%global python3_pkgversion 3.14 # RHEL: Tests disabled due to missing deps %bcond_with tests %global srcname cryptography Name: python%{python3_pkgversion}-%{srcname} Version: 45.0.4 Release: %autorelease Summary: PyCA's cryptography library # We bundle various crates with cryptography which is dual licensed # under the ASL 2.0 or BSD, as well as the Python license # for the OS random engine derived by CPython. # in the vendor dir from SOURCE1: # import pathlib, tomllib # bundled = {} # for d in pathlib.Path('.').iterdir(): # cargo_toml = d / 'Cargo.toml' # cargo = tomllib.loads(cargo_toml.read_text()) # bundled[cargo['package']['name']] = cargo['package'] # for pkg in sorted(bundled): # print(f"# {pkg}: {bundled[pkg]['license']}") # asn1: BSD-3-Clause # asn1_derive: BSD-3-Clause # autocfg: Apache-2.0 OR MIT # base64: MIT OR Apache-2.0 # bitflags: MIT OR Apache-2.0 # cc: MIT OR Apache-2.0 # cfg-if: MIT/Apache-2.0 # foreign-types: MIT/Apache-2.0 # foreign-types-shared: MIT/Apache-2.0 # heck: MIT OR Apache-2.0 # indoc: MIT OR Apache-2.0 # itoa: MIT OR Apache-2.0 # libc: MIT OR Apache-2.0 # memoffset: MIT # once_cell: MIT OR Apache-2.0 # openssl: Apache-2.0 # openssl-macros: MIT/Apache-2.0 # openssl-sys: MIT # pem: MIT # pkg-config: MIT OR Apache-2.0 # portable-atomic: Apache-2.0 OR MIT # proc-macro2: MIT OR Apache-2.0 # pyo3: MIT OR Apache-2.0 # pyo3-build-config: MIT OR Apache-2.0 # pyo3-ffi: MIT OR Apache-2.0 # pyo3-macros: MIT OR Apache-2.0 # pyo3-macros-backend: MIT OR Apache-2.0 # quote: MIT OR Apache-2.0 # self_cell: Apache-2.0 # shlex: MIT OR Apache-2.0 # syn: MIT OR Apache-2.0 # target-lexicon: Apache-2.0 WITH LLVM-exception # unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0 # unindent: MIT OR Apache-2.0 # vcpkg: MIT/Apache-2.0 License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0) URL: https://cryptography.io/en/latest/ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz # created by ./vendor_rust.py helper script Source1: cryptography-%{version}-vendor.tar.bz2 Source2: conftest-skipper.py # upstream uses maturin as a build backend, # we replace it with setuptools-rust since it is not available in RHEL # reverts: https://github.com/pyca/cryptography/commit/5b23baa Patch: Replace-maturin-build-backend-with-setuptools-rust.patch ExclusiveArch: %{rust_arches} BuildRequires: openssl-devel BuildRequires: gcc BuildRequires: gnupg2 %if 0%{?fedora} BuildRequires: rust-packaging %else BuildRequires: rust-toolset %endif BuildRequires: python%{python3_pkgversion}-cffi >= 1.12 BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4 %if %{with tests} %if 0%{?fedora} BuildRequires: python%{python3_pkgversion}-certifi BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 BuildRequires: python%{python3_pkgversion}-iso8601 BuildRequires: python%{python3_pkgversion}-pretend BuildRequires: python%{python3_pkgversion}-pytest-benchmark BuildRequires: python%{python3_pkgversion}-pytest-xdist BuildRequires: python%{python3_pkgversion}-pytz %endif BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0 %endif Requires: openssl-libs Requires: python%{python3_pkgversion}-cffi >= 1.12 # Provides for the bundled crates # (continuation of the snippet above the License tag) # for pkg in sorted(bundled): # print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}") Provides: bundled(crate(asn1)) = 0.21.3 Provides: bundled(crate(asn1_derive)) = 0.21.3 Provides: bundled(crate(autocfg)) = 1.4.0 Provides: bundled(crate(base64)) = 0.22.1 Provides: bundled(crate(bitflags)) = 2.9.1 Provides: bundled(crate(cc)) = 1.2.23 Provides: bundled(crate(cfg-if)) = 1.0.0 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 Provides: bundled(crate(heck)) = 0.5.0 Provides: bundled(crate(indoc)) = 2.0.6 Provides: bundled(crate(itoa)) = 1.0.15 Provides: bundled(crate(libc)) = 0.2.172 Provides: bundled(crate(memoffset)) = 0.9.1 Provides: bundled(crate(once_cell)) = 1.21.3 Provides: bundled(crate(openssl)) = 0.10.72 Provides: bundled(crate(openssl-macros)) = 0.1.1 Provides: bundled(crate(openssl-sys)) = 0.9.108 Provides: bundled(crate(pem)) = 3.0.5 Provides: bundled(crate(pkg-config)) = 0.3.32 Provides: bundled(crate(portable-atomic)) = 1.11.0 Provides: bundled(crate(proc-macro2)) = 1.0.95 Provides: bundled(crate(pyo3)) = 0.25.0 Provides: bundled(crate(pyo3-build-config)) = 0.25.0 Provides: bundled(crate(pyo3-ffi)) = 0.25.0 Provides: bundled(crate(pyo3-macros)) = 0.25.0 Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0 Provides: bundled(crate(quote)) = 1.0.40 Provides: bundled(crate(self_cell)) = 1.2.0 Provides: bundled(crate(shlex)) = 1.3.0 Provides: bundled(crate(syn)) = 2.0.101 Provides: bundled(crate(target-lexicon)) = 0.13.2 Provides: bundled(crate(unicode-ident)) = 1.0.18 Provides: bundled(crate(unindent)) = 0.2.4 Provides: bundled(crate(vcpkg)) = 0.2.15 # Cryptography crates Provides: bundled(crate(cryptography-cffi)) = 0.1.0 Provides: bundled(crate(cryptography-crypto)) = 0.1.0 Provides: bundled(crate(cryptography-keepalive)) = 0.1.0 Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0 Provides: bundled(crate(cryptography-rust)) = 0.1.0 Provides: bundled(crate(cryptography-x509)) = 0.1.0 Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0 Provides: bundled(crate(cryptography-openssl)) = 0.1.0 %description cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. %prep %autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version} %if 0%{?fedora} %cargo_prep sed -i 's/locked = true//g' pyproject.toml %else # RHEL: use vendored Rust crates %cargo_prep -v vendor %endif %if ! 0%{?fedora} sed -i 's,--benchmark-disable,,' pyproject.toml %endif %generate_buildrequires %pyproject_buildrequires %if 0%{?fedora} # Fedora: use RPMified crates %cargo_generate_buildrequires %endif %build export RUSTFLAGS="%build_rustflags" export OPENSSL_NO_VENDOR=1 export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 " %pyproject_wheel %cargo_license_summary %{cargo_license} > LICENSE.dependencies %if ! 0%{?fedora} %cargo_vendor_manifest %endif %install # Actually other *.c and *.h are appropriate # see https://github.com/pyca/cryptography/issues/1463 find . -name .keep -print -delete find . -name Cargo.toml -print -delete %pyproject_install %pyproject_save_files %{srcname} %check %if %{with tests} %if 0%{?rhel} # skip benchmark, hypothesis, and pytz tests on RHEL rm -rf tests/bench tests/hypothesis # append skipper to skip iso8601 and pretend tests cat < %{SOURCE2} >> tests/conftest.py %endif # enable SHA-1 signatures for RSA tests # also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343 export OPENSSL_ENABLE_SHA1_SIGNATURES=yes # see https://github.com/pyca/cryptography/issues/4885 and # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests # see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes # not much sense for downstream testing. # see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{__python3} -m pytest \ --ignore vendor \ -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)" %endif %files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files} %doc README.rst docs %license LICENSE LICENSE.APACHE LICENSE.BSD %license LICENSE.dependencies %if ! 0%{?fedora} %license cargo-vendor.txt %endif %changelog %autochangelog