https://bugzilla.redhat.com/show_bug.cgi?id=2033294 --- Comment #6 from Daiki Ueno <dueno@xxxxxxxxxx> --- Thanks; I've put the updated spec and SRPM at: Spec file: https://ueno.fedorapeople.org/keylime-agent-rust/keylime-agent-rust.spec SRPM: https://ueno.fedorapeople.org/keylime-agent-rust/keylime-agent-rust-0.1.0~20211110gd5a3191-0.1.fc36.src.rpm (In reply to Fabio Valentini from comment #5) > (In reply to Daiki Ueno from comment #4) > > Follow-ups: > > > > The preferred format in Fedora seems to be something like > > > 0.1.0~20211216.gitgd5a31912. > > > > I picked 0.1.0^20211110gd5a3191 as this is a pre-release snapshot. > > No, you got this wrong: > > - caret "^" makes RPM sort the version *higher*, this is used for > post-release snapshots > - tilde "~" makes RPM sort version *lower*, this is used for pre-releases > and pre-release snapshots Thanks for the clarification. Changed the version to using a tilde. > > Updated and added comment how to generate the .crate file from the > > downloaded source. > > Why are you generating a .crate file at all? Why not use an archive from > GitHub directly? > That would make it much easier to update the .crate, and not require custom > commands, at least not for Source0. > This should do what you want: > > Source0: %{url}/archive/%{commit}/rust-keylime-%{shortcommit}.tar.gz Yeah, I didn't realize it would work; updated to use the tarball instead of .crate. > Some new comments: > > 9. "# RHEL: Use bundled deps as we don't ship all the required rust > libraries" > > This is misleading. RHEL ships *no* rust libraries at all. Updated the comment. > 10. Why did you disable %check? > > Either enable it or provide justification for disabling it. The reason was that %check requires wiremock and its dependencies (which are quite a few): https://crates.io/crates/wiremock/0.5.10/dependencies Would this be an acceptable justification or should we try hard to bring in those dependencies? An alternative could be to rewrite the use of wiremock with actix-web's testing framework, though it would require a fork of rust-keylime git repo to avoid the git tss-esapi dependency (as mentioned below). > 11. "once the new tss-esapi crate is available on crates.io, update the > revision to the latest" > > What does this mean? Does keylime-rust depend on a snapshot of tss-esapi > that's not been published yet? Yes. > You will need to rewrite the "git" dependency for tss-esapi to a > version-based dependency anyway, "git" sources are (obviously) not supported > for builds in Fedora. Is that a blocker? I mean whether we need to package the latest git version of rust-keylime, instead of the snapshot with a few revisions behind, which depends on the released tss-esapi. > 12. You need to specify the effective license of keylime-agent-rust. > > Right now, you only specify the upstream version (ASL 2.0). But since this > package statically links all its dependencies, you will need to collect all > License strings of all Rust dependencies, and unify those into an effective > license. > > I use a script like this one inside the mock chroot to get the list of Rust > package licenses needed for the build: > > for i in $(rpm -qa | grep "rust-.*-devel"); do > rpm -q $i --qf "%{LICENSE}\n"; > done | sort | uniq Thanks for the script; I've updated it to: ASL 2.0 and BSD and MIT > 13. "%license license-header.tpl" > > Drop this file. It seems to be a template used for upstream development. Removed. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2033294 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
