From dd726f3b17670579842bf50c53b37cfa933b7be1 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Thu, 11 Mar 2021 20:13:36 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/python-cryptography.git#6046d8e211da77b471dd3fed0add14f5fa1ccda9 --- .gitignore | 6 +++ README.md | 2 - conftest-skipper.py | 22 ++++++++ python-cryptography.spec | 48 +++++++++++++++-- sources | 4 +- vendor_rust.py | 112 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 186 insertions(+), 8 deletions(-) create mode 100644 conftest-skipper.py create mode 100755 vendor_rust.py diff --git a/.gitignore b/.gitignore index 5f81814..bd7832a 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,9 @@ /cryptography-3.4.1.tar.gz.asc /cryptography-3.4.2.tar.gz /cryptography-3.4.2.tar.gz.asc +/cryptography-3.4.4.tar.gz +/cryptography-3.4.4.tar.gz.asc +/cryptography-3.4.5.tar.gz +/cryptography-3.4.5.tar.gz.asc +/cryptography-3.4.6.tar.gz +/cryptography-3.4.6.tar.gz.asc diff --git a/README.md b/README.md index c100762..d673048 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,6 @@ fedpkg new-sources cryptography_vectors-3.4.tar.gz Commit changes ```shell -git add sources .gitignore python-cryptography-vectors.spec fedpkg commit --clog fedpkg push ``` @@ -86,7 +85,6 @@ fedpkg new-sources cryptography-3.4.tar.gz cryptography-3.4.tar.gz.asc Commit changes ```shell -git add sources .gitignore python-cryptography.spec fedpkg commit --clog fedpkg push ``` diff --git a/conftest-skipper.py b/conftest-skipper.py new file mode 100644 index 0000000..5a1de83 --- /dev/null +++ b/conftest-skipper.py @@ -0,0 +1,22 @@ + +class Skipper: + """Skip iso8601 and pretend tests + + RHEL buildroot doesn't have python-iso8601 and python-pretend. Skip + all tests that use the excluded modules. + """ + + def parse_date(self, datestring): + pytest.skip(f"iso8601 module is not available.") + + def stub(self, **kwargs): + pytest.skip(f"pretend module is not available.") + + def raiser(self, exc): + pytest.skip(f"pretend module is not available.") + + +import sys + +sys.modules["iso8601"] = sys.modules["pretend"] = Skipper() + diff --git a/python-cryptography.spec b/python-cryptography.spec index 51d1de8..e4f3235 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -6,7 +6,7 @@ %global pyo3_version 0.13.1 Name: python-%{srcname} -Version: 3.4.2 +Version: 3.4.6 Release: 1%{?dist} Summary: PyCA's cryptography library @@ -19,11 +19,20 @@ Source1: %{pypi_source}.asc # gpg2 --recv-keys "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" # gpg2 --export --export-options export-minimal "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" > gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg Source2: gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg +%if 0%{?rhel} + # created by ./vendor_rust.py helper script +Source3: cryptography-%{version}-vendor.tar.bz2 +Source4: conftest-skipper.py +%endif BuildRequires: openssl-devel BuildRequires: gcc BuildRequires: gnupg2 +%if 0%{?fedora} BuildRequires: rust-packaging +%else +BuildRequires: rust-toolset +%endif BuildRequires: python%{python3_pkgversion}-cffi >= 1.7 BuildRequires: python%{python3_pkgversion}-devel @@ -33,12 +42,14 @@ BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 %if %{with tests} BuildRequires: python%{python3_pkgversion}-cryptography-vectors = %{version} +%if 0%{?fedora} BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 BuildRequires: python%{python3_pkgversion}-iso8601 BuildRequires: python%{python3_pkgversion}-pretend +BuildRequires: python%{python3_pkgversion}-pytest-xdist +%endif BuildRequires: python%{python3_pkgversion}-pytest >= 6.0 BuildRequires: python%{python3_pkgversion}-pytest-subtests >= 0.3.2 -BuildRequires: python%{python3_pkgversion}-pytest-xdist BuildRequires: python%{python3_pkgversion}-pytz %endif @@ -61,13 +72,20 @@ recipes to Python developers. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 -n %{srcname}-%{version} -%cargo_prep -rm -f src/rust/Cargo.lock %generate_buildrequires + +%if 0%{?fedora} +# Fedora: use cargo macros to make use of RPMified crates +%cargo_prep cd src/rust +rm -f Cargo.lock %cargo_generate_buildrequires cd ../.. +%else +# RHEL: use vendored Rust crates +%cargo_prep -V 3 +%endif %build %py3_build @@ -80,6 +98,13 @@ find . -name .keep -print -delete %check %if %{with tests} +%if 0%{?rhel} +# skip hypothesis tests on RHEL +rm -rf tests/hypothesis +# append skipper to skip iso8601 and pretend tests +cat < %{SOURCE4} >> tests/conftest.py +%endif + # see https://github.com/pyca/cryptography/issues/4885 and # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)" @@ -92,6 +117,21 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_ %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info %changelog +* Wed Mar 03 2021 Christian Heimes - 3.4.6-1 +- Update to 3.4.6 (#1927044) + +* Mon Feb 15 2021 Christian Heimes - 3.4.5-1 +- Update to 3.4.5 (#1927044) + +* Fri Feb 12 2021 Christian Heimes - 3.4.4-3 +- Skip iso8601 and pretend tests on RHEL + +* Fri Feb 12 2021 Christian Heimes - 3.4.4-2 +- Provide RHEL build infrastructure + +* Wed Feb 10 2021 Christian Heimes - 3.4.4-1 +- Update to 3.4.4 (#1927044) + * Mon Feb 08 2021 Christian Heimes - 3.4.2-1 - Update to 3.4.2 (#1926339) - Package no longer depends on Rust (#1926181) diff --git a/sources b/sources index 00d5b88..da81927 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (cryptography-3.4.2.tar.gz) = 8fa9fad24d55d3ff129d4ebf0837cd267bbd180429cda09e60730e67fb18e6af7ff4630989b18ab31ffc85046259eba546ad63388fd6e252bfbc850e7cbc62fc -SHA512 (cryptography-3.4.2.tar.gz.asc) = ae8ef10065db06d58879a3eb553f0d0c430f28da9a48789f09410cee694409c715972a3506c5bd3c8519125df412805b547e1109d9d3867d79858578e3082098 +SHA512 (cryptography-3.4.6.tar.gz) = 30b712adc5cc114faeb7bfef0b9de88c6daefa5a8b99e53bd6d37b8ed560bd1d396cbb202902c307b90f40d695bde151164436bf233fb726dc836c8b70126653 +SHA512 (cryptography-3.4.6.tar.gz.asc) = 91e8c5f5e9e0d440d0882f0bf2f5f039b299c88f03f52d4060f0ee2a18d46ca6503d77444196db91b8d29c7b302b238461795d252777f9bc2953c52789df9fad diff --git a/vendor_rust.py b/vendor_rust.py new file mode 100755 index 0000000..cd8355e --- /dev/null +++ b/vendor_rust.py @@ -0,0 +1,112 @@ +#!/usr/bin/python3 +"""Vendor PyCA cryptography's Rust crates +""" +import argparse +import os +import re +import tarfile +import tempfile +import shutil +import subprocess +import sys + +VENDOR_DIR = "vendor" +CARGO_TOML = "src/rust/Cargo.toml" +RE_VERSION = re.compile("Version:\s*(.*)") + +parser = argparse.ArgumentParser(description="Vendor Rust packages") +parser.add_argument( + "--spec", default="python-cryptography.spec", help="cryptography source tar bundle" +) + + +def cargo(cmd, manifest): + args = ["cargo", cmd, f"--manifest-path={manifest}"] + return subprocess.check_call( + args, stdout=subprocess.DEVNULL, stderr=sys.stderr, env={} + ) + + +def tar_reset(tarinfo): + """Reset user, group, mtime, and mode to create reproducible tar""" + tarinfo.uid = 0 + tarinfo.gid = 0 + tarinfo.uname = "root" + tarinfo.gname = "root" + tarinfo.mtime = 0 + if tarinfo.type == tarfile.DIRTYPE: + tarinfo.mode = 0o755 + else: + tarinfo.mode = 0o644 + if tarinfo.pax_headers: + raise ValueError(tarinfo.name, tarinfo.pax_headers) + return tarinfo + + +def tar_reproducible(tar, basedir): + """Create reproducible tar file""" + + content = [basedir] + for root, dirs, files in os.walk(basedir): + for directory in dirs: + content.append(os.path.join(root, directory)) + for filename in files: + content.append(os.path.join(root, filename)) + content.sort() + + for fn in content: + tar.add(fn, filter=tar_reset, recursive=False, arcname=fn) + + +def main(): + args = parser.parse_args() + spec = args.spec + + # change cwd to work in bundle directory + here = os.path.dirname(os.path.abspath(spec)) + os.chdir(here) + + # extract version number from bundle name + with open(spec) as f: + for line in f: + mo = RE_VERSION.search(line) + if mo is not None: + version = mo.group(1) + break + else: + raise ValueError(f"Cannot find version in {spec}") + + bundle_file = f"cryptography-{version}.tar.gz" + vendor_file = f"cryptography-{version}-vendor.tar.bz2" + + # remove existing vendor directory and file + if os.path.isdir(VENDOR_DIR): + shutil.rmtree(VENDOR_DIR) + try: + os.unlink(vendor_file) + except FileNotFoundError: + pass + + print(f"Getting crates for {bundle_file}", file=sys.stderr) + + # extract tar file in tempdir + # fetch and vendor Rust crates + with tempfile.TemporaryDirectory(dir=here) as tmp: + with tarfile.open(bundle_file) as tar: + tar.extractall(path=tmp) + manifest = os.path.join(tmp, f"cryptography-{version}", CARGO_TOML) + cargo("fetch", manifest) + cargo("vendor", manifest) + + print("\nCreating tar ball...", file=sys.stderr) + with tarfile.open(vendor_file, "x:bz2") as tar: + tar_reproducible(tar, VENDOR_DIR) + + # remove vendor dir + shutil.rmtree(VENDOR_DIR) + + parser.exit(0, f"Created {vendor_file}\n") + + +if __name__ == "__main__": + main()