diff --git a/README.md b/README.md deleted file mode 100644 index 33554c0..0000000 --- a/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# PyCA cryptography - -https://cryptography.io/en/latest/ - -## Packaging python-cryptography - -The example assumes - -* Fedora Rawhide (f34) -* PyCA cryptography release ``3.4`` -* Update Bugzilla issue is ``RHBZ#00000001`` - -### Build new python-cryptography - -Switch and update branch - -```shell -fedpkg switch-branch rawhide -fedpkg pull -``` - -Bump version and get sources - -```shell -rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec -spectool -gf python-cryptography.spec -``` - -Upload new source - -```shell -fedpkg new-sources cryptography-3.4.tar.gz -``` - -Commit changes - -```shell -fedpkg commit --clog -fedpkg push -``` - -Build - -```shell -fedpkg build -``` - -## RHEL/CentOS builds - -RHEL and CentOS use a different approach for Rust crates packaging than -Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g. -``rust-pyo3+default-devel`` RPM. These packages don't exist on RHEL and -CentOS. Instead python-cryptography uses a tar ball with vendored crates. -The tar ball is created by a script: - -```shell -./vendor_rust.py -rhpkg upload cryptography-3.4-vendor.tar.bz2 -``` diff --git a/python3.12-cryptography.spec b/python3.12-cryptography.spec index 311aa65..95f0540 100644 --- a/python3.12-cryptography.spec +++ b/python3.12-cryptography.spec @@ -1,18 +1,77 @@ -%bcond_without tests +%global __python3 /usr/bin/python3.12 +%global python3_pkgversion 3.12 -%{!?python3_pkgversion:%global python3_pkgversion 3} +# RHEL: Tests disabled due to missing deps +%bcond_with tests %global srcname cryptography -Name: python-%{srcname} +Name: python%{python3_pkgversion}-%{srcname} Version: 41.0.5 Release: 1%{?dist} Summary: PyCA's cryptography library -# cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause, -# as well as the Python Software Foundation license for the OS random -# engine derived by CPython. -License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 +# We bundle various crates with cryptography which is dual licensed +# under the ASL 2.0 or BSD, as well as the Python license +# for the OS random engine derived by CPython. + +# in the vendor dir from SOURCE1: +# import pathlib, tomllib +# bundled = {} +# for d in pathlib.Path('.').iterdir(): +# cargo_toml = d / 'Cargo.toml' +# cargo = tomllib.loads(cargo_toml.read_text()) +# bundled[cargo['package']['name']] = cargo['package'] +# for pkg in sorted(bundled): +# print(f"# {pkg}: {bundled[pkg]['license']}") +# the output was then manually de-SPDX'ed +# windows-only crates manually removed from this list + +# Inflector: BSD +# aliasable: MIT +# asn1: BSD +# asn1_derive: BSD +# autocfg: MIT or ASL 2.0 +# base64: MIT or ASL 2.0 +# bitflags: MIT or ASL 2.0 +# cc: MIT or ASL 2.0 +# cfg-if: MIT or ASL 2.0 +# foreign-types: MIT or ASL 2.0 +# foreign-types-shared: MIT or ASL 2.0 +# indoc: MIT or ASL 2.0 +# libc: MIT or ASL 2.0 +# lock_api: MIT or ASL 2.0 +# memoffset: MIT +# once_cell: MIT or ASL 2.0 +# openssl: ASL 2.0 +# openssl-macros: MIT or ASL 2.0 +# openssl-sys: MIT +# ouroboros: MIT or ASL 2.0 +# ouroboros_macro: MIT or ASL 2.0 +# parking_lot: MIT or ASL 2.0 +# parking_lot_core: MIT or ASL 2.0 +# pem: MIT +# pkg-config: MIT or ASL 2.0 +# proc-macro-error: MIT or ASL 2.0 +# proc-macro-error-attr: MIT or ASL 2.0 +# proc-macro2: MIT or ASL 2.0 +# pyo3: ASL 2.0 +# pyo3-build-config: ASL 2.0 +# pyo3-ffi: ASL 2.0 +# pyo3-macros: ASL 2.0 +# pyo3-macros-backend: ASL 2.0 +# quote: MIT or ASL 2.0 +# redox_syscall: MIT +# scopeguard: MIT or ASL 2.0 +# smallvec: MIT or ASL 2.0 +# syn: MIT or ASL 2.0 +# target-lexicon: ASL 2.0 (with LLVM-exception) +# unicode-ident: (MIT or ASL 2.0) and Unicode +# unindent: MIT or ASL 2.0 +# vcpkg: MIT or ASL 2.0 +# version_check: MIT or ASL 2.0 +License: (ASL 2.0 or BSD) and Python and BSD and MIT and ASL 2.0 and (MIT or ASL 2.0) and Unicode + URL: https://cryptography.io/en/latest/ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz # created by ./vendor_rust.py helper script @@ -37,6 +96,7 @@ BuildRequires: rust-toolset BuildRequires: python%{python3_pkgversion}-cffi >= 1.12 BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-rpm-macros BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4 @@ -53,21 +113,64 @@ BuildRequires: python%{python3_pkgversion}-pytest-benchmark BuildRequires: python%{python3_pkgversion}-pytest-subtests >= 0.5.0 %endif -%description -cryptography is a package designed to expose cryptographic primitives and -recipes to Python developers. - -%package -n python%{python3_pkgversion}-%{srcname} -Summary: PyCA's cryptography library -%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}} - Requires: openssl-libs -%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 -# Can be safely removed in Fedora 37 -Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7 -%endif +Requires: python%{python3_pkgversion}-cffi >= 1.12 -%description -n python%{python3_pkgversion}-%{srcname} +# Provides for the bundled crates +# (continuation of the snippet above the License tag) +# for pkg in sorted(bundled): +# print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}") +Provides: bundled(crate(Inflector)) = 0.11.4 +Provides: bundled(crate(aliasable)) = 0.1.3 +Provides: bundled(crate(asn1)) = 0.15.2 +Provides: bundled(crate(asn1_derive)) = 0.15.2 +Provides: bundled(crate(autocfg)) = 1.1.0 +Provides: bundled(crate(base64)) = 0.13.1 +Provides: bundled(crate(bitflags)) = 1.3.2 +Provides: bundled(crate(cc)) = 1.0.79 +Provides: bundled(crate(cfg-if)) = 1.0.0 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(indoc)) = 1.0.9 +Provides: bundled(crate(libc)) = 0.2.144 +Provides: bundled(crate(lock_api)) = 0.4.9 +Provides: bundled(crate(memoffset)) = 0.8.0 +Provides: bundled(crate(once_cell)) = 1.17.2 +Provides: bundled(crate(openssl)) = 0.10.54 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.88 +Provides: bundled(crate(ouroboros)) = 0.15.6 +Provides: bundled(crate(ouroboros_macro)) = 0.15.6 +Provides: bundled(crate(parking_lot)) = 0.12.1 +Provides: bundled(crate(parking_lot_core)) = 0.9.7 +Provides: bundled(crate(pem)) = 1.1.1 +Provides: bundled(crate(pkg-config)) = 0.3.27 +Provides: bundled(crate(proc-macro-error)) = 1.0.4 +Provides: bundled(crate(proc-macro-error-attr)) = 1.0.4 +Provides: bundled(crate(proc-macro2)) = 1.0.64 +Provides: bundled(crate(pyo3)) = 0.18.3 +Provides: bundled(crate(pyo3-build-config)) = 0.18.3 +Provides: bundled(crate(pyo3-ffi)) = 0.18.3 +Provides: bundled(crate(pyo3-macros)) = 0.18.3 +Provides: bundled(crate(pyo3-macros-backend)) = 0.18.3 +Provides: bundled(crate(quote)) = 1.0.28 +Provides: bundled(crate(redox_syscall)) = 0.2.16 +Provides: bundled(crate(scopeguard)) = 1.1.0 +Provides: bundled(crate(smallvec)) = 1.10.0 +Provides: bundled(crate(syn)) = 1.0.109 +Provides: bundled(crate(target-lexicon)) = 0.12.7 +Provides: bundled(crate(unicode-ident)) = 1.0.9 +Provides: bundled(crate(unindent)) = 0.1.11 +Provides: bundled(crate(vcpkg)) = 0.2.15 +Provides: bundled(crate(version_check)) = 0.9.4 + +# Cryptography crates +Provides: bundled(crate(cryptography-cffi)) = 0.1.0 +Provides: bundled(crate(cryptography-openssl)) = 0.1.0 +Provides: bundled(crate(cryptography-rust)) = 0.1.0 +Provides: bundled(crate(cryptography-x509)) = 0.1.0 + +%description cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. @@ -96,7 +199,6 @@ cd ../.. sed -i 's,--no-subtests-shortletter,,' pyproject.toml %build -export RUSTFLAGS="%build_rustflags" export OPENSSL_NO_VENDOR=1 %py3_build @@ -137,230 +239,26 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info %changelog -* Thu Oct 26 2023 Christian Heimes - 41.0.5-1 -- Update to 41.0.5, resolves RHBZ#2239707 - -* Mon Aug 14 2023 Christian Heimes - 41.0.3-2 -- Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042 - -* Wed Aug 09 2023 Christian Heimes - 41.0.3-1 -- Update to 41.0.3, resolves rhbz#2211237 -- Use pyo3 0.19 - -* Fri Jul 21 2023 Fedora Release Engineering - 40.0.2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Mon Jul 10 2023 Python Maint - 40.0.2-4 -- Rebuilt for Python 3.12 - -* Wed Jun 14 2023 Python Maint - 40.0.2-3 -- Bootstrap for Python 3.12 - -* Tue Jun 13 2023 Yaakov Selkowitz - 40.0.2-2 -- Use vendored rust-pem in RHEL builds - -* Tue Apr 18 2023 Christian Heimes - 40.0.2-1 -- Update to 40.0.2, resolves rhbz#2181430 - -* Thu Mar 09 2023 Miro Hrončok - 39.0.2-2 -- Don't run tests requiring pytz on RHEL -- Don't try to run tests of vendored dependencies in %%check - -* Sat Mar 04 2023 Christian Heimes - 39.0.2-1 -- Update to 39.0.2, resolves rhbz#2124729 - -* Tue Feb 28 2023 Fabio Valentini - 37.0.2-9 -- Ensure correct compiler flags are used for Rust code. - -* Wed Feb 22 2023 Christian Heimes - 37.0.2-8 -- Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2171820 -- Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661 - -* Fri Jan 20 2023 Fedora Release Engineering - 37.0.2-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Fri Dec 09 2022 Christian Heimes - 37.0.2-6 -- Enable SHA1 signatures in test suite (ELN-only) - -* Wed Aug 17 2022 Miro Hrončok - 37.0.2-5 -- Drop unused requirement of python3-six - -* Fri Jul 22 2022 Fedora Release Engineering - 37.0.2-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Tue Jun 14 2022 Python Maint - 37.0.2-3 -- Rebuilt for Python 3.11 - -* Tue Jun 14 2022 Python Maint - 37.0.2-2 -- Bootstrap for Python 3.11 - -* Thu May 05 2022 Christian Heimes - 37.0.2-1 -- Update to 37.0.2, resolves rhbz#2078968 - -* Thu Jan 27 2022 Christian Heimes - 36.0.0-3 -- Skip unstable memleak tests, resolves: RHBZ#2042413 - -* Fri Jan 21 2022 Fedora Release Engineering - 36.0.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Mon Nov 22 2021 Christian Heimes - 36.0.0-1 -- Update to 36.0.0, fixes RHBZ#2025347 - -* Thu Sep 30 2021 Christian Heimes - 35.0.0-2 -- Require rust-asn1 >= 0.6.4 - -* Thu Sep 30 2021 Christian Heimes - 35.0-1 -- Update to 35.0.0 (#2009117) - -* Tue Sep 14 2021 Sahana Prasad - 3.4.7-6 -- Rebuilt with OpenSSL 3.0.0 - -* Fri Jul 23 2021 Fedora Release Engineering - 3.4.7-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Thu Jun 10 2021 Stephen Gallagher - 3.4.7-4 -- Don't conditionalize Source: directives - -* Wed Jun 02 2021 Python Maint - 3.4.7-3 -- Rebuilt for Python 3.10 - -* Tue May 11 2021 Christian Heimes - 3.4.7-2 -- Fix compatibility issue with Python 3.10. Enums now use same - representation as on Python 3.9. (#1952522) -- Backport OpenSSL 3.0.0 compatibility patches. - -* Wed Apr 21 2021 Christian Heimes - 3.4.7-1 -- Update to 3.4.7 -- Remove dependency on python-cryptography-vectors package and use vectors - directly from Github source tar ball. (#1952024) - -* Wed Mar 03 2021 Christian Heimes - 3.4.6-1 -- Update to 3.4.6 (#1927044) - -* Mon Feb 15 2021 Christian Heimes - 3.4.5-1 -- Update to 3.4.5 (#1927044) - -* Fri Feb 12 2021 Christian Heimes - 3.4.4-3 -- Skip iso8601 and pretend tests on RHEL - -* Fri Feb 12 2021 Christian Heimes - 3.4.4-2 -- Provide RHEL build infrastructure - -* Wed Feb 10 2021 Christian Heimes - 3.4.4-1 -- Update to 3.4.4 (#1927044) - -* Mon Feb 08 2021 Christian Heimes - 3.4.2-1 -- Update to 3.4.2 (#1926339) -- Package no longer depends on Rust (#1926181) - -* Mon Feb 08 2021 Fabio Valentini - 3.4.1-2 -- Use dynamically generated BuildRequires for PyO3 Rust module. -- Drop unnecessary CARGO_NET_OFFLINE environment variable. - -* Sun Feb 07 2021 Christian Heimes - 3.4.1-1 -- Update to 3.4.1 (#1925953) - -* Sun Feb 07 2021 Christian Heimes - 3.4-2 -- Add missing abi3 and pytest dependencies - -* Sun Feb 07 2021 Christian Heimes - 3.4-1 -- Update to 3.4 (#1925953) -- Remove Python 2 support -- Remove unused python-idna dependency -- Add Rust support - -* Wed Jan 27 2021 Fedora Release Engineering - 3.3.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Thu Dec 10 2020 Christian Heimes - 3.3.1-1 -- Update to 3.3.1 (#1905756) - -* Wed Oct 28 2020 Christian Heimes - 3.2.1-1 -- Update to 3.2.1 (#1892153) - -* Mon Oct 26 2020 Christian Heimes - 3.2-1 -- Update to 3.2 (#1891378) - -* Mon Sep 07 2020 Christian Heimes - 3.1-1 -- Update to 3.1 (#1872978) - -* Wed Jul 29 2020 Fedora Release Engineering - 3.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jul 21 2020 Christian Heimes - 3.0-1 -- Update to 3.0 (#185897) - -* Sat May 23 2020 Miro Hrončok - 2.9-3 -- Rebuilt for Python 3.9 - -* Tue May 12 2020 Felix Schwarz - 2.9-2 -- add source file verification - -* Fri Apr 03 2020 Christian Heimes - 2.9-1 -- Update to 2.9 (#1820348) - -* Thu Jan 30 2020 Fedora Release Engineering - 2.8-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Mon Jan 13 2020 Christian Heimes - 2.8-2 -- cryptography 2.8+ no longer depends on python-asn1crypto - -* Thu Oct 17 2019 Christian Heimes - 2.8-1 -- Update to 2.8 -- Resolves: rhbz#1762779 - -* Sun Oct 13 2019 Christian Heimes - 2.7-3 -- Skip unit tests that fail with OpenSSL 1.1.1.d -- Resolves: rhbz#1761194 -- Fix and simplify Python 3 packaging - -* Sat Oct 12 2019 Christian Heimes - 2.7-2 -- Drop Python 2 package -- Resolves: rhbz#1761081 - -* Tue Sep 03 2019 Randy Barlow - 2.7-1 -- Update to 2.7 (#1715680). - -* Fri Aug 16 2019 Miro Hrončok - 2.6.1-3 -- Rebuilt for Python 3.8 - -* Fri Jul 26 2019 Fedora Release Engineering - 2.6.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu Feb 28 2019 Christian Heimes - 2.6.1-1 -- New upstream release 2.6.1, resolves RHBZ#1683691 - -* Wed Feb 13 2019 Alfredo Moralejo - 2.5-1 -- Updated to 2.5. - -* Sat Feb 02 2019 Fedora Release Engineering - 2.3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Aug 13 2018 Christian Heimes - 2.3-2 -- Use TLSv1.2 in test as workaround for RHBZ#1615143 - -* Wed Jul 18 2018 Christian Heimes - 2.3-1 -- New upstream release 2.3 -- Fix AEAD tag truncation bug, RHBZ#1602752 - -* Fri Jul 13 2018 Fedora Release Engineering - 2.2.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Fri Jun 15 2018 Miro Hrončok - 2.2.1-2 -- Rebuilt for Python 3.7 - -* Wed Mar 21 2018 Christian Heimes - 2.2.1-1 -- New upstream release 2.2.1 - -* Sun Feb 18 2018 Christian Heimes - 2.1.4-1 -- New upstream release 2.1.4 - -* Sun Feb 18 2018 Christian Heimes - 2.1.3-4 -- Build requires gcc - -* Mon Feb 12 2018 Iryna Shcherbina - 2.1.3-3 -- Update Python 2 dependency declarations to new packaging standards - (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - -* Fri Feb 09 2018 Fedora Release Engineering - 2.1.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild +* Wed Nov 08 2023 Charalampos Stratakis - 41.0.5-1 +- Initial package +- Fedora contributions by: + Alfredo Moralejo + Charalampos Stratakis + Christian Heimes + Colin Walters + Dennis Gilmore + Fabio Valentini + Felix Schwarz + Haikel Guemar + Igor Gnatenko + Iryna Shcherbina + Lumir Balhar + Matěj Cepl + Miro Hrončok + Nathaniel McCallum + Randy Barlow + Robert Kuska + Sahana Prasad + Stephen Gallagher + Troy Dawson + Yaakov Selkowitz