python-cryptography/python-cryptography.spec

%bcond_without tests

%{!?python3_pkgversion:%global python3_pkgversion 3}

%global srcname cryptography

Name:           python-%{srcname}
Version:        43.0.0
Release:        %autorelease
Summary:        PyCA's cryptography library

# cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause,
# as well as the Python Software Foundation license for the OS random
# engine derived by CPython.
License:        (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
URL:            https://cryptography.io/en/latest/
Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
                # created by ./vendor_rust.py helper script
Source1:        cryptography-%{version}-vendor.tar.bz2
Source2:        conftest-skipper.py

Patch:          11328.patch
Patch:          11536.patch

ExclusiveArch:  %{rust_arches}

BuildRequires:  openssl-devel
BuildRequires:  gcc
BuildRequires:  gnupg2
%if 0%{?fedora}
BuildRequires:  rust-packaging
%else
BuildRequires:  rust-toolset
%endif

BuildRequires:  python%{python3_pkgversion}-cffi >= 1.12
BuildRequires:  python%{python3_pkgversion}-devel
BuildRequires:  python%{python3_pkgversion}-setuptools
BuildRequires:  python%{python3_pkgversion}-setuptools-rust >= 0.11.4

%if %{with tests}
%if 0%{?fedora}
BuildRequires:  python%{python3_pkgversion}-certifi
BuildRequires:  python%{python3_pkgversion}-hypothesis >= 1.11.4
BuildRequires:  python%{python3_pkgversion}-iso8601
BuildRequires:  python%{python3_pkgversion}-pretend
BuildRequires:  python%{python3_pkgversion}-pytest-benchmark
BuildRequires:  python%{python3_pkgversion}-pytest-xdist
BuildRequires:  python%{python3_pkgversion}-pytz
%endif
BuildRequires:  python%{python3_pkgversion}-pytest >= 6.2.0
%endif

%description
cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.

%package -n  python%{python3_pkgversion}-%{srcname}
Summary:        PyCA's cryptography library
%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}}

Requires:       openssl-libs
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
# Can be safely removed in Fedora 37
Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7
%endif

%description -n python%{python3_pkgversion}-%{srcname}
cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.

%prep
%autosetup -p1 -n %{srcname}-%{version}
%if 0%{?fedora}
%cargo_prep
sed -i 's/locked = true//g' pyproject.toml
rm src/rust/Cargo.lock
%else
# RHEL: use vendored Rust crates
%cargo_prep -V 1
%endif

%if ! 0%{?fedora}
sed -i 's,--benchmark-disable,,' pyproject.toml
%endif


%generate_buildrequires
%pyproject_buildrequires
%if 0%{?fedora}
# Fedora: use RPMified crates
cd src/rust
%cargo_generate_buildrequires
cd ../..
%endif


%build
export RUSTFLAGS="%build_rustflags"
export OPENSSL_NO_VENDOR=1
export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
%pyproject_wheel


%install
# Actually other *.c and *.h are appropriate
# see https://github.com/pyca/cryptography/issues/1463
find . -name .keep -print -delete
%pyproject_install
%pyproject_save_files %{srcname}


%check
%if %{with tests}
%if 0%{?rhel}
# skip benchmark, hypothesis, and pytz tests on RHEL
rm -rf tests/bench tests/hypothesis tests/x509
# append skipper to skip iso8601 and pretend tests
cat < %{SOURCE2} >> tests/conftest.py
%endif

# enable SHA-1 signatures for RSA tests
# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343
export OPENSSL_ENABLE_SHA1_SIGNATURES=yes

# see https://github.com/pyca/cryptography/issues/4885 and
# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes
# not much sense for downstream testing.
# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure
PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
    %{__python3} -m pytest \
    --ignore vendor \
    -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
%endif


%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
%doc README.rst docs
%license LICENSE LICENSE.APACHE LICENSE.BSD


%changelog
%autochangelog
Bcond for tests which allows to disable them 2019-11-18 13:16:21 +00:00			`%bcond_without tests`

Add workaround for pytest bug 2017-08-03 14:31:52 +00:00			`%{!?python3_pkgversion:%global python3_pkgversion 3}`

New upstream release 2.0.2 2017-08-03 11:33:04 +00:00			`%global srcname cryptography`

			`Name: python-%{srcname}`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`Version: 43.0.0`
			`Release: %autorelease`
Initial commit 2014-11-21 05:21:59 +00:00			`Summary: PyCA's cryptography library`

Convert the license tag to SPDX and add missing PSF license 2022-12-13 17:30:42 +00:00			`# cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause,`
			`# as well as the Python Software Foundation license for the OS random`
			`# engine derived by CPython.`
			`License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0`
Initial commit 2014-11-21 05:21:59 +00:00			`URL: https://cryptography.io/en/latest/`
Update to 3.4.7, use vectors from sources (#1952024) python-cryptography now uses source bundle from Github, which contains sources of vectors, too. Tests are no longer depending on python3-cryptography-vectors. Instead tests are using the bundles vectors package. Resolves RHBZ#1952024 2021-04-21 11:39:53 +00:00			`Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`# created by ./vendor_rust.py helper script`
Update to 3.4.7, use vectors from sources (#1952024) python-cryptography now uses source bundle from Github, which contains sources of vectors, too. Tests are no longer depending on python3-cryptography-vectors. Instead tests are using the bundles vectors package. Resolves RHBZ#1952024 2021-04-21 11:39:53 +00:00			`Source1: cryptography-%{version}-vendor.tar.bz2`
			`Source2: conftest-skipper.py`
Initial commit 2014-11-21 05:21:59 +00:00
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`Patch: 11328.patch`
allow sha1 in OAEP In FIPS mode, RSA OAEP padding is refused with an error message: "This combination of padding and hash algorithm is not supported by this backend." It picks up the patch in https://github.com/pyca/cryptography/pull/11536 to allow sha1 in OAEP. Resolves: https://issues.redhat.com/browse/RHEL-40210 Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-09-12 15:22:54 +00:00			`Patch: 11536.patch`
Update to 41.0.3 - Update to upstream version 41.0.3 - Use pyo3 0.19 Resolves: rhbz#2211237 2023-08-09 12:07:18 +00:00
This is now a Rust package, hence it only builds on %{rust_arches} No real difference for Fedora or modern RHEL, but the guidelines say so: https://docs.fedoraproject.org/en-US/packaging-guidelines/Rust/#_exclusivearch 2021-03-10 12:18:44 +00:00			`ExclusiveArch: %{rust_arches}`

Initial commit 2014-11-21 05:21:59 +00:00			`BuildRequires: openssl-devel`
Build requires gcc 2018-02-18 21:39:10 +00:00			`BuildRequires: gcc`
add source file verification 2020-05-12 08:39:43 +00:00			`BuildRequires: gnupg2`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%if 0%{?fedora}`
Update to 3.4 (#1925953) Remove Python 2 support Remove unused python-idna dependency Add Rust support 2021-02-07 19:36:07 +00:00			`BuildRequires: rust-packaging`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%else`
			`BuildRequires: rust-toolset`
			`%endif`
Fix requires 2015-03-04 18:03:20 +00:00
Update to 39.0.2 Resolves: rhbz#2124729 2023-03-09 07:19:18 +00:00			`BuildRequires: python%{python3_pkgversion}-cffi >= 1.12`
New upstream release 2.0.2 2017-08-03 11:33:04 +00:00			`BuildRequires: python%{python3_pkgversion}-devel`
			`BuildRequires: python%{python3_pkgversion}-setuptools`
Update to 39.0.2 Resolves: rhbz#2124729 2023-03-09 07:19:18 +00:00			`BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4`
Bcond for tests which allows to disable them 2019-11-18 13:16:21 +00:00
			`%if %{with tests}`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%if 0%{?fedora}`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`BuildRequires: python%{python3_pkgversion}-certifi`
New upstream release 2.0.2 2017-08-03 11:33:04 +00:00			`BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4`
Bcond for tests which allows to disable them 2019-11-18 13:16:21 +00:00			`BuildRequires: python%{python3_pkgversion}-iso8601`
			`BuildRequires: python%{python3_pkgversion}-pretend`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`BuildRequires: python%{python3_pkgversion}-pytest-benchmark`
Skip iso8601 and pretend tests on RHEL 2021-02-12 15:47:08 +00:00			`BuildRequires: python%{python3_pkgversion}-pytest-xdist`
Don't run tests requiring pytz on RHEL pytz is unwanted on RHEL 10+. 2023-03-09 11:55:39 +00:00			`BuildRequires: python%{python3_pkgversion}-pytz`
Skip iso8601 and pretend tests on RHEL 2021-02-12 15:47:08 +00:00			`%endif`
Update to 39.0.2 Resolves: rhbz#2124729 2023-03-09 07:19:18 +00:00			`BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0`
Bcond for tests which allows to disable them 2019-11-18 13:16:21 +00:00			`%endif`
Initial commit 2014-11-21 05:21:59 +00:00
			`%description`
			`cryptography is a package designed to expose cryptographic primitives and`
			`recipes to Python developers.`

New upstream release 2.0.2 2017-08-03 11:33:04 +00:00			`%package -n python%{python3_pkgversion}-%{srcname}`
Initial commit 2014-11-21 05:21:59 +00:00			`Summary: PyCA's cryptography library`
New upstream release 2.0.2 2017-08-03 11:33:04 +00:00			`%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}}`
Initial commit 2014-11-21 05:21:59 +00:00
Change Requires to openssl-libs The openssl package has been split quite a while, and this package only needs the shared library. I'm making this change because `openssl` today `Requires: make` which is unfortunate for Atomic Host. See: https://bugzilla.redhat.com/show_bug.cgi?id=783446#c4 2017-10-23 17:37:50 +00:00			`Requires: openssl-libs`
Update to 3.4.7, use vectors from sources (#1952024) python-cryptography now uses source bundle from Github, which contains sources of vectors, too. Tests are no longer depending on python3-cryptography-vectors. Instead tests are using the bundles vectors package. Resolves RHBZ#1952024 2021-04-21 11:39:53 +00:00			`%if 0%{?fedora} >= 35 \|\| 0%{?rhel} >= 9`
			`# Can be safely removed in Fedora 37`
			`Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7`
			`%endif`
Initial commit 2014-11-21 05:21:59 +00:00
New upstream release 2.0.2 2017-08-03 11:33:04 +00:00			`%description -n python%{python3_pkgversion}-%{srcname}`
Initial commit 2014-11-21 05:21:59 +00:00			`cryptography is a package designed to expose cryptographic primitives and`
			`recipes to Python developers.`

			`%prep`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`%autosetup -p1 -n %{srcname}-%{version}`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%if 0%{?fedora}`
			`%cargo_prep`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`sed -i 's/locked = true//g' pyproject.toml`
ensure correct compiler flags are used for Rust code 2023-01-26 20:53:08 +00:00			`rm src/rust/Cargo.lock`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%else`
			`# RHEL: use vendored Rust crates`
Update to 3.4.7, use vectors from sources (#1952024) python-cryptography now uses source bundle from Github, which contains sources of vectors, too. Tests are no longer depending on python3-cryptography-vectors. Instead tests are using the bundles vectors package. Resolves RHBZ#1952024 2021-04-21 11:39:53 +00:00			`%cargo_prep -V 1`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%endif`
small improvements for building the PyO3 Rust module Signed-off-by: Fabio Valentini <decathorpe@gmail.com> 2021-02-08 12:51:48 +00:00
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`%if ! 0%{?fedora}`
			`sed -i 's,--benchmark-disable,,' pyproject.toml`
			`%endif`


ensure correct compiler flags are used for Rust code 2023-01-26 20:53:08 +00:00			`%generate_buildrequires`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`%pyproject_buildrequires`
			`%if 0%{?fedora}`
ensure correct compiler flags are used for Rust code 2023-01-26 20:53:08 +00:00			`# Fedora: use RPMified crates`
			`cd src/rust`
			`%cargo_generate_buildrequires`
			`cd ../..`
			`%endif`

Update to 40.0.2 Resolves: rhbz#2181430 2023-03-28 06:45:39 +00:00
Initial commit 2014-11-21 05:21:59 +00:00			`%build`
ensure correct compiler flags are used for Rust code 2023-01-26 20:53:08 +00:00			`export RUSTFLAGS="%build_rustflags"`
Update to 40.0.2 Resolves: rhbz#2181430 2023-03-28 06:45:39 +00:00			`export OPENSSL_NO_VENDOR=1`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "`
			`%pyproject_wheel`

Initial commit 2014-11-21 05:21:59 +00:00
			`%install`
			`# Actually other .c and .h are appropriate`
			`# see https://github.com/pyca/cryptography/issues/1463`
			`find . -name .keep -print -delete`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`%pyproject_install`
			`%pyproject_save_files %{srcname}`

Initial commit 2014-11-21 05:21:59 +00:00
			`%check`
Bcond for tests which allows to disable them 2019-11-18 13:16:21 +00:00			`%if %{with tests}`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%if 0%{?rhel}`
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`# skip benchmark, hypothesis, and pytz tests on RHEL`
			`rm -rf tests/bench tests/hypothesis tests/x509`
Skip iso8601 and pretend tests on RHEL 2021-02-12 15:47:08 +00:00			`# append skipper to skip iso8601 and pretend tests`
Update to 3.4.7, use vectors from sources (#1952024) python-cryptography now uses source bundle from Github, which contains sources of vectors, too. Tests are no longer depending on python3-cryptography-vectors. Instead tests are using the bundles vectors package. Resolves RHBZ#1952024 2021-04-21 11:39:53 +00:00			`cat < %{SOURCE2} >> tests/conftest.py`
Provide RHEL build infrastructure 2021-02-12 09:53:26 +00:00			`%endif`

Enable SHA1 signatures in test suite (ELN-only) 2022-12-09 11:09:43 +00:00			`# enable SHA-1 signatures for RSA tests`
			`# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343`
			`export OPENSSL_ENABLE_SHA1_SIGNATURES=yes`

Skip unit tests that fail with OpenSSL 1.1.1.d Fix and simplify Python 3 packaging Resolves: rhbz#1761194 2019-10-13 12:26:19 +00:00			`# see https://github.com/pyca/cryptography/issues/4885 and`
			`# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests`
Skip unstable memleak tests, resolves: RHBZ#2042413 2022-01-27 13:43:41 +00:00			`# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes`
			`# not much sense for downstream testing.`
Fix CVE-2023-23931 and FTBFS Don't allow update_into to mutate immutable objects, resolves rhbz#2171820 Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661 2023-02-22 08:57:34 +00:00			`# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure`
Update to 3.4.7, use vectors from sources (#1952024) python-cryptography now uses source bundle from Github, which contains sources of vectors, too. Tests are no longer depending on python3-cryptography-vectors. Instead tests are using the bundles vectors package. Resolves RHBZ#1952024 2021-04-21 11:39:53 +00:00			`PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \`
			`%{__python3} -m pytest \`
Don't try to run tests of vendored dependencies in %check 2023-03-09 12:28:58 +00:00			`--ignore vendor \`
Fix CVE-2023-23931 and FTBFS Don't allow update_into to mutate immutable objects, resolves rhbz#2171820 Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661 2023-02-22 08:57:34 +00:00			`-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"`
Initial commit 2014-11-21 05:21:59 +00:00			`%endif`

Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00
			`%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}`
New upstream release 2.0.2 2017-08-03 11:33:04 +00:00			`%doc README.rst docs`
			`%license LICENSE LICENSE.APACHE LICENSE.BSD`
Don't conditionalize Source: directives This makes the specfile compatible with Fedora ELN, RHEL and similar Fedora derivatives. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> 2021-06-10 18:27:29 +00:00
Rebuilt for Python 3.10 2021-06-02 23:05:02 +00:00
Update to 43.0.0 - Resolves: rhbz#2279072 python-cryptography-43.0.0 is available - Resolves: RHEL-33747 Please stop using OpenSSL ENGINE API in python-cryptography - RHELMISC-6447 Remove package python-pytest-benchmark from RHEL10-Beta This builds the package with OPENSSL_NO_ENGINE=1. This drops the skip-overflow-tests-32bit.patch as its included in v43.0.0. It picks up the patch in https://github.com/pyca/cryptography/pull/11328 to allow building with OPENSSL_NO_ENGINE=1. Signed-off-by: Francisco Trivino <ftrivino@redhat.com> 2024-08-21 15:49:56 +00:00			`%changelog`
			`%autochangelog`