Spec URL: https://download.copr.fedorainfracloud.org/results/kni/wolfssl/fedora-rawhide-x86_64/08818627-wolfssl/wolfssl.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/kni/wolfssl/fedora-rawhide-x86_64/08818627-wolfssl/wolfssl-5.7.6-1.fc43.src.rpm Description: The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, Blake2b and Post-Quantum TLS 1.3 groups. User bench-marking and feedback reports dramatically better performance when using wolfSSL over OpenSSL. wolfSSL is powered by the wolfCrypt cryptography library. Two versions of wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and certificate #3389). FIPS 140-3 validation is in progress. For additional information, visit the wolfCrypt FIPS FAQ or contact fips. Fedora Account System Username: kni RPMLINT: $ rpmlint /var/lib/mock/fedora-rawhide-x86_64/result/*.rpm ============================ rpmlint session starts ============================ rpmlint: 2.6.1 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 6 wolfssl.src: E: spelling-error ('wolfCrypt', '%description -l en_US wolfCrypt -> wolf Crypt, wolf-crypt, Cryptozoic') wolfssl.x86_64: E: spelling-error ('wolfCrypt', '%description -l en_US wolfCrypt -> wolf Crypt, wolf-crypt, Cryptozoic') wolfssl-devel.x86_64: W: no-manual-page-for-binary wolfssl-config wolfssl.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/libwolfssl.so.43.0.0 SSL_CTX_set_cipher_list 6 packages and 0 specfiles checked; 2 errors, 2 warnings, 40 filtered, 2 badness; has taken 2.6 s RPMLINT RESPONSES: >wolfssl.src: E: spelling-error ('wolfCrypt', '%description -l en_US wolfCrypt -> wolf Crypt, wolf-crypt, Cryptozoic') >wolfssl.x86_64: E: spelling-error ('wolfCrypt', '%description -l en_US wolfCrypt -> wolf Crypt, wolf-crypt, Cryptozoic') This is the proper name of the project, thus these errors can be ignored >wolfssl-devel.x86_64: W: no-manual-page-for-binary wolfssl-config wolfssl-config is dynamically created during configure. The authors have not provided a man page for this executable. This is by design: https://github.com/wolfSSL/wolfssl/blob/master/debian/include.am#L60 >wolfssl.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/libwolfssl.so.43.0.0 SSL_CTX_set_cipher_list Fedora Packaging Reference: https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/ This version of Wolfssl has been built with a new --with-sys-crypto-policy flag, which is intended to satisfy Fedora crypto policies. Additional backgound will be provided in the next post
I have worked with the upstream project to create --with-sys-crypto-policy. This feature was added specifically to satisfy Fedora's crypto policies. Details can be viewed here: https://github.com/wolfSSL/wolfssl/pull/8205 Note, per Fesco 3267, this review request requires approval with FPC https://pagure.io/fesco/issue/3267 QUESTIONS/DISCUSSION: with-sys-crypto-policy merely adds the ability to read the config file /etc/crypto-policies/back-ends/wolfssl.config. It does not provide the provide the config file itself. What kind of additional tests are needed to demonstrate fedora crypto policies are respected? Should I file a bug report against crypto-policies package, to add a default crypo policy config file for wolfssl?
Copr build: https://copr.fedorainfracloud.org/coprs/build/8818712 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2354856-wolfssl/fedora-rawhide-x86_64/08818712-wolfssl/fedora-review/review.txt Found issues: - A package with this name already exists. Please check https://src.fedoraproject.org/rpms/wolfssl Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/Naming/#_conflicting_package_names Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Thanks for the response, Fabio. That's correct, wolfssl was previously approved, and I am the package maintainer: https://src.fedoraproject.org/rpms/wolfssl At the time, I mistakenly thought I had approval to proceed from the Fedora Security Team when in fact I did not. WolfSSL was unapproved, with the instruction to repeat the package review process after wolfssl can be made compliant with crypto policies. Details are here: https://pagure.io/fesco/issue/3267 If there is something different I need to do, please let me know. I hope we don't have to submit this review under a different name.
Whoops, that response was from the automated Fedora Review Service, not Fabio.