rpms/python3.14-cryptography
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS python3.14-cryptography-45.0.4-4.el9

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-04-16 04:56:09 -04:00
parent 0b35ce51b2
commit f4fc822a82
12 changed files with 269 additions and 527 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.fmf/version
View File

@ -1 +0,0 @@
1

79
.gitignore vendored
View File

@ -1,77 +1,2 @@
/results_python-cryptography
/*.src.rpm
/cryptography-1.3.1.tar.gz
/cryptography-1.5.3.tar.gz
/cryptography-1.7.1.tar.gz
/cryptography-1.7.2.tar.gz
/cryptography-1.9.tar.gz
/cryptography-2.0.2.tar.gz
/cryptography-2.1.tar.gz
/cryptography-2.1.3.tar.gz
/cryptography-2.1.4.tar.gz
/cryptography-2.2.1.tar.gz
/cryptography-2.3.tar.gz
/cryptography-2.5.tar.gz
/cryptography-2.6.1.tar.gz
/cryptography-2.7.tar.gz
/cryptography-2.8.tar.gz
/cryptography-2.9.tar.gz
/cryptography-2.9.tar.gz.asc
/cryptography-3.0.tar.gz
/cryptography-3.0.tar.gz.asc
/cryptography-3.1.tar.gz
/cryptography-3.1.tar.gz.asc
/cryptography-3.2.tar.gz
/cryptography-3.2.tar.gz.asc
/cryptography-3.2.1.tar.gz
/cryptography-3.2.1.tar.gz.asc
/cryptography-3.3.1.tar.gz
/cryptography-3.3.1.tar.gz.asc
/cryptography-3.4.tar.gz
/cryptography-3.4.tar.gz.asc
/cryptography-3.4.1.tar.gz
/cryptography-3.4.1.tar.gz.asc
/cryptography-3.4.2.tar.gz
/cryptography-3.4.2.tar.gz.asc
/cryptography-3.4.4.tar.gz
/cryptography-3.4.4.tar.gz.asc
/cryptography-3.4.5.tar.gz
/cryptography-3.4.5.tar.gz.asc
/cryptography-3.4.6.tar.gz
/cryptography-3.4.6.tar.gz.asc
/cryptography-3.4.7.tar.gz
/cryptography-3.4.7-vendor.tar.bz2
/cryptography-35.0.0.tar.gz
/cryptography-35.0.0-vendor.tar.bz2
/cryptography-36.0.0.tar.gz
/cryptography-36.0.0-vendor.tar.bz2
/cryptography-37.0.2.tar.gz
/cryptography-37.0.2-vendor.tar.bz2
/cryptography-39.0.2.tar.gz
/cryptography-39.0.2-vendor.tar.bz2
/cryptography-40.0.0.tar.gz
/cryptography-40.0.0-vendor.tar.bz2
/cryptography-40.0.1.tar.gz
/cryptography-40.0.1-vendor.tar.bz2
/cryptography-40.0.2.tar.gz
/cryptography-40.0.2-vendor.tar.bz2
/cryptography-41.0.3.tar.gz
/cryptography-41.0.3-vendor.tar.bz2
/cryptography-41.0.5-vendor.tar.bz2
/cryptography-41.0.5.tar.gz
/cryptography-41.0.7.tar.gz
/cryptography-41.0.7-vendor.tar.bz2
/cryptography-42.0.5.tar.gz
/cryptography-42.0.5-vendor.tar.bz2
/cryptography-42.0.8.tar.gz
/cryptography-42.0.8-vendor.tar.bz2
/cryptography-43.0.0.tar.gz
/cryptography-43.0.0-vendor.tar.bz2
/cryptography-44.0.0.tar.gz
/cryptography-44.0.0-vendor.tar.bz2
/cryptography-45.0.2.tar.gz
/cryptography-45.0.2-vendor.tar.bz2
/cryptography-45.0.3.tar.gz
/cryptography-45.0.3-vendor.tar.bz2
/cryptography-45.0.4.tar.gz
/cryptography-45.0.4-vendor.tar.bz2
SOURCES/cryptography-45.0.4-vendor.tar.bz2
SOURCES/cryptography-45.0.4.tar.gz

2
.python3.14-cryptography.metadata Normal file
View File

@ -0,0 +1,2 @@
119d707ca21a4a6ad0d7a39f37ef5e40cf00c4b1 SOURCES/cryptography-45.0.4-vendor.tar.bz2
08cb96ac825f17cedfa0cac54843f2b4ac596b76 SOURCES/cryptography-45.0.4.tar.gz

59
README.md
View File

@ -1,59 +0,0 @@
# PyCA cryptography
https://cryptography.io/en/latest/
## Packaging python-cryptography
The example assumes
* Fedora Rawhide (f34)
* PyCA cryptography release ``3.4``
* Update Bugzilla issue is ``RHBZ#00000001``
### Build new python-cryptography
Switch and update branch
```shell
fedpkg switch-branch rawhide
fedpkg pull
```
Bump version and get sources
```shell
rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
spectool -gf python-cryptography.spec
```
Upload new source
```shell
fedpkg new-sources cryptography-3.4.tar.gz
```
Commit changes
```shell
fedpkg commit --clog
fedpkg push
```
Build
```shell
fedpkg build
```
## RHEL/CentOS builds
RHEL and CentOS use a different approach for Rust crates packaging than
Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g.
``rust-pyo3+default-devel`` RPM. These packages don't exist on RHEL and
CentOS. Instead python-cryptography uses a tar ball with vendored crates.
The tar ball is created by a script:
```shell
./vendor_rust.py
rhpkg upload cryptography-3.4-vendor.tar.bz2
```

0
Replace-maturin-build-backend-with-setuptools-rust.patch → SOURCES/Replace-maturin-build-backend-with-setuptools-rust.patch
View File

0
conftest-skipper.py → SOURCES/conftest-skipper.py
View File

265
changelog → SPECS/python3.14-cryptography.spec
View File

@ -1,3 +1,266 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 4;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec
%global python3_pkgversion 3.14
# RHEL: Tests disabled due to missing deps
%bcond_with tests
%global srcname cryptography
Name: python%{python3_pkgversion}-%{srcname}
Version: 45.0.4
Release: %autorelease
Summary: PyCA's cryptography library
# We bundle various crates with cryptography which is dual licensed
# under the ASL 2.0 or BSD, as well as the Python license
# for the OS random engine derived by CPython.
# in the vendor dir from SOURCE1:
# import pathlib, tomllib
# bundled = {}
# for d in pathlib.Path('.').iterdir():
# cargo_toml = d / 'Cargo.toml'
# cargo = tomllib.loads(cargo_toml.read_text())
# bundled[cargo['package']['name']] = cargo['package']
# for pkg in sorted(bundled):
# print(f"# {pkg}: {bundled[pkg]['license']}")
# asn1: BSD-3-Clause
# asn1_derive: BSD-3-Clause
# autocfg: Apache-2.0 OR MIT
# base64: MIT OR Apache-2.0
# bitflags: MIT OR Apache-2.0
# cc: MIT OR Apache-2.0
# cfg-if: MIT/Apache-2.0
# foreign-types: MIT/Apache-2.0
# foreign-types-shared: MIT/Apache-2.0
# heck: MIT OR Apache-2.0
# indoc: MIT OR Apache-2.0
# itoa: MIT OR Apache-2.0
# libc: MIT OR Apache-2.0
# memoffset: MIT
# once_cell: MIT OR Apache-2.0
# openssl: Apache-2.0
# openssl-macros: MIT/Apache-2.0
# openssl-sys: MIT
# pem: MIT
# pkg-config: MIT OR Apache-2.0
# portable-atomic: Apache-2.0 OR MIT
# proc-macro2: MIT OR Apache-2.0
# pyo3: MIT OR Apache-2.0
# pyo3-build-config: MIT OR Apache-2.0
# pyo3-ffi: MIT OR Apache-2.0
# pyo3-macros: MIT OR Apache-2.0
# pyo3-macros-backend: MIT OR Apache-2.0
# quote: MIT OR Apache-2.0
# self_cell: Apache-2.0
# shlex: MIT OR Apache-2.0
# syn: MIT OR Apache-2.0
# target-lexicon: Apache-2.0 WITH LLVM-exception
# unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0
# unindent: MIT OR Apache-2.0
# vcpkg: MIT/Apache-2.0
License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0)
URL: https://cryptography.io/en/latest/
Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
# created by ./vendor_rust.py helper script
Source1: cryptography-%{version}-vendor.tar.bz2
Source2: conftest-skipper.py
# upstream uses maturin as a build backend,
# we replace it with setuptools-rust since it is not available in RHEL
# reverts: https://github.com/pyca/cryptography/commit/5b23baa
Patch: Replace-maturin-build-backend-with-setuptools-rust.patch
ExclusiveArch: %{rust_arches}
BuildRequires: openssl-devel
BuildRequires: gcc
BuildRequires: gnupg2
%if 0%{?fedora}
BuildRequires: rust-packaging
%else
BuildRequires: rust-toolset
%endif
BuildRequires: python%{python3_pkgversion}-cffi >= 1.12
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4
%if %{with tests}
%if 0%{?fedora}
BuildRequires: python%{python3_pkgversion}-certifi
BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4
BuildRequires: python%{python3_pkgversion}-iso8601
BuildRequires: python%{python3_pkgversion}-pretend
BuildRequires: python%{python3_pkgversion}-pytest-benchmark
BuildRequires: python%{python3_pkgversion}-pytest-xdist
BuildRequires: python%{python3_pkgversion}-pytz
%endif
BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0
%endif
Requires: openssl-libs
Requires: python%{python3_pkgversion}-cffi >= 1.12
# Provides for the bundled crates
# (continuation of the snippet above the License tag)
# for pkg in sorted(bundled):
# print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}")
Provides: bundled(crate(asn1)) = 0.21.3
Provides: bundled(crate(asn1_derive)) = 0.21.3
Provides: bundled(crate(autocfg)) = 1.4.0
Provides: bundled(crate(base64)) = 0.22.1
Provides: bundled(crate(bitflags)) = 2.9.1
Provides: bundled(crate(cc)) = 1.2.23
Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(foreign-types)) = 0.3.2
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
Provides: bundled(crate(heck)) = 0.5.0
Provides: bundled(crate(indoc)) = 2.0.6
Provides: bundled(crate(itoa)) = 1.0.15
Provides: bundled(crate(libc)) = 0.2.172
Provides: bundled(crate(memoffset)) = 0.9.1
Provides: bundled(crate(once_cell)) = 1.21.3
Provides: bundled(crate(openssl)) = 0.10.72
Provides: bundled(crate(openssl-macros)) = 0.1.1
Provides: bundled(crate(openssl-sys)) = 0.9.108
Provides: bundled(crate(pem)) = 3.0.5
Provides: bundled(crate(pkg-config)) = 0.3.32
Provides: bundled(crate(portable-atomic)) = 1.11.0
Provides: bundled(crate(proc-macro2)) = 1.0.95
Provides: bundled(crate(pyo3)) = 0.25.0
Provides: bundled(crate(pyo3-build-config)) = 0.25.0
Provides: bundled(crate(pyo3-ffi)) = 0.25.0
Provides: bundled(crate(pyo3-macros)) = 0.25.0
Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0
Provides: bundled(crate(quote)) = 1.0.40
Provides: bundled(crate(self_cell)) = 1.2.0
Provides: bundled(crate(shlex)) = 1.3.0
Provides: bundled(crate(syn)) = 2.0.101
Provides: bundled(crate(target-lexicon)) = 0.13.2
Provides: bundled(crate(unicode-ident)) = 1.0.18
Provides: bundled(crate(unindent)) = 0.2.4
Provides: bundled(crate(vcpkg)) = 0.2.15
# Cryptography crates
Provides: bundled(crate(cryptography-cffi)) = 0.1.0
Provides: bundled(crate(cryptography-crypto)) = 0.1.0
Provides: bundled(crate(cryptography-keepalive)) = 0.1.0
Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0
Provides: bundled(crate(cryptography-rust)) = 0.1.0
Provides: bundled(crate(cryptography-x509)) = 0.1.0
Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0
Provides: bundled(crate(cryptography-openssl)) = 0.1.0
%description
cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.
%prep
%autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version}
%if 0%{?fedora}
%cargo_prep
sed -i 's/locked = true//g' pyproject.toml
%else
# RHEL: use vendored Rust crates
%cargo_prep -v vendor
%endif
%if ! 0%{?fedora}
sed -i 's,--benchmark-disable,,' pyproject.toml
%endif
%generate_buildrequires
%pyproject_buildrequires
%if 0%{?fedora}
# Fedora: use RPMified crates
%cargo_generate_buildrequires
%endif
%build
export RUSTFLAGS="%build_rustflags"
export OPENSSL_NO_VENDOR=1
export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
%pyproject_wheel
%cargo_license_summary
%{cargo_license} > LICENSE.dependencies
%if ! 0%{?fedora}
%cargo_vendor_manifest
%endif
%install
# Actually other *.c and *.h are appropriate
# see https://github.com/pyca/cryptography/issues/1463
find . -name .keep -print -delete
find . -name Cargo.toml -print -delete
%pyproject_install
%pyproject_save_files %{srcname}
%check
%if %{with tests}
%if 0%{?rhel}
# skip benchmark, hypothesis, and pytz tests on RHEL
rm -rf tests/bench tests/hypothesis
# append skipper to skip iso8601 and pretend tests
cat < %{SOURCE2} >> tests/conftest.py
%endif
# enable SHA-1 signatures for RSA tests
# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343
export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
# see https://github.com/pyca/cryptography/issues/4885 and
# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes
# not much sense for downstream testing.
# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure
PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
%{__python3} -m pytest \
--ignore vendor \
-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
%endif
%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
%doc README.rst docs
%license LICENSE LICENSE.APACHE LICENSE.BSD
%license LICENSE.dependencies
%if ! 0%{?fedora}
%license cargo-vendor.txt
%endif
%changelog
## START: Generated by rpmautospec
* Fri Nov 28 2025 Lumir Balhar <lbalhar@redhat.com> - 45.0.4-4
- Reuploaded sources
* Fri Nov 28 2025 Lukáš Zachar <lzachar@redhat.com> - 45.0.4-3
- Add gating
* Fri Nov 28 2025 Tomáš Hrnčiar <thrnciar@redhat.com> - 45.0.4-2
- Convert from Fedora for the Python 3.14 stack in RHEL
* Fri Nov 28 2025 Tomáš Hrnčiar <thrnciar@redhat.com> - 45.0.4-1
- RHEL: Rename SPEC to python3.14-cryptography.spec
* Tue Jul 02 2024 Jeremy Cline <jeremycline@linux.microsoft.com> - 42.0.8-1
- Update to 42.0.8, fixes rhbz#2251816
@ -246,3 +509,5 @@
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
## END: Generated by rpmautospec

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

29
plan.fmf
View File

@ -1,29 +0,0 @@
execute:
how: tmt
provision:
hardware:
memory: '>= 6 GB'
discover:
how: shell
dist-git-source: true
dist-git-install-builddeps: true
dist-git-require:
- cargo
- rust-toolset
tests:
- name: unittests
test: |
export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
export PYTHONPATH=./vectors
pip3.14 show pretend || pip3.14 install pretend
cd $(dirname $TMT_SOURCE_DIR/crypto*/tests) &&
# no need for benchmarks
rm -rf tests/bench &&
pytest-3.14 tests/
require:
- python3.14-devel
- python3.14-pytest
- python3.14-pip
- python3.14-cryptography

241
python3.14-cryptography.spec
View File

@ -1,241 +0,0 @@
%global python3_pkgversion 3.14
# RHEL: Tests disabled due to missing deps
%bcond_with tests
%global srcname cryptography
Name: python%{python3_pkgversion}-%{srcname}
Version: 45.0.4
Release: %autorelease
Summary: PyCA's cryptography library
# We bundle various crates with cryptography which is dual licensed
# under the ASL 2.0 or BSD, as well as the Python license
# for the OS random engine derived by CPython.
# in the vendor dir from SOURCE1:
# import pathlib, tomllib
# bundled = {}
# for d in pathlib.Path('.').iterdir():
# cargo_toml = d / 'Cargo.toml'
# cargo = tomllib.loads(cargo_toml.read_text())
# bundled[cargo['package']['name']] = cargo['package']
# for pkg in sorted(bundled):
# print(f"# {pkg}: {bundled[pkg]['license']}")
# asn1: BSD-3-Clause
# asn1_derive: BSD-3-Clause
# autocfg: Apache-2.0 OR MIT
# base64: MIT OR Apache-2.0
# bitflags: MIT OR Apache-2.0
# cc: MIT OR Apache-2.0
# cfg-if: MIT/Apache-2.0
# foreign-types: MIT/Apache-2.0
# foreign-types-shared: MIT/Apache-2.0
# heck: MIT OR Apache-2.0
# indoc: MIT OR Apache-2.0
# itoa: MIT OR Apache-2.0
# libc: MIT OR Apache-2.0
# memoffset: MIT
# once_cell: MIT OR Apache-2.0
# openssl: Apache-2.0
# openssl-macros: MIT/Apache-2.0
# openssl-sys: MIT
# pem: MIT
# pkg-config: MIT OR Apache-2.0
# portable-atomic: Apache-2.0 OR MIT
# proc-macro2: MIT OR Apache-2.0
# pyo3: MIT OR Apache-2.0
# pyo3-build-config: MIT OR Apache-2.0
# pyo3-ffi: MIT OR Apache-2.0
# pyo3-macros: MIT OR Apache-2.0
# pyo3-macros-backend: MIT OR Apache-2.0
# quote: MIT OR Apache-2.0
# self_cell: Apache-2.0
# shlex: MIT OR Apache-2.0
# syn: MIT OR Apache-2.0
# target-lexicon: Apache-2.0 WITH LLVM-exception
# unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0
# unindent: MIT OR Apache-2.0
# vcpkg: MIT/Apache-2.0
License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0)
URL: https://cryptography.io/en/latest/
Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
# created by ./vendor_rust.py helper script
Source1: cryptography-%{version}-vendor.tar.bz2
Source2: conftest-skipper.py
# upstream uses maturin as a build backend,
# we replace it with setuptools-rust since it is not available in RHEL
# reverts: https://github.com/pyca/cryptography/commit/5b23baa
Patch: Replace-maturin-build-backend-with-setuptools-rust.patch
ExclusiveArch: %{rust_arches}
BuildRequires: openssl-devel
BuildRequires: gcc
BuildRequires: gnupg2
%if 0%{?fedora}
BuildRequires: rust-packaging
%else
BuildRequires: rust-toolset
%endif
BuildRequires: python%{python3_pkgversion}-cffi >= 1.12
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4
%if %{with tests}
%if 0%{?fedora}
BuildRequires: python%{python3_pkgversion}-certifi
BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4
BuildRequires: python%{python3_pkgversion}-iso8601
BuildRequires: python%{python3_pkgversion}-pretend
BuildRequires: python%{python3_pkgversion}-pytest-benchmark
BuildRequires: python%{python3_pkgversion}-pytest-xdist
BuildRequires: python%{python3_pkgversion}-pytz
%endif
BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0
%endif
Requires: openssl-libs
Requires: python%{python3_pkgversion}-cffi >= 1.12
# Provides for the bundled crates
# (continuation of the snippet above the License tag)
# for pkg in sorted(bundled):
# print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}")
Provides: bundled(crate(asn1)) = 0.21.3
Provides: bundled(crate(asn1_derive)) = 0.21.3
Provides: bundled(crate(autocfg)) = 1.4.0
Provides: bundled(crate(base64)) = 0.22.1
Provides: bundled(crate(bitflags)) = 2.9.1
Provides: bundled(crate(cc)) = 1.2.23
Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(foreign-types)) = 0.3.2
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
Provides: bundled(crate(heck)) = 0.5.0
Provides: bundled(crate(indoc)) = 2.0.6
Provides: bundled(crate(itoa)) = 1.0.15
Provides: bundled(crate(libc)) = 0.2.172
Provides: bundled(crate(memoffset)) = 0.9.1
Provides: bundled(crate(once_cell)) = 1.21.3
Provides: bundled(crate(openssl)) = 0.10.72
Provides: bundled(crate(openssl-macros)) = 0.1.1
Provides: bundled(crate(openssl-sys)) = 0.9.108
Provides: bundled(crate(pem)) = 3.0.5
Provides: bundled(crate(pkg-config)) = 0.3.32
Provides: bundled(crate(portable-atomic)) = 1.11.0
Provides: bundled(crate(proc-macro2)) = 1.0.95
Provides: bundled(crate(pyo3)) = 0.25.0
Provides: bundled(crate(pyo3-build-config)) = 0.25.0
Provides: bundled(crate(pyo3-ffi)) = 0.25.0
Provides: bundled(crate(pyo3-macros)) = 0.25.0
Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0
Provides: bundled(crate(quote)) = 1.0.40
Provides: bundled(crate(self_cell)) = 1.2.0
Provides: bundled(crate(shlex)) = 1.3.0
Provides: bundled(crate(syn)) = 2.0.101
Provides: bundled(crate(target-lexicon)) = 0.13.2
Provides: bundled(crate(unicode-ident)) = 1.0.18
Provides: bundled(crate(unindent)) = 0.2.4
Provides: bundled(crate(vcpkg)) = 0.2.15
# Cryptography crates
Provides: bundled(crate(cryptography-cffi)) = 0.1.0
Provides: bundled(crate(cryptography-crypto)) = 0.1.0
Provides: bundled(crate(cryptography-keepalive)) = 0.1.0
Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0
Provides: bundled(crate(cryptography-rust)) = 0.1.0
Provides: bundled(crate(cryptography-x509)) = 0.1.0
Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0
Provides: bundled(crate(cryptography-openssl)) = 0.1.0
%description
cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.
%prep
%autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version}
%if 0%{?fedora}
%cargo_prep
sed -i 's/locked = true//g' pyproject.toml
%else
# RHEL: use vendored Rust crates
%cargo_prep -v vendor
%endif
%if ! 0%{?fedora}
sed -i 's,--benchmark-disable,,' pyproject.toml
%endif
%generate_buildrequires
%pyproject_buildrequires
%if 0%{?fedora}
# Fedora: use RPMified crates
%cargo_generate_buildrequires
%endif
%build
export RUSTFLAGS="%build_rustflags"
export OPENSSL_NO_VENDOR=1
export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
%pyproject_wheel
%cargo_license_summary
%{cargo_license} > LICENSE.dependencies
%if ! 0%{?fedora}
%cargo_vendor_manifest
%endif
%install
# Actually other *.c and *.h are appropriate
# see https://github.com/pyca/cryptography/issues/1463
find . -name .keep -print -delete
find . -name Cargo.toml -print -delete
%pyproject_install
%pyproject_save_files %{srcname}
%check
%if %{with tests}
%if 0%{?rhel}
# skip benchmark, hypothesis, and pytz tests on RHEL
rm -rf tests/bench tests/hypothesis
# append skipper to skip iso8601 and pretend tests
cat < %{SOURCE2} >> tests/conftest.py
%endif
# enable SHA-1 signatures for RSA tests
# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343
export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
# see https://github.com/pyca/cryptography/issues/4885 and
# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes
# not much sense for downstream testing.
# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure
PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
%{__python3} -m pytest \
--ignore vendor \
-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
%endif
%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
%doc README.rst docs
%license LICENSE LICENSE.APACHE LICENSE.BSD
%license LICENSE.dependencies
%if ! 0%{?fedora}
%license cargo-vendor.txt
%endif
%changelog
%autochangelog

2
sources
View File

@ -1,2 +0,0 @@
SHA512 (cryptography-45.0.4.tar.gz) = 08b35f414d81f83ee242f5d208f8aabc12dc53f1a0cbffc5be1ed7f9173e9c9863225a7eb5cff4e9f3dacf5e9fcb3e8701e33c441e1562ee13f9e3927fafb3df
SHA512 (cryptography-45.0.4-vendor.tar.bz2) = 47eec7e690bda6d86c47d62412f5b66a69e5e542141fd4a502f74554bac2e6caff8a01a82f9ebde06c0c89dd25a8cc0cbe4c22d6338d586ab0741852e9df8d8d

112
vendor_rust.py
View File

@ -1,112 +0,0 @@
#!/usr/bin/python3
"""Vendor PyCA cryptography's Rust crates
"""
import argparse
import os
import re
import tarfile
import tempfile
import shutil
import subprocess
import sys
VENDOR_DIR = "vendor"
CARGO_TOML = "src/rust/Cargo.toml"
RE_VERSION = re.compile(r"Version:\s*(.*)")
parser = argparse.ArgumentParser(description="Vendor Rust packages")
parser.add_argument(
"--spec", default="python-cryptography.spec", help="cryptography source tar bundle"
)
def cargo(cmd, manifest):
args = ["cargo", cmd, f"--manifest-path={manifest}"]
return subprocess.check_call(
args, stdout=subprocess.DEVNULL, stderr=sys.stderr, env={}
)
def tar_reset(tarinfo):
"""Reset user, group, mtime, and mode to create reproducible tar"""
tarinfo.uid = 0
tarinfo.gid = 0
tarinfo.uname = "root"
tarinfo.gname = "root"
tarinfo.mtime = 0
if tarinfo.type == tarfile.DIRTYPE:
tarinfo.mode = 0o755
else:
tarinfo.mode = 0o644
if tarinfo.pax_headers:
raise ValueError(tarinfo.name, tarinfo.pax_headers)
return tarinfo
def tar_reproducible(tar, basedir):
"""Create reproducible tar file"""
content = [basedir]
for root, dirs, files in os.walk(basedir):
for directory in dirs:
content.append(os.path.join(root, directory))
for filename in files:
content.append(os.path.join(root, filename))
content.sort()
for fn in content:
tar.add(fn, filter=tar_reset, recursive=False, arcname=fn)
def main():
args = parser.parse_args()
spec = args.spec
# change cwd to work in bundle directory
here = os.path.dirname(os.path.abspath(spec))
os.chdir(here)
# extract version number from bundle name
with open(spec) as f:
for line in f:
mo = RE_VERSION.search(line)
if mo is not None:
version = mo.group(1)
break
else:
raise ValueError(f"Cannot find version in {spec}")
bundle_file = f"cryptography-{version}.tar.gz"
vendor_file = f"cryptography-{version}-vendor.tar.bz2"
# remove existing vendor directory and file
if os.path.isdir(VENDOR_DIR):
shutil.rmtree(VENDOR_DIR)
try:
os.unlink(vendor_file)
except FileNotFoundError:
pass
print(f"Getting crates for {bundle_file}", file=sys.stderr)
# extract tar file in tempdir
# fetch and vendor Rust crates
with tempfile.TemporaryDirectory(dir=here) as tmp:
with tarfile.open(bundle_file) as tar:
tar.extractall(path=tmp)
manifest = os.path.join(tmp, f"cryptography-{version}", CARGO_TOML)
cargo("fetch", manifest)
cargo("vendor", manifest)
print("\nCreating tar ball...", file=sys.stderr)
with tarfile.open(vendor_file, "x:bz2") as tar:
tar_reproducible(tar, VENDOR_DIR)
# remove vendor dir
shutil.rmtree(VENDOR_DIR)
parser.exit(0, f"Created {vendor_file}\n")
if __name__ == "__main__":
main()