Include the patched version of aws-nitro-enclaves-cose in the repo and packit enhancements #704
Conversation
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
from
60880b7 to
20de0d6
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
devskim found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
4 times, most recently
from
2901f7e to
ec9f9bb
Compare
|
niiiice 😃 let's make this work! |
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
from
ec9f9bb to
3948303
Compare
mmartinv
changed the title
mmartinv
changed the title
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
3 times, most recently
from
dd70bf7 to
e922191
Compare
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
7 times, most recently
from
938021b to
6091fc2
Compare
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
3 times, most recently
from
5b885af to
3175e22
Compare
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
from
3175e22 to
0484bb1
Compare
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
3 times, most recently
from
12b1fb2 to
803b878
Compare
| @@ -23,9 +25,45 @@ help: | |||
| @echo "The following targets are available:" | |||
| @echo | |||
| @echo " help: Print this usage information." | |||
| @echo " source: Generate source tar file in the current directory." | |||
| @echo " vendor: Generate vendor tar file in the current directory." | |||
There was a problem hiding this comment.
I guess we can update the SOP document to use these commands too - like git checkout v0.5.2 and then make source && make vendor and then git checkout c10s && centpkg updload file.tar.gz etc etc (maybe for another PR of course)
There was a problem hiding this comment.
Shouldn't the propose-downstream also work for centos? (except for the corresponding Jira ticket creation)
There was a problem hiding this comment.
yeah, but you still have to upload the sources (this is how I read the page on the packit guide as it's not yet implemented to upload sources to the lookaside cache) - also, building isn't taken care of as far as I can tell
maybe I'm wrong :)
There was a problem hiding this comment.
Yeah, I think you are right, It looks like the automation will not do it for us but there's the option of using the cli according to the warning note.
Mabye something like (after filing the corresponding Jira ticket: RHEL-XXXXX):
git checkout v0.5.2
packit propose-downstream --pr \
--dist-git-branch c10s \
--resolve-bug RHEL-XXXXX
--package fido-device-onboard-centos
84690cf to
11e8927
Compare
Add a copy of the original `aws-nitro-enclaves-cose` crate to the repository. The copied version is the one required by FDO to operate until we migrate to `coset` or any other crate that provides COSE implementation. Signed-off-by: Miguel Martín <[email protected]>
Prevent `direct implementation of ToString` clippy errors and backport [1] [1]awslabs/aws-nitro-enclaves-cose#66 Signed-off-by: Miguel Martín <[email protected]>
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
from
11e8927 to
e1341dc
Compare
|
This shouldn't really be one massive PR, there's a whole raft of different changes in here, I'm also not particularly happy about pulling an unrelated code base into here due to maintenance and CVEs. I feel it would likely be less work to just move to the latest version of the COSE crate so we don't have to do this malarkey and we'd not have the problem again moving forward. |
I can separate the crate changes from the packit changes if you want but that would mean to move one or two commits only.
Only the RHEL builds will be using the included code base, the Fedora builds are supposed to keep using the upstream patched crate which is rpm packaged in Fedora, so the only difference is that you will be adding the patch in this repo instead of adding the patch in the repo you have in your personal fork for the RHEL builds.
It's not, I tried to update and we need changes in the code to implement additional traits for some particular types. Moreover, there are some crate additions in the the updated version so we would need to add some new RPMs to Fedora if we upgrade, not checked the full list of dependencies though. Taking into account that we agreed to migrate to |
Remove the uneeded patches from spec file and assume fedora by default Signed-off-by: Miguel Martín <[email protected]>
Signed-off-by: Miguel Martín <[email protected]>
Add additional Makefile targets: - source: to generate source tar file - vendor: to generate vendor tar file - packit-create-archive: to generate the source code and vendor tarballs in packit.
Use the new Makefile target in packit actions. Signed-off-by: Miguel Martín <[email protected]>
Signed-off-by: Miguel Martín <[email protected]>
Skip external crates from spellcheck and DevSkim analisys Signed-off-by: Miguel Martín <[email protected]>
Add the generated source and vendor tar files to .gitignore Signed-off-by: Miguel Martín <[email protected]>
- Elide explicit lifetimes pointed out by clippy. - Allow `clippy::elided-named-lifetimes` lint warning until a final fix. - Allow `clippy::zombie_processes` until a final fix. - Bump `num-derive` to 0.4 in data-formats. Signed-off-by: Miguel Martín <[email protected]>
mmartinv
force-pushed
the
packit-fixes-and-enhancements
branch
from
e1341dc to
062f38a
Compare
The purpose of this patch is to incorporate the external an patched version of aws-nitro-enclaves-cose into the project's source code to avoid all the hacks of patching and unpatching the spec files, the Cargo.toml and the vendored sources back an forth when packaging as it has been shown to be fragile and is causing (and will cause) problems with dependantbot.
This patch also tries to centralize all the build logic in one file (the Makefile) and simplify the packit configuration.
The summary of changes woud be: