Fedora Account System
Red Hat Associate
Red Hat Customer
Spec URL: https://alakatos.fedorapeople.org/trustee/rust-ear/rust-ear.spec SRPM URL: https://alakatos.fedorapeople.org/trustee/rust-ear/rust-ear-0.4.0-1.fc42.src.rpm Description: This crate provides a standards-compliant implementation for creating and verifying attestation result tokens that communicate appraisals of attested evidence produced by a verifier Fedora Account System Username: alakatos
Copr build: https://copr.fedorainfracloud.org/coprs/build/9842406 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2417572-rust-ear/fedora-rawhide-x86_64/09842406-rust-ear/builder-live.log.gz Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
[fedora-review-service-build]
Copr build: https://copr.fedorainfracloud.org/coprs/build/9931721 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2417572-rust-ear/fedora-rawhide-x86_64/09931721-rust-ear/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Copr build: https://copr.fedorainfracloud.org/coprs/build/9931718 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2417572-rust-ear/fedora-rawhide-x86_64/09931718-rust-ear/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Copr build: https://copr.fedorainfracloud.org/coprs/build/9931722 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2417572-rust-ear/fedora-rawhide-x86_64/09931722-rust-ear/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= No issues found. All MUST items pass. ===== MUST items ===== Generic: [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. Note: Package builds successfully in copr-build 9931722 [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. Note: Verified Apache-2.0 License. License file at ear-0.4.0/LICENSE contains standard Apache License 2.0 text. Package implements EAT (Entity Attestation Token) Attestation Results per draft-fv-rats-ear specification, providing attestation result tokens for remote attestation systems. [x]: License field in the package spec file matches the actual license. Note: Spec declares "License: Apache-2.0" which matches the actual Apache License 2.0 in the LICENSE file. The licensecheck output shows "*No copyright* Apache License 2.0" for the LICENSE file and source files - this is expected as the LICENSE file is the license text itself (without a separate copyright notice), and source files contain SPDX identifiers (// SPDX-License-Identifier: Apache-2.0) which is a valid way to indicate licensing. 15 files with "Unknown or generated" are configuration and build files (Cargo.toml, .github workflows, deny.toml, misc test keys) which is normal - they are covered under the project's Apache-2.0 License. [x]: License file installed when any subpackage combination is installed. Note: %license directive in spec line 33 ensures LICENSE is installed: %license %{crate_instdir}/LICENSE [x]: %build honors applicable compiler flags or justifies otherwise. Note: Uses %cargo_build macro which properly handles Rust compiler flags. [x]: Package contains no bundled libraries without FPC exception. Note: Rust package with declared dependencies via Cargo. Dependencies include base64, ciborium, cose-rust, hex, jsonwebtoken, lazy_static, openssl, phf, serde, serde_json, and thiserror - all properly declared. [x]: Changelog in prescribed format. Note: Uses %autochangelog macro for automatic changelog generation. [x]: Sources contain only permissible code or content. Note: Examined source code ear-0.4.0/. Package is a legitimate EAT (Entity Attestation Token) Attestation Results implementation conforming to draft-fv-rats-ear specification from IETF RATS working group. Provides functionality to create, sign, and verify attestation result tokens using JWT (JSON Web Token) and COSE (CBOR Object Signing and Encryption). Source files reviewed include lib.rs (lines 1-20 show SPDX-License-Identifier: Apache-2.0 and implementation description), ear.rs, appraisal.rs, algorithm.rs, trust/*.rs. Code provides cryptographic signing/verification of attestation results used in remote attestation systems. Part of the Veraison project for attestation verification. No malware or suspicious code found. [x]: Package contains desktop file if it is a GUI application. Note: Library package, not a GUI application. [x]: Development files must be in a -devel package Note: This is a Rust -devel package containing library source for building other packages. [x]: Package uses nothing in %doc for runtime. Note: Only README.md is marked as %doc which is documentation only. [x]: Package consistently uses macros (instead of hard-coded directory names). Note: Properly uses %{crate_instdir} and other standard Rust macros. [x]: Package is named according to the Package Naming Guidelines. Note: Follows Rust packaging naming: rust-ear [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. Note: Installs to %{crate_instdir} which is /usr/share/cargo/registry/ear-0.4.0/ [x]: If the package is a rename of another package, proper Obsoletes and Provides are present. Note: Not a renamed package. [x]: Requires correct, justified where necessary. Note: Dependencies are automatically generated via cargo-rpm-macros. Requires include crate(base64/default), crate(ciborium/default), crate(cose-rust/default), crate(hex/default), crate(jsonwebtoken/default), crate(lazy_static/default), crate(openssl/default), crate(phf/default), crate(phf/macros), crate(phf/serde), crate(serde/default), crate(serde/derive), crate(serde_json/default), crate(serde_json/raw_value), and crate(thiserror/default) with appropriate version constraints. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. Note: Library package, no systemd files needed. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. Note: LICENSE file included via %license directive. [x]: The License field must be a valid SPDX expression. Note: "Apache-2.0" is a valid SPDX license identifier. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. Note: No duplicate file warnings in this build. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. Note: Uses %cargo_install macro. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. Note: Checksum verified below. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. Note: rust-ear.spec matches package name. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 0 bytes in 0 files (only README.md). [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: Reviewer should test that the package builds in mock. Note: Package was built via fedora-review --copr-build which uses mock. [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. Note: LICENSE file is included in upstream source. [x]: Final provides and requires are sane (see attachments). Note: Provides include crate(ear) and crate(ear/default). Requires are appropriate for the crate's dependencies on cryptographic and serialization libraries. [-]: Fully versioned dependency in subpackages if applicable. Note: Rust feature packages use crate() dependencies without %{name} %{?_isa} versioning, which is normal and correct for Rust packages. The crate() virtual provides system handles versioning appropriately. [x]: Package functions as described. Note: EAT Attestation Results implementation. Provides functionality to create, sign, and verify attestation result tokens conforming to EAT Attestation Results (draft-fv-rats-ear) specification. Supports JWT and COSE signing, extensible profiles, and AR4SI trust claims. [x]: Latest version is packaged. Note: Version 0.4.0 is being packaged. The upstream rust-ear repository shows recent activity (updated November 2025), indicating active development. Version 0.4.0 appears to be a current release. [x]: Package does not include license text files separate from upstream. Note: LICENSE file is from upstream. [-]: Patches link to upstream bugs/comments/lists or are otherwise justified. Note: No patches applied. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: crates.io does not provide GPG signatures. [-]: Package should compile and build into binary rpms on all supported architectures. Note: BuildArch: noarch - Rust source packages are architecture independent. [x]: %check is present and all tests pass. Note: Tests are enabled with %bcond check 1, which means tests run during build. This is excellent for a cryptographic/attestation library. [x]: Packages should try to preserve timestamps of original installed files. Note: cargo-rpm-macros handle this. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Spec file according to URL is the same as in SRPM. [x]: Spec file %files devel section follows rust2rpm standard pattern. Rpmlint ------- Checking: rust-ear-devel-0.4.0-1.fc44.noarch.rpm rust-ear+default-devel-0.4.0-1.fc44.noarch.rpm rust-ear-0.4.0-1.fc44.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.7.0 configuration: /usr/lib/python3.13/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp1hbza7pl')] checks: 32, packages: 3 3 packages and 0 specfiles checked; 0 errors, 0 warnings, 13 filtered, 0 badness; has taken 0.1 s Rpmlint (installed packages) ---------------------------- (none): E: there is no installed rpm "rust-ear-devel". (none): E: there is no installed rpm "rust-ear+default-devel". There are no files to process nor additional arguments. Nothing to do, aborting. ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 2 0 packages and 0 specfiles checked; 0 errors, 0 warnings, 0 filtered, 0 badness; has taken 0.0 s Source checksums ---------------- https://crates.io/api/v1/crates/ear/0.4.0/download#/ear-0.4.0.crate : CHECKSUM(SHA256) this package : 8bc48a3976de4a3c2f6661a74836abbd7d458ef10e391fedcf47bcc4c983abc1 CHECKSUM(SHA256) upstream package : 8bc48a3976de4a3c2f6661a74836abbd7d458ef10e391fedcf47bcc4c983abc1 Checksums match. Requires -------- rust-ear-devel (rpmlib, GLIBC filtered): (crate(base64/default) >= 0.22.1 with crate(base64/default) < 0.23.0~) (crate(ciborium/default) >= 0.2.0 with crate(ciborium/default) < 0.3.0~) (crate(cose-rust/default) >= 0.1.2 with crate(cose-rust/default) < 0.2.0~) (crate(hex/default) >= 0.4.3 with crate(hex/default) < 0.5.0~) (crate(jsonwebtoken/default) >= 9.0.0 with crate(jsonwebtoken/default) < 10.0.0~) (crate(lazy_static/default) >= 1.5.0 with crate(lazy_static/default) < 2.0.0~) (crate(openssl/default) >= 0.10.54 with crate(openssl/default) < 0.11.0~) (crate(phf/default) >= 0.11.1 with crate(phf/default) < 0.12.0~) (crate(phf/macros) >= 0.11.1 with crate(phf/macros) < 0.12.0~) (crate(phf/serde) >= 0.11.1 with crate(phf/serde) < 0.12.0~) (crate(serde/default) >= 1.0.0 with crate(serde/default) < 2.0.0~) (crate(serde/derive) >= 1.0.0 with crate(serde/derive) < 2.0.0~) (crate(serde_json/default) >= 1.0.93 with crate(serde_json/default) < 2.0.0~) (crate(serde_json/raw_value) >= 1.0.93 with crate(serde_json/raw_value) < 2.0.0~) (crate(thiserror/default) >= 2.0.16 with crate(thiserror/default) < 3.0.0~) /usr/bin/bash cargo rust-ear+default-devel (rpmlib, GLIBC filtered): cargo crate(ear) Provides -------- rust-ear-devel: crate(ear) rust-ear-devel rust-ear+default-devel: crate(ear/default) rust-ear+default-devel Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review --copr-build 9931722 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic Disabled plugins: PHP, Haskell, R, Python, SugarActivity, Ocaml, Java, fonts, Perl, C/C++ Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH ===== APPROVAL ===== This package is APPROVED, thanks. No issues, all MUST items pass.
The Pagure repository was created at https://src.fedoraproject.org/rpms/rust-ear
FEDORA-2025-76e0aa7933 (rust-ear-0.4.0-1.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2025-76e0aa7933
FEDORA-2025-76e0aa7933 (rust-ear-0.4.0-1.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report.