Bug 1219158 - bcachefs-tools: fails to mount device due building without Rust (NO_RUST=1)
Summary: bcachefs-tools: fails to mount device due building without Rust (NO_RUST=1)
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Kernel:Filesystems (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal with 1 vote (vote)
Target Milestone: ---
Assignee: David Disseldorp
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-24 21:34 UTC by Petr Vorel
Modified: 2024-02-01 08:55 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Vorel 2024-01-24 21:34:39 UTC 
I reported bcachefs-tools failure to mount loop device [1]. Upstream notes that building with Rust is mandatory [2] and indeed we have NO_RUST=1 in our spec file  [3]. Could you please build with Rust?

[1] https://lore.kernel.org/ltp/20240124200032.GA343522@pevik/
[2] https://lore.kernel.org/ltp/5ykyohhnlc7nkbz7usc5sqmluyl7wgyhc6frqmbo5kk4vhuu3c@kgzze4c35gsv/
[3] https://build.opensuse.org/package/view_file/filesystems/bcachefs-tools/bcachefs-tools.spec?expand=1
Comment 1 Jan Engelhardt 2024-01-24 22:24:58 UTC 
rust building is a pain. this is a heads-up that I won't be spending any time on that.
Comment 2 William Brown 2024-01-24 23:02:26 UTC 
Hi there,

I'm not sure why I was CCed here. While I'm happy to help advise on issues that you may have while using Rust in SUSE/OpenSUSE, as the Rust maintainer it's not my responsibility to update this package spec file to work with Rust.

If you do have genuine concerns about what makes "rust building a pain" as you say, then I would like to know what they are so that I can potentially improve things. 

Thanks
Comment 3 David Disseldorp 2024-01-25 03:40:07 UTC 
The bcachefs-tools release script https://evilpiepirate.org/git/bcachefs-tools.git/tree/make-release-tarball.sh?h=v1.4.1#n31 publishes a signed source tarball with all cargo crate dependencies vendored to https://evilpiepirate.org/bcachefs-tools/ .
I think the "easiest" way forward here would be to use that bcachefs-tools-vendored tarball (with signature) in the Factory package.

The elephant in the room here is that the extra rust dependencies 
introduce over 200M of source code, which should ideally be audited for any obvious malice.
Comment 4 David Disseldorp 2024-01-25 13:10:57 UTC 
(In reply to David Disseldorp from comment #3)
> The bcachefs-tools release script
> https://evilpiepirate.org/git/bcachefs-tools.git/tree/make-release-tarball.
> sh?h=v1.4.1#n31 publishes a signed source tarball with all cargo crate
> dependencies vendored to https://evilpiepirate.org/bcachefs-tools/ .
> I think the "easiest" way forward here would be to use that
> bcachefs-tools-vendored tarball (with signature) in the Factory package.

Following discussions with some Rust packagers, it seems that we might be better off using https://github.com/openSUSE/obs-service-cargo_vendor locally to do the vendoring, to ensure that its integrated crate-audit functionality is used.
Comment 5 Petr Vorel 2024-01-25 19:39:02 UTC 
David, thanks for investigation. Do you plan to do the packaging? Because Jan stated that he won't be doing it.
Comment 6 William Brown 2024-01-26 23:02:30 UTC 
> Following discussions with some Rust packagers, it seems that we might be
> better off using https://github.com/openSUSE/obs-service-cargo_vendor
> locally to do the vendoring, to ensure that its integrated crate-audit
> functionality is used.

Yes, this would be the best approach, and suse product security will appreciate that greatly. :)
Comment 7 David Disseldorp 2024-01-28 14:12:23 UTC 
(In reply to Petr Vorel from comment #5)
> David, thanks for investigation. Do you plan to do the packaging? Because
> Jan stated that he won't be doing it.

I can do that, but I don't expect to have much time for review of the huge amount of new source being added here.


(In reply to William Brown from comment #6)
> > Following discussions with some Rust packagers, it seems that we might be
> > better off using https://github.com/openSUSE/obs-service-cargo_vendor
> > locally to do the vendoring, to ensure that its integrated crate-audit
> > functionality is used.
> 
> Yes, this would be the best approach, and suse product security will
> appreciate that greatly. :)

Thanks for the pointers :)
Comment 8 David Disseldorp 2024-01-30 12:43:22 UTC 
I've submitted a rust-enabled build via https://build.opensuse.org/request/show/1142783
I ended up going with the published upstream vendored-source tarball for a couple of reasons:
- Kent generates and signs it in a relatively transparent way
  + I've requested that a "cargo audit" step become part of the release process
    see https://lore.kernel.org/linux-bcachefs/20240130070356.8174-1-ddiss@suse.de/T/#u
- the osc cargo / cargo_audit / cargo_vendor services appear to be in a lot of flux, changing significantly between versions

@Jan: feel free to add me as co-maintainer if you'd prefer to avoid dealing with this stuff in future.
Comment 9 OBSbugzilla Bot 2024-01-30 13:35:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1219158) was mentioned in
https://build.opensuse.org/request/show/1142786 Factory / bcachefs-tools
Comment 10 David Disseldorp 2024-01-31 00:25:09 UTC 
Merged to Factory. Closing...
Comment 11 William Brown 2024-01-31 01:52:26 UTC 
> - the osc cargo / cargo_audit / cargo_vendor services appear to be in a lot
> of flux, changing significantly between versions

It's settled down now, and I don't expect major changes anytime soon.
Comment 12 Petr Vorel 2024-02-01 08:55:33 UTC 
David, thanks a lot for fixing the tool! Yes, build 20240130 got the fixed package and all tests work as expected.