dependency on tough v0.19 pulls in rustls and aws-lc-sys whether you want them or not #436
Labels
bug
Something isn't working
Comments
Billy99
added a commit
to Billy99/bpfman
that referenced
this issue
Feb 14, 2025
PR bpfman#1406 bumped the version of sigstore from 0.10.0 to 0.11.0. That bump also brought in a dependency on aws-lc-rs. Several subsequent PRs fixed RPM build failures do to aws-lc-rs (bpfman#1407 and bpfman#1410). Now downstream OpenShift builds of bpfman are failing on certain arches. Attempting a workaround to the downstream failures by changing the asw-lc-rs feature flags. Ultimately, aws-lc-rs should not be a dependency, see: sigstore/sigstore-rs#436 Signed-off-by: Billy McFall <[email protected]>
|
awslabs/tough#824 I suppose |
dave-tucker
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
We're using sigstore-rs to perform verification of cosign signatures on the public good instance.
We noticed that in sigstore-rs v0.11 that compilation fails for us on s390x and ppc64le due to a dependency on
aws-lc-sys.It turns out that some changes in
tough v0.19brought inaws-lc-rs,aws-lc-sysandrustlsas dependencies, whether you want them or not.In our case, we most certainly do not want them as we're using the
native-tlsfeature pretty much everywhere and would like to avoid rustls if possible. The fix for this is likely upstream in awslabs/tough, but I wanted to first open an issue as I'm not exactly sure what the correct fix would be.Version
sigstore-rs v0.11
The text was updated successfully, but these errors were encountered: