From f4fc822a8277c99726c1bc747837b44afad37858 Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Thu, 16 Apr 2026 04:56:09 -0400 Subject: [PATCH] import CS python3.14-cryptography-45.0.4-4.el9 --- .fmf/version | 1 - .gitignore | 79 +----- .python3.14-cryptography.metadata | 2 + README.md | 59 ---- ...n-build-backend-with-setuptools-rust.patch | 0 .../conftest-skipper.py | 0 .../python3.14-cryptography.spec | 265 ++++++++++++++++++ gating.yaml | 6 - plan.fmf | 29 -- python3.14-cryptography.spec | 241 ---------------- sources | 2 - vendor_rust.py | 112 -------- 12 files changed, 269 insertions(+), 527 deletions(-) delete mode 100644 .fmf/version create mode 100644 .python3.14-cryptography.metadata delete mode 100644 README.md rename Replace-maturin-build-backend-with-setuptools-rust.patch => SOURCES/Replace-maturin-build-backend-with-setuptools-rust.patch (100%) rename conftest-skipper.py => SOURCES/conftest-skipper.py (100%) rename changelog => SPECS/python3.14-cryptography.spec (51%) delete mode 100644 gating.yaml delete mode 100644 plan.fmf delete mode 100644 python3.14-cryptography.spec delete mode 100644 sources delete mode 100755 vendor_rust.py diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index 4ad8197..60fa3e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,77 +1,2 @@ -/results_python-cryptography -/*.src.rpm -/cryptography-1.3.1.tar.gz -/cryptography-1.5.3.tar.gz -/cryptography-1.7.1.tar.gz -/cryptography-1.7.2.tar.gz -/cryptography-1.9.tar.gz -/cryptography-2.0.2.tar.gz -/cryptography-2.1.tar.gz -/cryptography-2.1.3.tar.gz -/cryptography-2.1.4.tar.gz -/cryptography-2.2.1.tar.gz -/cryptography-2.3.tar.gz -/cryptography-2.5.tar.gz -/cryptography-2.6.1.tar.gz -/cryptography-2.7.tar.gz -/cryptography-2.8.tar.gz -/cryptography-2.9.tar.gz -/cryptography-2.9.tar.gz.asc -/cryptography-3.0.tar.gz -/cryptography-3.0.tar.gz.asc -/cryptography-3.1.tar.gz -/cryptography-3.1.tar.gz.asc -/cryptography-3.2.tar.gz -/cryptography-3.2.tar.gz.asc -/cryptography-3.2.1.tar.gz -/cryptography-3.2.1.tar.gz.asc -/cryptography-3.3.1.tar.gz -/cryptography-3.3.1.tar.gz.asc -/cryptography-3.4.tar.gz -/cryptography-3.4.tar.gz.asc -/cryptography-3.4.1.tar.gz -/cryptography-3.4.1.tar.gz.asc -/cryptography-3.4.2.tar.gz -/cryptography-3.4.2.tar.gz.asc -/cryptography-3.4.4.tar.gz -/cryptography-3.4.4.tar.gz.asc -/cryptography-3.4.5.tar.gz -/cryptography-3.4.5.tar.gz.asc -/cryptography-3.4.6.tar.gz -/cryptography-3.4.6.tar.gz.asc -/cryptography-3.4.7.tar.gz -/cryptography-3.4.7-vendor.tar.bz2 -/cryptography-35.0.0.tar.gz -/cryptography-35.0.0-vendor.tar.bz2 -/cryptography-36.0.0.tar.gz -/cryptography-36.0.0-vendor.tar.bz2 -/cryptography-37.0.2.tar.gz -/cryptography-37.0.2-vendor.tar.bz2 -/cryptography-39.0.2.tar.gz -/cryptography-39.0.2-vendor.tar.bz2 -/cryptography-40.0.0.tar.gz -/cryptography-40.0.0-vendor.tar.bz2 -/cryptography-40.0.1.tar.gz -/cryptography-40.0.1-vendor.tar.bz2 -/cryptography-40.0.2.tar.gz -/cryptography-40.0.2-vendor.tar.bz2 -/cryptography-41.0.3.tar.gz -/cryptography-41.0.3-vendor.tar.bz2 -/cryptography-41.0.5-vendor.tar.bz2 -/cryptography-41.0.5.tar.gz -/cryptography-41.0.7.tar.gz -/cryptography-41.0.7-vendor.tar.bz2 -/cryptography-42.0.5.tar.gz -/cryptography-42.0.5-vendor.tar.bz2 -/cryptography-42.0.8.tar.gz -/cryptography-42.0.8-vendor.tar.bz2 -/cryptography-43.0.0.tar.gz -/cryptography-43.0.0-vendor.tar.bz2 -/cryptography-44.0.0.tar.gz -/cryptography-44.0.0-vendor.tar.bz2 -/cryptography-45.0.2.tar.gz -/cryptography-45.0.2-vendor.tar.bz2 -/cryptography-45.0.3.tar.gz -/cryptography-45.0.3-vendor.tar.bz2 -/cryptography-45.0.4.tar.gz -/cryptography-45.0.4-vendor.tar.bz2 +SOURCES/cryptography-45.0.4-vendor.tar.bz2 +SOURCES/cryptography-45.0.4.tar.gz diff --git a/.python3.14-cryptography.metadata b/.python3.14-cryptography.metadata new file mode 100644 index 0000000..f2eeb05 --- /dev/null +++ b/.python3.14-cryptography.metadata @@ -0,0 +1,2 @@ +119d707ca21a4a6ad0d7a39f37ef5e40cf00c4b1 SOURCES/cryptography-45.0.4-vendor.tar.bz2 +08cb96ac825f17cedfa0cac54843f2b4ac596b76 SOURCES/cryptography-45.0.4.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 33554c0..0000000 --- a/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# PyCA cryptography - -https://cryptography.io/en/latest/ - -## Packaging python-cryptography - -The example assumes - -* Fedora Rawhide (f34) -* PyCA cryptography release ``3.4`` -* Update Bugzilla issue is ``RHBZ#00000001`` - -### Build new python-cryptography - -Switch and update branch - -```shell -fedpkg switch-branch rawhide -fedpkg pull -``` - -Bump version and get sources - -```shell -rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec -spectool -gf python-cryptography.spec -``` - -Upload new source - -```shell -fedpkg new-sources cryptography-3.4.tar.gz -``` - -Commit changes - -```shell -fedpkg commit --clog -fedpkg push -``` - -Build - -```shell -fedpkg build -``` - -## RHEL/CentOS builds - -RHEL and CentOS use a different approach for Rust crates packaging than -Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g. -``rust-pyo3+default-devel`` RPM. These packages don't exist on RHEL and -CentOS. Instead python-cryptography uses a tar ball with vendored crates. -The tar ball is created by a script: - -```shell -./vendor_rust.py -rhpkg upload cryptography-3.4-vendor.tar.bz2 -``` diff --git a/Replace-maturin-build-backend-with-setuptools-rust.patch b/SOURCES/Replace-maturin-build-backend-with-setuptools-rust.patch similarity index 100% rename from Replace-maturin-build-backend-with-setuptools-rust.patch rename to SOURCES/Replace-maturin-build-backend-with-setuptools-rust.patch diff --git a/conftest-skipper.py b/SOURCES/conftest-skipper.py similarity index 100% rename from conftest-skipper.py rename to SOURCES/conftest-skipper.py diff --git a/changelog b/SPECS/python3.14-cryptography.spec similarity index 51% rename from changelog rename to SPECS/python3.14-cryptography.spec index fa06f3e..fbc230b 100644 --- a/changelog +++ b/SPECS/python3.14-cryptography.spec @@ -1,3 +1,266 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 4; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +%global python3_pkgversion 3.14 + +# RHEL: Tests disabled due to missing deps +%bcond_with tests + +%global srcname cryptography + +Name: python%{python3_pkgversion}-%{srcname} +Version: 45.0.4 +Release: %autorelease +Summary: PyCA's cryptography library + +# We bundle various crates with cryptography which is dual licensed +# under the ASL 2.0 or BSD, as well as the Python license +# for the OS random engine derived by CPython. + +# in the vendor dir from SOURCE1: +# import pathlib, tomllib +# bundled = {} +# for d in pathlib.Path('.').iterdir(): +# cargo_toml = d / 'Cargo.toml' +# cargo = tomllib.loads(cargo_toml.read_text()) +# bundled[cargo['package']['name']] = cargo['package'] +# for pkg in sorted(bundled): +# print(f"# {pkg}: {bundled[pkg]['license']}") + +# asn1: BSD-3-Clause +# asn1_derive: BSD-3-Clause +# autocfg: Apache-2.0 OR MIT +# base64: MIT OR Apache-2.0 +# bitflags: MIT OR Apache-2.0 +# cc: MIT OR Apache-2.0 +# cfg-if: MIT/Apache-2.0 +# foreign-types: MIT/Apache-2.0 +# foreign-types-shared: MIT/Apache-2.0 +# heck: MIT OR Apache-2.0 +# indoc: MIT OR Apache-2.0 +# itoa: MIT OR Apache-2.0 +# libc: MIT OR Apache-2.0 +# memoffset: MIT +# once_cell: MIT OR Apache-2.0 +# openssl: Apache-2.0 +# openssl-macros: MIT/Apache-2.0 +# openssl-sys: MIT +# pem: MIT +# pkg-config: MIT OR Apache-2.0 +# portable-atomic: Apache-2.0 OR MIT +# proc-macro2: MIT OR Apache-2.0 +# pyo3: MIT OR Apache-2.0 +# pyo3-build-config: MIT OR Apache-2.0 +# pyo3-ffi: MIT OR Apache-2.0 +# pyo3-macros: MIT OR Apache-2.0 +# pyo3-macros-backend: MIT OR Apache-2.0 +# quote: MIT OR Apache-2.0 +# self_cell: Apache-2.0 +# shlex: MIT OR Apache-2.0 +# syn: MIT OR Apache-2.0 +# target-lexicon: Apache-2.0 WITH LLVM-exception +# unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0 +# unindent: MIT OR Apache-2.0 +# vcpkg: MIT/Apache-2.0 + +License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0) +URL: https://cryptography.io/en/latest/ +Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz + # created by ./vendor_rust.py helper script +Source1: cryptography-%{version}-vendor.tar.bz2 +Source2: conftest-skipper.py + +# upstream uses maturin as a build backend, +# we replace it with setuptools-rust since it is not available in RHEL +# reverts: https://github.com/pyca/cryptography/commit/5b23baa +Patch: Replace-maturin-build-backend-with-setuptools-rust.patch + +ExclusiveArch: %{rust_arches} + +BuildRequires: openssl-devel +BuildRequires: gcc +BuildRequires: gnupg2 +%if 0%{?fedora} +BuildRequires: rust-packaging +%else +BuildRequires: rust-toolset +%endif + +BuildRequires: python%{python3_pkgversion}-cffi >= 1.12 +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4 + +%if %{with tests} +%if 0%{?fedora} +BuildRequires: python%{python3_pkgversion}-certifi +BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 +BuildRequires: python%{python3_pkgversion}-iso8601 +BuildRequires: python%{python3_pkgversion}-pretend +BuildRequires: python%{python3_pkgversion}-pytest-benchmark +BuildRequires: python%{python3_pkgversion}-pytest-xdist +BuildRequires: python%{python3_pkgversion}-pytz +%endif +BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0 +%endif + +Requires: openssl-libs +Requires: python%{python3_pkgversion}-cffi >= 1.12 + +# Provides for the bundled crates +# (continuation of the snippet above the License tag) +# for pkg in sorted(bundled): +# print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}") +Provides: bundled(crate(asn1)) = 0.21.3 +Provides: bundled(crate(asn1_derive)) = 0.21.3 +Provides: bundled(crate(autocfg)) = 1.4.0 +Provides: bundled(crate(base64)) = 0.22.1 +Provides: bundled(crate(bitflags)) = 2.9.1 +Provides: bundled(crate(cc)) = 1.2.23 +Provides: bundled(crate(cfg-if)) = 1.0.0 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(heck)) = 0.5.0 +Provides: bundled(crate(indoc)) = 2.0.6 +Provides: bundled(crate(itoa)) = 1.0.15 +Provides: bundled(crate(libc)) = 0.2.172 +Provides: bundled(crate(memoffset)) = 0.9.1 +Provides: bundled(crate(once_cell)) = 1.21.3 +Provides: bundled(crate(openssl)) = 0.10.72 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.108 +Provides: bundled(crate(pem)) = 3.0.5 +Provides: bundled(crate(pkg-config)) = 0.3.32 +Provides: bundled(crate(portable-atomic)) = 1.11.0 +Provides: bundled(crate(proc-macro2)) = 1.0.95 +Provides: bundled(crate(pyo3)) = 0.25.0 +Provides: bundled(crate(pyo3-build-config)) = 0.25.0 +Provides: bundled(crate(pyo3-ffi)) = 0.25.0 +Provides: bundled(crate(pyo3-macros)) = 0.25.0 +Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0 +Provides: bundled(crate(quote)) = 1.0.40 +Provides: bundled(crate(self_cell)) = 1.2.0 +Provides: bundled(crate(shlex)) = 1.3.0 +Provides: bundled(crate(syn)) = 2.0.101 +Provides: bundled(crate(target-lexicon)) = 0.13.2 +Provides: bundled(crate(unicode-ident)) = 1.0.18 +Provides: bundled(crate(unindent)) = 0.2.4 +Provides: bundled(crate(vcpkg)) = 0.2.15 + +# Cryptography crates +Provides: bundled(crate(cryptography-cffi)) = 0.1.0 +Provides: bundled(crate(cryptography-crypto)) = 0.1.0 +Provides: bundled(crate(cryptography-keepalive)) = 0.1.0 +Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0 +Provides: bundled(crate(cryptography-rust)) = 0.1.0 +Provides: bundled(crate(cryptography-x509)) = 0.1.0 +Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0 +Provides: bundled(crate(cryptography-openssl)) = 0.1.0 + +%description +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%prep +%autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version} +%if 0%{?fedora} +%cargo_prep +sed -i 's/locked = true//g' pyproject.toml +%else +# RHEL: use vendored Rust crates +%cargo_prep -v vendor +%endif + +%if ! 0%{?fedora} +sed -i 's,--benchmark-disable,,' pyproject.toml +%endif + + +%generate_buildrequires +%pyproject_buildrequires +%if 0%{?fedora} +# Fedora: use RPMified crates +%cargo_generate_buildrequires +%endif + + +%build +export RUSTFLAGS="%build_rustflags" +export OPENSSL_NO_VENDOR=1 +export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 " +%pyproject_wheel + +%cargo_license_summary +%{cargo_license} > LICENSE.dependencies +%if ! 0%{?fedora} +%cargo_vendor_manifest +%endif + + +%install +# Actually other *.c and *.h are appropriate +# see https://github.com/pyca/cryptography/issues/1463 +find . -name .keep -print -delete +find . -name Cargo.toml -print -delete +%pyproject_install +%pyproject_save_files %{srcname} + + +%check +%if %{with tests} +%if 0%{?rhel} +# skip benchmark, hypothesis, and pytz tests on RHEL +rm -rf tests/bench tests/hypothesis +# append skipper to skip iso8601 and pretend tests +cat < %{SOURCE2} >> tests/conftest.py +%endif + +# enable SHA-1 signatures for RSA tests +# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343 +export OPENSSL_ENABLE_SHA1_SIGNATURES=yes + +# see https://github.com/pyca/cryptography/issues/4885 and +# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests +# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes +# not much sense for downstream testing. +# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure +PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ + %{__python3} -m pytest \ + --ignore vendor \ + -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)" +%endif + + +%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files} +%doc README.rst docs +%license LICENSE LICENSE.APACHE LICENSE.BSD +%license LICENSE.dependencies +%if ! 0%{?fedora} +%license cargo-vendor.txt +%endif + + +%changelog +## START: Generated by rpmautospec +* Fri Nov 28 2025 Lumir Balhar - 45.0.4-4 +- Reuploaded sources + +* Fri Nov 28 2025 Lukáš Zachar - 45.0.4-3 +- Add gating + +* Fri Nov 28 2025 Tomáš Hrnčiar - 45.0.4-2 +- Convert from Fedora for the Python 3.14 stack in RHEL + +* Fri Nov 28 2025 Tomáš Hrnčiar - 45.0.4-1 +- RHEL: Rename SPEC to python3.14-cryptography.spec + * Tue Jul 02 2024 Jeremy Cline - 42.0.8-1 - Update to 42.0.8, fixes rhbz#2251816 @@ -246,3 +509,5 @@ * Fri Feb 09 2018 Fedora Release Engineering - 2.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +## END: Generated by rpmautospec diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 2c7ed80..0000000 --- a/gating.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- !Policy -product_versions: - - rhel-* -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/plan.fmf b/plan.fmf deleted file mode 100644 index 38ab193..0000000 --- a/plan.fmf +++ /dev/null @@ -1,29 +0,0 @@ -execute: - how: tmt - -provision: - hardware: - memory: '>= 6 GB' - -discover: - how: shell - dist-git-source: true - dist-git-install-builddeps: true - dist-git-require: - - cargo - - rust-toolset - tests: - - name: unittests - test: | - export OPENSSL_ENABLE_SHA1_SIGNATURES=yes - export PYTHONPATH=./vectors - pip3.14 show pretend || pip3.14 install pretend - cd $(dirname $TMT_SOURCE_DIR/crypto*/tests) && - # no need for benchmarks - rm -rf tests/bench && - pytest-3.14 tests/ - require: - - python3.14-devel - - python3.14-pytest - - python3.14-pip - - python3.14-cryptography diff --git a/python3.14-cryptography.spec b/python3.14-cryptography.spec deleted file mode 100644 index 9bda5ef..0000000 --- a/python3.14-cryptography.spec +++ /dev/null @@ -1,241 +0,0 @@ -%global python3_pkgversion 3.14 - -# RHEL: Tests disabled due to missing deps -%bcond_with tests - -%global srcname cryptography - -Name: python%{python3_pkgversion}-%{srcname} -Version: 45.0.4 -Release: %autorelease -Summary: PyCA's cryptography library - -# We bundle various crates with cryptography which is dual licensed -# under the ASL 2.0 or BSD, as well as the Python license -# for the OS random engine derived by CPython. - -# in the vendor dir from SOURCE1: -# import pathlib, tomllib -# bundled = {} -# for d in pathlib.Path('.').iterdir(): -# cargo_toml = d / 'Cargo.toml' -# cargo = tomllib.loads(cargo_toml.read_text()) -# bundled[cargo['package']['name']] = cargo['package'] -# for pkg in sorted(bundled): -# print(f"# {pkg}: {bundled[pkg]['license']}") - -# asn1: BSD-3-Clause -# asn1_derive: BSD-3-Clause -# autocfg: Apache-2.0 OR MIT -# base64: MIT OR Apache-2.0 -# bitflags: MIT OR Apache-2.0 -# cc: MIT OR Apache-2.0 -# cfg-if: MIT/Apache-2.0 -# foreign-types: MIT/Apache-2.0 -# foreign-types-shared: MIT/Apache-2.0 -# heck: MIT OR Apache-2.0 -# indoc: MIT OR Apache-2.0 -# itoa: MIT OR Apache-2.0 -# libc: MIT OR Apache-2.0 -# memoffset: MIT -# once_cell: MIT OR Apache-2.0 -# openssl: Apache-2.0 -# openssl-macros: MIT/Apache-2.0 -# openssl-sys: MIT -# pem: MIT -# pkg-config: MIT OR Apache-2.0 -# portable-atomic: Apache-2.0 OR MIT -# proc-macro2: MIT OR Apache-2.0 -# pyo3: MIT OR Apache-2.0 -# pyo3-build-config: MIT OR Apache-2.0 -# pyo3-ffi: MIT OR Apache-2.0 -# pyo3-macros: MIT OR Apache-2.0 -# pyo3-macros-backend: MIT OR Apache-2.0 -# quote: MIT OR Apache-2.0 -# self_cell: Apache-2.0 -# shlex: MIT OR Apache-2.0 -# syn: MIT OR Apache-2.0 -# target-lexicon: Apache-2.0 WITH LLVM-exception -# unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0 -# unindent: MIT OR Apache-2.0 -# vcpkg: MIT/Apache-2.0 - -License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0) -URL: https://cryptography.io/en/latest/ -Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz - # created by ./vendor_rust.py helper script -Source1: cryptography-%{version}-vendor.tar.bz2 -Source2: conftest-skipper.py - -# upstream uses maturin as a build backend, -# we replace it with setuptools-rust since it is not available in RHEL -# reverts: https://github.com/pyca/cryptography/commit/5b23baa -Patch: Replace-maturin-build-backend-with-setuptools-rust.patch - -ExclusiveArch: %{rust_arches} - -BuildRequires: openssl-devel -BuildRequires: gcc -BuildRequires: gnupg2 -%if 0%{?fedora} -BuildRequires: rust-packaging -%else -BuildRequires: rust-toolset -%endif - -BuildRequires: python%{python3_pkgversion}-cffi >= 1.12 -BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4 - -%if %{with tests} -%if 0%{?fedora} -BuildRequires: python%{python3_pkgversion}-certifi -BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 -BuildRequires: python%{python3_pkgversion}-iso8601 -BuildRequires: python%{python3_pkgversion}-pretend -BuildRequires: python%{python3_pkgversion}-pytest-benchmark -BuildRequires: python%{python3_pkgversion}-pytest-xdist -BuildRequires: python%{python3_pkgversion}-pytz -%endif -BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0 -%endif - -Requires: openssl-libs -Requires: python%{python3_pkgversion}-cffi >= 1.12 - -# Provides for the bundled crates -# (continuation of the snippet above the License tag) -# for pkg in sorted(bundled): -# print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}") -Provides: bundled(crate(asn1)) = 0.21.3 -Provides: bundled(crate(asn1_derive)) = 0.21.3 -Provides: bundled(crate(autocfg)) = 1.4.0 -Provides: bundled(crate(base64)) = 0.22.1 -Provides: bundled(crate(bitflags)) = 2.9.1 -Provides: bundled(crate(cc)) = 1.2.23 -Provides: bundled(crate(cfg-if)) = 1.0.0 -Provides: bundled(crate(foreign-types)) = 0.3.2 -Provides: bundled(crate(foreign-types-shared)) = 0.1.1 -Provides: bundled(crate(heck)) = 0.5.0 -Provides: bundled(crate(indoc)) = 2.0.6 -Provides: bundled(crate(itoa)) = 1.0.15 -Provides: bundled(crate(libc)) = 0.2.172 -Provides: bundled(crate(memoffset)) = 0.9.1 -Provides: bundled(crate(once_cell)) = 1.21.3 -Provides: bundled(crate(openssl)) = 0.10.72 -Provides: bundled(crate(openssl-macros)) = 0.1.1 -Provides: bundled(crate(openssl-sys)) = 0.9.108 -Provides: bundled(crate(pem)) = 3.0.5 -Provides: bundled(crate(pkg-config)) = 0.3.32 -Provides: bundled(crate(portable-atomic)) = 1.11.0 -Provides: bundled(crate(proc-macro2)) = 1.0.95 -Provides: bundled(crate(pyo3)) = 0.25.0 -Provides: bundled(crate(pyo3-build-config)) = 0.25.0 -Provides: bundled(crate(pyo3-ffi)) = 0.25.0 -Provides: bundled(crate(pyo3-macros)) = 0.25.0 -Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0 -Provides: bundled(crate(quote)) = 1.0.40 -Provides: bundled(crate(self_cell)) = 1.2.0 -Provides: bundled(crate(shlex)) = 1.3.0 -Provides: bundled(crate(syn)) = 2.0.101 -Provides: bundled(crate(target-lexicon)) = 0.13.2 -Provides: bundled(crate(unicode-ident)) = 1.0.18 -Provides: bundled(crate(unindent)) = 0.2.4 -Provides: bundled(crate(vcpkg)) = 0.2.15 - -# Cryptography crates -Provides: bundled(crate(cryptography-cffi)) = 0.1.0 -Provides: bundled(crate(cryptography-crypto)) = 0.1.0 -Provides: bundled(crate(cryptography-keepalive)) = 0.1.0 -Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0 -Provides: bundled(crate(cryptography-rust)) = 0.1.0 -Provides: bundled(crate(cryptography-x509)) = 0.1.0 -Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0 -Provides: bundled(crate(cryptography-openssl)) = 0.1.0 - -%description -cryptography is a package designed to expose cryptographic primitives and -recipes to Python developers. - -%prep -%autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version} -%if 0%{?fedora} -%cargo_prep -sed -i 's/locked = true//g' pyproject.toml -%else -# RHEL: use vendored Rust crates -%cargo_prep -v vendor -%endif - -%if ! 0%{?fedora} -sed -i 's,--benchmark-disable,,' pyproject.toml -%endif - - -%generate_buildrequires -%pyproject_buildrequires -%if 0%{?fedora} -# Fedora: use RPMified crates -%cargo_generate_buildrequires -%endif - - -%build -export RUSTFLAGS="%build_rustflags" -export OPENSSL_NO_VENDOR=1 -export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 " -%pyproject_wheel - -%cargo_license_summary -%{cargo_license} > LICENSE.dependencies -%if ! 0%{?fedora} -%cargo_vendor_manifest -%endif - - -%install -# Actually other *.c and *.h are appropriate -# see https://github.com/pyca/cryptography/issues/1463 -find . -name .keep -print -delete -find . -name Cargo.toml -print -delete -%pyproject_install -%pyproject_save_files %{srcname} - - -%check -%if %{with tests} -%if 0%{?rhel} -# skip benchmark, hypothesis, and pytz tests on RHEL -rm -rf tests/bench tests/hypothesis -# append skipper to skip iso8601 and pretend tests -cat < %{SOURCE2} >> tests/conftest.py -%endif - -# enable SHA-1 signatures for RSA tests -# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343 -export OPENSSL_ENABLE_SHA1_SIGNATURES=yes - -# see https://github.com/pyca/cryptography/issues/4885 and -# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests -# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes -# not much sense for downstream testing. -# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure -PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ - %{__python3} -m pytest \ - --ignore vendor \ - -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)" -%endif - - -%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files} -%doc README.rst docs -%license LICENSE LICENSE.APACHE LICENSE.BSD -%license LICENSE.dependencies -%if ! 0%{?fedora} -%license cargo-vendor.txt -%endif - - -%changelog -%autochangelog diff --git a/sources b/sources deleted file mode 100644 index 6ece245..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (cryptography-45.0.4.tar.gz) = 08b35f414d81f83ee242f5d208f8aabc12dc53f1a0cbffc5be1ed7f9173e9c9863225a7eb5cff4e9f3dacf5e9fcb3e8701e33c441e1562ee13f9e3927fafb3df -SHA512 (cryptography-45.0.4-vendor.tar.bz2) = 47eec7e690bda6d86c47d62412f5b66a69e5e542141fd4a502f74554bac2e6caff8a01a82f9ebde06c0c89dd25a8cc0cbe4c22d6338d586ab0741852e9df8d8d diff --git a/vendor_rust.py b/vendor_rust.py deleted file mode 100755 index eb53abd..0000000 --- a/vendor_rust.py +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/python3 -"""Vendor PyCA cryptography's Rust crates -""" -import argparse -import os -import re -import tarfile -import tempfile -import shutil -import subprocess -import sys - -VENDOR_DIR = "vendor" -CARGO_TOML = "src/rust/Cargo.toml" -RE_VERSION = re.compile(r"Version:\s*(.*)") - -parser = argparse.ArgumentParser(description="Vendor Rust packages") -parser.add_argument( - "--spec", default="python-cryptography.spec", help="cryptography source tar bundle" -) - - -def cargo(cmd, manifest): - args = ["cargo", cmd, f"--manifest-path={manifest}"] - return subprocess.check_call( - args, stdout=subprocess.DEVNULL, stderr=sys.stderr, env={} - ) - - -def tar_reset(tarinfo): - """Reset user, group, mtime, and mode to create reproducible tar""" - tarinfo.uid = 0 - tarinfo.gid = 0 - tarinfo.uname = "root" - tarinfo.gname = "root" - tarinfo.mtime = 0 - if tarinfo.type == tarfile.DIRTYPE: - tarinfo.mode = 0o755 - else: - tarinfo.mode = 0o644 - if tarinfo.pax_headers: - raise ValueError(tarinfo.name, tarinfo.pax_headers) - return tarinfo - - -def tar_reproducible(tar, basedir): - """Create reproducible tar file""" - - content = [basedir] - for root, dirs, files in os.walk(basedir): - for directory in dirs: - content.append(os.path.join(root, directory)) - for filename in files: - content.append(os.path.join(root, filename)) - content.sort() - - for fn in content: - tar.add(fn, filter=tar_reset, recursive=False, arcname=fn) - - -def main(): - args = parser.parse_args() - spec = args.spec - - # change cwd to work in bundle directory - here = os.path.dirname(os.path.abspath(spec)) - os.chdir(here) - - # extract version number from bundle name - with open(spec) as f: - for line in f: - mo = RE_VERSION.search(line) - if mo is not None: - version = mo.group(1) - break - else: - raise ValueError(f"Cannot find version in {spec}") - - bundle_file = f"cryptography-{version}.tar.gz" - vendor_file = f"cryptography-{version}-vendor.tar.bz2" - - # remove existing vendor directory and file - if os.path.isdir(VENDOR_DIR): - shutil.rmtree(VENDOR_DIR) - try: - os.unlink(vendor_file) - except FileNotFoundError: - pass - - print(f"Getting crates for {bundle_file}", file=sys.stderr) - - # extract tar file in tempdir - # fetch and vendor Rust crates - with tempfile.TemporaryDirectory(dir=here) as tmp: - with tarfile.open(bundle_file) as tar: - tar.extractall(path=tmp) - manifest = os.path.join(tmp, f"cryptography-{version}", CARGO_TOML) - cargo("fetch", manifest) - cargo("vendor", manifest) - - print("\nCreating tar ball...", file=sys.stderr) - with tarfile.open(vendor_file, "x:bz2") as tar: - tar_reproducible(tar, VENDOR_DIR) - - # remove vendor dir - shutil.rmtree(VENDOR_DIR) - - parser.exit(0, f"Created {vendor_file}\n") - - -if __name__ == "__main__": - main()