Please use and convert SPECs to SPDX
by Robert-André Mauchin
Hi,
I'd like to recommend you to switch to SPDX for your license fields.
Please intervene on any spec you create or edit.
The license conversion should be disabled in go2rpm and then the rust2rpm dependencies
should be dropped at a later date.
Thank you.
Robert-André
1 year, 2 months
Re: Fedora Golang: SPEC and SRPM for ORAS (depends on itself?)
by Robert-André Mauchin
On 7/19/22 16:19, Mark E. Fuller wrote:
> see https://copr.fedorainfracloud.org/coprs/fuller/test-builds/build/4642384/
> <https://copr.fedorainfracloud.org/coprs/fuller/test-builds/build/4642384/>
>
> Thanks
>
> Mark E. Fuller, Ph.D.
> HaShikma 19, Apt. 24
> Nesher 3681219, Israel
> +972 (0)53-872-6579
> mark.e.fuller(a)gmail.com <mailto:mark.e.fuller@gmail.com>
> fuller(a)fedoraproject.org <mailto:fuller@fedoraproject.org>
> @fuller:one.ems.host
Ok, so the issue is, you don't have the correct default import path, you should check it in
go.mod if you have a doubt, it starts with:
> module oras.land/oras-go
>
> go 1.17
So you must use that import path when you create your SPEC:
go2rpm -C -r oras.land/oras-go -f https://github.com/oras-project/oras-go
You must specify the forge so the package can be downloaded correctly.
Please note that the next version is a version 2 with a new import path:
oras.land/oras-go/v2
You should then create a new package for this version specifically.
But, the package still won't build because of Docker/Moby shenanigans:
oras.land/oras-go/pkg/auth/docker
# github.com/docker/docker/registry
/usr/share/gocode/src/github.com/docker/docker/registry/auth.go:144:51: cannot use
challengeManager (variable of type
"github.com/docker/distribution/registry/client/auth/challenge".Manager) as type
"github.com/distribution/distribution/v3/registry/client/auth/challenge".Manager in argument
to auth.NewAuthorizer:
"github.com/docker/distribution/registry/client/auth/challenge".Manager does not implement
"github.com/distribution/distribution/v3/registry/client/auth/challenge".Manager (wrong type
for GetChallenges method)
have GetChallenges(endpoint url.URL)
([]"github.com/docker/distribution/registry/client/auth/challenge".Challenge, error)
want GetChallenges(endpoint url.URL)
([]"github.com/distribution/distribution/v3/registry/client/auth/challenge".Challenge, error)
FAIL oras.land/oras-go/pkg/auth/docker [build failed]
Here the full list of Docker related dependencies according to go.mod:
github.com/docker/cli v20.10.17+incompatible
github.com/docker/distribution v2.7.1+incompatible
github.com/docker/docker v20.10.17+incompatible
github.com/docker/go-connections v0.4.0
I haven't checked Docker in a while. I think gotmax did a ticket on it for the next meeting.
I'll have a look.
Best regards,
Robert-André
1 year, 2 months
Golang Mass Rebuild
by Maxwell G
Hi Fedorians and Gophers,
golang 1.18.4 was released a couple days ago. This release has fixes for
9 medium (rated by Red Hat Product Security) CVEs, so I will preform a
rebuild in `rawhide` and `f36` to mitigate them[^0]. See
https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for
more information about the specific vulnerabilities.
[^0]: The golang version is Fedora 35 is EOL upstream, and the
maintainers have not yet had a chance to backport the changes.
Only packages that provide binaries need to be rebuilt, which will make
this rebuild less disruptive. These packages were determined by querying
for source packages that BuildRequire `golang` or `go-rpm-macros` and
then checking if they provide any binary RPMS that install files in
`/usr/bin`, `/usr/sbin`, or `/usr/libexec`.
No action will be required from you, unless you'd like your package to
receive special treatment regarding merging `rawhide` into `f36`. I plan
to handle this rebuild later this week (the week of the 17th).
In light of the recent discussion about large updates, I will most
likely split this into 4 Bodhi updates per branch (a total of 8; each
containing ~100 packages).
## rawhide
Here[1] is a list of the affected packages on `rawhide`.
[1]: https://git.sr.ht/~gotmax23/fedora-scripts/tree/main/item/rebuilds/golang...
## f36
Here[2] is a list of all of the affected packages on `f36`. However, I
have further split this list down into two subgroups.
[2]: https://git.sr.ht/~gotmax23/fedora-scripts/tree/main/item/rebuilds/golang...
### Mergable from Rawhide
For these packages[3], `rawhide` was determined to be mergable back to
`f36`, as `f36` is up to date with `rawhide`.
[3]: https://git.sr.ht/~gotmax23/fedora-scripts/tree/main/item/rebuilds/golang...
### Not mergable
These packages were determined to not be mergable[4], as `rawhide` is
ahead of (or has otherwise diverged from) `f36`. Therefore, I will
create a new rebuild commit and bump the release on `f36`. This will
likely cause merge conflicts if you try to merge `rawhide` back into
`f36` after this change. Assuming the update would be compatible and
comply with the Updates Policy, I can move your package into the other
list and merge `rawhide` into `f36`. Please leave a comment on
https://pagure.io/GoSIG/go-sig/issue/44 if you would like me to do so.
Conversely, if you believe your package is incorrectly in the mergable
list, also let me know in the aforementioned ticket.
[4]: https://git.sr.ht/~gotmax23/fedora-scripts/tree/main/item/rebuilds/golang...
--
Thanks,
Maxwell G (@gotmax23)
Pronouns: He/Him/His
1 year, 2 months