PyCA's cryptography library
Go to file
2023-05-15 14:40:01 +02:00
tests Allow SHA-1 signatures in gating tests, too 2023-04-21 10:56:33 +02:00
.gitignore Allow SHA-1 signatures in gating tests, too 2023-04-21 10:56:33 +02:00
0001-Block-TripleDES-in-FIPS-mode-6879.patch Rebase to 36.0.1 + upstream fixes 2022-03-04 13:51:16 +01:00
0002-Disable-DSA-tests-in-FIPS-mode-6916.patch Rebase to 36.0.1 + upstream fixes 2022-03-04 13:51:16 +01:00
0003-fixes-6927-handle-negative-return-values-from-openss.patch Rebase to 36.0.1 + upstream fixes 2022-03-04 13:51:16 +01:00
0004-Disable-test_openssl_assert_error_on_stack-in-FIPS-m.patch Rebase to 36.0.1 + upstream fixes 2022-03-04 13:51:16 +01:00
0005-Fixed-serialization-of-keyusage-ext-with-no-bits-693.patch Rebase to 36.0.1 + upstream fixes 2022-03-04 13:51:16 +01:00
0006-CVE-2023-23931.patch Fix CVE-2023-23931 2023-04-18 15:16:04 +02:00
0007-Adapt-for-OpenSSL-RSA-bleichenbacher-mitigation-7895.patch Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature 2023-05-15 14:40:01 +02:00
conftest-skipper.py Merged update from upstream sources 2021-03-11 20:13:36 +00:00
gating.yaml Add gating definition for RHEL 9 2021-06-09 12:32:00 +05:30
python-cryptography.spec Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature 2023-05-15 14:40:01 +02:00
README.md Update to 3.4.7 and simplify builds 2021-04-22 12:50:35 +02:00
sources Rebase to 36.0.1 + upstream fixes 2022-03-04 13:51:16 +01:00
vendor_rust.py Merged update from upstream sources 2021-03-11 20:13:36 +00:00

PyCA cryptography

https://cryptography.io/en/latest/

Packaging python-cryptography

The example assumes

  • Fedora Rawhide (f34)
  • PyCA cryptography release 3.4
  • Update Bugzilla issue is RHBZ#00000001

Build new python-cryptography

Switch and update branch

fedpkg switch-branch rawhide
fedpkg pull

Bump version and get sources

rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
spectool -gf python-cryptography.spec

Upload new source

fedpkg new-sources cryptography-3.4.tar.gz

Commit changes

fedpkg commit --clog
fedpkg push

Build

fedpkg build

RHEL/CentOS builds

RHEL and CentOS use a different approach for Rust crates packaging than Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g. rust-pyo3+default-devel RPM. These packages don't exist on RHEL and CentOS. Instead python-cryptography uses a tar ball with vendored crates. The tar ball is created by a script:

./vendor_rust.py
rhpkg upload cryptography-3.4-vendor.tar.bz2