https://bugzilla.redhat.com/show_bug.cgi?id=2326979 --- Comment #11 from Fabio Valentini <decathorpe@xxxxxxxxx> --- This increasingly looks like you're fighting with cargo / rust2rpm, or a misunderstanding of how features / optional dependencies work in cargo, because the comments here are wrong: > # - Dependency jsonwebtoken removed as it's only > # required by hidden feature 'jwt-convert' > # - Dependencies p256 and rand were removed as they are only > # required by hidden feature 'generate' > # - "dep:" was added to all dependencies in [features] table as > # it seems this overcomes an issue with rust2rpm see also my comment on your bug report here: https://bugzilla.redhat.com/show_bug.cgi?id=2329304#c2 Also, the Cargo.toml patch is still wrong, and it still introduces an unnecessary divergence between what would be shipped in Fedora and the upstream crate from crates.io. In particular, this is wrong and will just cause problems: """ pkcs-convert = [ - "num-bigint", - "yasna", + "dep:num-bigint", + "dep:yasna", ] """ I would recommend to read the section about the "features.hide" setting in the man page for rust2rpm.toml. ============================================================ All in all, I'm still not sure what you're attempting to do (or why), so it might be a good idea to take a step back and ask: Why do you want to (or think you need to) disable the features for the "generate" and "jwt-convert" features in the package for this crate? 1. In the case of the "generate" feature, it looks like all its dependencies are already available in Fedora, but the crate just depends on a really old version of the "p256" crate. If you don't need the "generate" feature for what you're working on, then disabling it is a valid thing to do, but then the easiest solution would be to add ["generate", "p256", "rand"] to the features.hide setting in rust2rpm. 2. In the case of the "jwt-convert" feature, the jsonwebtoken dependency would also be available as a Fedora package, but "pkcs-convert" is not. If you don't need the "jwt-convert" feature, then adding all of ["jwt-convert", "jsonwebtoken", "pkcs-convert"] to the features.hide setting would be a valid thing to do. For both 1. and 2. the justification comments should be "disable feature because it pulls in unavailable and / or outdated dependencies". As far as I can tell, the patch for Cargo.toml that you need would be just these two changes: """ version = "1.0" [dependencies.yasna] -version = "0.4" +version = "0.5" features = ["num-bigint"] optional = true """ and """ version = "1.4" features = ["zeroize_derive"] -[dev-dependencies.jsonwebtoken] -version = "8.0" - [features] generate = [ """ in combination with this rust2rpm.toml config file: """ [package] cargo-toml-patch-comments = [ "bump yasna dependency from 0.4 to 0.5", "drop jsonwebtoken dev-dependency: only needed by tests for the disabled jwt-convert feature", ] [features] hide = [ # unused non-default "generate" feature # with outdated dependency on the "p256" crate "generate", "p256", "rand", # unused non-default "jwt-convert" feature # with outdated depepdency on the "jsonwebtoken" crate "jwt-convert", "pkcs-convert", "jsonwebtoken", ] """ For the yasna v0.4 -> v0.5 bump, it would be great if you could submit a PR to upstream: https://github.com/nhynes/jwk-rs Though it looks like this project has been abandoned two years ago (which explains the outdated dependencies), so I'm not sure how successful that would be. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2326979 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202326979%23c11 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
