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: Reviewer should test that the package builds in mock. [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in rust- sequoia-cert-store-devel , rust-sequoia-cert-store+default-devel , rust-sequoia-cert-store+crypto-nettle-devel , rust-sequoia-cert- store+crypto-openssl-devel [?]: Package functions as described. [!]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Spec use %global instead of %define unless justified. Note: %define requiring justification: %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). Rpmlint ------- Checking: rust-sequoia-cert-store-devel-0.2.0-1.fc39.noarch.rpm rust-sequoia-cert-store+default-devel-0.2.0-1.fc39.noarch.rpm rust-sequoia-cert-store+crypto-nettle-devel-0.2.0-1.fc39.noarch.rpm rust-sequoia-cert-store+crypto-openssl-devel-0.2.0-1.fc39.noarch.rpm rust-sequoia-cert-store-0.2.0-1.fc39.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpvd2zevnr')] checks: 31, packages: 5 rust-sequoia-cert-store+crypto-nettle-devel.noarch: W: no-documentation rust-sequoia-cert-store+crypto-openssl-devel.noarch: W: no-documentation rust-sequoia-cert-store+default-devel.noarch: W: no-documentation 5 packages and 0 specfiles checked; 0 errors, 3 warnings, 0 badness; has taken 0.2 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.4.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 31, packages: 4 rust-sequoia-cert-store+crypto-openssl-devel.noarch: W: no-documentation rust-sequoia-cert-store+crypto-nettle-devel.noarch: W: no-documentation rust-sequoia-cert-store+default-devel.noarch: W: no-documentation 4 packages and 0 specfiles checked; 0 errors, 3 warnings, 0 badness; has taken 0.0 s Source checksums ---------------- https://crates.io/api/v1/crates/sequoia-cert-store/0.2.0/download#/sequoia-cert-store-0.2.0.crate : CHECKSUM(SHA256) this package : cf234b5315e6fb459f72715198e6b86e6bdec0776c2bc2f2b35c83aedf343ee6 CHECKSUM(SHA256) upstream package : cf234b5315e6fb459f72715198e6b86e6bdec0776c2bc2f2b35c83aedf343ee6 Requires -------- rust-sequoia-cert-store-devel (rpmlib, GLIBC filtered): (crate(anyhow/default) >= 1.0.18 with crate(anyhow/default) < 2.0.0~) (crate(crossbeam/default) >= 0.8.1 with crate(crossbeam/default) < 0.9.0~) (crate(dirs/default) >= 4.0.0 with crate(dirs/default) < 5.0.0~) (crate(num_cpus/default) >= 1.0.0 with crate(num_cpus/default) < 2.0.0~) (crate(once_cell/default) >= 1.17.0 with crate(once_cell/default) < 2.0.0~) (crate(openpgp-cert-d/default) >= 0.1.0 with crate(openpgp-cert-d/default) < 0.2.0~) (crate(rayon/default) >= 1.0.0 with crate(rayon/default) < 2.0.0~) (crate(sequoia-net) >= 0.27.0 with crate(sequoia-net) < 0.28.0~) (crate(sequoia-openpgp) >= 1.13.0 with crate(sequoia-openpgp) < 2.0.0~) (crate(thiserror/default) >= 1.0.2 with crate(thiserror/default) < 2.0.0~) (crate(tokio/default) >= 1.13.0 with crate(tokio/default) < 2.0.0~) (crate(tokio/rt) >= 1.13.0 with crate(tokio/rt) < 2.0.0~) /usr/bin/bash cargo rust-sequoia-cert-store+default-devel (rpmlib, GLIBC filtered): cargo crate(sequoia-cert-store) rust-sequoia-cert-store+crypto-nettle-devel (rpmlib, GLIBC filtered): (crate(sequoia-openpgp/crypto-nettle) >= 1.13.0 with crate(sequoia-openpgp/crypto-nettle) < 2.0.0~) cargo crate(sequoia-cert-store) rust-sequoia-cert-store+crypto-openssl-devel (rpmlib, GLIBC filtered): (crate(sequoia-openpgp/crypto-openssl) >= 1.13.0 with crate(sequoia-openpgp/crypto-openssl) < 2.0.0~) cargo crate(sequoia-cert-store) Provides -------- rust-sequoia-cert-store-devel: crate(sequoia-cert-store) rust-sequoia-cert-store-devel rust-sequoia-cert-store+default-devel: crate(sequoia-cert-store/default) rust-sequoia-cert-store+default-devel rust-sequoia-cert-store+crypto-nettle-devel: crate(sequoia-cert-store/crypto-nettle) rust-sequoia-cert-store+crypto-nettle-devel rust-sequoia-cert-store+crypto-openssl-devel: crate(sequoia-cert-store/crypto-openssl) rust-sequoia-cert-store+crypto-openssl-devel Generated by fedora-review 0.9.0 (6761b6c) last change: 2022-08-23 Command line :/usr/bin/fedora-review --no-colors --prebuilt --rpm-spec --name rust-sequoia-cert-store --mock-config /var/lib/copr-rpmbuild/results/configs/child.cfg Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, Shell-api Disabled plugins: R, SugarActivity, Perl, C/C++, Python, PHP, Ocaml, Haskell, Java, fonts Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH
(In reply to blinxen from comment #2) > Taking this review > > Generic comments: > > - Package was generated with rust2rpm and a manual patch was applied > - `sequoia-net` was bumped to `0.27.0` because this is the latest version in > fedora --> Manual patch is OK (This is not needed in the latest version) Yes, I will drop this patch as soon as I'm able to bump to the latest version. > - I assume that you want to support multiple backends, and not just the > default one, in this package --> Manual patch is OK Yes, the patch is there to make it easier to choose the crypto backend for building this crate, running tests against different backends, and for dependent packages to be able to choose a backend independently. As far as I know, the Sequoia PGP project is making similar changes in most of their projects, so the patch might not even be needed for long. > Issues: > > - Latest version is `0.3.2`, packaged version is `0.2.0`. Can this be > updated to the latest version or is `0.2.0` required? I was hoping to package v0.2.0 for sequoia-sq v0.29.0, but since I figured out most of the things that would be needed to do that and filed all the requests, new releases have been published ... If it is alright with you, I'd like to stick with v0.2.0 and get sequoia-sq updated to v0.29.0 first, and I'll push follow-up updates to this package and sequoia-sq v0.30.0. The package is a bit hard to keep track of, since the project tends to add new dependencies with every version :( > - fedora-review shows (see below) that `rust-sequoia-cert-store-devel` > requires `/usr/bin/bash`. I am not sure where it got that as this is not > mentioned in the spec file. Is this some rpm auto require magic? Probably ... let me check. Yes, it's probably caused by the "tests/cert2rust.sh" script, which has a "#!/bin/bash" shebang. I'll exclude the "tests" directory from installed files, which should prevent this issue.
> Yes, the patch is there to make it easier to choose the crypto backend for building this crate, running tests against different backends, and for dependent packages to be able to choose a backend independently I forgot to ask the following: ``` %cargo_generate_buildrequires -f crypto-nettle,crypto-openssl %build %cargo_build -f crypto-nettle %install %cargo_install -f crypto-nettle %if %{with check} %check # run tests with both cryptographic backends %cargo_test -f crypto-nettle %cargo_test -f crypto-openssl %endif ``` The `cargo_generate_buildrequires` macro includes both backends, the `check` section tests for both backends but the `build` and `install` section uses the `crypto-nettle` backend. Is this intended?
The files behind the original URLs are updated now. I've added a few more comments, and excluded the "tests" directory. [fedora-review-service-build] > The `cargo_generate_buildrequires` macro includes both backends, the `check` section tests for both backends but the `build` and `install` section uses the `crypto-nettle` backend. Is this intended? Yes, this is intended ... the way some Sequoia crates work is a bit annoying for packaging. You need to explicitly choose a crypto backend for "cargo build", but you can only enable *exactly one*.
(Pressed the "Save changes" button too soon.) The "-f feature" flags passed to "%cargo_build" and "%cargo_install" macros have no effect on the installed files (unless you install binaries, which is not the case here). So they are only there to make the crate actually build. Without "-f crypto-nettle", the crate will fail to build with an error like "YOU NEED TO CHOOSE A CRYPTO BACKEND!!!" ...
Copr build: https://copr.fedorainfracloud.org/coprs/build/5908698 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2186844-rust-sequoia-cert-store/fedora-rawhide-x86_64/05908698-rust-sequoia-cert-store/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
> If it is alright with you, I'd like to stick with v0.2.0 and get sequoia-sq updated to v0.29.0 first... Makes sense to me. > fedora-review shows (see below) that `rust-sequoia-cert-store-devel` requires `/usr/bin/bash`. I am not sure where it got that as this is not mentioned in the spec file. Is this some rpm auto require magic? `Requires` seems OK now APPROVED
Awesome. Thank you for the review!
The Pagure repository was created at https://src.fedoraproject.org/rpms/rust-sequoia-cert-store
Imported and built. Will update to the latest version as soon as that's possible. Thanks again! https://bodhi.fedoraproject.org/updates/FEDORA-2023-515ab819a3