Wiki - https://fedoraproject.org/wiki/Changes/RetireZbusV1
Discussion thread -
https://discussion.fedoraproject.org/t/f42-change-proposal-retire-zbus-v1f/134265
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
== Summary ==
The packages for v1 of the zbus crate (and the packages for v2 of the
zvariant crate) will be retired from Fedora 42. Dependent packages are
to be ported to a non-obsolete version of these libraries (i.e. zbus
v4 or v5) or to be retired as well.
== Owner ==
* Name: [[User:Decathorpe| Fabio Valentini]] for the Rust SIG
* Email: decathorpe@gmail.com
* Email: rust@lists.fedoraproject.org
== Detailed Description ==
Fedora includes packages for different versions of the zbus crate. The
packages for zbus v3 were recently retired from Fedora 42 since the
last package that used this version was ported to v4. However, there
are still a few packages left that depend on the long-obsolete zbus
v1, and tickets have been filed (or did already exist) about updating
the zbus dependency:
* `nmstate` - https://github.com/nmstate/nmstate/issues/2803
* `rust-libslirp` - https://gitlab.freedesktop.org/slirp/libslirp-rs/-/issues/5
* `squeekboard` - https://gitlab.gnome.org/World/Phosh/squeekboard/-/issues/378
We cannot continue to maintain packages for obsolete versions of the
zbus and zvariant crates indefinitely. These packages in turn pull in
dependencies that are increasingly outdated compared to other packages
in Fedora, including a lot of compat packages for older alternative
versions of existing Rust packages:
* `rust-async-io` v1 compat package (current: v2)
* `rust-async-lock` v2 compat package (current: v3)
* `rust-bitflags` v1 compat package (current: v2)
* `rust-enumflags2` v0.6 compat package (current: v0.7)
* `rust-enumflags_derive2` v0.6 compat package (current: v0.7)
* `rust-event-listener` v2 compat package (current: v5)
* `rust-futures-lite` v1 compat package (current: v2)
* `rust-io-lifetimes` v1 compat package (current: v2)
* `rust-linux-raw-sys` v0.3 compat package (current: v0.6)
* `rust-memoffset` v0.6 compat package (current: v0.9)
* `rust-nix` v0.22 compat package (current: v0.29)
* `rust-polling` v2 compat package (current: v3)
* `rust-proc-macro-crate` v0.1 compat package (current: v3)
* `rust-proc-macro-crate` v1 compat package (current: v3)
* `rust-rustix` v0.37 compat package (current: v0.38)
* `rust-socket2` v0.4 compat package (current: v0.5)
* `rust-syn` v1 compat package (current: v2)
* `rust-toml` v0.5 compat package (current: v0.8)
* `rust-toml_edit` v0.19 compat package (current: v0.22)
* `rust-winnow` v0.5 (current: 0.6)
And in turn, these compat packages pull in even more old and / or
obsolete packages.
Additionally, versions of zbus / zvariant before zbus v3.14 / zvariant
3.15 have known bugs on 32-bit systems and test failures on big-endian
systems: https://github.com/dbus2/zbus/pull/362
== Feedback ==
== Benefit to Fedora ==
Implementing this change will allow the Rust SIG to drop potentially
dozens of obsolete libraries and / or old compat packages from the
distribution. Making the dependency graph less "dense" makes
maintenance work easier due to fewer inter-dependencies that need to
be taken into account when pushing library updates.
Additionally, packages for old versions of crates often require
ongoing maintenance due to new rustc compiler errors, or require fixes
for compatibility with new versions of cargo. As a result, dropping
old packages frees up time that package maintainers could spend on
more useful work. Dropping obsolete packages from the distribution
also has indirect benefits, like reduced load on Fedora infrastructure
(koschei CI, mass rebuilds, etc.).
While none of the packages included in the list above are listed as
"vulnerable" in the RUSTSEC database, this database is not exhaustive,
and many packages in this list contain "unsafe" code that could
contain soundness problems that were just not submitted to RUSTSEC for
classification.
== Scope ==
* Proposal owners:
Retire `rust-zbus1`, `rust-zbus_macros1`, `rust-zvariant2`,
`rust-zvariant_derive2` from Fedora Rawhide / Fedora 42, at the latest
before the start of the Final Freeze for Fedora 42.
* Other developers:
Port packages that depend on zbus v1 to zbus >= v4, work with upstream
projects to do the same, or retire dependent packages.
Porting from zbus v1 to newer versions requires some code changes to
to API changes in zbus >= v2, which might or might not be trivial. For
example, this is the PR for system-76-keyboard-configurator to port it
from zbus v1 to v3 (with fewer required changes between zbus v3 and
v4): https://github.com/pop-os/keyboard-configurator/pull/221
* Release engineering:
N/A (just ensure that retired packages are removed from repositories /
blocked in koji correctly, but this is already covered by normal
Release Engineering processes)
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy:
Dropping obsolete packages makes it easier for new contributors to
start working on the Rust stack in Fedora.
== Upgrade/compatibility impact ==
Rust library packages are not intended to be installed on end-user
systems, and are almost exclusively installed in ephemeral build
environments (i.e. mock chroots).
If any of the dependent packages (`nmstate`, `rust-libslirp`,
`squeekboard`) is retired, they can be added to
fedora-obsolete-packages. But since Rust crates are statically linked
and are not a dependency for built packages, this is not strictly
necessary.
== How To Test ==
None of the packages built from the following sources packages should
be available for installation on Fedora 42:
* rust-zbus1 (`rust-zbus1-devel`, `rust-zbus1+*-devel`)
* rust-zbus_macros1 (`rust-zbus_macros1-devel`, `rust-zbus_macros1+*-devel`)
* rust-zvariant2 (`rust-zvariant2-devel`, `rust-zvariant2+*-devel`)
* rust-zvariant_derive2 (`rust-zvariant_derive2-devel`,
`rust-zvariant_derive2+*-devel`)
== User Experience ==
N/A (not a user-facing change)
== Dependencies ==
There are three applications that currently depend on zbus v1:
* nmstate
* libslirp-helper (from rust-libslirp) - apparently obsoleted by passt?
* squeekboard
They will need to be ported to a newer version of zbus (ideally, zbus
v4, which is what is currently shipped by Fedora, though zbus v5 has
already been released as of October 18, 2024).
== Contingency Plan ==
* Contingency mechanism: packages for zbus v1 and zvariant v2 will not
be retired (or will be un-retired if already retired)
* Contingency deadline: Final Freeze
* Blocks release? No
== Documentation ==
* zbus / zvariant release notes on GitHub:
https://github.com/dbus2/zbus/releases
== Release Notes ==
N/A (not a user-facing change)
--
Aoife Moloney
Fedora Operations Architect
Fedora Project
Matrix: @amoloney:fedora.im
IRC: amoloney
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment