Promote libtomcrypt to SPECS

[Sumynwa]

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

• The toolchain has been rebuilt successfully (or no changes were made to it)
• The toolchain/worker package manifests are up-to-date
• Any updated packages successfully build (or no packages were changed)
• Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
• Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
• All package sources are available
• cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/tools/cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
• LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
• All source files have up-to-date hashes in the *.signatures.json files
• sudo make go-tidy-all and sudo make go-test-coverage pass
• Documentation has been updated to match any changes to the build system
• Ready to merge

---

Summary

Promote libtomcrypt to meet build dependency for package python-pycryptodomex.

Change Log

• move from SPECS-EXTENDED to SPECS
• add as build dependency for pycryptodomex.
• lint spec

Does this affect the toolchain?

NO

Associated issues

• #xxxx

Links to CVEs

• https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXX

Test Methodology

• Pipeline build id: 213527

[oliviacrain]

Please bump the release number of this package. We do this to ensure users with both the base and extended repos installed will pull the base repo version of the package.

That'll also allow me to actually comment on the file itself, too.

[PawelWMS]

Similar comments as for #3374:

Specs from SPECS-EXTENDED rarely can be simply moved into SPECS without additional work as they have a lower bar in terms of test, spec structure, linting, etc.

Please make sure to now:

• Lint the spec.
• Make sure the ptests (inside the %check section) run successfully.
• Remove all references to other distros (if any). In most cases we tend to keep the parts of the spec, which were enabled for Fedora and remove the other ones.
• Remove the GPG keyring and signatures - we rely on the signatures.json files.
• Make sure all automated PR checks pass (hard to miss, you probably won't be able to merge before the required ones are resolved).

[Sumynwa]

Bumped release version.
Spec linted.
All above parameters checked.

[PawelWMS]

Bumped release version. Spec linted. All above parameters checked.

Thank you for doing that! I think we still need to lint the spec a bit more because I see that the Summary tag is not the first one anymore, which is standard after running the linter. I should have mentioned more details about linting the spec. Here's more details about how to configure the one we're using (just 3 short steps). That's also what the "Spec Linting" PR check is running. The linter might change a few things in the wrong way (that's why the PR check is not required btw.) but in general it's reliable and I'll help you out with anything that the linter might get wrong. We're still tweaking it a bit.

[Sumynwa]

Linted spec file using steps mentioned in https://dev.azure.com/mariner-org/mariner/_wiki/wikis/mariner.wiki/125/Introduction-to-SPEC-Files?anchor=spec-linter

Changes verified via Buddy Build: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=239707&view=results

[PawelWMS]

I noticed this just now - it looks like there's a BuildRequires: libtommath-devel, which is an extended package. I'd double-check that this one builds in the presence of ONLY core packages. If not, you will need to move the dependencies from extended specs as well.

Short explanation:

Core packages cannot have any external dependencies and so must build by only depending on each other. Extended packages are allowed to use core and extended, so each extended -> core migration must take into account the extended-only dependencies.