Update to 3.4.7, use vectors from sources (#1952024)

python-cryptography now uses source bundle from Github, which contains sources of vectors, too. Tests are no longer depending on python3-cryptography-vectors. Instead tests are using the bundles vectors package. Resolves RHBZ#1952024
2021-04-21 13:39:53 +02:00 · 2021-04-21 13:39:53 +02:00 · 5fdccbab1d
commit 5fdccbab1d
parent 19b6996e72
5 changed files with 25 additions and 72 deletions
--- a/.gitignore
+++ b/.gitignore
@ -37,3 +37,4 @@
 /cryptography-3.4.5.tar.gz.asc
 /cryptography-3.4.6.tar.gz
 /cryptography-3.4.6.tar.gz.asc
 /cryptography-3.4.7.tar.gz
--- a/README.md
+++ b/README.md
@ -8,57 +8,7 @@ The example assumes
 * Fedora Rawhide (f34)
 * PyCA cryptography release ``3.4``
-* Update Bugzilla issues are ``RHBZ#00000001`` and ``RHBZ#00000002``
+* Update Bugzilla issue is ``RHBZ#00000001``
 * Build side tag is ``f34-build-side-12345``
 ### Request a side tag for building
 python-cryptography builds depend on python-cryptography-vectors
 package. Both packages must be build in a side tag.
 ```shell
 fedpkg request-side-tag --base-tag f34-build
 ```
 ### Build new python-cryptography-vectors first
 ```shell
 pushd ../python-cryptography-vectors
 ```
 Switch and update branch
 ```shell
 fedpkg switch-branch rawhide
 fedpkg pull
 ```
 Bump version and get sources
 ```shell
 rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography-vectors.spec
 spectool -gf python-cryptography-vectors.spec
 ```
 Upload sources
 ```shell
 fedpkg new-sources cryptography_vectors-3.4.tar.gz
 ```
 Commit changes
 ```shell
 fedpkg commit --clog
 fedpkg push
 ```
 Build and wait for repo to regenerate
 ```shell
 fedpkg build --target=f34-build-side-12345
 koji wait-repo --build python-cryptography-vectors-3.4-1 f34-build-side-12345
 ```
 ### Build new python-cryptography
@ -72,14 +22,14 @@ fedpkg pull
 Bump version and get sources
 ```shell
-rpmdev-bumpspec -c "Update to 3.4 (#00000002)" -n 3.4 python-cryptography.spec
+rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
 spectool -gf python-cryptography.spec
 ```
-Upload new sources (**two files!**)
+Upload new source
 ```shell
-fedpkg new-sources cryptography-3.4.tar.gz cryptography-3.4.tar.gz.asc
+fedpkg new-sources cryptography-3.4.tar.gz
 ```
 Commit changes
@ -92,7 +42,7 @@ fedpkg push
 Build
 ```shell
-fedpkg build --target=f34-build-side-12345
+fedpkg build
 ```
 ## RHEL/CentOS builds
--- a/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
+++ b/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -6,23 +6,17 @@
 %global pyo3_version 0.13.1
 Name:           python-%{srcname}
-Version:        3.4.6
+Version:        3.4.7
 Release:        1%{?dist}
 Summary:        PyCA's cryptography library
 License:        ASL 2.0 or BSD
 URL:            https://cryptography.io/en/latest/
-Source0:        %{pypi_source}
+Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
 Source1:        %{pypi_source}.asc
 # key ids of upstream authors are published in the AUTHORS file:
 #    https://github.com/pyca/cryptography/blob/master/AUTHORS.rst
 # gpg2 --recv-keys "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98"
 # gpg2 --export --export-options export-minimal "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" > gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
 Source2:        gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
 %if 0%{?rhel}
                # created by ./vendor_rust.py helper script
-Source3:        cryptography-%{version}-vendor.tar.bz2
+Source1:        cryptography-%{version}-vendor.tar.bz2
-Source4:        conftest-skipper.py
+Source2:        conftest-skipper.py
 %endif
 ExclusiveArch:  %{rust_arches}
@ -43,7 +37,6 @@ BuildRequires:  python%{python3_pkgversion}-setuptools-rust >= 0.11.3
 BuildRequires:  python%{python3_pkgversion}-six >= 1.4.1
 %if %{with tests}
 BuildRequires:  python%{python3_pkgversion}-cryptography-vectors = %{version}
 %if 0%{?fedora}
 BuildRequires:  python%{python3_pkgversion}-hypothesis >= 1.11.4
 BuildRequires:  python%{python3_pkgversion}-iso8601
@ -66,13 +59,16 @@ Summary:        PyCA's cryptography library
 Requires:       openssl-libs
 Requires:       python%{python3_pkgversion}-six >= 1.4.1
 Requires:       python%{python3_pkgversion}-cffi >= 1.7
 %if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
 # Can be safely removed in Fedora 37
 Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7
 %endif
 %description -n python%{python3_pkgversion}-%{srcname}
 cryptography is a package designed to expose cryptographic primitives and
 recipes to Python developers.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1 -n %{srcname}-%{version}
 %generate_buildrequires
@ -86,7 +82,7 @@ rm -f Cargo.lock
 cd ../..
 %else
 # RHEL: use vendored Rust crates
-%cargo_prep -V 3
+%cargo_prep -V 1
 %endif
 %build
@ -104,12 +100,14 @@ find . -name .keep -print -delete
 # skip hypothesis tests on RHEL
 rm -rf tests/hypothesis
 # append skipper to skip iso8601 and pretend tests
-cat < %{SOURCE4} >> tests/conftest.py
+cat < %{SOURCE2} >> tests/conftest.py
 %endif
 # see https://github.com/pyca/cryptography/issues/4885 and
 # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
-PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
+PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
    %{__python3} -m pytest \
    -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
 %endif
 %files -n python%{python3_pkgversion}-%{srcname}
@ -119,6 +117,11 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
 %changelog
 * Wed Apr 21 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-1
 - Update to 3.4.7
 - Remove dependency on python-cryptography-vectors package and use vectors
  directly from Github source tar ball. (#1952024)
 * Wed Mar 03 2021 Christian Heimes <cheimes@redhat.com> - 3.4.6-1
 - Update to 3.4.6 (#1927044)
--- a/3
+++ b/3
@ -1,2 +1 @@
-SHA512 (cryptography-3.4.6.tar.gz) = 30b712adc5cc114faeb7bfef0b9de88c6daefa5a8b99e53bd6d37b8ed560bd1d396cbb202902c307b90f40d695bde151164436bf233fb726dc836c8b70126653
+SHA512 (cryptography-3.4.7.tar.gz) = e76d0949fbaca06d2f72805bdce8ea85056ae45b978f51d70d1367bbfb1067e9db76a9f080f890e95ec52c788a3d2fd3ba0a286901f97ee2911ebd7a7a8f71a9
 SHA512 (cryptography-3.4.6.tar.gz.asc) = 91e8c5f5e9e0d440d0882f0bf2f5f039b299c88f03f52d4060f0ee2a18d46ca6503d77444196db91b8d29c7b302b238461795d252777f9bc2953c52789df9fad
`@ -1,2 +1 @@`
	`SHA512 (cryptography-3.4.6.tar.gz) = 30b712adc5cc114faeb7bfef0b9de88c6daefa5a8b99e53bd6d37b8ed560bd1d396cbb202902c307b90f40d695bde151164436bf233fb726dc836c8b70126653`	`SHA512 (cryptography-3.4.7.tar.gz) = e76d0949fbaca06d2f72805bdce8ea85056ae45b978f51d70d1367bbfb1067e9db76a9f080f890e95ec52c788a3d2fd3ba0a286901f97ee2911ebd7a7a8f71a9`
	`SHA512 (cryptography-3.4.6.tar.gz.asc) = 91e8c5f5e9e0d440d0882f0bf2f5f039b299c88f03f52d4060f0ee2a18d46ca6503d77444196db91b8d29c7b302b238461795d252777f9bc2953c52789df9fad`