breaking API changes in v1.2.0 #93
Comments
|
Other than sevctl, this is also breaking libkrun. If possible, please re-release sev v1.2.0 as v2.0.0 (and, ideally, yank v1.2.0 from crates.io). That would allow us in Fedora to package both sev v2.0.0 and v1.1.0, un-breaking sevctl and libkrun. === EDIT: I noticed this because I wanted to push a security update. However, with libkrun failing to build, it cannot be rebuilt to address CVE-2023-41051. |
|
From what @tylerfanelli was telling me, I believe this has been resolved? If you have additional questions, feel free to re-open this. |
|
Not exactly "fixed" yet, but we're working around it in Fedora w/r/t libkrun and sevctl. Keeping open until the libkrun update for Fedora is complete. |
|
The only "real" way to fix the problem would be to re-release 1.2.0 as 2.0.0, but working around the API breaks in dependent projects is the next best thing, I guess. |
Some commits between v1.1.0 and v1.2.0 broke the public API of this crate. From what I can tell, these are the commits that introduced breaking changes:
All three changes are breaking API changes, so 1.2.0 should definitely have been released as 2.0.0 instead. The current version breaks SemVer API stability promises, and breaks builds of dependent projects.
For example, running
cargo install sevctlfails since v1.2.0 of the "sev" crate was published.For a good way to see the differences in public API between v1.1.0 and v1.2.0, you can look at the automatically generated docs.
For the first commit that changed import paths in the
certsmodule:For the second commit that changed things in the
firmwaremodule:For the third commit that changed argument types in a function that's part of the public API:
c.f. https://bugzilla.redhat.com/show_bug.cgi?id=2221017#c1
The text was updated successfully, but these errors were encountered: