2380941 – Review Request: rust-sev4 - Library for AMD SEV - version 4

Bug 2380941 - Review Request: rust-sev4 - Library for AMD SEV - version 4

Summary: Review Request: rust-sev4 - Library for AMD SEV - version 4

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Fabio Valentini
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-16 14:32 UTC by Uri Lublin
Modified:	2025-09-04 14:40 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2025-09-04 14:40:41 UTC
Type:	---
Embargoed:
Dependent Products:
Flags:	decathorpe: fedora-review?

Attachments	(Terms of Use)

Description Uri Lublin 2025-07-16 14:32:19 UTC

Spec URL: https://download.copr.fedorainfracloud.org/results/uril/trustee-attester/fedora-rawhide-x86_64/09270025-rust-sev4/rust-sev4.spec
SRPM URL: https://download.copr.fedorainfracloud.org/results/uril/trustee-attester/fedora-rawhide-x86_64/09270025-rust-sev4/rust-sev4-4.0.0-1.fc43.src.rpm
Description: Library for AMD SEV.
Fedora Account System Username: uril


Currently available in Fedora rust-sev version 6, but some packages depends on
rust-sev version 4.

Spec file was created with:
fedpkg clone -a rust-sev
cd rust-sev
git checkout -b sev4 078c510ed92f03969cf36d56f88fb4797a143c0e
# 078c510ed92f03969cf36d56f88fb4797a143c0e is the last commit before version 6
vim rust-sev.spec # changing Name from rust-sev to rust-sev4
mv rust-sev.spec rust-sev4.spec

Comment 1 Sergio Lopez 2025-07-17 14:26:37 UTC

@uril Which Fedora packages depend on sev4?

@tfanelli PTAL.

Comment 2 Tyler Fanelli 2025-07-18 00:09:53 UTC

Are you using the launch API in this version? Version 4 of this library doesn't set the memory region attributes to private, which may cause issues with guest_memfd on newer kernels. If you're not using that, then introducing this is fine with me.

Comment 3 Fabio Valentini 2025-07-18 10:19:02 UTC

I don't know what happened here, but the crate downloaded from crates.io doesn't match the tarball you used in this package. Both the sha256sum of the .crate file and checksums of individual files don't match.

Comment 4 Uri Lublin 2025-07-20 07:21:43 UTC

(In reply to Sergio Lopez from comment #1)
> @uril Which Fedora packages depend on sev4?
> 
> @tfanelli PTAL.

az-cvm-vtpm - bug 2370932
az-snp-vtpm - bug 2370933
trustee-guest-components depends on these

Comment 5 Uri Lublin 2025-07-27 14:15:33 UTC

(In reply to Fabio Valentini from comment #3)
> I don't know what happened here, but the crate downloaded from crates.io
> doesn't match the tarball you used in this package. Both the sha256sum of
> the .crate file and checksums of individual files don't match.

I changed nothing but the name, such that rust-sev4 is the same as
rust-sev (version 4.0.0), as it was already tested and used.

Comment 6 Fabio Valentini 2025-07-30 20:58:33 UTC

The question isn't the origin of the *.spec file, the question is the origin of the *.crate file.

It doesn't match the one downloaded from crates.io, which is quite suspicious.

Comment 7 Uri Lublin 2025-08-03 12:43:42 UTC

Yes, I understand your concern is the crate file. My comment 5 still holds.

I'll prepare an SRPM with the original crate.

Comment 8 Uri Lublin 2025-08-03 12:55:50 UTC

(In reply to Uri Lublin from comment #7)
> I'll prepare an SRPM with the original crate.

I'll first try building rust-az-???-vtpm v0.7.3 (related: bug 2370932 comment 11)

Comment 9 Fabio Valentini 2025-09-04 13:46:37 UTC

Do you still need this package for v4?

Comment 10 Uri Lublin 2025-09-04 14:40:41 UTC

No, we modified the code to use sev-v6.
Closing it as won'tfix.

Note You need to log in before you can comment on or make changes to this bug.