# rust-synta-x509-verification.spec.in — Fedora RPM packaging for synta-x509-verification # # Source package: rust-synta-x509-verification # Source: crates.io release tarball (%%{crates_source}) # # Binary packages produced: # rust-synta-x509-verification-devel Rust crate sources in the system Cargo registry # rust-synta-x509-verification-doc README and NOTICE documentation # # Vendor tarball preparation (requires network, run once per release): # curl -LO https://static.crates.io/crates/synta-x509-verification/synta-x509-verification-%{version}.crate # tar xf synta-x509-verification-%%{version}.crate # cd synta-x509-verification-%%{version} # cargo generate-lockfile # cargo vendor vendor > vendor-config.toml # tar czf rust-synta-x509-verification-%%{version}-vendor.tar.gz vendor/ vendor-config.toml Cargo.lock # # Build ordering: requires rust-synta-devel and rust-synta-certificate-devel. # The optional openssl feature delegates to synta-certificate/openssl and # requires openssl-devel in the consumer's build root. # # The limbo integration test (tests/limbo.rs) downloads limbo.json at runtime; # it is excluded from the %%check step (offline RPM build environment). %global debug_package %{nil} %global crate synta-x509-verification %global snapdate 202604102108 %global snapcommit 57fa3bd Name: rust-%{crate} Version: 0.1.4 Release: 1.%{snapdate}.git%{snapcommit}%{?dist} Summary: RFC 5280 X.509 certificate path validation using synta-certificate License: MIT OR Apache-2.0 URL: https://crates.io/crates/%{crate} Source0: %{crates_source} Source1: %{name}-%{version}-vendor.tar.gz # License files are not included in the crates.io tarball; ship them separately. Source2: LICENSE-MIT Source3: LICENSE-APACHE BuildRequires: cargo-rpm-macros >= 25 # openssl-devel provides the C library headers required by the openssl feature # (OpensslSignatureVerifier). The openssl Rust crate is vendored in Source1. BuildRequires: openssl-devel %description synta-x509-verification implements RFC 5280 §6 and CA/Browser Forum Baseline Requirements certificate chain verification on top of the synta ASN.1 library. The library is crypto-agnostic: all signature verification is delegated to a caller-supplied SignatureVerifier implementation from synta-certificate. An OpenSSL-backed implementation (OpensslSignatureVerifier) is available via the optional openssl feature. Features include RFC 5280 path validation, CABF algorithm allowlists, post- quantum algorithm support (ML-DSA-44/65/87, ML-KEM-512/768/1024), configurable extension policies, name constraint enforcement (DNS, IP, RFC 822, directory name), and a configurable trust store. Portions of this crate are derived from the PyCA cryptography project (Apache-2.0 OR BSD-2-Clause), used here under Apache-2.0. See NOTICE. # ────────────────────────────────────────────────────────────────────────────── # rust-synta-x509-verification-devel — Rust crate sources # ────────────────────────────────────────────────────────────────────────────── %package -n rust-%{crate}-devel Summary: Rust crate sources for synta-x509-verification (X.509 path validation) BuildArch: noarch Provides: crate(synta-x509-verification) = %{version} Provides: crate(synta-x509-verification/default) = %{version} Provides: crate(synta-x509-verification/openssl) = %{version} # synta workspace crates are vendored; no separate Requires needed. %description -n rust-%{crate}-devel Rust crate sources for synta-x509-verification, installed into the system Cargo registry so that other Rust packages can use it as a build-time dependency. Provides RFC 5280 §6 + CABF Baseline Requirements certificate chain validation built on top of the synta ASN.1 library. Crypto-agnostic: callers supply a SignatureVerifier implementation; the optional openssl feature enables the built-in OpensslSignatureVerifier from synta-certificate. # ────────────────────────────────────────────────────────────────────────────── # rust-synta-x509-verification-doc — documentation # ────────────────────────────────────────────────────────────────────────────── %package -n rust-%{crate}-doc Summary: Documentation for the synta-x509-verification Rust crate BuildArch: noarch %description -n rust-%{crate}-doc README and third-party attribution (NOTICE) for the synta-x509-verification RFC 5280 / CABF X.509 certificate path validation Rust crate. # ══════════════════════════════════════════════════════════════════════════════ # PREP # ══════════════════════════════════════════════════════════════════════════════ %prep %autosetup -n %{crate}-%{version} tar xf %{SOURCE1} %cargo_prep -v vendor cp %{SOURCE2} LICENSE-MIT cp %{SOURCE3} LICENSE-APACHE # synta-certificate's build.rs (via find_asn1_dir in synta-codegen) needs ASN.1 # schemas in vendor/synta-certificate/asn1/. The vendor tarball already has # them; this is a safety net in case the tarball is regenerated without them. mkdir -p vendor/synta-certificate/asn1 cp vendor/synta/asn1/*.asn1 vendor/synta-certificate/asn1/ # ══════════════════════════════════════════════════════════════════════════════ # GENERATE BUILD REQUIREMENTS # ══════════════════════════════════════════════════════════════════════════════ %generate_buildrequires %cargo_generate_buildrequires # ══════════════════════════════════════════════════════════════════════════════ # BUILD # ══════════════════════════════════════════════════════════════════════════════ %build %cargo_build # ══════════════════════════════════════════════════════════════════════════════ # INSTALL # ══════════════════════════════════════════════════════════════════════════════ %install %cargo_install # ══════════════════════════════════════════════════════════════════════════════ # CHECK # ══════════════════════════════════════════════════════════════════════════════ %check # The limbo integration test (tests/limbo.rs) fetches limbo.json from the # network at runtime; skip it in the offline RPM build environment by running # only library unit tests. %cargo_test -- --lib # ══════════════════════════════════════════════════════════════════════════════ # FILES # ══════════════════════════════════════════════════════════════════════════════ # ── rust-synta-x509-verification (meta, license carrier) ────────────────────── %files %license LICENSE-MIT LICENSE-APACHE # ── rust-synta-x509-verification-devel ──────────────────────────────────────── %files -n rust-%{crate}-devel %license LICENSE-MIT LICENSE-APACHE %{cargo_registry}/%{crate}-%{version}/ # ── rust-synta-x509-verification-doc ────────────────────────────────────────── %files -n rust-%{crate}-doc %license LICENSE-MIT LICENSE-APACHE %doc README.md %doc NOTICE # ══════════════════════════════════════════════════════════════════════════════ # CHANGELOG # ══════════════════════════════════════════════════════════════════════════════ %changelog * Fri Apr 10 2026 Synta Contributors - 0.1.4-1 - Version bump to match workspace 0.1.4 release * Sun Apr 05 2026 Synta Contributors - 0.1.3-1 - Version bump to match workspace * Wed Apr 01 2026 Synta Contributors - 0.1.0-1 - Initial package