From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: clamav 0.105.1-3 needs rust >1.61 Date: Mon, 21 Nov 2022 18:19:14 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6007349506014526109==" List-Id: --===============6007349506014526109== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On 21.11.2022 11:44, Michael Tremer wrote: > Hello Matthias, Hi Michael, please see comments below... >> On 19 Nov 2022, at 15:56, Matthias Fischer = wrote: >>=20 >> Hi, >>=20 >> ...I'd like to have a small problem... ;-) >>=20 >> A few days ago, 'clamav 0.105.1' was updated, again: >> ... >=20 > This is *really* bad that they bundle so many libraries and make it very di= fficult for us to keep track of what vulnerabilities might be in clamav altho= ugh they are part of a third-party library. Yep. > We should try to remove all of them and always build against the system lib= raries. Puh. Sounds difficult. For now, I'll be happy if I get 'clamav' and 'rust' building at all. >> Unfortunately, building the third version of 'clamav 0.105.1' with >> current 'next' failed: >> .... >> ***SNIP*** >> ... >> error: package `tiff v0.8.0` cannot be built because it requires >> rustc 1.61.0 or newer, while the currently active rustc version is >> 1.60.0-nightly. >> ... >> ninja: build stopped: subcommand failed. >> make: *** [clamav:89: /usr/src/log/clamav-0.105.1] Error 1 >> ***SNAP*** >=20 > Great code quality. This is however not the reason why the build stopped. T= his is only a warning. >=20 >> Hm. Great. >>=20 >> So I tried the current 'rust 1.65' version. >>=20 >> This time, the building failed because of a rust component: >>=20 >> ***SNIP*** >> ... >> Finished release [optimized] target(s) in 1.92s >> cd /usr/src/cipher-0.3.0 && mkdir -pv >> ... >> install -Z avoid-dev-deps -j8 --no-track --path .; fi >> mkdir: created directory '/usr/share/cargo/registry/cipher-0.3.0' >> warning: No (git) VCS found for `/usr/src/cipher-0.3.0` >> error: invalid inclusion of reserved file name Cargo.toml.orig in >> package source >> cp: missing file operand >> Try 'cp --help' for more information. >> make: *** [rust-cipher:78: /usr/src/log/cipher-0.3.0] Error 123 >> ***SNAP*** >=20 > Rust is an absolute dependency hell. Ask Adolf and look at his latest patch= set :) Yes. I saw that. Too much for me... >> Ok, even greater. >>=20 >> Does anyone have an idea to solve this? I can't even find an updated >> package for , e.g., 'cipher-0.3.0tar.gz', although apparently I found at >> least an updated version (0.4.3) here: >>=20 >> =3D> https://docs.rs/cipher/latest/cipher/# >>=20 >> But no download links... Hm! Where on earth did 'cipher-0.3.0.tar.gz' >> came from? >=20 > There is a little helper script in tools/ which you can use to automaticall= y download the source and even generate an LFS file, because they all look th= e same: >=20 > https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dblob;f=3Dtools/download-rust= -crate;h=3Df6a0fe035d30fdbddaa843ccac45251b0049088a;hb=3DHEAD I didn't saw this one. Thanks! > You can just run this as =E2=80=9Ctools/download-rust-crate cipher=E2=80=9D= and it should create everything you need. Just add it to make.sh and it shou= ld build. The funny part: I hadn't 'jq' on my Devel - never heard of it or needed it until now - but I got the build running now. After an 'apt install jq' everything seems to be ok. ;-) Devel is running, I looking forward how far I will get. I'm curious what 'suricata' thinks of 'rust 1.65'... >> What makes me a bit nervous though is the fact that if clamav really can >> only be made to work with a major rust update, the other rust components >> might have to be updated as well. And I found 103 rust*-lfs files... >=20 > Yes. And every time we change one of those packages, we will have to ship *= everything* that is related to Rust. Should I check the other rust-* packages (the remaining 102...) for possible updates? Best, Matthias > Such a great language. Stop using Rust, people. >=20 > -Michael >=20 >>=20 >> Any thoughts and hints welcome! >>=20 >> Best, >> Matthias >=20 --===============6007349506014526109==--