Fix OpenSSL 3.5 dependency

Resolves: RHEL-130960
Rebase to 1.10.1
2026-02-23 17:29:19 +01:00 · 2026-02-18 11:59:57 +01:00 · 2026-02-17 13:30:52 +01:00 · 2025-09-18 14:42:11 +02:00 · 2025-09-15 14:09:36 +02:00 · 2025-07-04 17:48:37 +02:00
5 changed files with 56 additions and 55 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,3 +10,11 @@
 /rpm-sequoia-1.5.0-vendor.tar.xz
 /rpm-sequoia-1.6.0.crate
 /rpm-sequoia-1.6.0-vendor.tar.xz
+/rpm-sequoia-1.9.0.1.tar.gz
+/rpm-sequoia-vendor-1.9.0.1.tar.gz
+/rpm-sequoia-1.9.0.2.tar.gz
+/rpm-sequoia-vendor-1.9.0.2.tar.gz
+/rpm-sequoia-1.9.0.3.tar.gz
+/rpm-sequoia-vendor-1.9.0.3.tar.gz
+/rpm-sequoia-1.10.1.1.tar.gz
+/rpm-sequoia-vendor-1.10.1.1.tar.gz
--- a/rpm-sequoia-fix-metadata.diff
+++ b/rpm-sequoia-fix-metadata.diff
@ -1,17 +0,0 @@
--- rpm-sequoia-1.6.0/Cargo.toml	1970-01-01T00:00:01+00:00
-+++ rpm-sequoia-1.6.0/Cargo.toml	2024-01-25T14:12:35.470987+00:00
-@@ -73,13 +73,9 @@
- version = "0.1.4"
- 
- [features]
-crypto-botan = ["sequoia-openpgp/crypto-botan"]
-crypto-botan2 = ["sequoia-openpgp/crypto-botan2"]
-crypto-cng = ["sequoia-openpgp/crypto-cng"]
- crypto-nettle = ["sequoia-openpgp/crypto-nettle"]
- crypto-openssl = ["sequoia-openpgp/crypto-openssl"]
-crypto-rust = ["sequoia-openpgp/crypto-rust"]
-default = ["crypto-nettle"]
-+default = ["crypto-openssl"]
- 
- [badges.maintenance]
- status = "actively-developed"
--- a/rust-rpm-sequoia.spec
+++ b/rust-rpm-sequoia.spec
@ -1,39 +1,37 @@
-# Generated by rust2rpm 25
-%bcond_without check
-
-# RHEL does not have packages for Rust dependencies
-%if 0%{?rhel}
-%global bundled_rust_deps 1
-%else
-%global bundled_rust_deps 0
-%endif
+# Generated by rust2rpm 27
+%bcond check 1

 %global crate rpm-sequoia

 Name:           rust-rpm-sequoia
-Version:        1.6.0
+Version:        1.10.1.1
 Release:        %autorelease
 Summary:        Implementation of the RPM PGP interface using Sequoia

 License:        LGPL-2.0-or-later
 URL:            https://crates.io/crates/rpm-sequoia
-Source:         %{crates_source}
-# To create the vendor tarball:
-#   tar xf %%{crate}-%%{version}.crate ; pushd %%{crate}-%%{version} ; \
-#   patch -p1 < ../rpm-sequoia-fix-metadata.diff ; \
-#   cargo vendor --versioned-dirs && tar Jcvf ../%%{crate}-%%{version}-vendor.tar.xz vendor/ ; popd
-Source1:        %{crate}-%{version}-vendor.tar.xz
-# Manually created patch for downstream crate metadata changes
-# * default to the OpenSSL crypto backend of sequoia-openpgp
-Patch:          rpm-sequoia-fix-metadata.diff
+# The version 1.10.1 upstream + patches to use pqc branches in openpgp and pqc-ossl in policy-config
+# Generated using:
+#  git archive --format=tar.gz --prefix rpm-sequoia-1.10.1.1/ -o ../rpm-sequoia-1.10.1.1.tar.gz pqc
+Source:         %{crate}-%{version}.tar.gz
+# Generated using cargo-vendor-filterer:
+#   cargo vendor-filterer --platform x86_64-unknown-linux-gnu \
+#                         --platform powerpc64le-unknown-linux-gnu \
+#                         --platform aarch64-unknown-linux-gnu \
+#                         --platform i686-unknown-linux-gnu \
+#                         --platform s390x-unknown-linux-gnu \
+#                         --all-features
+#   tar -czf ../rpm-sequoia-vendor-1.10.1.1.tar.gz vendor
+Source1:        %{crate}-vendor-%{version}.tar.gz
+Source2:        vendor.toml

-%if 0%{?bundled_rust_deps}
+%if 0%{?rhel}
 BuildRequires:  rust-toolset
-# vendored openssl-sys
-BuildRequires:  openssl-devel
 %else
 BuildRequires:  cargo-rpm-macros >= 24
 %endif
+# vendored openssl-sys
+BuildRequires:  openssl-devel clang-devel

 %global _description %{expand:
 An implementation of the RPM PGP interface using Sequoia.}
@ -55,14 +53,14 @@ Summary:        %{summary}
 License:        LGPL-2.0-or-later AND Apache-2.0 AND BSL-1.0 AND MIT AND Unicode-DFS-2016 AND (Apache-2.0 OR MIT) AND (MIT OR Apache-2.0 OR Zlib) AND (Unlicense OR MIT)
 # LICENSE.dependencies contains a full license breakdown

+Requires:  openssl-libs >= 1:3.5.1-4.el10_1
+
 %description -n %{crate} %{_description}

 %files       -n %{crate}
 %license LICENSE.txt
 %license LICENSE.dependencies
-%if 0%{?bundled_rust_deps}
 %license cargo-vendor.txt
-%endif
 %doc README.md
 %{_libdir}/librpm_sequoia.so.1

@ -77,15 +75,10 @@ Requires:       %{crate}%{?_isa} = %{version}-%{release}
 %{_libdir}/pkgconfig/rpm-sequoia.pc

 %prep
-%autosetup -n %{crate}-%{version} -p1 %{?bundled_rust_deps:-a1}
-%if 0%{?bundled_rust_deps}
-%cargo_prep -v vendor
-%else
-%cargo_prep
-
-%generate_buildrequires
-%cargo_generate_buildrequires
-%endif
+%autosetup -n %{crate}-%{version} -N -a1
+%cargo_prep -N
+# include full configuration for vendored dependencies
+cat %{SOURCE2} >> .cargo/config.toml

 %build
 # build script uses environment variables to populate the pkgconfig file
@ -94,9 +87,9 @@ export LIBDIR="%{_libdir}"
 %cargo_build
 %{cargo_license_summary}
 %{cargo_license} > LICENSE.dependencies
-%if 0%{?bundled_rust_deps}
-%cargo_vendor_manifest
-%endif
+%{cargo_vendor_manifest}
+# replace un-parseable git snapshot dependency information
+sed 's/\(.*\) (.*#\(.*\))/\1+git\2/' -i cargo-vendor.txt

 %install
 # install shared library
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (rpm-sequoia-1.6.0.crate) = d1e989d6ffc31acf4538c99365d4e3b52ff3d756ddcb9cbb5aa6a3ed9d5785930d928e3a081f6d5dfcc830b15ef21bb73a441b3fe232b1548522aa696f85ba51
-SHA512 (rpm-sequoia-1.6.0-vendor.tar.xz) = 63674d7b796c7b3d9a38dfb0f0485b98b9a71d12f9f9888b3b389f4d2452779ba511dae204c7021ad1d3d3beab4f809a45f4d25a0c492886558601ed84b9a4d2
+SHA512 (rpm-sequoia-1.10.1.1.tar.gz) = 6038343036b7b0317c202f046d146245363988ae2d52021246bdb4e560422b557b38e0b17f88de630e58afce43f29b32e2de15a011af769de2f2b27ba8fb434a
+SHA512 (rpm-sequoia-vendor-1.10.1.1.tar.gz) = fca5b244a1442056acd550dc9c1c19426c157a25f7a06849700319be775b6d57c379685edd1e2f596c10e987057a057d688a43e41e27a0f22b5f70987eaf2c02
--- a/vendor.toml
+++ b/vendor.toml
@ -0,0 +1,17 @@
+
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source."git+https://gitlab.com/jjelen/sequoia-policy-config?branch=jjelen/pqc-ossl"]
+git = "https://gitlab.com/jjelen/sequoia-policy-config"
+branch = "jjelen/pqc-ossl"
+replace-with = "vendored-sources"
+
+[source."git+https://gitlab.com/sequoia-pgp/sequoia?branch=pqc"]
+git = "https://gitlab.com/sequoia-pgp/sequoia"
+branch = "pqc"
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+
Author	SHA1	Message	Date
Jakub Jelen	e1f836e33d	Fix OpenSSL 3.5 dependency Resolves: RHEL-130960	2026-02-23 17:29:19 +01:00
Jakub Jelen	801f583535	Rebase to 1.10.1 * Return NonTrusted code for RPM when verifying unsupported or disabled signatures. Resolves: RHEL-144414	2026-02-18 11:59:57 +01:00
Jakub Jelen	9789caa1f5	Require OpenSSL 3.5 Resolves: RHEL-130960	2026-02-17 13:30:52 +01:00
Jakub Jelen	f974446af1	Include MD5 in ossl bindings and sequoia-openpgp for RPM this also moves the sequoia-policy-config source to avoid the need to pull the old rust-openssl bindings as it was still part of that repository. Resolves: RHEL-110994	2025-09-18 14:42:11 +02:00
Jakub Jelen	2497b5d5dc	Build 1.9.0 version with ossl bindings to unbreak FIPS Resolves: RHEL-110994	2025-09-15 14:09:36 +02:00
Jakub Jelen	a771b39b5e	Pull PQC crypto to rpm-sequoia Fixes also the support for the OpenPGP v6 signatures altogether Resolves: RHEL-101952	2025-07-04 17:48:37 +02:00