rpms

PyCA's cryptography library

Go to file

Charalampos Stratakis e930e4967d Security fix for CVE-2023-49083 Resolves: RHEL-19832		2024-01-29 19:42:47 +01:00
.fmf	Add tmt gating plan	2023-02-11 00:59:01 +01:00
.gitignore	RHEL: Import from Fedora	2023-02-11 00:59:00 +01:00
CVE-2023-23931.patch	Security fix for CVE-2023-23931	2023-02-20 19:25:02 +01:00
CVE-2023-49083.patch	Security fix for CVE-2023-49083	2024-01-29 19:42:47 +01:00
README.md	RHEL: Import from Fedora	2023-02-11 00:59:00 +01:00
conftest-skipper.py	RHEL: Import from Fedora	2023-02-11 00:59:00 +01:00
gating.yaml	Add tmt gating plan	2023-02-11 00:59:01 +01:00
plan.fmf	Fix gating tests for sha1 removal	2023-02-14 02:00:42 +01:00
python3.11-cryptography.spec	Security fix for CVE-2023-49083	2024-01-29 19:42:47 +01:00
sources	RHEL: Import from Fedora	2023-02-11 00:59:00 +01:00
vendor_rust.py	RHEL: Import from Fedora	2023-02-11 00:59:00 +01:00

README.md

PyCA cryptography

https://cryptography.io/en/latest/

Packaging python-cryptography

The example assumes

Fedora Rawhide (f34)
PyCA cryptography release 3.4
Update Bugzilla issue is RHBZ#00000001

Build new python-cryptography

Switch and update branch

fedpkg switch-branch rawhide
fedpkg pull

Bump version and get sources

rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
spectool -gf python-cryptography.spec

Upload new source

fedpkg new-sources cryptography-3.4.tar.gz

Commit changes

fedpkg commit --clog
fedpkg push

Build

fedpkg build

RHEL/CentOS builds

RHEL and CentOS use a different approach for Rust crates packaging than Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g. rust-pyo3+default-devel RPM. These packages don't exist on RHEL and CentOS. Instead python-cryptography uses a tar ball with vendored crates. The tar ball is created by a script:

./vendor_rust.py
rhpkg upload cryptography-3.4-vendor.tar.bz2