Spec URL: https://jcline.fedorapeople.org/new-packages/rust-siguldry-pkcs11.spec SRPM URL: https://jcline.fedorapeople.org/new-packages/rust-siguldry-pkcs11-1.0.0-1.fc45.src.rpm Description: A minimal PKCS#11 module that implements the interfaces required to sign content using the Siguldry server. Fedora Account System Username: jcline I'd like to vendor https://github.com/fedora-infra/siguldry/tree/siguldry-pkcs11-1.0.0/siguldry-test to run all the integration tests if that's allowed. I might try to make the dependencies of that crate less cyclical in the future at which point running the end-to-end tests outside the repository should be easier, but I don't really want to go the workspace route and package everything in a single `siguldry` package, particularly since they're versioned differently.
Okay, getting the tests to run in the build is turning into a huge ball of wax because it assumes the siguldry crate is there and built and a whole bunch of other things are just so. I already run CI on Fedora containers upstream so I'm mostly inclined to not bother wrestling with the packaging tests at the moment.
Copr build: https://copr.fedorainfracloud.org/coprs/build/10236145 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2448376-rust-siguldry-pkcs11/fedora-rawhide-x86_64/10236145-rust-siguldry-pkcs11/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://jcline.fedorapeople.org/new-packages/rust-siguldry-pkcs11.spec SRPM URL: https://jcline.fedorapeople.org/new-packages/rust-siguldry-pkcs11-1.0.0-1.fc45.src.rpm - Fixed the permissions on the shared object which in turn fixed debuginfo extraction (thanks Fabio) - Dropped an unnecessary dependency on kryoptic in the check section. Right now upstream is entirely integration tests that really expect to be in a workspace and don't answer the question "does this module work with the version of siguldry-client shipped". I drop the integration tests in the Cargo.toml patch since they have build dependencies on unpublished workspace crates.
Created attachment 2134027 [details] The .spec file difference from Copr build 10236145 to 10237013
Copr build: https://copr.fedorainfracloud.org/coprs/build/10237013 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2448376-rust-siguldry-pkcs11/fedora-rawhide-x86_64/10237013-rust-siguldry-pkcs11/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
This is a high-quality submission. There are still a few things we need to revisit before it’s ready for approval. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated The spec file is generated with rust2rpm, simplifying the review. ---- The Summary is correctly and necessarily shortened to fit in 80 characters. If you are not already doing so, you can encode this in rust2rpm.toml: [package] summary = "Minimal PKCS#11 module to sign content using a Siguldry server" ---- A trivial ancillary source is provided and documented: # * registration file for p11-kit Source10: p11-kit.module By trivial, I mean that it only contains: module: libsiguldry_pkcs11.so This is reasonable. ---- There is a metadata patch that omits three tests, -[[test]] -name = "signing" -path = "tests/signing.rs" - -[[test]] -name = "sigul_imported_keys" -path = "tests/sigul_imported_keys.rs" - -[[test]] -name = "token_info" -path = "tests/token_info.rs" - and lowers the asn1 crate dependency version to 0.22. [dependencies.asn1] -version = "0.23" +version = "0.22" Both of these are reasonable, but: - The metadata patch is also subject to https://docs.fedoraproject.org/en-US/packaging-guidelines/PatchUpstreamStatus/, and should have comments explaining what it does and why. You can encode these in rust2rpm.toml: [package] cargo-toml-patch-comments = [ "Omit three tests that expect to run in the workspace", "Allow older version 0.22 of asn1 for now, RHBZ#2402490", ] - It would be much better to widen the version range for asn1 rather than *requiring* an older release. That way, it will be easy to tell that this package does not *block* an update, and the patch will not have to be backed out when we are ready to update rust-asn1. Try this: [dependencies.asn1] -version = "0.23" +version = ">=0.22, <0.24" ---- The following directories are unowned: Note: Directories without known owners: /usr/share/p11-kit, /usr/share/p11-kit/modules, /usr/lib64/pkcs11 If there is a natural dependendency on a package that owns these, then it can be added. For example, if the siguldry-pkcs11 binary package only functions with p11-kit installed, then you can add Requires: p11-kit and that will also take care of directory ownership. Otherwise, you should co-own the directories. %dir %{_datadir}/p11-kit %dir %{_datadir}/p11-kit/modules %dir %{_libdir}/pkcs11 See the relevant guidelines for more details and advice: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_ownership. ---- A manual dependency on siguldry is added. I’m assuming this is correct. +Requires: siguldry >= 0.5.0 If you are not already doing so, you can encode this in rust2rpm.toml: [package] bin-package-extra = "Requires: siguldry >= 0.5.0" ---- The License expression for the binary package is present and appears to be correctly formed. To make it easier to detect changes in the licenses coming from Rust dependencies, it’s conventional to paste the raw output of %{cargo_license_summary} above the License field. # (MIT OR Apache-2.0) AND Unicode-DFS-2016 # Apache-2.0 # Apache-2.0 OR MIT # Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT # BSD-2-Clause OR Apache-2.0 OR MIT # BSD-3-Clause # BSL-1.0 # ISC # LGPL-2.0-or-later # MIT # MIT OR Apache-2.0 # Unicode-3.0 # Unlicense OR MIT Then, while the License expression is valid and correct, there are a few things that we often do in the Rust SIG to make it easier to understand and audit. - Parentheses grouping AND expressions are not needed. So "(A AND B) AND C" can just be "A AND B AND C", and "((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND …" can be "(MIT OR Apache-2.0) AND Unicode-DFS-2016 AND …" - Duplicate terms can be removed. Order doesn’t matter here: (A OR B) is the same as (B OR A), so "(MIT OR Apache-2.0) AND (Apache-2.0 OR MIT)" can be just "(MIT OR Apache-2.0)" or just "(Apache-2.0 OR MIT)". - Terms can be reordered, if that’s helpful. A convention Fabio Valentini often uses, which works pretty well for relatively simple license expressions, is to start with the term(s) corresponding to the source license, then simple license terms in alphabetical order, then sub-expressions in alphabetical order. There’s more than one way to approach this, and this is just one way. - You can use the %{shrink: …} macro to write the license expression one-term-per-line, which makes it easier to read and diff. All together, that means you could write something like: # (MIT OR Apache-2.0) AND Unicode-DFS-2016 […] # Unlicense OR MIT License: %{shrink: MIT AND Apache-2.0 AND BSD-3-Clause AND BSL-1.0 AND ISC AND LGPL-2.0-or-later AND Unicode-3.0 AND Unicode-DFS-2016 AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND (BSD-2-Clause OR Apache-2.0 OR MIT) AND Unlicense OR MIT } Again, what you have in License is not *wrong*, but the form suggested above is hopefully a bit more useful to human eyes, and has worked well for maintenance thus far in the Rust SIG. ---- Installing the shared-library plugin and the siguldry.module appears to be handled correctly. If you are not already adding this to rust2rpm.toml, you can; look in the rust2rpm.toml man page for scripts.install.post, package.suppress-cdylib-install-fixme, and package.extra-files. ---- The package is not ExcludeArch/ExclusiveArch, but it fails to build on architectures other than x86_64. https://koji.fedoraproject.org/koji/taskinfo?taskID=143490286 On i686, there are a large number of errors related to 64-bit assumptions. This one is easy: it’s unlikely anything will depend on this on i686, so you can add: # https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval ExcludeArch: %{ix86} On aarch64, ppc64le, and s390x, we have: error[E0308]: mismatched types --> src/lib.rs:388:54 | 388 | let interface_name = unsafe { CStr::from_ptr(pInterfaceName as *const i8) }; | -------------- ^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected `*const u8`, found `*const i8` | | | arguments to this function are incorrect | = note: expected raw pointer `*const u8` found raw pointer `*const i8` note: associated function defined here --> library/core/src/ffi/c_str.rs:253:24 For more information about this error, try `rustc --explain E0308`. This reflects an assumption that C "char" is "signed char" rather than "unsigned char"; in fact, this is implementation-defined, and varies in practice across primary architectures. Fortunately, this is easy to fix. You can apply https://github.com/fedora-infra/siguldry/pull/161 as a patch. You may already know that, to get a patch that applies to the published crate with -p1, you can use “git format-patch --relative” from the siguldry-pkcs11 subdirectory of the upstream git repository. ===== MUST items ===== C/C++: [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. The file %{_libdir}/pkcs11/libsiguldry_pkcs11.so is a plugin, so it is correct that it is unversioned. It appears to be correctly installed, and is not in the default linker search path. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "MIT License". 6 files have unknown license. Detailed output of licensecheck in /home/ben/fedora/review/2448376-rust-siguldry-pkcs11/licensecheck.txt I do have some suggestions for improving how the License expression for the binary package is written, in the narrative section at the top of this review. [!]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/p11-kit, /usr/share/p11-kit/modules, /usr/lib64/pkcs11 I commented on this in the narrative section at the top of this review. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries or specifies bundled libraries with Provides: bundled(<libname>) if unbundling is not possible. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [!]: Package is not known to require an ExcludeArch tag. Fails to build on anything but x86_64. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 5604 bytes in 2 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. Tests are correctly built and executed, but in practice there are no tests included in the crate that we can run. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [!]: Patches link to upstream bugs/comments/lists or are otherwise justified. The metadata patch could use some commentary. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [!]: Package should compile and build into binary rpms on all supported architectures. https://koji.fedoraproject.org/koji/taskinfo?taskID=143490286 [x]: %check is present and all tests pass. Tests are correctly built and executed, but in practice there are no tests included in the crate that we can run. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: siguldry-pkcs11-1.0.0-1.fc45.x86_64.rpm rust-siguldry-pkcs11-1.0.0-1.fc45.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmpn3zyc88y')] checks: 32, packages: 2 2 packages and 0 specfiles checked; 0 errors, 0 warnings, 7 filtered, 0 badness; has taken 0.2 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 3 filtered, 0 badness; has taken 0.1 s Unversioned so-files -------------------- siguldry-pkcs11: /usr/lib64/pkcs11/libsiguldry_pkcs11.so Source checksums ---------------- https://crates.io/api/v1/crates/siguldry-pkcs11/1.0.0/download#/siguldry-pkcs11-1.0.0.crate : CHECKSUM(SHA256) this package : 89c4ae4bd2e8b5931dedb294510422fad525afe4d1960ca675a5074fd44854cd CHECKSUM(SHA256) upstream package : 89c4ae4bd2e8b5931dedb294510422fad525afe4d1960ca675a5074fd44854cd Requires -------- siguldry-pkcs11 (rpmlib, GLIBC filtered): ld-linux-x86-64.so.2()(64bit) libc.so.6()(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3)(64bit) libgcc_s.so.1(GCC_4.2.0)(64bit) libssl.so.3()(64bit) libssl.so.3(OPENSSL_3.0.0)(64bit) rtld(GNU_HASH) siguldry Provides -------- siguldry-pkcs11: libsiguldry_pkcs11.so()(64bit) siguldry-pkcs11 siguldry-pkcs11(x86-64) Diff spec file in url and in SRPM --------------------------------- --- /home/ben/fedora/review/2448376-rust-siguldry-pkcs11/srpm/rust-siguldry-pkcs11.spec 2026-03-18 15:04:51.879117296 +0000 +++ /home/ben/fedora/review/2448376-rust-siguldry-pkcs11/srpm-unpacked/rust-siguldry-pkcs11.spec 2026-03-18 00:00:00.000000000 +0000 @@ -1,2 +1,12 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.8.3) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 1; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + # Generated by rust2rpm 28 %bcond check 1 @@ -63,3 +73,6 @@ %changelog -%autochangelog +## START: Generated by rpmautospec +* Wed Mar 18 2026 John Doe <packager> - 1.0.0-1 +- Uncommitted changes +## END: Generated by rpmautospec Generated by fedora-review 0.11.0 (05c5b26) last change: 2025-11-29 Command line :/usr/bin/fedora-review -b 2448376 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic Disabled plugins: Perl, Python, fonts, Haskell, R, Java, PHP, SugarActivity, Ocaml, C/C++ Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
Created attachment 2134100 [details] Patch for non-x86_64 64-bit build failures Result of using “git format-patch --relative” to get a version of https://github.com/fedora-infra/siguldry/pull/161 that can be applied directly to the published crate. You can do something like this: [[package.extra-patches]] number = 10 file = "0001-Fix-an-assumption-that-C-s-char-type-is-signed.patch" comments = [ "Fix an assumption that C’s char type is signed", "https://github.com/fedora-infra/siguldry/pull/161", ]
Link to raw patch file: https://bugzilla-attachments.redhat.com/attachment.cgi?id=2134100
Spec URL: https://jcline.fedorapeople.org/new-packages/rust-siguldry-pkcs11.spec SRPM URL: https://jcline.fedorapeople.org/new-packages/rust-siguldry-pkcs11-1.0.0-1.fc45.src.rpm Many thanks for the detailed review and upstream patch - it's unfortunate that the rendered docs resolve c_char's type alias in https://doc.rust-lang.org/std/ffi/struct.CStr.html#method.from_ptr I _think_ I addressed everything here. It doesn't need p11-kit to function, although the guidelines are that it must be registered[0], so I've marked it as co-owner. That's also what kryoptic does. [0] https://docs.fedoraproject.org/en-US/packaging-guidelines/Pkcs11Support/
Created attachment 2134151 [details] The .spec file difference from Copr build 10237013 to 10243607
Copr build: https://copr.fedorainfracloud.org/coprs/build/10243607 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2448376-rust-siguldry-pkcs11/fedora-rawhide-x86_64/10243607-rust-siguldry-pkcs11/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
This looks great, and the package is approved, BUT: please fix my typo in the License expression, which originated in the previous review and was copied into the latest submission. (BSD-2-Clause OR Apache-2.0 OR MIT) AND - Unlicense OR MIT + (Unlicense OR MIT) } Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Compared to the previous submission: - The cause of build failures on non-x86_64, 64-bit platforms is patched. This is adequately documented, with an appropriate upstream link. - The metadata patch is properly documented - The package is ExcludeArch: %{ix86}, which is consistent with https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval and keeps you from having to fix 32-bit build failures. - The %{cargo_license_summary} comment is included, and the License expression is deduplicated and more nicely formatted. It still matches the %{cargo_license_summary} output. However, there is a typo copied from my suggestion: the last line, Unlicense OR MIT, needs parentheses, (Unlicense OR MIT). - Directory ownership issues are handled by co-owning the directories, which seems appropriate. This seems to fix all of the issues noted in the previous review. ===== MUST items ===== C/C++: [x]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. The file %{_libdir}/pkcs11/libsiguldry_pkcs11.so is a plugin, so it is correct that it is unversioned. It appears to be correctly installed, and is not in the default linker search path. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "MIT License". 6 files have unknown license. Detailed output of licensecheck in /home/ben/fedora/review/20260327/2448376-rust-siguldry- pkcs11/licensecheck.txt There’s a typo that needs to be fixed: the last line needs parantheses, (Unlicense OR MIT). [-]: Package does not own files or directories owned by other packages. Note: Dirs in package are owned also by: /usr/lib64/pkcs11(opensc- libs, p11-kit, gnome-keyring, kryoptic, tpm2-pkcs11, opencryptoki- libs, yubihsm-shell), /usr/share/p11-kit(opensc-libs, kryoptic, p11-kit), /usr/share/p11-kit/modules(opensc-libs, kryoptic, p11-kit) As previously discussed in the review, directory co-ownership seems appropriate here. [x]: %build honors applicable compiler flags or justifies otherwise. [x]: Package contains no bundled libraries or specifies bundled libraries with Provides: bundled(<libname>) if unbundling is not possible. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [x]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [x]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [-]: Package is not known to require an ExcludeArch tag. Package is ExcludeArch: %{ix86}, and this is necessary in this case, but does not require justification or tracking. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint messages. [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: The License field must be a valid SPDX expression. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 5604 bytes in 2 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. Tests are correctly built and executed, but in practice there are no tests included in the crate that we can run. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: Package should compile and build into binary rpms on all supported architectures. https://koji.fedoraproject.org/koji/taskinfo?taskID=143742733 [x]: %check is present and all tests pass. Tests are correctly built and executed, but in practice there are no tests included in the crate that we can run. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [!]: Spec file according to URL is the same as in SRPM. Note: Spec file as given by url is not the same as in SRPM (see attached diff). See: (this test has no URL) [x]: Rpmlint is run on all installed packages. Note: No rpmlint messages. [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Rpmlint ------- Checking: siguldry-pkcs11-1.0.0-1.fc45.x86_64.rpm rust-siguldry-pkcs11-1.0.0-1.fc45.src.rpm ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp6udcq3y7')] checks: 32, packages: 2 2 packages and 0 specfiles checked; 0 errors, 0 warnings, 7 filtered, 0 badness; has taken 0.2 s Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.8.0 configuration: /usr/lib/python3.14/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 3 filtered, 0 badness; has taken 0.1 s Unversioned so-files -------------------- siguldry-pkcs11: /usr/lib64/pkcs11/libsiguldry_pkcs11.so Source checksums ---------------- https://crates.io/api/v1/crates/siguldry-pkcs11/1.0.0/download#/siguldry-pkcs11-1.0.0.crate : CHECKSUM(SHA256) this package : 89c4ae4bd2e8b5931dedb294510422fad525afe4d1960ca675a5074fd44854cd CHECKSUM(SHA256) upstream package : 89c4ae4bd2e8b5931dedb294510422fad525afe4d1960ca675a5074fd44854cd Requires -------- siguldry-pkcs11 (rpmlib, GLIBC filtered): ld-linux-x86-64.so.2()(64bit) libc.so.6()(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3)(64bit) libgcc_s.so.1(GCC_4.2.0)(64bit) libssl.so.3()(64bit) libssl.so.3(OPENSSL_3.0.0)(64bit) rtld(GNU_HASH) siguldry Provides -------- siguldry-pkcs11: libsiguldry_pkcs11.so()(64bit) siguldry-pkcs11 siguldry-pkcs11(x86-64) Diff spec file in url and in SRPM --------------------------------- --- /home/ben/fedora/review/20260327/2448376-rust-siguldry-pkcs11/srpm/rust-siguldry-pkcs11.spec 2026-03-27 16:06:24.314409030 +0000 +++ /home/ben/fedora/review/20260327/2448376-rust-siguldry-pkcs11/srpm-unpacked/rust-siguldry-pkcs11.spec 2026-03-19 00:00:00.000000000 +0000 @@ -1,2 +1,12 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.8.3) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 1; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + # Generated by rust2rpm 28 %bcond check 1 @@ -106,3 +116,6 @@ %changelog -%autochangelog +## START: Generated by rpmautospec +* Thu Mar 19 2026 John Doe <packager> - 1.0.0-1 +- Uncommitted changes +## END: Generated by rpmautospec Generated by fedora-review 0.11.0 (05c5b26) last change: 2025-11-29 Command line :/usr/bin/fedora-review -b 2448376 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic Disabled plugins: C/C++, Perl, Ocaml, fonts, R, SugarActivity, Java, Haskell, PHP, Python Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
The Pagure repository was created at https://src.fedoraproject.org/rpms/rust-siguldry-pkcs11