PyCA's cryptography library
571b13d655
resolves: rhbz#2203840 |
||
---|---|---|
tests | ||
.gitignore | ||
0001-Block-TripleDES-in-FIPS-mode-6879.patch | ||
0002-Disable-DSA-tests-in-FIPS-mode-6916.patch | ||
0003-fixes-6927-handle-negative-return-values-from-openss.patch | ||
0004-Disable-test_openssl_assert_error_on_stack-in-FIPS-m.patch | ||
0005-Fixed-serialization-of-keyusage-ext-with-no-bits-693.patch | ||
0006-CVE-2023-23931.patch | ||
0007-Adapt-for-OpenSSL-RSA-bleichenbacher-mitigation-7895.patch | ||
conftest-skipper.py | ||
gating.yaml | ||
python-cryptography.spec | ||
README.md | ||
sources | ||
vendor_rust.py |
PyCA cryptography
https://cryptography.io/en/latest/
Packaging python-cryptography
The example assumes
- Fedora Rawhide (f34)
- PyCA cryptography release
3.4
- Update Bugzilla issue is
RHBZ#00000001
Build new python-cryptography
Switch and update branch
fedpkg switch-branch rawhide
fedpkg pull
Bump version and get sources
rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
spectool -gf python-cryptography.spec
Upload new source
fedpkg new-sources cryptography-3.4.tar.gz
Commit changes
fedpkg commit --clog
fedpkg push
Build
fedpkg build
RHEL/CentOS builds
RHEL and CentOS use a different approach for Rust crates packaging than
Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g.
rust-pyo3+default-devel
RPM. These packages don't exist on RHEL and
CentOS. Instead python-cryptography uses a tar ball with vendored crates.
The tar ball is created by a script:
./vendor_rust.py
rhpkg upload cryptography-3.4-vendor.tar.bz2