Quick update on this. Thanks to Maxwell's and Elliot's suggestions and support, the number of packages involved has been lowered to 98 [0]. Of those, majority have @go-sig as committer, so I've been able to build them. Some of them were FTBFS. For some of those, I've created PRs to fix them [1][2][3]. I'll work on the missing FTBFS and to open PRs for the ones where @go-sig has no permission in the coming days.
Thanks a lot, Fale [0] https://fale.fedorapeople.org/CVE-2022-27191/pkgs2 [1] https://src.fedoraproject.org/rpms/cadvisor/pull-request/1 [2] https://src.fedoraproject.org/rpms/etcd/pull-request/4 [3] https://src.fedoraproject.org/rpms/gitjacker/pull-request/1 On Sat, Apr 16, 2022, at 10:15, Maxwell G wrote: > On Thursday, April 14, 2022 12:37:37 AM IDT Fabio Alessandro Locati wrote: > > If I'm correct, we are looking for: > > * packages that depend on golang.org/x/crypto/ssh > > * packages that contain at least a non-devel package (ie: a compiled part) > > > > If my understand of repoquery is correct, this would be the command to get > > them: > > > > sudo dnf repoquery -q --repo=rawhide{,-source} --whatrequires > > "golang(golang.org/x/crypto/ssh)" --recursive | grep src$ | pkgname | sort > > | uniq > > That command does nothing to ensure that the packages contain binaries. > `--recursive` also includes packages that indirectly depend on > `golang(golang.org/x/crypto/ssh)` (i.e. package A depends on > `golang(golang.org/x/crypto/ssh)` and package B depends on package A which > depends on `golang(golang.org/x/crypto/ssh)`, but package B doesn't directly > depend on `golang(golang.org/x/crypto/ssh)`). I am not sure that this works > with packages that use `%generate_buildrequires`, either. > > Here is a better command: > > ``` > sudo dnf repoquery -q --repo=rawhide --whatrequires > 'golang(golang.org/x/crypto/ssh)' | xargs sudo dnf repoquery -q > --repo=rawhide --qf '%{sourcerpm}' | pkgname | xargs sudo dnf repoquery -q > --repo=rawhide --latest-limit 1 | pkgname > ``` > > You can still add `--recursive` to the first repoquery command if we deem > that necessary. This command finds all the dependent dependant `-devel` > packages, then finds the sourcerpm name of each package (which is the same as > `%{goname}`) and then checks if there is a binary rpm with that name. > > -- > Thanks, > > Maxwell G (@gotmax23) > Pronouns: He/Him/Him > _______________________________________________ > golang mailing list -- golang@lists.fedoraproject.org > To unsubscribe send an email to golang-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > *Attachments:* > * signature.asc -- Fabio Alessandro Locati fale.io
_______________________________________________ golang mailing list -- golang@lists.fedoraproject.org To unsubscribe send an email to golang-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
