Hello, Please note that this comment was generated automatically by https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py If you feel that this output has mistakes, please open an issue at https://pagure.io/releng/ Your package (rust-az-cvm-vtpm) Fails To Install in Fedora 43: can't install rust-az-cvm-vtpm+verifier-devel: - nothing provides (crate(sev/openssl) >= 4.0.0 with crate(sev/openssl) < 5.0.0~) needed by rust-az-cvm-vtpm+verifier-devel-0.7.1-3.fc42.noarch can't install rust-az-cvm-vtpm-devel: - nothing provides (crate(sev/default) >= 4.0.0 with crate(sev/default) < 5.0.0~) needed by rust-az-cvm-vtpm-devel-0.7.1-3.fc42.noarch If you know about this problem and are planning on fixing it, please acknowledge so by setting the bug status to ASSIGNED. If you don't have time to maintain this package, consider orphaning it, so maintainers of dependent packages realize the problem. If you don't react accordingly to the policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/), your package may be orphaned in 8+ weeks. P.S. The data was generated solely from koji buildroot, so it might be newer than the latest compose or the content on mirrors. To reproduce, use the koji/local repo only, e.g. in mock: $ mock -r fedora-43-x86_64 --config-opts mirrored=False install rust-az-cvm-vtpm+verifier-devel rust-az-cvm-vtpm-devel P.P.S. If this bug has been reported in the middle of upgrading multiple dependent packages, please consider using side tags: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter-dependent-packages Thanks!
Hello, Please note that this comment was generated automatically by https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py If you feel that this output has mistakes, please open an issue at https://pagure.io/releng/ This package fails to install and maintainers are advised to take one of the following actions: - Fix this bug and close this bugzilla once the update makes it to the repository. (The same script that posted this comment will eventually close this bugzilla when the fixed package reaches the repository, so you don't have to worry about it.) or - Move this bug to ASSIGNED if you plan on fixing this, but simply haven't done so yet. or - Orphan the package if you no longer plan to maintain it. If you do not take one of these actions, the process at https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/#_package_removal_for_long_standing_ftbfs_and_fti_bugs will continue. This package may be orphaned in 7+ weeks. This is the first reminder (step 3) from the policy. Don't hesitate to ask for help on https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/ if you are unsure how to fix this bug.
Rust 'sev' is a dependency of rust-az-cvm-vtpm package. Current 'sev' crate version is 6 (and in Fedora too) but current dependency is sev.0. That causes rust-az-*-vtpm packages build to fail. Updating Carge.toml fixes "cargo build", but "cargo test" still fails. I'll create an issue upstream. $ D=$(mktemp -d /tmp/az-cvm-XXXXX) $ cd $D $ git clone http://github.com/kinvolk/azure-cvm-tooling/ $ cd azure-cvm-tooling/az-cvm-vtpm $ sed '/^sev/s/4.0.0/6/' -i Cargo.toml $ cargo build # finished successfully $ cargo test test hcl::tests::parse_hcl_report ... FAILED
This is caused by the "rust-sev" package having gone through an incompatible update without coordinating with all dependent packages (including this one), as I noted here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-57f7169b9d If just bumping the dependency in this package breaks things (even though they compile), it might be a better idea to un-break this package (and others) by introducing a parallel-available package for sev v4 (rust-sev4), which would address this issue faster than waiting for upstream.
Upstream issue created: https://github.com/kinvolk/azure-cvm-tooling/issues/70
Until upstream is updated to support sev-6.0.0, what is preferred: - bundle sev-4.0.0 source as spec-file Source1 - try to build rust-sev4 (is it a new package?) - just wait
(In reply to Uri Lublin from comment #5) > Until upstream is updated to support sev-6.0.0, what is preferred: > - bundle sev-4.0.0 source as spec-file Source1 > - try to build rust-sev4 (is it a new package?) > - just wait Even cargo itself doesn't support partial vendoring / bundling, so I'd say that option 1 is immediately out ... I would suggest to do option 2. (Yes, it's a new package. I can prepare it for you, if that would help.) Option 3 would only be OK IMO if you know that the brokenness would be limited in time, i.e. a fix was being worked on and would be available within < 1 week. Keeping packages in a broken state in rawhide isn't great, especially for statically linked languages like Rust where to apply security fixes you need to rebuild the package. And if the package is not buildable, you can't do that :(
Hello, Please note that this comment was generated automatically by https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py If you feel that this output has mistakes, please open an issue at https://pagure.io/releng/ This package fails to install and maintainers are advised to take one of the following actions: - Fix this bug and close this bugzilla once the update makes it to the repository. (The same script that posted this comment will eventually close this bugzilla when the fixed package reaches the repository, so you don't have to worry about it.) or - Move this bug to ASSIGNED if you plan on fixing this, but simply haven't done so yet. or - Orphan the package if you no longer plan to maintain it. If you do not take one of these actions, the process at https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/#_package_removal_for_long_standing_ftbfs_and_fti_bugs will continue. This package may be orphaned in 4+ weeks. This is the second reminder (step 4) from the policy. Don't hesitate to ask for help on https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/ if you are unsure how to fix this bug.
Yan and I were able to get a fix for azure-cvm-tooling. We still need to send it upstream to be reviewed. I'll probably try to add package rust-sev5 (or rust-sev4)
(In reply to Uri Lublin from comment #8) > Yan and I were able to get a fix for azure-cvm-tooling. > We still need to send it upstream to be reviewed. > I'll probably try to add package rust-sev5 (or rust-sev4) Why 5? To resolve the broken dependency, it *must* be v4. I offered above to help you with this, if you want.
Fabio, thank you for the offer to help. I created a rust-sev4 review-request (bug 2380941). The idea of rust-sev5 was that it's the most recent version that does It would not immediately solve the issue, as you mention, until all broken packages would be rebuilt with sev5 dependency. Additionally, there was no git commit of rust-sev.spec with version 5
(In reply to Uri Lublin from comment #8) > Yan and I were able to get a fix for azure-cvm-tooling. The fix was accepted. We'll build rust-az-????-vtpm 0.7.3
Hello, Please note that this comment was generated automatically by https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py If you feel that this output has mistakes, please open an issue at https://pagure.io/releng/ All subpackages of a package against which this bug was filled are now installable or removed from Fedora 43. Thanks for taking care of it!