Skip to content
This repository has been archived by the owner on May 2, 2024. It is now read-only.

Rust NSS: Update packaging #108

Merged
merged 12 commits into from
Feb 14, 2023
Merged

Rust NSS: Update packaging #108

merged 12 commits into from
Feb 14, 2023

Conversation

denisonbarbosa
Copy link
Member

Updating packaging for the aad-auth project.

DEENG-570

@denisonbarbosa denisonbarbosa force-pushed the rust-nss-update-packaging branch 3 times, most recently from 42fbe16 to 7fae5bb Compare February 10, 2023 17:01
GabrielNagy
GabrielNagy reviewed Feb 10, 2023
View reviewed changes
Copy link
Contributor

@GabrielNagy GabrielNagy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, only had a few comments:

I tested the branch locally and it built fine for me, with a few lintian errors that made me think:

Now running lintian aad-auth_0.3_amd64.changes ...
E: libnss-aad: lacks-versioned-link-to-shared-library usr/lib/x86_64-linux-gnu/libnss_aad.so [usr/lib/x86_64-linux-gnu/libnss_aad.so.2]
W: aad-auth source: dependency-is-not-multi-archified libnss-aad depends on aad-common (multi-arch: no)
W: libnss-aad: shared-library-lacks-version usr/lib/x86_64-linux-gnu/libnss_aad.so.2 libnss_aad.so
W: aad-auth source: unknown-field Vendored-Sources-Rust

I think we can get rid of some of them by compiling the NSS library with the proper soname (libnss_aad.so.2 instead of libnss_aad.so), like we did for Go.

For the dependency-is-not-multi-archified one we may need to set Multi-Arch: same on aad-common as well. Can you remind me why we need the option on debian/control in the first place?

.github/workflows/auto-updates.yaml Outdated Show resolved Hide resolved
debian/libnss-aad.symbols Outdated Show resolved Hide resolved
debian/libnss-aad.symbols
@@ -1,26 +1,15 @@
libnss_aad.so.2 libnss-aad #MINVER#
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noting here that the lib name changed from libnss_aad.so.2 to libnss_aad.so in case it was not intentional

Copy link
Member Author

@denisonbarbosa denisonbarbosa Feb 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is likely due to the cargo build problem that I've mentioned in the general comment. I'm not sure how to evaluate this diff, tbh. Maybe you or @didrocks can provide me some insight whether this is a big problem or not?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmm okay then. IMO it's fine to keep it as is - but it'd be nice to suppress the warnings by adding them to the lintian-overrides file, adding the context you wrote in a PR as comments. There should be existing lintian-overrides files you can take inspiration from.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually, this is possible (rust-lang/cargo#5045 (comment)), but only with cargo from lunar, not kinetic or jammy. Still worth keeping it in the override file IMHO explicitely. The fact that is not important is not well described in the current override file IMHO.

Copy link
Member Author

@denisonbarbosa denisonbarbosa Feb 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's possible using cargo rustc (not cargo build), but I'm not sure this works with the dh-cargo wrapper (that was my concern).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems it does it, but then, we are back to what we do when we backport this to jammy as we won’t have a relevant version of Cargo for now. So, let’s do with a better lintian override comments, explaining exactly why we can’t (and don’t) need a soname anyway, with the link to the bug report.

nss/integration-tests/integration_test.go Outdated Show resolved Hide resolved
debian/cargo-checksum.json Show resolved Hide resolved
@denisonbarbosa
Copy link
Member Author

denisonbarbosa commented Feb 13, 2023
edited
Loading

Nice work, only had a few comments:

I tested the branch locally and it built fine for me, with a few lintian errors that made me think:

Now running lintian aad-auth_0.3_amd64.changes ...
E: libnss-aad: lacks-versioned-link-to-shared-library usr/lib/x86_64-linux-gnu/libnss_aad.so [usr/lib/x86_64-linux-gnu/libnss_aad.so.2]
W: aad-auth source: dependency-is-not-multi-archified libnss-aad depends on aad-common (multi-arch: no)
W: libnss-aad: shared-library-lacks-version usr/lib/x86_64-linux-gnu/libnss_aad.so.2 libnss_aad.so
W: aad-auth source: unknown-field Vendored-Sources-Rust

I think we can get rid of some of them by compiling the NSS library with the proper soname (libnss_aad.so.2 instead of libnss_aad.so), like we did for Go.

For the dependency-is-not-multi-archified one we may need to set Multi-Arch: same on aad-common as well. Can you remind me why we need the option on debian/control in the first place?

Hey @GabrielNagy, thanks for the review. It is annoying to have this amount of warnings, I agree (I didn't see them, but it's probably because of a version diff since I'm still on Jammy). We have a few problems though:

  1. Cargo does not allow you to change the output name by default (which is very annoying) and we must use cargo because of the dh-cargo wrapper, which sets the proper flags and stuff, that's why on the debian/rules, during the dh_auto_install step, I manually rename the file before actually installing it.
  2. About the Multi-Arch: same comment, I've added it because of the Debian policy for Rust packaging which states:

In order to support cross-compiling, each library binary package - the main package plus the feature packages - should use Architecture: any and Multi-Arch: same. (This is not ideal; it is due to a deficiency in the current Debian cross-compiling infrastructure and the Multi-Arch specification.) This applies even if the library crate only runs on certain target architectures or operating systems. Note that if running a test build in dh_auto_test, this might need to be disabled based on the target/foreign architecture (DEB_HOST_ARCH) and unlikely but possibly also the host/native architecture (DEB_BUILD_ARCH).

@denisonbarbosa denisonbarbosa force-pushed the rust-nss-update-packaging branch from 7fae5bb to 0754daf Compare February 13, 2023 10:57
@GabrielNagy
Copy link
Contributor

  1. Cargo does not allow you to change the output name by default (which is very annoying) and we must use cargo because of the dh-cargo wrapper, which sets the proper flags and stuff, that's why on the debian/rules, during the dh_auto_install step, I manually rename the file before actually installing it.

Got it. Let's suppress the warning by adding it to lintian-overrides with a comment.

  1. On the Multi-Arch: same comment, I've added it because of the Debian policy for Rust packaging which states:

In order to support cross-compiling, each library binary package - the main package plus the feature packages - should use Architecture: any and Multi-Arch: same. (This is not ideal; it is due to a deficiency in the current Debian cross-compiling infrastructure and the Multi-Arch specification.) This applies even if the library crate only runs on certain target architectures or operating systems. Note that if running a test build in dh_auto_test, this might need to be disabled based on the target/foreign architecture (DEB_HOST_ARCH) and unlikely but possibly also the host/native architecture (DEB_BUILD_ARCH).

👍 - we should add Multi-Arch: same to aad-common as well then which should get rid of the warning in theory.

@denisonbarbosa denisonbarbosa force-pushed the rust-nss-update-packaging branch 3 times, most recently from b49c2b2 to eb338fb Compare February 13, 2023 11:44
@denisonbarbosa denisonbarbosa force-pushed the rust-nss-update-packaging branch from eb338fb to e830ab9 Compare February 13, 2023 12:43
@denisonbarbosa
Add Rust vendor dir and artifacts dir to gitignore
5e779bb
@denisonbarbosa
Updating lto profile due to dwz issues
29450fd
@denisonbarbosa
Updating debian/control
f3b3982 
Adding dh-cargo and libsqlite3-dev as build dependencies and the required
XS-Vendored-Sources-Rust field.
@denisonbarbosa
Updating debian/libnss-aad.install
a97dfa3 
Removing line that installed the aad-auth aux binary.
@denisonbarbosa denisonbarbosa force-pushed the rust-nss-update-packaging branch from e830ab9 to 7b5f7fd Compare February 13, 2023 14:00
GabrielNagy
GabrielNagy reviewed Feb 13, 2023
View reviewed changes
debian/control Outdated Show resolved Hide resolved
didrocks
didrocks suggested changes Feb 13, 2023
View reviewed changes
Copy link
Member

@didrocks didrocks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some parts to adjust and look at.

debian/control Outdated Show resolved Hide resolved
debian/libnss-aad.symbols
@@ -1,26 +1,15 @@
libnss_aad.so.2 libnss-aad #MINVER#
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems it does it, but then, we are back to what we do when we backport this to jammy as we won’t have a relevant version of Cargo for now. So, let’s do with a better lintian override comments, explaining exactly why we can’t (and don’t) need a soname anyway, with the link to the bug report.

debian/libnss-aad.symbols Outdated Show resolved Hide resolved
debian/rules Outdated Show resolved Hide resolved
@denisonbarbosa denisonbarbosa force-pushed the rust-nss-update-packaging branch from 413f58f to e24bbb6 Compare February 14, 2023 12:39
didrocks
didrocks approved these changes Feb 14, 2023
View reviewed changes
Copy link
Member

@didrocks didrocks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to me now., Trusting that you did some package build tests as well as autopkgtests :)

@denisonbarbosa
Updating debian/libnss-aad.symbols
4bbedde
@denisonbarbosa
Adding debian/cargo-checksum.json
3cacab4
@denisonbarbosa
Updating debian/rules to build the Rust lib
94d725e
@denisonbarbosa
Updating debian/copyright
affbf18
@denisonbarbosa
Option to override NSS build in the integration tests
e6be0b0 
We can now override the binary responsible to build the library.
This allows us to use the cargo wrapper (offered by dh-cargo) to build
the library offline, without automatically querying crates.io for the
dependencies.
@denisonbarbosa
Adding action to auto update Rust related files
addae9a 
Action to update the XS-Vendored-Sources-Rust in debian/control

Action to update the fake checksum file in debian/cargo-checksum.json
@denisonbarbosa denisonbarbosa force-pushed the rust-nss-update-packaging branch from 16167d9 to 0d43c1d Compare February 14, 2023 13:13
@denisonbarbosa denisonbarbosa merged commit d22ed77 into rust-nss Feb 14, 2023
@denisonbarbosa denisonbarbosa deleted the rust-nss-update-packaging branch February 14, 2023 14:00
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@GabrielNagy GabrielNagy GabrielNagy left review comments

@didrocks didrocks didrocks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@denisonbarbosa @GabrielNagy @didrocks