Enable PQC algorithms

Resolves: RHEL-126677 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-11-27 13:04:21 +09:00 · 2025-11-27 13:04:21 +09:00 · ef63661248
commit ef63661248
parent 2d8fc6bf0f
3 changed files with 11 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 /rust-podman-sequoia-0.2.0-vendor.tar.xz
 /podman-sequoia-0.2.0.crate
+/podman-sequoia-0.4.0-pqc.1.crate
+/podman-sequoia-0.4.0-pqc.1-vendor.tar.xz
--- a/rust-podman-sequoia.spec
+++ b/rust-podman-sequoia.spec
@ -5,6 +5,7 @@
 %global cargo_install_lib 0

 %global crate podman-sequoia
+%global crate_version 0.4.0-pqc.1

 %if 0%{?rhel}
 # RHEL: Use bundled deps as it doesn't ship Rust libraries
@ -16,13 +17,13 @@
 %endif

 Name:           rust-podman-sequoia
-Version:        0.2.0
+Version:        0.4.0~pqc.1
 Release:        %autorelease
 Summary:        Polyfill to use Sequoia as a signing backend for containers

 License:        Apache-2.0
 URL:            https://crates.io/crates/podman-sequoia
-Source0:        %{crates_source}
+Source0:        %{crates_source %{crate} %{crate_version}}
 # Generated using cargo-vendor-filterer:
 #   cargo download %%{crate}==%%{version} > %%{crate}-%%{version}.crate
 #   tar xf %%{crate}-%%{version}.crate
@ -33,7 +34,7 @@ Source0:        %{crates_source}
 #                         --platform i686-unknown-linux-gnu \
 #                         --platform s390x-unknown-linux-gnu \
 #                         --all-features=true
-Source1:        %{name}-%{version}-vendor.tar.xz
+Source1:        %{crate}-%{crate_version}-vendor.tar.xz
 # Manually created patch for downstream crate metadata changes
 # * default to the OpenSSL crypto backend of sequoia-openpgp
 Patch:          podman-sequoia-fix-metadata.diff
@ -93,7 +94,7 @@ License:        ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (0BSD OR MIT OR A
 %{_datadir}/containers/podman-sequoia/gosequoiafuncs.h

 %prep
-%autosetup -n %{crate}-%{version} -N %{?bundled_rust_deps:-a1}
+%autosetup -n %{crate}-%{crate_version} -N %{?bundled_rust_deps:-a1}
 %autopatch -M 99 -p1
 %if 0%{?bundled_rust_deps}
 %cargo_prep -v vendor
@ -124,6 +125,8 @@ cp -pav target/release/bindings/*.[ch] %{buildroot}/%{_datadir}/containers/podma

 %if %{with check}
 %check
+# prefer built-in crypto-policies over system settings on the koji builder
+export SEQUOIA_CRYPTO_POLICY=/dev/null
 # * signature::tests::import_keys may fail on a machine with slow disk I/O
 %cargo_test -- -- --skip signature::tests::import_keys
 %endif
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (rust-podman-sequoia-0.2.0-vendor.tar.xz) = bd69c405a3d993f188df75397809487a73291409b5bfa4db6f44fa562ec5de9eaf88455ef3d01ead398454a44fa2c3f9f2ff75c2cf2782639ac73e145cc14398
-SHA512 (podman-sequoia-0.2.0.crate) = 7eaec820cc7d66467b1d1df38ba7b39add76cfce028996530e2e8518c96c23fc9a610f49e0b565303e80774311e925575b5ba3c81dd21de4be524aa5cf259d7d
+SHA512 (podman-sequoia-0.4.0-pqc.1.crate) = f2c6160c0586ca878f54bf2b4af313d3038f2c567dd91b434b2bc32eb183a73fe8d706df740eb24bb855f9095ba5f6f878264042596fa541eb131b0a34bb71d9
+SHA512 (podman-sequoia-0.4.0-pqc.1-vendor.tar.xz) = 71854070bc70b5198276635379817ea796bfda85cec7986fd3d37b2b40201eab11045e723267767f9b3b2f830b964f164a7bbfa4c6234dbf72f1b12fdefddad9