On 10/20/22 12:03, Miro Hrončok wrote:
On 10. 10. 22 16:32, Ben Cotton wrote:
> For the last 20 years or so, RPM has used a home-grown OpenPGP parser
> for dealing with keys and signatures. That parser is rather infamous
> for its limitations and flaws, and especially in recent years has
> proven a significant burden to RPM development. In order to improve
> security and free developer resources for dealing with RPM's "core
> business" instead, RPM upstream is in the process of deprecating the
> internal parser in favor of [
https://sequoia-pgp.org/ Sequoia PGP]
> based solution written in Rust.
> At this point the change is mostly invisible in normal daily use.
Which of the following will happen:
1) rpm will gain ExclusiveArch: %{rust_arches}
2) we will stop requiring the above in Rust packages, as Rust is 100%
available
3) rpm will %ifarch %{rust_arches} this change
4) something else (what?)
IMHO if we do 1) we could as well do 2) because without rpm, we won't be
able to build rpms. 3) seems somewhat tedious for no good reason.
I was under the impression Rust was available for all architectures (for
Fedora anyway), no? There's no Rust code in rpm now either this didn't
even cross my mind really :D
Technically, I guess the right thing to do is 1) when Sequoia is
enabled. Ie:
%if %{with sequoia}
%global crypto sequoia
BuildRequires: rpm-sequoia-devel >= 1.0.0
ExclusiveArch: %{rust_archves}
%else
%global crypto openssl
BuildRequires: openssl-devel
%endif
This is already in rawhide, except for the ExclusiveArch thing.
That said, the non-sequoia options should be considered only a bootstrap
aid, we're not going to provide security support for the internal parser
for some fringe architectures only.
I'm not sure that answered your questions though.
- Panu -