Pull PQC crypto to sqv

Resolves: RHEL-101906
2025-07-04 16:40:42 +02:00
11 changed files with 140 additions and 75 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,6 @@
-rust-sequoia-sqv-1.3.0-vendor.tar.xz
-sequoia-sqv-1.3.0.crate
+/rust-sequoia-sqv-1.2.1-vendor.tar.xz
+/sequoia-sqv-1.2.1.crate
+/rust-sequoia-sqv-1.3.0-vendor.tar.xz
+/sequoia-sqv-1.3.0.crate
+/sequoia-sqv-1.3.0.1.tar.gz
+/sequoia-sqv-vendor-1.3.0.1.tar.gz
--- a/11
+++ b/11
@ -0,0 +1,11 @@
+* Tue Feb 15 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.0.0-4
+- Rebuild with package notes
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Apr 08 2021 Fabio Valentini <decathorpe@gmail.com> - 1.0.0-1
+- Initial package
--- a/ci.fmf
+++ b/ci.fmf
@ -0,0 +1 @@
+resultsdb-testcase: separate
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,9 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-enabled.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-disabled.functional}
--- a/plans/ci.fmf
+++ b/plans/ci.fmf
@ -0,0 +1,23 @@
+/fips-disabled-buildroot-disabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/rust-sequoia-sqv
+      name: /plans/ci/fips-disabled-buildroot-disabled
+
+/fips-disabled-buildroot-enabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/rust-sequoia-sqv
+      name: /plans/ci/fips-disabled-buildroot-enabled
+
+/fips-enabled-buildroot-disabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/rust-sequoia-sqv
+      name: /plans/ci/fips-enabled-buildroot-disabled
+
+/fips-enabled-buildroot-enabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/rust-sequoia-sqv
+      name: /plans/ci/fips-enabled-buildroot-enabled
--- a/rust-sequoia-sqv.spec
+++ b/rust-sequoia-sqv.spec
@ -1,49 +1,32 @@
-## START: Set by rpmautospec
-## (rpmautospec version 0.6.5)
-## RPMAUTOSPEC: autorelease, autochangelog
-%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 2;
-    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
-    print(release_number + base_release_number - 1);
-}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
-## END: Set by rpmautospec
-
 # Generated by rust2rpm 27
 %bcond check 1

 %global crate sequoia-sqv

-%if 0%{?rhel}
-# RHEL: Use bundled deps as it doesn't ship Rust libraries
-%global bundled_rust_deps 1
 %global __brp_mangle_shebangs_exclude_from ^/usr/src/debug/.*$
-%else
-# Fedora: Use only system Rust libraries
-%global bundled_rust_deps 0
-%endif

 Name:           rust-sequoia-sqv
-Version:        1.3.0
+Version:        1.3.0.1
 Release:        %autorelease
 Summary:        Simple OpenPGP signature verification program

 License:        LGPL-2.0-or-later
 URL:            https://crates.io/crates/sequoia-sqv
-Source:         %{crates_source}
+# The version 1.3.0 upstream + patches from jjelen/pqc branch
+# Generated using:
+#  git archive --format=tar.gz --prefix sequoia-sqv-1.3.0.1/ -o sequoia-sqv-1.3.0.1.tar.gz jjelen/pqc
+Source0:        %{crate}-%{version}.tar.gz

 # Generated using cargo-vendor-filterer:
-#   cargo download %%{crate}==%%{version} > %%{crate}-%%{version}.crate
-#   tar xf %%{crate}-%%{version}.crate
-#   pushd %%{crate}-%%{version}
 #   cargo vendor-filterer --platform x86_64-unknown-linux-gnu \
 #                         --platform powerpc64le-unknown-linux-gnu \
 #                         --platform aarch64-unknown-linux-gnu \
 #                         --platform i686-unknown-linux-gnu \
 #                         --platform s390x-unknown-linux-gnu \
 #                         --all-features
-#   tar -cJf ../rust-%%{crate}-%%{version}-vendor.tar.xz vendor
-#   popd
-Source1:        %{name}-%{version}-vendor.tar.xz
+#   tar -czf ../%%{crate}-vendor-%%{version}.tar.gz vendor
+Source1:        %{crate}-vendor-%{version}.tar.gz
+Source2:        vendor.toml
 # Manually created patch for downstream crate metadata changes
 # * switch crypto backend from Nettle to OpenSSL
 # * exclude files that are only useful for upstream development
@ -52,14 +35,15 @@ Patch:          sequoia-sqv-fix-metadata.diff

 ExclusiveArch:  %{rust_arches}

-%if 0%{?bundled_rust_deps}
+%if 0%{?rhel}
 BuildRequires:  rust-toolset
-# vendored openssl-sys
-BuildRequires:  openssl-devel
 %else
 BuildRequires:  cargo-rpm-macros >= 24
 %endif

+# vendored openssl-sys
+BuildRequires:  openssl-devel
+
 %global _description %{expand:
 A simple OpenPGP signature verification program.}

@ -98,36 +82,41 @@ License:        %{shrink:
 %files       -n %{crate}
 %license LICENSE.txt
 %license LICENSE.dependencies
+%license cargo-vendor.txt
 %doc README.md
 %{_bindir}/sqv
 %{_mandir}/man1/sqv*
+%if 0%{?rhel} > 9
 %{bash_completions_dir}/sqv.bash
 %{fish_completions_dir}/sqv.fish
 %{zsh_completions_dir}/_sqv
+%endif

 %prep
-%autosetup -n %{crate}-%{version} -N %{?bundled_rust_deps:-a1}
+%autosetup -n %{crate}-%{version} -N -a1
 %autopatch -M 99 -p1
-%if 0%{?bundled_rust_deps}
-%cargo_prep -v vendor
-%else
-%cargo_prep
-
-%generate_buildrequires
-%cargo_generate_buildrequires
-%endif
+%cargo_prep -N
+# include full configuration for vendored dependencies
+cat %{SOURCE2} >> .cargo/config.toml

 %build
 export ASSET_OUT_DIR=target/assets
 %cargo_build
 %{cargo_license_summary}
 %{cargo_license} > LICENSE.dependencies
+%{cargo_vendor_manifest}
+# replace un-parseable git snapshot dependency information
+sed 's/\(.*\) (.*#\(.*\))/\1+git\2/' -i cargo-vendor.txt

 %install
-%cargo_install
+# for some reason, cargo install does not work
+# with vendored dependncies from git branch
+#%%cargo_install
+install -Dpm 0755 target/rpm/sqv -t %{buildroot}/%{_bindir}
 # install manual pages
 mkdir -p %{buildroot}/%{_mandir}/man1
 cp -pav target/assets/man-pages/sqv*.1 %{buildroot}/%{_mandir}/man1/
+%if 0%{?rhel} > 9
 # install shell completions
 install -Dpm 0644 target/assets/shell-completions/sqv.bash \
    %{buildroot}/%{bash_completions_dir}/sqv.bash
@ -135,6 +124,8 @@ install -Dpm 0644 target/assets/shell-completions/sqv.fish \
    %{buildroot}/%{fish_completions_dir}/sqv.fish
 install -Dpm 0644 target/assets/shell-completions/_sqv \
    %{buildroot}/%{zsh_completions_dir}/_sqv
+%endif
+

 %if %{with check}
 %check
@ -142,29 +133,4 @@ install -Dpm 0644 target/assets/shell-completions/_sqv \
 %endif

 %changelog
-## START: Generated by rpmautospec
-* Thu Mar 27 2025 Jakub Jelen <jjelen@redhat.com> - 1.3.0-2
- Make installation of shell completions and man pages more robust
-
-* Tue Mar 25 2025 Jakub Jelen <jjelen@redhat.com> - 1.3.0-1
- Update to 1.3.0
-
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.2.1-3
- Bump release for October 2024 mass rebuild:
-
-* Thu Aug 22 2024 Stanislav Zidek <szidek@redhat.com> - 1.2.1-2
- initial CI and gating setup
-
-* Tue Feb 15 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.0.0-4
- Rebuild with package notes
-
-* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Thu Apr 08 2021 Fabio Valentini <decathorpe@gmail.com> - 1.0.0-1
- Initial package
-
-## END: Generated by rpmautospec
+%autochangelog
--- a/rust2rpm.toml
+++ b/rust2rpm.toml
@ -0,0 +1,29 @@
+[package]
+cargo-toml-patch-comments = [
+    "switch crypto backend from Nettle to OpenSSL",
+    "drop features for unsupported crypto backends",
+]
+extra-files = [
+    "%{_mandir}/man1/sqv*",
+    "%{bash_completions_dir}/sqv.bash",
+    "%{fish_completions_dir}/sqv.fish",
+    "%{zsh_completions_dir}/_sqv",
+]
+
+[scripts]
+build.pre = [
+    "export ASSET_OUT_DIR=target/assets",
+]
+install.post = [
+    "# install manual pages",
+    "mkdir -p %{buildroot}/%{_mandir}/man1",
+    "cp -pav target/assets/man-pages/sqv*.1 %{buildroot}/%{_mandir}/man1/",
+    "# install shell completions",
+    "install -Dpm 0644 target/assets/shell-completions/sqv.bash \\",
+    "    %{buildroot}/%{bash_completions_dir}/sqv.bash",
+    "install -Dpm 0644 target/assets/shell-completions/sqv.fish \\",
+    "    %{buildroot}/%{fish_completions_dir}/sqv.fish",
+    "install -Dpm 0644 target/assets/shell-completions/_sqv \\",
+    "    %{buildroot}/%{zsh_completions_dir}/_sqv",
+]
+
--- a/sequoia-sqv-fix-metadata.diff
+++ b/sequoia-sqv-fix-metadata.diff
@ -1,17 +1,17 @@
 --- sequoia-sqv-1.3.0/Cargo.toml	1970-01-01T00:00:01+00:00
 +++ sequoia-sqv-1.3.0/Cargo.toml	2025-03-08T11:15:16.145149+00:00
@@ -54,13 +54,9 @@
- status = "actively-developed"
+ bench = false
 
 [features]
+-default = ["crypto-nettle"]
+default = ["crypto-openssl"]
+ crypto-nettle = ["sequoia-openpgp/crypto-nettle"]
+ crypto-openssl = ["sequoia-openpgp/crypto-openssl"]
 -crypto-botan = ["sequoia-openpgp/crypto-botan"]
 -crypto-botan2 = ["sequoia-openpgp/crypto-botan2"]
 -crypto-cng = ["sequoia-openpgp/crypto-cng"]
- crypto-nettle = ["sequoia-openpgp/crypto-nettle"]
- crypto-openssl = ["sequoia-openpgp/crypto-openssl"]
 -crypto-rust = ["sequoia-openpgp/crypto-rust"]
-default = ["crypto-nettle"]
-+default = ["crypto-openssl"]
 
- [[bin]]
- name = "sqv"
+ 
+ [patch.crates-io]
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (rust-sequoia-sqv-1.3.0-vendor.tar.xz) = 7effd7935f8f875b4f6fa44c974867928bf19199e16066726638599b3d30a340a933b8cad9c5db2f0d3d1ebec31d8d098764a2caa7c968afa98e56a634a35cea
-SHA512 (sequoia-sqv-1.3.0.crate) = fd06ac5373501132187e4ec85236b647b2655c39b0b6fe9e6c1360defbeb52f7ccdb5c2beffc8265542d086236e99d6456fec0a74eb2d888cb8a0e40e79fd01f
+SHA512 (sequoia-sqv-1.3.0.1.tar.gz) = 553cb4e8c77a79d9640b4cac99d9365d2bb181d3ae37767b404f36b53f8f47f3e1307094e873570f7b5bfa254480d41abc54245b2cca067b25dce89a25719c48
+SHA512 (sequoia-sqv-vendor-1.3.0.1.tar.gz) = 145bf9ab625700a4db2d1b1d4dc2d8bd5d42df430442fb425b0506322df3fb676284c6a547d632c7d49343af2676b6019c8a00cb5b47d9dbfdfeeaddfe0868d5
--- a/vendor.toml
+++ b/vendor.toml
@ -0,0 +1,21 @@
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source."git+https://github.com/teythoon/rust-openssl?branch=justus/pqc"]
+git = "https://github.com/teythoon/rust-openssl"
+branch = "justus/pqc"
+replace-with = "vendored-sources"
+
+[source."git+https://gitlab.com/sequoia-pgp/sequoia-policy-config?branch=justus/pqc"]
+git = "https://gitlab.com/sequoia-pgp/sequoia-policy-config"
+branch = "justus/pqc"
+replace-with = "vendored-sources"
+
+[source."git+https://gitlab.com/sequoia-pgp/sequoia?branch=justus/pqc"]
+git = "https://gitlab.com/sequoia-pgp/sequoia"
+branch = "justus/pqc"
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+