12 changed files with 527 additions and 269 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
 1
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,77 @@
-SOURCES/cryptography-45.0.4-vendor.tar.bz2
+/results_python-cryptography
-SOURCES/cryptography-45.0.4.tar.gz
+/*.src.rpm
 /cryptography-1.3.1.tar.gz
 /cryptography-1.5.3.tar.gz
 /cryptography-1.7.1.tar.gz
 /cryptography-1.7.2.tar.gz
 /cryptography-1.9.tar.gz
 /cryptography-2.0.2.tar.gz
 /cryptography-2.1.tar.gz
 /cryptography-2.1.3.tar.gz
 /cryptography-2.1.4.tar.gz
 /cryptography-2.2.1.tar.gz
 /cryptography-2.3.tar.gz
 /cryptography-2.5.tar.gz
 /cryptography-2.6.1.tar.gz
 /cryptography-2.7.tar.gz
 /cryptography-2.8.tar.gz
 /cryptography-2.9.tar.gz
 /cryptography-2.9.tar.gz.asc
 /cryptography-3.0.tar.gz
 /cryptography-3.0.tar.gz.asc
 /cryptography-3.1.tar.gz
 /cryptography-3.1.tar.gz.asc
 /cryptography-3.2.tar.gz
 /cryptography-3.2.tar.gz.asc
 /cryptography-3.2.1.tar.gz
 /cryptography-3.2.1.tar.gz.asc
 /cryptography-3.3.1.tar.gz
 /cryptography-3.3.1.tar.gz.asc
 /cryptography-3.4.tar.gz
 /cryptography-3.4.tar.gz.asc
 /cryptography-3.4.1.tar.gz
 /cryptography-3.4.1.tar.gz.asc
 /cryptography-3.4.2.tar.gz
 /cryptography-3.4.2.tar.gz.asc
 /cryptography-3.4.4.tar.gz
 /cryptography-3.4.4.tar.gz.asc
 /cryptography-3.4.5.tar.gz
 /cryptography-3.4.5.tar.gz.asc
 /cryptography-3.4.6.tar.gz
 /cryptography-3.4.6.tar.gz.asc
 /cryptography-3.4.7.tar.gz
 /cryptography-3.4.7-vendor.tar.bz2
 /cryptography-35.0.0.tar.gz
 /cryptography-35.0.0-vendor.tar.bz2
 /cryptography-36.0.0.tar.gz
 /cryptography-36.0.0-vendor.tar.bz2
 /cryptography-37.0.2.tar.gz
 /cryptography-37.0.2-vendor.tar.bz2
 /cryptography-39.0.2.tar.gz
 /cryptography-39.0.2-vendor.tar.bz2
 /cryptography-40.0.0.tar.gz
 /cryptography-40.0.0-vendor.tar.bz2
 /cryptography-40.0.1.tar.gz
 /cryptography-40.0.1-vendor.tar.bz2
 /cryptography-40.0.2.tar.gz
 /cryptography-40.0.2-vendor.tar.bz2
 /cryptography-41.0.3.tar.gz
 /cryptography-41.0.3-vendor.tar.bz2
 /cryptography-41.0.5-vendor.tar.bz2
 /cryptography-41.0.5.tar.gz
 /cryptography-41.0.7.tar.gz
 /cryptography-41.0.7-vendor.tar.bz2
 /cryptography-42.0.5.tar.gz
 /cryptography-42.0.5-vendor.tar.bz2
 /cryptography-42.0.8.tar.gz
 /cryptography-42.0.8-vendor.tar.bz2
 /cryptography-43.0.0.tar.gz
 /cryptography-43.0.0-vendor.tar.bz2
 /cryptography-44.0.0.tar.gz
 /cryptography-44.0.0-vendor.tar.bz2
 /cryptography-45.0.2.tar.gz
 /cryptography-45.0.2-vendor.tar.bz2
 /cryptography-45.0.3.tar.gz
 /cryptography-45.0.3-vendor.tar.bz2
 /cryptography-45.0.4.tar.gz
 /cryptography-45.0.4-vendor.tar.bz2
--- a/.python3.14-cryptography.metadata
+++ b/.python3.14-cryptography.metadata
@ -1,2 +0,0 @@
 119d707ca21a4a6ad0d7a39f37ef5e40cf00c4b1 SOURCES/cryptography-45.0.4-vendor.tar.bz2
 08cb96ac825f17cedfa0cac54843f2b4ac596b76 SOURCES/cryptography-45.0.4.tar.gz
--- a/README.md
+++ b/README.md
@ -0,0 +1,59 @@
 # PyCA cryptography
 https://cryptography.io/en/latest/
 ## Packaging python-cryptography
 The example assumes
 * Fedora Rawhide (f34)
 * PyCA cryptography release ``3.4``
 * Update Bugzilla issue is ``RHBZ#00000001``
 ### Build new python-cryptography
 Switch and update branch
 ```shell
 fedpkg switch-branch rawhide
 fedpkg pull
 ```
 Bump version and get sources
 ```shell
 rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
 spectool -gf python-cryptography.spec
 ```
 Upload new source
 ```shell
 fedpkg new-sources cryptography-3.4.tar.gz
 ```
 Commit changes
 ```shell
 fedpkg commit --clog
 fedpkg push
 ```
 Build
 ```shell
 fedpkg build
 ```
 ## RHEL/CentOS builds
 RHEL and CentOS use a different approach for Rust crates packaging than
 Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g.
 ``rust-pyo3+default-devel`` RPM. These packages don't exist on RHEL and
 CentOS. Instead python-cryptography uses a tar ball with vendored crates.
 The tar ball is created by a script:
 ```shell
 ./vendor_rust.py
 rhpkg upload cryptography-3.4-vendor.tar.bz2
 ```
--- a/SOURCES/Replace-maturin-build-backend-with-setuptools-rust.patch
+++ b/SOURCES/Replace-maturin-build-backend-with-setuptools-rust.patch
--- a/SPECS/python3.14-cryptography.spec
+++ b/SPECS/python3.14-cryptography.spec
@ -1,266 +1,3 @@
 ## START: Set by rpmautospec
 ## (rpmautospec version 0.6.5)
 ## RPMAUTOSPEC: autorelease, autochangelog
 %define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
    release_number = 4;
    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
    print(release_number + base_release_number - 1);
 }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
 ## END: Set by rpmautospec
 %global python3_pkgversion 3.14
 # RHEL: Tests disabled due to missing deps
 %bcond_with tests
 %global srcname cryptography
 Name:           python%{python3_pkgversion}-%{srcname}
 Version:        45.0.4
 Release:        %autorelease
 Summary:        PyCA's cryptography library
 # We bundle various crates with cryptography which is dual licensed
 # under the ASL 2.0 or BSD, as well as the Python license
 # for the OS random engine derived by CPython.
 # in the vendor dir from SOURCE1:
 #     import pathlib, tomllib
 #     bundled = {}
 #     for d in pathlib.Path('.').iterdir():
 #         cargo_toml = d / 'Cargo.toml'
 #         cargo = tomllib.loads(cargo_toml.read_text())
 #         bundled[cargo['package']['name']] = cargo['package']
 #     for pkg in sorted(bundled):
 #         print(f"# {pkg}: {bundled[pkg]['license']}")
 # asn1: BSD-3-Clause
 # asn1_derive: BSD-3-Clause
 # autocfg: Apache-2.0 OR MIT
 # base64: MIT OR Apache-2.0
 # bitflags: MIT OR Apache-2.0
 # cc: MIT OR Apache-2.0
 # cfg-if: MIT/Apache-2.0
 # foreign-types: MIT/Apache-2.0
 # foreign-types-shared: MIT/Apache-2.0
 # heck: MIT OR Apache-2.0
 # indoc: MIT OR Apache-2.0
 # itoa: MIT OR Apache-2.0
 # libc: MIT OR Apache-2.0
 # memoffset: MIT
 # once_cell: MIT OR Apache-2.0
 # openssl: Apache-2.0
 # openssl-macros: MIT/Apache-2.0
 # openssl-sys: MIT
 # pem: MIT
 # pkg-config: MIT OR Apache-2.0
 # portable-atomic: Apache-2.0 OR MIT
 # proc-macro2: MIT OR Apache-2.0
 # pyo3: MIT OR Apache-2.0
 # pyo3-build-config: MIT OR Apache-2.0
 # pyo3-ffi: MIT OR Apache-2.0
 # pyo3-macros: MIT OR Apache-2.0
 # pyo3-macros-backend: MIT OR Apache-2.0
 # quote: MIT OR Apache-2.0
 # self_cell: Apache-2.0
 # shlex: MIT OR Apache-2.0
 # syn: MIT OR Apache-2.0
 # target-lexicon: Apache-2.0 WITH LLVM-exception
 # unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0
 # unindent: MIT OR Apache-2.0
 # vcpkg: MIT/Apache-2.0
 License:        (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0)
 URL:            https://cryptography.io/en/latest/
 Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
                # created by ./vendor_rust.py helper script
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py
 # upstream uses maturin as a build backend,
 # we replace it with setuptools-rust since it is not available in RHEL
 # reverts: https://github.com/pyca/cryptography/commit/5b23baa
 Patch:          Replace-maturin-build-backend-with-setuptools-rust.patch
 ExclusiveArch:  %{rust_arches}
 BuildRequires:  openssl-devel
 BuildRequires:  gcc
 BuildRequires:  gnupg2
 %if 0%{?fedora}
 BuildRequires:  rust-packaging
 %else
 BuildRequires:  rust-toolset
 %endif
 BuildRequires:  python%{python3_pkgversion}-cffi >= 1.12
 BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  python%{python3_pkgversion}-setuptools
 BuildRequires:  python%{python3_pkgversion}-setuptools-rust >= 0.11.4
 %if %{with tests}
 %if 0%{?fedora}
 BuildRequires:  python%{python3_pkgversion}-certifi
 BuildRequires:  python%{python3_pkgversion}-hypothesis >= 1.11.4
 BuildRequires:  python%{python3_pkgversion}-iso8601
 BuildRequires:  python%{python3_pkgversion}-pretend
 BuildRequires:  python%{python3_pkgversion}-pytest-benchmark
 BuildRequires:  python%{python3_pkgversion}-pytest-xdist
 BuildRequires:  python%{python3_pkgversion}-pytz
 %endif
 BuildRequires:  python%{python3_pkgversion}-pytest >= 6.2.0
 %endif
 Requires:       openssl-libs
 Requires:       python%{python3_pkgversion}-cffi >= 1.12
 # Provides for the bundled crates
 # (continuation of the snippet above the License tag)
 #     for pkg in sorted(bundled):
 #         print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}")
 Provides: bundled(crate(asn1)) = 0.21.3
 Provides: bundled(crate(asn1_derive)) = 0.21.3
 Provides: bundled(crate(autocfg)) = 1.4.0
 Provides: bundled(crate(base64)) = 0.22.1
 Provides: bundled(crate(bitflags)) = 2.9.1
 Provides: bundled(crate(cc)) = 1.2.23
 Provides: bundled(crate(cfg-if)) = 1.0.0
 Provides: bundled(crate(foreign-types)) = 0.3.2
 Provides: bundled(crate(foreign-types-shared)) = 0.1.1
 Provides: bundled(crate(heck)) = 0.5.0
 Provides: bundled(crate(indoc)) = 2.0.6
 Provides: bundled(crate(itoa)) = 1.0.15
 Provides: bundled(crate(libc)) = 0.2.172
 Provides: bundled(crate(memoffset)) = 0.9.1
 Provides: bundled(crate(once_cell)) = 1.21.3
 Provides: bundled(crate(openssl)) = 0.10.72
 Provides: bundled(crate(openssl-macros)) = 0.1.1
 Provides: bundled(crate(openssl-sys)) = 0.9.108
 Provides: bundled(crate(pem)) = 3.0.5
 Provides: bundled(crate(pkg-config)) = 0.3.32
 Provides: bundled(crate(portable-atomic)) = 1.11.0
 Provides: bundled(crate(proc-macro2)) = 1.0.95
 Provides: bundled(crate(pyo3)) = 0.25.0
 Provides: bundled(crate(pyo3-build-config)) = 0.25.0
 Provides: bundled(crate(pyo3-ffi)) = 0.25.0
 Provides: bundled(crate(pyo3-macros)) = 0.25.0
 Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0
 Provides: bundled(crate(quote)) = 1.0.40
 Provides: bundled(crate(self_cell)) = 1.2.0
 Provides: bundled(crate(shlex)) = 1.3.0
 Provides: bundled(crate(syn)) = 2.0.101
 Provides: bundled(crate(target-lexicon)) = 0.13.2
 Provides: bundled(crate(unicode-ident)) = 1.0.18
 Provides: bundled(crate(unindent)) = 0.2.4
 Provides: bundled(crate(vcpkg)) = 0.2.15
 # Cryptography crates
 Provides: bundled(crate(cryptography-cffi)) = 0.1.0
 Provides: bundled(crate(cryptography-crypto)) = 0.1.0
 Provides: bundled(crate(cryptography-keepalive)) = 0.1.0
 Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0
 Provides: bundled(crate(cryptography-rust)) = 0.1.0
 Provides: bundled(crate(cryptography-x509)) = 0.1.0
 Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0
 Provides: bundled(crate(cryptography-openssl)) = 0.1.0
 %description
 cryptography is a package designed to expose cryptographic primitives and
 recipes to Python developers.
 %prep
 %autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version}
 %if 0%{?fedora}
 %cargo_prep
 sed -i 's/locked = true//g' pyproject.toml
 %else
 # RHEL: use vendored Rust crates
 %cargo_prep -v vendor
 %endif
 %if ! 0%{?fedora}
 sed -i 's,--benchmark-disable,,' pyproject.toml
 %endif
 %generate_buildrequires
 %pyproject_buildrequires
 %if 0%{?fedora}
 # Fedora: use RPMified crates
 %cargo_generate_buildrequires
 %endif
 %build
 export RUSTFLAGS="%build_rustflags"
 export OPENSSL_NO_VENDOR=1
 export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
 %pyproject_wheel
 %cargo_license_summary
 %{cargo_license} > LICENSE.dependencies
 %if ! 0%{?fedora}
 %cargo_vendor_manifest
 %endif
 %install
 # Actually other *.c and *.h are appropriate
 # see https://github.com/pyca/cryptography/issues/1463
 find . -name .keep -print -delete
 find . -name Cargo.toml -print -delete
 %pyproject_install
 %pyproject_save_files %{srcname}
 %check
 %if %{with tests}
 %if 0%{?rhel}
 # skip benchmark, hypothesis, and pytz tests on RHEL
 rm -rf tests/bench tests/hypothesis
 # append skipper to skip iso8601 and pretend tests
 cat < %{SOURCE2} >> tests/conftest.py
 %endif
 # enable SHA-1 signatures for RSA tests
 # also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343
 export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
 # see https://github.com/pyca/cryptography/issues/4885 and
 # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
 # see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes
 # not much sense for downstream testing.
 # see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure
 PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
    %{__python3} -m pytest \
    --ignore vendor \
    -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
 %endif
 %files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
 %doc README.rst docs
 %license LICENSE LICENSE.APACHE LICENSE.BSD
 %license LICENSE.dependencies
 %if ! 0%{?fedora}
 %license cargo-vendor.txt
 %endif
 %changelog
 ## START: Generated by rpmautospec
 * Fri Nov 28 2025 Lumir Balhar <lbalhar@redhat.com> - 45.0.4-4
 - Reuploaded sources
 * Fri Nov 28 2025 Lukáš Zachar <lzachar@redhat.com> - 45.0.4-3
 - Add gating
 * Fri Nov 28 2025 Tomáš Hrnčiar <thrnciar@redhat.com> - 45.0.4-2
 - Convert from Fedora for the Python 3.14 stack in RHEL
 * Fri Nov 28 2025 Tomáš Hrnčiar <thrnciar@redhat.com> - 45.0.4-1
 - RHEL: Rename SPEC to python3.14-cryptography.spec
 * Tue Jul 02 2024 Jeremy Cline <jeremycline@linux.microsoft.com> - 42.0.8-1
 - Update to 42.0.8, fixes rhbz#2251816
@ -509,5 +246,3 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 ## END: Generated by rpmautospec
--- a/SOURCES/conftest-skipper.py
+++ b/SOURCES/conftest-skipper.py
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,6 @@
 --- !Policy
 product_versions:
  - rhel-*
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/plan.fmf
+++ b/plan.fmf
@ -0,0 +1,29 @@
 execute:
  how: tmt
 provision:
  hardware:
    memory: '>= 6 GB'
 discover:
  how: shell
  dist-git-source: true
  dist-git-install-builddeps: true
  dist-git-require:
    - cargo
    - rust-toolset
  tests:
  - name: unittests
    test: |
      export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
      export PYTHONPATH=./vectors
      pip3.14 show pretend || pip3.14 install pretend
      cd $(dirname $TMT_SOURCE_DIR/crypto*/tests) &&
      # no need for benchmarks
      rm -rf tests/bench &&
      pytest-3.14 tests/
    require:
    - python3.14-devel
    - python3.14-pytest
    - python3.14-pip
    - python3.14-cryptography
--- a/python3.14-cryptography.spec
+++ b/python3.14-cryptography.spec
@ -0,0 +1,241 @@
 %global python3_pkgversion 3.14
 # RHEL: Tests disabled due to missing deps
 %bcond_with tests
 %global srcname cryptography
 Name:           python%{python3_pkgversion}-%{srcname}
 Version:        45.0.4
 Release:        %autorelease
 Summary:        PyCA's cryptography library
 # We bundle various crates with cryptography which is dual licensed
 # under the ASL 2.0 or BSD, as well as the Python license
 # for the OS random engine derived by CPython.
 # in the vendor dir from SOURCE1:
 #     import pathlib, tomllib
 #     bundled = {}
 #     for d in pathlib.Path('.').iterdir():
 #         cargo_toml = d / 'Cargo.toml'
 #         cargo = tomllib.loads(cargo_toml.read_text())
 #         bundled[cargo['package']['name']] = cargo['package']
 #     for pkg in sorted(bundled):
 #         print(f"# {pkg}: {bundled[pkg]['license']}")
 # asn1: BSD-3-Clause
 # asn1_derive: BSD-3-Clause
 # autocfg: Apache-2.0 OR MIT
 # base64: MIT OR Apache-2.0
 # bitflags: MIT OR Apache-2.0
 # cc: MIT OR Apache-2.0
 # cfg-if: MIT/Apache-2.0
 # foreign-types: MIT/Apache-2.0
 # foreign-types-shared: MIT/Apache-2.0
 # heck: MIT OR Apache-2.0
 # indoc: MIT OR Apache-2.0
 # itoa: MIT OR Apache-2.0
 # libc: MIT OR Apache-2.0
 # memoffset: MIT
 # once_cell: MIT OR Apache-2.0
 # openssl: Apache-2.0
 # openssl-macros: MIT/Apache-2.0
 # openssl-sys: MIT
 # pem: MIT
 # pkg-config: MIT OR Apache-2.0
 # portable-atomic: Apache-2.0 OR MIT
 # proc-macro2: MIT OR Apache-2.0
 # pyo3: MIT OR Apache-2.0
 # pyo3-build-config: MIT OR Apache-2.0
 # pyo3-ffi: MIT OR Apache-2.0
 # pyo3-macros: MIT OR Apache-2.0
 # pyo3-macros-backend: MIT OR Apache-2.0
 # quote: MIT OR Apache-2.0
 # self_cell: Apache-2.0
 # shlex: MIT OR Apache-2.0
 # syn: MIT OR Apache-2.0
 # target-lexicon: Apache-2.0 WITH LLVM-exception
 # unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0
 # unindent: MIT OR Apache-2.0
 # vcpkg: MIT/Apache-2.0
 License:        (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0)
 URL:            https://cryptography.io/en/latest/
 Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
                # created by ./vendor_rust.py helper script
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py
 # upstream uses maturin as a build backend,
 # we replace it with setuptools-rust since it is not available in RHEL
 # reverts: https://github.com/pyca/cryptography/commit/5b23baa
 Patch:          Replace-maturin-build-backend-with-setuptools-rust.patch
 ExclusiveArch:  %{rust_arches}
 BuildRequires:  openssl-devel
 BuildRequires:  gcc
 BuildRequires:  gnupg2
 %if 0%{?fedora}
 BuildRequires:  rust-packaging
 %else
 BuildRequires:  rust-toolset
 %endif
 BuildRequires:  python%{python3_pkgversion}-cffi >= 1.12
 BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  python%{python3_pkgversion}-setuptools
 BuildRequires:  python%{python3_pkgversion}-setuptools-rust >= 0.11.4
 %if %{with tests}
 %if 0%{?fedora}
 BuildRequires:  python%{python3_pkgversion}-certifi
 BuildRequires:  python%{python3_pkgversion}-hypothesis >= 1.11.4
 BuildRequires:  python%{python3_pkgversion}-iso8601
 BuildRequires:  python%{python3_pkgversion}-pretend
 BuildRequires:  python%{python3_pkgversion}-pytest-benchmark
 BuildRequires:  python%{python3_pkgversion}-pytest-xdist
 BuildRequires:  python%{python3_pkgversion}-pytz
 %endif
 BuildRequires:  python%{python3_pkgversion}-pytest >= 6.2.0
 %endif
 Requires:       openssl-libs
 Requires:       python%{python3_pkgversion}-cffi >= 1.12
 # Provides for the bundled crates
 # (continuation of the snippet above the License tag)
 #     for pkg in sorted(bundled):
 #         print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}")
 Provides: bundled(crate(asn1)) = 0.21.3
 Provides: bundled(crate(asn1_derive)) = 0.21.3
 Provides: bundled(crate(autocfg)) = 1.4.0
 Provides: bundled(crate(base64)) = 0.22.1
 Provides: bundled(crate(bitflags)) = 2.9.1
 Provides: bundled(crate(cc)) = 1.2.23
 Provides: bundled(crate(cfg-if)) = 1.0.0
 Provides: bundled(crate(foreign-types)) = 0.3.2
 Provides: bundled(crate(foreign-types-shared)) = 0.1.1
 Provides: bundled(crate(heck)) = 0.5.0
 Provides: bundled(crate(indoc)) = 2.0.6
 Provides: bundled(crate(itoa)) = 1.0.15
 Provides: bundled(crate(libc)) = 0.2.172
 Provides: bundled(crate(memoffset)) = 0.9.1
 Provides: bundled(crate(once_cell)) = 1.21.3
 Provides: bundled(crate(openssl)) = 0.10.72
 Provides: bundled(crate(openssl-macros)) = 0.1.1
 Provides: bundled(crate(openssl-sys)) = 0.9.108
 Provides: bundled(crate(pem)) = 3.0.5
 Provides: bundled(crate(pkg-config)) = 0.3.32
 Provides: bundled(crate(portable-atomic)) = 1.11.0
 Provides: bundled(crate(proc-macro2)) = 1.0.95
 Provides: bundled(crate(pyo3)) = 0.25.0
 Provides: bundled(crate(pyo3-build-config)) = 0.25.0
 Provides: bundled(crate(pyo3-ffi)) = 0.25.0
 Provides: bundled(crate(pyo3-macros)) = 0.25.0
 Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0
 Provides: bundled(crate(quote)) = 1.0.40
 Provides: bundled(crate(self_cell)) = 1.2.0
 Provides: bundled(crate(shlex)) = 1.3.0
 Provides: bundled(crate(syn)) = 2.0.101
 Provides: bundled(crate(target-lexicon)) = 0.13.2
 Provides: bundled(crate(unicode-ident)) = 1.0.18
 Provides: bundled(crate(unindent)) = 0.2.4
 Provides: bundled(crate(vcpkg)) = 0.2.15
 # Cryptography crates
 Provides: bundled(crate(cryptography-cffi)) = 0.1.0
 Provides: bundled(crate(cryptography-crypto)) = 0.1.0
 Provides: bundled(crate(cryptography-keepalive)) = 0.1.0
 Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0
 Provides: bundled(crate(cryptography-rust)) = 0.1.0
 Provides: bundled(crate(cryptography-x509)) = 0.1.0
 Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0
 Provides: bundled(crate(cryptography-openssl)) = 0.1.0
 %description
 cryptography is a package designed to expose cryptographic primitives and
 recipes to Python developers.
 %prep
 %autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version}
 %if 0%{?fedora}
 %cargo_prep
 sed -i 's/locked = true//g' pyproject.toml
 %else
 # RHEL: use vendored Rust crates
 %cargo_prep -v vendor
 %endif
 %if ! 0%{?fedora}
 sed -i 's,--benchmark-disable,,' pyproject.toml
 %endif
 %generate_buildrequires
 %pyproject_buildrequires
 %if 0%{?fedora}
 # Fedora: use RPMified crates
 %cargo_generate_buildrequires
 %endif
 %build
 export RUSTFLAGS="%build_rustflags"
 export OPENSSL_NO_VENDOR=1
 export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
 %pyproject_wheel
 %cargo_license_summary
 %{cargo_license} > LICENSE.dependencies
 %if ! 0%{?fedora}
 %cargo_vendor_manifest
 %endif
 %install
 # Actually other *.c and *.h are appropriate
 # see https://github.com/pyca/cryptography/issues/1463
 find . -name .keep -print -delete
 find . -name Cargo.toml -print -delete
 %pyproject_install
 %pyproject_save_files %{srcname}
 %check
 %if %{with tests}
 %if 0%{?rhel}
 # skip benchmark, hypothesis, and pytz tests on RHEL
 rm -rf tests/bench tests/hypothesis
 # append skipper to skip iso8601 and pretend tests
 cat < %{SOURCE2} >> tests/conftest.py
 %endif
 # enable SHA-1 signatures for RSA tests
 # also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343
 export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
 # see https://github.com/pyca/cryptography/issues/4885 and
 # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
 # see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes
 # not much sense for downstream testing.
 # see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure
 PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
    %{__python3} -m pytest \
    --ignore vendor \
    -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
 %endif
 %files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
 %doc README.rst docs
 %license LICENSE LICENSE.APACHE LICENSE.BSD
 %license LICENSE.dependencies
 %if ! 0%{?fedora}
 %license cargo-vendor.txt
 %endif
 %changelog
 %autochangelog
--- a/2
+++ b/2
@ -0,0 +1,2 @@
 SHA512 (cryptography-45.0.4.tar.gz) = 08b35f414d81f83ee242f5d208f8aabc12dc53f1a0cbffc5be1ed7f9173e9c9863225a7eb5cff4e9f3dacf5e9fcb3e8701e33c441e1562ee13f9e3927fafb3df
 SHA512 (cryptography-45.0.4-vendor.tar.bz2) = 47eec7e690bda6d86c47d62412f5b66a69e5e542141fd4a502f74554bac2e6caff8a01a82f9ebde06c0c89dd25a8cc0cbe4c22d6338d586ab0741852e9df8d8d
--- a/vendor_rust.py
+++ b/vendor_rust.py
@ -0,0 +1,112 @@
 #!/usr/bin/python3
 """Vendor PyCA cryptography's Rust crates
 """
 import argparse
 import os
 import re
 import tarfile
 import tempfile
 import shutil
 import subprocess
 import sys
 VENDOR_DIR = "vendor"
 CARGO_TOML = "src/rust/Cargo.toml"
 RE_VERSION = re.compile(r"Version:\s*(.*)")
 parser = argparse.ArgumentParser(description="Vendor Rust packages")
 parser.add_argument(
    "--spec", default="python-cryptography.spec", help="cryptography source tar bundle"
 )
 def cargo(cmd, manifest):
    args = ["cargo", cmd, f"--manifest-path={manifest}"]
    return subprocess.check_call(
        args, stdout=subprocess.DEVNULL, stderr=sys.stderr, env={}
    )
 def tar_reset(tarinfo):
    """Reset user, group, mtime, and mode to create reproducible tar"""
    tarinfo.uid = 0
    tarinfo.gid = 0
    tarinfo.uname = "root"
    tarinfo.gname = "root"
    tarinfo.mtime = 0
    if tarinfo.type == tarfile.DIRTYPE:
        tarinfo.mode = 0o755
    else:
        tarinfo.mode = 0o644
    if tarinfo.pax_headers:
        raise ValueError(tarinfo.name, tarinfo.pax_headers)
    return tarinfo
 def tar_reproducible(tar, basedir):
    """Create reproducible tar file"""
    content = [basedir]
    for root, dirs, files in os.walk(basedir):
        for directory in dirs:
            content.append(os.path.join(root, directory))
        for filename in files:
            content.append(os.path.join(root, filename))
    content.sort()
    for fn in content:
        tar.add(fn, filter=tar_reset, recursive=False, arcname=fn)
 def main():
    args = parser.parse_args()
    spec = args.spec
    # change cwd to work in bundle directory
    here = os.path.dirname(os.path.abspath(spec))
    os.chdir(here)
    # extract version number from bundle name
    with open(spec) as f:
        for line in f:
            mo = RE_VERSION.search(line)
            if mo is not None:
                version = mo.group(1)
                break
        else:
            raise ValueError(f"Cannot find version in {spec}")
    bundle_file = f"cryptography-{version}.tar.gz"
    vendor_file = f"cryptography-{version}-vendor.tar.bz2"
    # remove existing vendor directory and file
    if os.path.isdir(VENDOR_DIR):
        shutil.rmtree(VENDOR_DIR)
    try:
        os.unlink(vendor_file)
    except FileNotFoundError:
        pass
    print(f"Getting crates for {bundle_file}", file=sys.stderr)
    # extract tar file in tempdir
    # fetch and vendor Rust crates
    with tempfile.TemporaryDirectory(dir=here) as tmp:
        with tarfile.open(bundle_file) as tar:
            tar.extractall(path=tmp)
        manifest = os.path.join(tmp, f"cryptography-{version}", CARGO_TOML)
        cargo("fetch", manifest)
        cargo("vendor", manifest)
    print("\nCreating tar ball...", file=sys.stderr)
    with tarfile.open(vendor_file, "x:bz2") as tar:
        tar_reproducible(tar, VENDOR_DIR)
    # remove vendor dir
    shutil.rmtree(VENDOR_DIR)
    parser.exit(0, f"Created {vendor_file}\n")
 if __name__ == "__main__":
    main()
		`@ -1,2 +0,0 @@`
			`119d707ca21a4a6ad0d7a39f37ef5e40cf00c4b1 SOURCES/cryptography-45.0.4-vendor.tar.bz2`
			`08cb96ac825f17cedfa0cac54843f2b4ac596b76 SOURCES/cryptography-45.0.4.tar.gz`
		`@ -0,0 +1,2 @@`
							`SHA512 (cryptography-45.0.4.tar.gz) = 08b35f414d81f83ee242f5d208f8aabc12dc53f1a0cbffc5be1ed7f9173e9c9863225a7eb5cff4e9f3dacf5e9fcb3e8701e33c441e1562ee13f9e3927fafb3df`
							`SHA512 (cryptography-45.0.4-vendor.tar.bz2) = 47eec7e690bda6d86c47d62412f5b66a69e5e542141fd4a502f74554bac2e6caff8a01a82f9ebde06c0c89dd25a8cc0cbe4c22d6338d586ab0741852e9df8d8d`