[Bug 1219158] New: bcachefs-tools: fails to mount device due building without Rust (NO_RUST=1)
https://bugzilla.suse.com/show_bug.cgi?id=1219158 Bug ID: 1219158 Summary: bcachefs-tools: fails to mount device due building without Rust (NO_RUST=1) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel:Filesystems Assignee: kernel-fs@suse.de Reporter: petr.vorel@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- I reported bcachefs-tools failure to mount loop device [1]. Upstream notes that building with Rust is mandatory [2] and indeed we have NO_RUST=1 in our spec file [3]. Could you please build with Rust? [1] https://lore.kernel.org/ltp/20240124200032.GA343522@pevik/ [2] https://lore.kernel.org/ltp/5ykyohhnlc7nkbz7usc5sqmluyl7wgyhc6frqmbo5kk4vhuu... [3] https://build.opensuse.org/package/view_file/filesystems/bcachefs-tools/bcac... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 Petr Vorel <petr.vorel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |petr.vorel@suse.com, | |william.brown@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 Petr Vorel <petr.vorel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh@inai.de -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 Petr Vorel <petr.vorel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|kernel-fs@suse.de |jengelh@inai.de -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c1 --- Comment #1 from Jan Engelhardt <jengelh@inai.de> --- rust building is a pain. this is a heads-up that I won't be spending any time on that. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c2 --- Comment #2 from William Brown <william.brown@suse.com> --- Hi there, I'm not sure why I was CCed here. While I'm happy to help advise on issues that you may have while using Rust in SUSE/OpenSUSE, as the Rust maintainer it's not my responsibility to update this package spec file to work with Rust. If you do have genuine concerns about what makes "rust building a pain" as you say, then I would like to know what they are so that I can potentially improve things. Thanks -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c3 David Disseldorp <ddiss@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ddiss@suse.com, | |kernel-fs@suse.de --- Comment #3 from David Disseldorp <ddiss@suse.com> --- The bcachefs-tools release script https://evilpiepirate.org/git/bcachefs-tools.git/tree/make-release-tarball.s... publishes a signed source tarball with all cargo crate dependencies vendored to https://evilpiepirate.org/bcachefs-tools/ . I think the "easiest" way forward here would be to use that bcachefs-tools-vendored tarball (with signature) in the Factory package. The elephant in the room here is that the extra rust dependencies introduce over 200M of source code, which should ideally be audited for any obvious malice. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c4 --- Comment #4 from David Disseldorp <ddiss@suse.com> --- (In reply to David Disseldorp from comment #3)
The bcachefs-tools release script https://evilpiepirate.org/git/bcachefs-tools.git/tree/make-release-tarball. sh?h=v1.4.1#n31 publishes a signed source tarball with all cargo crate dependencies vendored to https://evilpiepirate.org/bcachefs-tools/ . I think the "easiest" way forward here would be to use that bcachefs-tools-vendored tarball (with signature) in the Factory package.
Following discussions with some Rust packagers, it seems that we might be better off using https://github.com/openSUSE/obs-service-cargo_vendor locally to do the vendoring, to ensure that its integrated crate-audit functionality is used. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c5 --- Comment #5 from Petr Vorel <petr.vorel@suse.com> --- David, thanks for investigation. Do you plan to do the packaging? Because Jan stated that he won't be doing it. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 Arvin Schnell <aschnell@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aschnell@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c6 --- Comment #6 from William Brown <william.brown@suse.com> ---
Following discussions with some Rust packagers, it seems that we might be better off using https://github.com/openSUSE/obs-service-cargo_vendor locally to do the vendoring, to ensure that its integrated crate-audit functionality is used.
Yes, this would be the best approach, and suse product security will appreciate that greatly. :) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c7 --- Comment #7 from David Disseldorp <ddiss@suse.com> --- (In reply to Petr Vorel from comment #5)
David, thanks for investigation. Do you plan to do the packaging? Because Jan stated that he won't be doing it.
I can do that, but I don't expect to have much time for review of the huge amount of new source being added here. (In reply to William Brown from comment #6)
Following discussions with some Rust packagers, it seems that we might be better off using https://github.com/openSUSE/obs-service-cargo_vendor locally to do the vendoring, to ensure that its integrated crate-audit functionality is used.
Yes, this would be the best approach, and suse product security will appreciate that greatly. :)
Thanks for the pointers :) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c8 David Disseldorp <ddiss@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jengelh@inai.de) Assignee|jengelh@inai.de |ddiss@suse.com --- Comment #8 from David Disseldorp <ddiss@suse.com> --- I've submitted a rust-enabled build via https://build.opensuse.org/request/show/1142783 I ended up going with the published upstream vendored-source tarball for a couple of reasons: - Kent generates and signs it in a relatively transparent way + I've requested that a "cargo audit" step become part of the release process see https://lore.kernel.org/linux-bcachefs/20240130070356.8174-1-ddiss@suse.de/T... - the osc cargo / cargo_audit / cargo_vendor services appear to be in a lot of flux, changing significantly between versions @Jan: feel free to add me as co-maintainer if you'd prefer to avoid dealing with this stuff in future. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c10 David Disseldorp <ddiss@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Flags|needinfo?(jengelh@inai.de) | Status|NEW |RESOLVED --- Comment #10 from David Disseldorp <ddiss@suse.com> --- Merged to Factory. Closing... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c11 --- Comment #11 from William Brown <william.brown@suse.com> ---
- the osc cargo / cargo_audit / cargo_vendor services appear to be in a lot of flux, changing significantly between versions
It's settled down now, and I don't expect major changes anytime soon. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1219158 https://bugzilla.suse.com/show_bug.cgi?id=1219158#c12 --- Comment #12 from Petr Vorel <petr.vorel@suse.com> --- David, thanks a lot for fixing the tool! Yes, build 20240130 got the fixed package and all tests work as expected. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com