https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Bug ID: 2282807 Summary: Review Request: vaultwarden - Unofficial Bitwarden compatible server Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: Package Review Severity: medium Priority: medium Assignee: nobody@fedoraproject.org Reporter: jonathan@almalinux.org QA Contact: extras-qa@fedoraproject.org CC: package-review@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
Spec URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/f... SRPM URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/f...
Description: Alternative implementation of the Bitwarden server API compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
Fedora Account System Username: jonathanspw
Just a heads up for reviewers, on COPR/Koji builders this will take 1-2 hours to build. On mid-range PCs it's 30 mins to an hour, or on high end systems about 20 minutes (ex. Ryzen 7950x).
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Jonathan Wright jonathan@almalinux.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Doc Type|--- |If docs needed, set a value Depends On| |2282767
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2282767 [Bug 2282767] Review Request: vaultwarden-web - Web files for vaultwarden
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Fedora Review Service fedora-review-bot@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://github.com/dani-gar | |cia/vaultwarden
--- Comment #1 from Fedora Review Service fedora-review-bot@fedoraproject.org --- Copr build: https://copr.fedorainfracloud.org/coprs/build/7479274 (succeeded)
Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-rev...
Found issues:
- No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/
Please know that there can be false-positives.
--- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service
If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #2 from Jonathan Wright jonathan@almalinux.org --- Spec URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/e... SRPM URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/e...
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #3 from Fedora Review Service fedora-review-bot@fedoraproject.org --- Created attachment 2034890 --> https://bugzilla.redhat.com/attachment.cgi?id=2034890&action=edit The .spec file difference from Copr build 7479274 to 7482878
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #4 from Fedora Review Service fedora-review-bot@fedoraproject.org --- Copr build: https://copr.fedorainfracloud.org/coprs/build/7482878 (succeeded)
Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-rev...
Found issues:
- No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/
Please know that there can be false-positives.
--- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service
If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Michel Lind michel@michel-slm.name changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |fedora-review? CC| |michel@michel-slm.name Assignee|nobody@fedoraproject.org |michel@michel-slm.name
https://bugzilla.redhat.com/show_bug.cgi?id=2282807 Bug 2282807 depends on bug 2282767, which changed state.
Bug 2282767 Summary: Review Request: vaultwarden-web - Web files for vaultwarden https://bugzilla.redhat.com/show_bug.cgi?id=2282767
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Michel Lind michel@michel-slm.name changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Fabio Valentini decathorpe@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |decathorpe@gmail.com
--- Comment #5 from Fabio Valentini decathorpe@gmail.com --- Do you have a list of missing crates that currently prevents you from *not* using a vendor tarball? Even if we approve this package with vendored sources, I would prefer if we could build against packaged crates long-term.
Auditing vendored sources is *very* tedious ... especially since you have to basically re-do it for every update. See also https://bugzilla.redhat.com/show_bug.cgi?id=2269411#c8 and follow-up comments.
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Jonathan Wright jonathan@almalinux.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(decathorpe@gmail. | |com)
--- Comment #6 from Jonathan Wright jonathan@almalinux.org --- @decathorpe@gmail.com here's what I know of:
Problem 1: nothing provides requested (crate(argon2/default) >= 0.5.3 with crate(argon2/default) < 0.6.0~) Problem 2: nothing provides requested (crate(cached/async) >= 0.48.1 with crate(cached/async) < 0.49.0~) Problem 3: nothing provides requested (crate(cached/default) >= 0.48.1 with crate(cached/default) < 0.49.0~) Problem 4: nothing provides requested (crate(diesel/numeric) >= 2.1.4 with crate(diesel/numeric) < 3.0.0~) Problem 5: nothing provides requested (crate(diesel_migrations/default) >= 2.1.0 with crate(diesel_migrations/default) < 3.0.0~) Problem 6: nothing provides requested (crate(email_address/default) >= 0.2.4 with crate(email_address/default) < 0.3.0~) Problem 7: nothing provides requested (crate(fern/reopen-1) >= 0.6.2 with crate(fern/reopen-1) < 0.7.0~) Problem 8: nothing provides requested (crate(fern/syslog-6) >= 0.6.2 with crate(fern/syslog-6) < 0.7.0~) Problem 9: nothing provides requested (crate(governor/default) >= 0.6.3 with crate(governor/default) < 0.7.0~) Problem 10: nothing provides requested (crate(html5gum/default) >= 0.5.7 with crate(html5gum/default) < 0.6.0~) Problem 11: nothing provides requested (crate(job_scheduler_ng/default) >= 2.0.4 with crate(job_scheduler_ng/default) < 3.0.0~) Problem 12: nothing provides requested (crate(jsonwebtoken/default) >= 9.2.0 with crate(jsonwebtoken/default) < 10.0.0~) Problem 13: nothing provides requested (crate(lettre) >= 0.11.4 with crate(lettre) < 0.12.0~) Problem 14: nothing provides requested (crate(lettre/builder) >= 0.11.4 with crate(lettre/builder) < 0.12.0~) Problem 15: nothing provides requested (crate(lettre/hostname) >= 0.11.4 with crate(lettre/hostname) < 0.12.0~) Problem 16: nothing provides requested (crate(lettre/sendmail-transport) >= 0.11.4 with crate(lettre/sendmail-transport) < 0.12.0~) Problem 17: nothing provides requested (crate(lettre/serde) >= 0.11.4 with crate(lettre/serde) < 0.12.0~) Problem 18: nothing provides requested (crate(lettre/smtp-transport) >= 0.11.4 with crate(lettre/smtp-transport) < 0.12.0~) Problem 19: nothing provides requested (crate(lettre/tokio1) >= 0.11.4 with crate(lettre/tokio1) < 0.12.0~) Problem 20: nothing provides requested (crate(lettre/tokio1-native-tls) >= 0.11.4 with crate(lettre/tokio1-native-tls) < 0.12.0~) Problem 21: nothing provides requested (crate(lettre/tracing) >= 0.11.4 with crate(lettre/tracing) < 0.12.0~) Problem 22: nothing provides requested (crate(rocket) >= 0.5.0 with crate(rocket) < 0.6.0~) Problem 23: nothing provides requested (crate(rocket/json) >= 0.5.0 with crate(rocket/json) < 0.6.0~) Problem 24: nothing provides requested (crate(rocket/tls) >= 0.5.0 with crate(rocket/tls) < 0.6.0~) Problem 25: nothing provides requested (crate(rocket_ws/default) >= 0.1.0 with crate(rocket_ws/default) < 0.2.0~) Problem 26: nothing provides requested (crate(tokio-tungstenite/default) >= 0.20.1 with crate(tokio-tungstenite/default) < 0.21.0~) Problem 27: nothing provides requested (crate(totp-lite/default) >= 2.0.1 with crate(totp-lite/default) < 3.0.0~) Problem 28: nothing provides requested (crate(webauthn-rs/default) >= 0.3.2 with crate(webauthn-rs/default) < 0.4.0~) Problem 29: nothing provides requested (crate(yubico) >= 0.11.0 with crate(yubico) < 0.12.0~) Problem 30: nothing provides requested (crate(yubico/online-tokio) >= 0.11.0 with crate(yubico/online-tokio) < 0.12.0~)
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #7 from Jonathan Wright jonathan@almalinux.org --- Spec URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/f... SRPM URL: https://download.copr.fedorainfracloud.org/results/jonathanspw/vaultwarden/f...
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #8 from Fedora Review Service fedora-review-bot@fedoraproject.org --- Created attachment 2037378 --> https://bugzilla.redhat.com/attachment.cgi?id=2037378&action=edit The .spec file difference from Copr build 7482878 to 7616170
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #9 from Fedora Review Service fedora-review-bot@fedoraproject.org --- Copr build: https://copr.fedorainfracloud.org/coprs/build/7616170 (succeeded)
Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-rev...
Found issues:
- No gcc, gcc-c++ or clang found in BuildRequires Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/
Please know that there can be false-positives.
--- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service
If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Fabio Valentini decathorpe@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(decathorpe@gmail. | |com) |
--- Comment #10 from Fabio Valentini decathorpe@gmail.com --- Thank you for checking!
At least some of those crates are already being worked on (partially as prep work for packaging vaultwarden, partially for unrelated reasons):
- argon2: https://bugzilla.redhat.com/show_bug.cgi?id=2258880 - cached: https://bugzilla.redhat.com/show_bug.cgi?id=2259225 / https://bugzilla.redhat.com/show_bug.cgi?id=2290308 - diesel: update to v2.1 in progress, blocked by: https://bugzilla.redhat.com/show_bug.cgi?id=2291231 - fern: already packaged, but some required features disabled - rocket: being worked on independently for aw-server-rust - tokio-tungstenite: already packaged, but at a newer version - totp-lite: https://bugzilla.redhat.com/show_bug.cgi?id=2258882
Some of the pending reviews are waiting for input from Michel.
It would be great if we could de-vendor dependencies here long-term.
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #11 from Jonathan Wright jonathan@almalinux.org ---
It would be great if we could de-vendor dependencies here long-term.
Happy to coordinate and tag team these! Getting this de-vendored should be very doable in the short term.
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
--- Comment #12 from Michel Lind michel@michel-slm.name --- considering I'm reviewing this, yes, happy to help get these devendored ASAP but they should not be blocking.
Apologies for the review delays
https://bugzilla.redhat.com/show_bug.cgi?id=2282807
Michel Lind michel@michel-slm.name changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|fedora-review? |fedora-review+
--- Comment #13 from Michel Lind michel@michel-slm.name --- nit: (MIT OR Zlib OR Apache-2.0) is a duplicate of (MIT OR Zlib OR Apache-2.0) preceding it, so is (Zlib OR Apache-2.0 OR MIT) towards the end. Not a blocker though, you can fix when importing
If you're not already doing so, consider using rust2rpm.toml for the additional build requirements, it will help when regenerating the spec.
e.g.
[requires] build = [ "libpq-devel", "mariadb-devel", "openssl-devel", "systemd-rpm-macros", ]
You can automate the additional steps in %build and %install as well - man rust2rpm.toml, see "[scripts] table"
Package was generated with rust2rpm, simplifying the review.
- package builds and installs without errors on rawhide - test suite is run and all unit tests pass - latest version of the crate is packaged - license matches upstream specification (MIT OR Apache-2.0) and is acceptable for Fedora - [BINARY ONLY] licenses of statically linked dependencies are correctly taken into account - license file is included with %license in %files - package complies with Rust Packaging Guidelines
Package APPROVED.
===
Recommended post-import rust-sig tasks (use `fedora-sig-onboard onboard rust-$crate` to automate): * fedora-sig-onboard might not actually work for packages not prefixed with 'rust-', if it does not please file a bug
- add @rust-sig with "commit" access as package co-maintainer (should happen automatically)
- set bugzilla assignee overrides to @rust-sig (optional)
- set up package on release-monitoring.org: project: $crate homepage: https://crates.io/crates/$crate backend: crates.io version scheme: semantic version filter: alpha;beta;rc;pre distro: Fedora Package: rust-$crate
- track package in koschei for all built branches (should happen automatically once rust-sig is co-maintainer)
package-review@lists.fedoraproject.org