From 5fdccbab1d77ad7362acbb66c4694e4d86e30f6c Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Wed, 21 Apr 2021 13:39:53 +0200
Subject: [PATCH] Update to 3.4.7, use vectors from sources (#1952024)

python-cryptography now uses source bundle from Github, which contains
sources of vectors, too. Tests are no longer depending on
python3-cryptography-vectors. Instead tests are using the bundles
vectors package.

Resolves RHBZ#1952024
---
 .gitignore                                    |   1 +
 README.md                                     |  60 ++----------------
 ...CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg | Bin 1188 -> 0 bytes
 python-cryptography.spec                      |  33 +++++-----
 sources                                       |   3 +-
 5 files changed, 25 insertions(+), 72 deletions(-)
 delete mode 100644 gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg

diff --git a/.gitignore b/.gitignore
index bd7832a..cf9ac7e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,3 +37,4 @@
 /cryptography-3.4.5.tar.gz.asc
 /cryptography-3.4.6.tar.gz
 /cryptography-3.4.6.tar.gz.asc
+/cryptography-3.4.7.tar.gz
diff --git a/README.md b/README.md
index ee71b2b..33554c0 100644
--- a/README.md
+++ b/README.md
@@ -8,57 +8,7 @@ The example assumes
 
 * Fedora Rawhide (f34)
 * PyCA cryptography release ``3.4``
-* Update Bugzilla issues are ``RHBZ#00000001`` and ``RHBZ#00000002``
-* Build side tag is ``f34-build-side-12345``
-
-### Request a side tag for building
-
-python-cryptography builds depend on python-cryptography-vectors
-package. Both packages must be build in a side tag.
-
-```shell
-fedpkg request-side-tag --base-tag f34-build
-```
-
-### Build new python-cryptography-vectors first
-
-```shell
-pushd ../python-cryptography-vectors
-```
-
-Switch and update branch
-
-```shell
-fedpkg switch-branch rawhide
-fedpkg pull
-```
-
-Bump version and get sources
-
-```shell
-rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography-vectors.spec
-spectool -gf python-cryptography-vectors.spec
-```
-
-Upload sources
-
-```shell
-fedpkg new-sources cryptography_vectors-3.4.tar.gz
-```
-
-Commit changes
-
-```shell
-fedpkg commit --clog
-fedpkg push
-```
-
-Build and wait for repo to regenerate
-
-```shell
-fedpkg build --target=f34-build-side-12345
-koji wait-repo --build python-cryptography-vectors-3.4-1 f34-build-side-12345
-```
+* Update Bugzilla issue is ``RHBZ#00000001``
 
 ### Build new python-cryptography
 
@@ -72,14 +22,14 @@ fedpkg pull
 Bump version and get sources
 
 ```shell
-rpmdev-bumpspec -c "Update to 3.4 (#00000002)" -n 3.4 python-cryptography.spec
+rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
 spectool -gf python-cryptography.spec
 ```
 
-Upload new sources (**two files!**)
+Upload new source
 
 ```shell
-fedpkg new-sources cryptography-3.4.tar.gz cryptography-3.4.tar.gz.asc
+fedpkg new-sources cryptography-3.4.tar.gz
 ```
 
 Commit changes
@@ -92,7 +42,7 @@ fedpkg push
 Build
 
 ```shell
-fedpkg build --target=f34-build-side-12345
+fedpkg build
 ```
 
 ## RHEL/CentOS builds
diff --git a/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg b/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
deleted file mode 100644
index dcae2d294ee960fa1eef388915659a59fa32b11d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1188
zcmV;V1Y7%=0SyFFBCR_C2mru&73El&3H2t5nI68Q9hzL>cT6mwg4zkC{+7HPTeg8I
z5C7)pzdb1LWju5%BxHBsP5O}OCXjdQEW2i$Lc+)O4ZOLxR^_+WviC;x)2|n`7borH
zlrmsn)=F-Ho<DNC$JHfBQW@=bO7nvcy*b^sHEk(gF@8wu(Vii4ZHgZo=I?IRV{g*D
zS*T*lX@v8FYfW<^hAY_1D%lah_^+loD~;ih_~GCFYz1TC#5n~p_$c_~TLPn~?~m#D
zui2Qp<t^(l&c{a<f3A>)o7%uUf!Q>Yx>9Vp)dWmAs3e|O^!kSv_QwU>+~kgjV=sbx
zG_MY5!uxRNARqsoa}NL!0RRECB~W2?Y#>WzXmVw8AUtqkb!;wdE^B3Ia%FNrXKi6=
zY%XJOZ9a(sI0O>`0stZf0#YKaI|3U61`7!Y2Ll2I6$k<e3JU}l0s{d89svRufB*^!
z5F=XU@hSQ3n4HZA{x2I-co6<m29_^-KI@`NZeFu+FcarO{^r^M9|v*Syik60xZ*k`
z$%|o!BZ67Q5d?$IvY_jaLvr}>?hwshfU)IXoeRR;O;Hl&0joy8{$+b?307y>Hw#e2
zJ#MXXZ+O6C6Q)@WYf}5PDzBN=KS&W0skd_(ad2fj5zp%~A!(<pEVO6m<f901fMo_O
zDj#3z^C(94=4iZ%tgvVPe}8((^>0Y%SW02Q;Supcd40($4vJ{JY9kGNjS!)Rk#yu*
z(&X#V9BFp}Bi`3arWBhy=N-TgidssU_h-GqkF788Nsq<hKJ{tjKGg~Y^KhSP^Grie
zVB)b8O1<7zTDbuY1X3ccI{^p))K*_CCj1^ccP*)CZ{2rLDZ$nEvLYXxB9{`v!PX?e
z=keABo_>UMSeT8tM<8SNRbflj3C@z46XJ_GltsY7hNpD#p3*0NR;IX(;tNxIUZAsp
zvjrv5&pWLPa@OxSbk4_AoNwSVa%`p-QSMMy<JLJ?QcMv%=#RW{){%rIedP}@@o4<c
zz<ZH#C=L%{@=-!ww!*+sG)`pfj1HR1a#2acWpXj3AFww1aYB$USw8_IATPFB<g8A2
zez)>>LX<fjB1m&wS;Y&`zL&nnj$ytc+eXjrfjM4<bIb!<T{gABTXWkZXd}P;1h)1x
z!Wwfa6vn)mw(f-W$*00e01*KI0f_-01Q-DV00{*GQX;K80vikf3JDM+TIKO6`R$m`
z@(2HQfBk!qz9IoFIa&iX#`q@5f_D_?58fQA50xuoNhY9L1^T|5d>K~o2aan76TNt+
zDck+9&Z^K!qC4oS0_0JBrP){@>SfU>%js_t{o{pPu7AV6cf~{?y9$Y|9Gf}%7gY>)
zoy7Gp;9k9dgut!<8{2(s#E}#$7<V>tV%J|8DBf(OWWwZ^Lk}7`vl1UWL{52xxj7!X
z7ih~}%ROYB{F_#F;5kf8x~D$-2>AEWPu4N-OhF`_8Y#xZ9_QbJcFF|>A91rmEwi$;
z*Hici!kJ_R)x!~a=Tr;EdY;ia^|!vO#PUj~E7UXPt!hCPJ@@WHq@+{FNG1$0Ubbi@
CEhzZ_

diff --git a/python-cryptography.spec b/python-cryptography.spec
index f157ee4..f107e9b 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -6,23 +6,17 @@
 %global pyo3_version 0.13.1
 
 Name:           python-%{srcname}
-Version:        3.4.6
+Version:        3.4.7
 Release:        1%{?dist}
 Summary:        PyCA's cryptography library
 
 License:        ASL 2.0 or BSD
 URL:            https://cryptography.io/en/latest/
-Source0:        %{pypi_source}
-Source1:        %{pypi_source}.asc
-# key ids of upstream authors are published in the AUTHORS file:
-#    https://github.com/pyca/cryptography/blob/master/AUTHORS.rst
-# gpg2 --recv-keys "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98"
-# gpg2 --export --export-options export-minimal "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" > gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
-Source2:        gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
+Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
 %if 0%{?rhel}
                 # created by ./vendor_rust.py helper script
-Source3:        cryptography-%{version}-vendor.tar.bz2
-Source4:        conftest-skipper.py
+Source1:        cryptography-%{version}-vendor.tar.bz2
+Source2:        conftest-skipper.py
 %endif
 
 ExclusiveArch:  %{rust_arches}
@@ -43,7 +37,6 @@ BuildRequires:  python%{python3_pkgversion}-setuptools-rust >= 0.11.3
 BuildRequires:  python%{python3_pkgversion}-six >= 1.4.1
 
 %if %{with tests}
-BuildRequires:  python%{python3_pkgversion}-cryptography-vectors = %{version}
 %if 0%{?fedora}
 BuildRequires:  python%{python3_pkgversion}-hypothesis >= 1.11.4
 BuildRequires:  python%{python3_pkgversion}-iso8601
@@ -66,13 +59,16 @@ Summary:        PyCA's cryptography library
 Requires:       openssl-libs
 Requires:       python%{python3_pkgversion}-six >= 1.4.1
 Requires:       python%{python3_pkgversion}-cffi >= 1.7
+%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
+# Can be safely removed in Fedora 37
+Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7
+%endif
 
 %description -n python%{python3_pkgversion}-%{srcname}
 cryptography is a package designed to expose cryptographic primitives and
 recipes to Python developers.
 
 %prep
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1 -n %{srcname}-%{version}
 
 %generate_buildrequires
@@ -86,7 +82,7 @@ rm -f Cargo.lock
 cd ../..
 %else
 # RHEL: use vendored Rust crates
-%cargo_prep -V 3
+%cargo_prep -V 1
 %endif
 
 %build
@@ -104,12 +100,14 @@ find . -name .keep -print -delete
 # skip hypothesis tests on RHEL
 rm -rf tests/hypothesis
 # append skipper to skip iso8601 and pretend tests
-cat < %{SOURCE4} >> tests/conftest.py
+cat < %{SOURCE2} >> tests/conftest.py
 %endif
 
 # see https://github.com/pyca/cryptography/issues/4885 and
 # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
-PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
+PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
+    %{__python3} -m pytest \
+    -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
 %endif
 
 %files -n python%{python3_pkgversion}-%{srcname}
@@ -119,6 +117,11 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
 
 %changelog
+* Wed Apr 21 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-1
+- Update to 3.4.7
+- Remove dependency on python-cryptography-vectors package and use vectors
+  directly from Github source tar ball. (#1952024)
+
 * Wed Mar 03 2021 Christian Heimes <cheimes@redhat.com> - 3.4.6-1
 - Update to 3.4.6 (#1927044)
 
diff --git a/sources b/sources
index da81927..a6bf867 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-SHA512 (cryptography-3.4.6.tar.gz) = 30b712adc5cc114faeb7bfef0b9de88c6daefa5a8b99e53bd6d37b8ed560bd1d396cbb202902c307b90f40d695bde151164436bf233fb726dc836c8b70126653
-SHA512 (cryptography-3.4.6.tar.gz.asc) = 91e8c5f5e9e0d440d0882f0bf2f5f039b299c88f03f52d4060f0ee2a18d46ca6503d77444196db91b8d29c7b302b238461795d252777f9bc2953c52789df9fad
+SHA512 (cryptography-3.4.7.tar.gz) = e76d0949fbaca06d2f72805bdce8ea85056ae45b978f51d70d1367bbfb1067e9db76a9f080f890e95ec52c788a3d2fd3ba0a286901f97ee2911ebd7a7a8f71a9