Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/python-cryptography.git#6046d8e211da77b471dd3fed0add14f5fa1ccda9
2021-03-11 20:13:36 +00:00 · 2021-03-11 20:13:36 +00:00 · dd726f3b17
commit dd726f3b17
parent 8e67653b20
6 changed files with 186 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -31,3 +31,9 @@
 /cryptography-3.4.1.tar.gz.asc
 /cryptography-3.4.2.tar.gz
 /cryptography-3.4.2.tar.gz.asc
+/cryptography-3.4.4.tar.gz
+/cryptography-3.4.4.tar.gz.asc
+/cryptography-3.4.5.tar.gz
+/cryptography-3.4.5.tar.gz.asc
+/cryptography-3.4.6.tar.gz
+/cryptography-3.4.6.tar.gz.asc
--- a/README.md
+++ b/README.md
@ -49,7 +49,6 @@ fedpkg new-sources cryptography_vectors-3.4.tar.gz
 Commit changes

 ```shell
-git add sources .gitignore python-cryptography-vectors.spec
 fedpkg commit --clog
 fedpkg push
 ```
@ -86,7 +85,6 @@ fedpkg new-sources cryptography-3.4.tar.gz cryptography-3.4.tar.gz.asc
 Commit changes

 ```shell
-git add sources .gitignore python-cryptography.spec
 fedpkg commit --clog
 fedpkg push
 ```
--- a/conftest-skipper.py
+++ b/conftest-skipper.py
@ -0,0 +1,22 @@
+
+class Skipper:
+    """Skip iso8601 and pretend tests
+
+    RHEL buildroot doesn't have python-iso8601 and python-pretend. Skip
+    all tests that use the excluded modules.
+    """
+
+    def parse_date(self, datestring):
+        pytest.skip(f"iso8601 module is not available.")
+
+    def stub(self, **kwargs):
+        pytest.skip(f"pretend module is not available.")
+
+    def raiser(self, exc):
+        pytest.skip(f"pretend module is not available.")
+
+
+import sys
+
+sys.modules["iso8601"] = sys.modules["pretend"] = Skipper()
+
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -6,7 +6,7 @@
 %global pyo3_version 0.13.1

 Name:           python-%{srcname}
-Version:        3.4.2
+Version:        3.4.6
 Release:        1%{?dist}
 Summary:        PyCA's cryptography library

@ -19,11 +19,20 @@ Source1:        %{pypi_source}.asc
 # gpg2 --recv-keys "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98"
 # gpg2 --export --export-options export-minimal "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" > gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
 Source2:        gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
+%if 0%{?rhel}
+                # created by ./vendor_rust.py helper script
+Source3:        cryptography-%{version}-vendor.tar.bz2
+Source4:        conftest-skipper.py
+%endif

 BuildRequires:  openssl-devel
 BuildRequires:  gcc
 BuildRequires:  gnupg2
+%if 0%{?fedora}
 BuildRequires:  rust-packaging
+%else
+BuildRequires:  rust-toolset
+%endif

 BuildRequires:  python%{python3_pkgversion}-cffi >= 1.7
 BuildRequires:  python%{python3_pkgversion}-devel
@ -33,12 +42,14 @@ BuildRequires:  python%{python3_pkgversion}-six >= 1.4.1

 %if %{with tests}
 BuildRequires:  python%{python3_pkgversion}-cryptography-vectors = %{version}
+%if 0%{?fedora}
 BuildRequires:  python%{python3_pkgversion}-hypothesis >= 1.11.4
 BuildRequires:  python%{python3_pkgversion}-iso8601
 BuildRequires:  python%{python3_pkgversion}-pretend
+BuildRequires:  python%{python3_pkgversion}-pytest-xdist
+%endif
 BuildRequires:  python%{python3_pkgversion}-pytest >= 6.0
 BuildRequires:  python%{python3_pkgversion}-pytest-subtests >= 0.3.2
-BuildRequires:  python%{python3_pkgversion}-pytest-xdist
 BuildRequires:  python%{python3_pkgversion}-pytz
 %endif

@ -61,13 +72,20 @@ recipes to Python developers.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1 -n %{srcname}-%{version}
-%cargo_prep
-rm -f src/rust/Cargo.lock

 %generate_buildrequires
+
+%if 0%{?fedora}
+# Fedora: use cargo macros to make use of RPMified crates
+%cargo_prep
 cd src/rust
+rm -f Cargo.lock
 %cargo_generate_buildrequires
 cd ../..
+%else
+# RHEL: use vendored Rust crates
+%cargo_prep -V 3
+%endif

 %build
 %py3_build
@ -80,6 +98,13 @@ find . -name .keep -print -delete

 %check
 %if %{with tests}
+%if 0%{?rhel}
+# skip hypothesis tests on RHEL
+rm -rf tests/hypothesis
+# append skipper to skip iso8601 and pretend tests
+cat < %{SOURCE4} >> tests/conftest.py
+%endif
+
 # see https://github.com/pyca/cryptography/issues/4885 and
 # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
 PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
@ -92,6 +117,21 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info

 %changelog
+* Wed Mar 03 2021 Christian Heimes <cheimes@redhat.com> - 3.4.6-1
+- Update to 3.4.6 (#1927044)
+
+* Mon Feb 15 2021 Christian Heimes <cheimes@redhat.com> - 3.4.5-1
+- Update to 3.4.5 (#1927044)
+
+* Fri Feb 12 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-3
+- Skip iso8601 and pretend tests on RHEL
+
+* Fri Feb 12 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-2
+- Provide RHEL build infrastructure
+
+* Wed Feb 10 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-1
+- Update to 3.4.4 (#1927044)
+
 * Mon Feb 08 2021 Christian Heimes <cheimes@redhat.com> - 3.4.2-1
 - Update to 3.4.2 (#1926339)
 - Package no longer depends on Rust (#1926181)
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (cryptography-3.4.2.tar.gz) = 8fa9fad24d55d3ff129d4ebf0837cd267bbd180429cda09e60730e67fb18e6af7ff4630989b18ab31ffc85046259eba546ad63388fd6e252bfbc850e7cbc62fc
-SHA512 (cryptography-3.4.2.tar.gz.asc) = ae8ef10065db06d58879a3eb553f0d0c430f28da9a48789f09410cee694409c715972a3506c5bd3c8519125df412805b547e1109d9d3867d79858578e3082098
+SHA512 (cryptography-3.4.6.tar.gz) = 30b712adc5cc114faeb7bfef0b9de88c6daefa5a8b99e53bd6d37b8ed560bd1d396cbb202902c307b90f40d695bde151164436bf233fb726dc836c8b70126653
+SHA512 (cryptography-3.4.6.tar.gz.asc) = 91e8c5f5e9e0d440d0882f0bf2f5f039b299c88f03f52d4060f0ee2a18d46ca6503d77444196db91b8d29c7b302b238461795d252777f9bc2953c52789df9fad
--- a/vendor_rust.py
+++ b/vendor_rust.py
@ -0,0 +1,112 @@
+#!/usr/bin/python3
+"""Vendor PyCA cryptography's Rust crates
+"""
+import argparse
+import os
+import re
+import tarfile
+import tempfile
+import shutil
+import subprocess
+import sys
+
+VENDOR_DIR = "vendor"
+CARGO_TOML = "src/rust/Cargo.toml"
+RE_VERSION = re.compile("Version:\s*(.*)")
+
+parser = argparse.ArgumentParser(description="Vendor Rust packages")
+parser.add_argument(
+    "--spec", default="python-cryptography.spec", help="cryptography source tar bundle"
+)
+
+
+def cargo(cmd, manifest):
+    args = ["cargo", cmd, f"--manifest-path={manifest}"]
+    return subprocess.check_call(
+        args, stdout=subprocess.DEVNULL, stderr=sys.stderr, env={}
+    )
+
+
+def tar_reset(tarinfo):
+    """Reset user, group, mtime, and mode to create reproducible tar"""
+    tarinfo.uid = 0
+    tarinfo.gid = 0
+    tarinfo.uname = "root"
+    tarinfo.gname = "root"
+    tarinfo.mtime = 0
+    if tarinfo.type == tarfile.DIRTYPE:
+        tarinfo.mode = 0o755
+    else:
+        tarinfo.mode = 0o644
+    if tarinfo.pax_headers:
+        raise ValueError(tarinfo.name, tarinfo.pax_headers)
+    return tarinfo
+
+
+def tar_reproducible(tar, basedir):
+    """Create reproducible tar file"""
+
+    content = [basedir]
+    for root, dirs, files in os.walk(basedir):
+        for directory in dirs:
+            content.append(os.path.join(root, directory))
+        for filename in files:
+            content.append(os.path.join(root, filename))
+    content.sort()
+
+    for fn in content:
+        tar.add(fn, filter=tar_reset, recursive=False, arcname=fn)
+
+
+def main():
+    args = parser.parse_args()
+    spec = args.spec
+
+    # change cwd to work in bundle directory
+    here = os.path.dirname(os.path.abspath(spec))
+    os.chdir(here)
+
+    # extract version number from bundle name
+    with open(spec) as f:
+        for line in f:
+            mo = RE_VERSION.search(line)
+            if mo is not None:
+                version = mo.group(1)
+                break
+        else:
+            raise ValueError(f"Cannot find version in {spec}")
+
+    bundle_file = f"cryptography-{version}.tar.gz"
+    vendor_file = f"cryptography-{version}-vendor.tar.bz2"
+
+    # remove existing vendor directory and file
+    if os.path.isdir(VENDOR_DIR):
+        shutil.rmtree(VENDOR_DIR)
+    try:
+        os.unlink(vendor_file)
+    except FileNotFoundError:
+        pass
+
+    print(f"Getting crates for {bundle_file}", file=sys.stderr)
+
+    # extract tar file in tempdir
+    # fetch and vendor Rust crates
+    with tempfile.TemporaryDirectory(dir=here) as tmp:
+        with tarfile.open(bundle_file) as tar:
+            tar.extractall(path=tmp)
+        manifest = os.path.join(tmp, f"cryptography-{version}", CARGO_TOML)
+        cargo("fetch", manifest)
+        cargo("vendor", manifest)
+
+    print("\nCreating tar ball...", file=sys.stderr)
+    with tarfile.open(vendor_file, "x:bz2") as tar:
+        tar_reproducible(tar, VENDOR_DIR)
+
+    # remove vendor dir
+    shutil.rmtree(VENDOR_DIR)
+
+    parser.exit(0, f"Created {vendor_file}\n")
+
+
+if __name__ == "__main__":
+    main()