2364276 – Review Request: rust-nng-c-sys - Bindings nng C library

Bug 2364276 - Review Request: rust-nng-c-sys - Bindings nng C library

Summary: Review Request: rust-nng-c-sys - Bindings nng C library

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Nobody's working on this, feel free to take it
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://crates.io/crates/nng-c-sys
Whiteboard:
Depends On:
Blocks:	2359652 2364277
TreeView+	depends on / blocked

Reported:	2025-05-06 02:31 UTC by solomoncyj
Modified:	2025-05-16 11:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description solomoncyj 2025-05-06 02:31:36 UTC

Spec URL: https://solomoncyj.fedorapeople.org/reviews/rust-nng-c-sys/rust-nng-c-sys.spec
SRPM URL: https://solomoncyj.fedorapeople.org/reviews/rust-nng-c-sys/rust-nng-c-sys-1.10.1-1.fc42.src.rpm

Description:
Bindings nng C library.

Fedora Account System Username: solomoncyj

Comment 1 Fedora Review Service 2025-05-06 02:39:36 UTC

Copr build:
https://copr.fedorainfracloud.org/coprs/build/8999728
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2364276-rust-nng-c-sys/fedora-rawhide-x86_64/08999728-rust-nng-c-sys/fedora-review/review.txt

Found issues:

- No gcc, gcc-c++ or clang found in BuildRequires
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/

Please know that there can be false-positives.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 2 Ben Beasley 2025-05-16 11:53:39 UTC

I see some reason for caution here. This bundles mbedtls, which is a TLS implementation, so may require special handling under https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/. As for any bundled library, there should also be a serious effort to patch build.rs to link the system copy at https://src.fedoraproject.org/rpms/mbedtls. Hopefully the differences between the packaged 3.6.3 and the bundled 2.28.9 aren’t too significant. On the bright side, successfully linking the system copy would avoid most of the extra scrutiny that would apply to this package for bundling a crypo implementation.

Comment 3 Ben Beasley 2025-05-16 11:58:53 UTC

Note that when adjusting a -sys library to use the external/system copy of a library it normally bundles, it’s a good idea to also patch it (downstream-only) so that bindgen is a non-optional dependency and binding re-generation happens unconditionally (here, governed by the build-bindgen feature). You can still have the feature, but it shouldn’t actually control anything anymore. That makes sure that we don’t have issues with bindings that were based on the bundled version rather than the system version of the wrapped library.

Note You need to log in before you can comment on or make changes to this bug.