Pull PQC crypto to rpm-sequoia

Fixes also the support for the OpenPGP v6 signatures altogether Resolves: RHEL-101952
2025-07-04 17:38:46 +02:00 · 2025-07-04 17:38:46 +02:00 · a771b39b5e
commit a771b39b5e
parent 781bca60fb
5 changed files with 64 additions and 48 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,3 +10,5 @@
 /rpm-sequoia-1.5.0-vendor.tar.xz
 /rpm-sequoia-1.6.0.crate
 /rpm-sequoia-1.6.0-vendor.tar.xz
+/rpm-sequoia-1.9.0.1.tar.gz
+/rpm-sequoia-vendor-1.9.0.1.tar.gz
--- a/rpm-sequoia-fix-metadata.diff
+++ b/rpm-sequoia-fix-metadata.diff
@ -1,17 +1,18 @@
--- rpm-sequoia-1.6.0/Cargo.toml	1970-01-01T00:00:01+00:00
-+++ rpm-sequoia-1.6.0/Cargo.toml	2024-01-25T14:12:35.470987+00:00
-@@ -73,13 +73,9 @@
- version = "0.1.4"
+diff -up a/Cargo.toml b/Cargo.toml
+--- a/Cargo.toml	2025-06-20 23:38:40.780060126 +0200
+++ b/Cargo.toml	2025-06-20 23:39:27.431884313 +0200
+@@ -42,13 +42,9 @@ crate-type = ["cdylib"]
 
- [features]
-crypto-botan = ["sequoia-openpgp/crypto-botan"]
-crypto-botan2 = ["sequoia-openpgp/crypto-botan2"]
-crypto-cng = ["sequoia-openpgp/crypto-cng"]
- crypto-nettle = ["sequoia-openpgp/crypto-nettle"]
- crypto-openssl = ["sequoia-openpgp/crypto-openssl"]
-crypto-rust = ["sequoia-openpgp/crypto-rust"]
+ # We explicitly do not want to enable Sequoia's decompression support.
+ # Hence we only select a crypto backend.
 -default = ["crypto-nettle"]
 +default = ["crypto-openssl"]
+ crypto-nettle = ["sequoia-openpgp/crypto-nettle"]
+-crypto-rust = ["sequoia-openpgp/crypto-rust"]
+-crypto-cng = ["sequoia-openpgp/crypto-cng"]
+ crypto-openssl = ["sequoia-openpgp/crypto-openssl"]
+-crypto-botan = ["sequoia-openpgp/crypto-botan"]
+-crypto-botan2 = ["sequoia-openpgp/crypto-botan2"]
 
- [badges.maintenance]
- status = "actively-developed"
+ [patch.crates-io]
+ buffered-reader = { git = "https://gitlab.com/sequoia-pgp/sequoia", branch = "justus/pqc" }
--- a/rust-rpm-sequoia.spec
+++ b/rust-rpm-sequoia.spec
@ -1,39 +1,37 @@
-# Generated by rust2rpm 25
-%bcond_without check
-
-# RHEL does not have packages for Rust dependencies
-%if 0%{?rhel}
-%global bundled_rust_deps 1
-%else
-%global bundled_rust_deps 0
-%endif
+# Generated by rust2rpm 27
+%bcond check 1

 %global crate rpm-sequoia

 Name:           rust-rpm-sequoia
-Version:        1.6.0
+Version:        1.9.0.1
 Release:        %autorelease
 Summary:        Implementation of the RPM PGP interface using Sequoia

 License:        LGPL-2.0-or-later
 URL:            https://crates.io/crates/rpm-sequoia
-Source:         %{crates_source}
-# To create the vendor tarball:
-#   tar xf %%{crate}-%%{version}.crate ; pushd %%{crate}-%%{version} ; \
-#   patch -p1 < ../rpm-sequoia-fix-metadata.diff ; \
-#   cargo vendor --versioned-dirs && tar Jcvf ../%%{crate}-%%{version}-vendor.tar.xz vendor/ ; popd
-Source1:        %{crate}-%{version}-vendor.tar.xz
+Source:         %{crate}-%{version}.tar.gz
+# Generated using cargo-vendor-filterer:
+#   cargo vendor-filterer --platform x86_64-unknown-linux-gnu \
+#                         --platform powerpc64le-unknown-linux-gnu \
+#                         --platform aarch64-unknown-linux-gnu \
+#                         --platform i686-unknown-linux-gnu \
+#                         --platform s390x-unknown-linux-gnu \
+#                         --all-features
+#   tar -czf ../%%{crate}-vendor-%%{version}.tar.gz vendor
+Source1:        %{crate}-vendor-%{version}.tar.gz
+Source2:        vendor.toml
 # Manually created patch for downstream crate metadata changes
 # * default to the OpenSSL crypto backend of sequoia-openpgp
 Patch:          rpm-sequoia-fix-metadata.diff

-%if 0%{?bundled_rust_deps}
+%if 0%{?rhel}
 BuildRequires:  rust-toolset
-# vendored openssl-sys
-BuildRequires:  openssl-devel
 %else
 BuildRequires:  cargo-rpm-macros >= 24
 %endif
+# vendored openssl-sys
+BuildRequires:  openssl-devel

 %global _description %{expand:
 An implementation of the RPM PGP interface using Sequoia.}
@ -60,9 +58,7 @@ License:        LGPL-2.0-or-later AND Apache-2.0 AND BSL-1.0 AND MIT AND Unicode
 %files       -n %{crate}
 %license LICENSE.txt
 %license LICENSE.dependencies
-%if 0%{?bundled_rust_deps}
 %license cargo-vendor.txt
-%endif
 %doc README.md
 %{_libdir}/librpm_sequoia.so.1

@ -77,15 +73,11 @@ Requires:       %{crate}%{?_isa} = %{version}-%{release}
 %{_libdir}/pkgconfig/rpm-sequoia.pc

 %prep
-%autosetup -n %{crate}-%{version} -p1 %{?bundled_rust_deps:-a1}
-%if 0%{?bundled_rust_deps}
-%cargo_prep -v vendor
-%else
-%cargo_prep
-
-%generate_buildrequires
-%cargo_generate_buildrequires
-%endif
+%autosetup -n %{crate}-%{version} -N -a1
+%autopatch -M 99 -p1
+%cargo_prep -N
+# include full configuration for vendored dependencies
+cat %{SOURCE2} >> .cargo/config.toml

 %build
 # build script uses environment variables to populate the pkgconfig file
@ -94,9 +86,9 @@ export LIBDIR="%{_libdir}"
 %cargo_build
 %{cargo_license_summary}
 %{cargo_license} > LICENSE.dependencies
-%if 0%{?bundled_rust_deps}
-%cargo_vendor_manifest
-%endif
+%{cargo_vendor_manifest}
+# replace un-parseable git snapshot dependency information
+sed 's/\(.*\) (.*#\(.*\))/\1+git\2/' -i cargo-vendor.txt

 %install
 # install shared library
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (rpm-sequoia-1.6.0.crate) = d1e989d6ffc31acf4538c99365d4e3b52ff3d756ddcb9cbb5aa6a3ed9d5785930d928e3a081f6d5dfcc830b15ef21bb73a441b3fe232b1548522aa696f85ba51
-SHA512 (rpm-sequoia-1.6.0-vendor.tar.xz) = 63674d7b796c7b3d9a38dfb0f0485b98b9a71d12f9f9888b3b389f4d2452779ba511dae204c7021ad1d3d3beab4f809a45f4d25a0c492886558601ed84b9a4d2
+SHA512 (rpm-sequoia-1.9.0.1.tar.gz) = 7efab5c09f495761b8978faaa2ecef8f85f58a494c5fd4bfff6e37c446b3eed94a13d60b2d5bf1997d79ad449a1cca9549545cacc1d1e1023888fbbeaa3b7ad9
+SHA512 (rpm-sequoia-vendor-1.9.0.1.tar.gz) = 430ff4c185bda0d7c62c578cbd9e7ab40de7013d936feaf056682c39ee0c5ae15a697b7877e762c21cfae3d77264d0d96e81805e7db8a953fcf8eacda8844c7b
--- a/vendor.toml
+++ b/vendor.toml
@ -0,0 +1,21 @@
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source."git+https://github.com/teythoon/rust-openssl?branch=justus/pqc"]
+git = "https://github.com/teythoon/rust-openssl"
+branch = "justus/pqc"
+replace-with = "vendored-sources"
+
+[source."git+https://gitlab.com/sequoia-pgp/sequoia-policy-config?branch=justus/pqc"]
+git = "https://gitlab.com/sequoia-pgp/sequoia-policy-config"
+branch = "justus/pqc"
+replace-with = "vendored-sources"
+
+[source."git+https://gitlab.com/sequoia-pgp/sequoia?branch=justus/pqc"]
+git = "https://gitlab.com/sequoia-pgp/sequoia"
+branch = "justus/pqc"
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+