43a0c07ccd
Fedora contributions by:
Alfredo Moralejo <amoralej@redhat.com>
Benjamin A. Beasley <code@musicinmybrain.net>
Charalampos Stratakis <cstratak@redhat.com>
Christian Heimes <christian@python.org>
Colin Walters <walters@verbum.org>
Dennis Gilmore <dennis@ausil.us>
Fabio Valentini <decathorpe@gmail.com>
Felix Schwarz <felix.schwarz@oss.schwarz.eu>
Francisco Trivino <ftrivino@redhat.com>
Haikel Guemar <hguemar@fedoraproject.org>
Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Iryna Shcherbina <shcherbina.iryna@gmail.com>
Jeremy Cline <jeremy@jcline.org>
Lumir Balhar <lbalhar@redhat.com>
Matěj Cepl <mcepl@cepl.eu>
Miro Hrončok <miro@hroncok.cz>
Nathaniel McCallum <npmccallum@redhat.com>
Peter Robinson <pbrobinson@gmail.com>
Randy Barlow <randy@electronsweatshop.com>
Robert Kuska <rkuska@redhat.com>
Sahana Prasad <sahana@redhat.com>
Stephen Gallagher <sgallagh@redhat.com>
Troy Dawson <tdawson@redhat.com>
Yaakov Selkowitz <yselkowi@redhat.com>
242 lines
7.9 KiB
RPMSpec
242 lines
7.9 KiB
RPMSpec
%global python3_pkgversion 3.14
|
|
|
|
# RHEL: Tests disabled due to missing deps
|
|
%bcond_with tests
|
|
|
|
%global srcname cryptography
|
|
|
|
Name: python%{python3_pkgversion}-%{srcname}
|
|
Version: 45.0.4
|
|
Release: %autorelease
|
|
Summary: PyCA's cryptography library
|
|
|
|
# We bundle various crates with cryptography which is dual licensed
|
|
# under the ASL 2.0 or BSD, as well as the Python license
|
|
# for the OS random engine derived by CPython.
|
|
|
|
# in the vendor dir from SOURCE1:
|
|
# import pathlib, tomllib
|
|
# bundled = {}
|
|
# for d in pathlib.Path('.').iterdir():
|
|
# cargo_toml = d / 'Cargo.toml'
|
|
# cargo = tomllib.loads(cargo_toml.read_text())
|
|
# bundled[cargo['package']['name']] = cargo['package']
|
|
# for pkg in sorted(bundled):
|
|
# print(f"# {pkg}: {bundled[pkg]['license']}")
|
|
|
|
# asn1: BSD-3-Clause
|
|
# asn1_derive: BSD-3-Clause
|
|
# autocfg: Apache-2.0 OR MIT
|
|
# base64: MIT OR Apache-2.0
|
|
# bitflags: MIT OR Apache-2.0
|
|
# cc: MIT OR Apache-2.0
|
|
# cfg-if: MIT/Apache-2.0
|
|
# foreign-types: MIT/Apache-2.0
|
|
# foreign-types-shared: MIT/Apache-2.0
|
|
# heck: MIT OR Apache-2.0
|
|
# indoc: MIT OR Apache-2.0
|
|
# itoa: MIT OR Apache-2.0
|
|
# libc: MIT OR Apache-2.0
|
|
# memoffset: MIT
|
|
# once_cell: MIT OR Apache-2.0
|
|
# openssl: Apache-2.0
|
|
# openssl-macros: MIT/Apache-2.0
|
|
# openssl-sys: MIT
|
|
# pem: MIT
|
|
# pkg-config: MIT OR Apache-2.0
|
|
# portable-atomic: Apache-2.0 OR MIT
|
|
# proc-macro2: MIT OR Apache-2.0
|
|
# pyo3: MIT OR Apache-2.0
|
|
# pyo3-build-config: MIT OR Apache-2.0
|
|
# pyo3-ffi: MIT OR Apache-2.0
|
|
# pyo3-macros: MIT OR Apache-2.0
|
|
# pyo3-macros-backend: MIT OR Apache-2.0
|
|
# quote: MIT OR Apache-2.0
|
|
# self_cell: Apache-2.0
|
|
# shlex: MIT OR Apache-2.0
|
|
# syn: MIT OR Apache-2.0
|
|
# target-lexicon: Apache-2.0 WITH LLVM-exception
|
|
# unicode-ident: (MIT OR Apache-2.0) AND Unicode-3.0
|
|
# unindent: MIT OR Apache-2.0
|
|
# vcpkg: MIT/Apache-2.0
|
|
|
|
License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0)
|
|
URL: https://cryptography.io/en/latest/
|
|
Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
|
|
# created by ./vendor_rust.py helper script
|
|
Source1: cryptography-%{version}-vendor.tar.bz2
|
|
Source2: conftest-skipper.py
|
|
|
|
# upstream uses maturin as a build backend,
|
|
# we replace it with setuptools-rust since it is not available in RHEL
|
|
# reverts: https://github.com/pyca/cryptography/commit/5b23baa
|
|
Patch: Replace-maturin-build-backend-with-setuptools-rust.patch
|
|
|
|
ExclusiveArch: %{rust_arches}
|
|
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: gcc
|
|
BuildRequires: gnupg2
|
|
%if 0%{?fedora}
|
|
BuildRequires: rust-packaging
|
|
%else
|
|
BuildRequires: rust-toolset
|
|
%endif
|
|
|
|
BuildRequires: python%{python3_pkgversion}-cffi >= 1.12
|
|
BuildRequires: python%{python3_pkgversion}-devel
|
|
BuildRequires: python%{python3_pkgversion}-setuptools
|
|
BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4
|
|
|
|
%if %{with tests}
|
|
%if 0%{?fedora}
|
|
BuildRequires: python%{python3_pkgversion}-certifi
|
|
BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4
|
|
BuildRequires: python%{python3_pkgversion}-iso8601
|
|
BuildRequires: python%{python3_pkgversion}-pretend
|
|
BuildRequires: python%{python3_pkgversion}-pytest-benchmark
|
|
BuildRequires: python%{python3_pkgversion}-pytest-xdist
|
|
BuildRequires: python%{python3_pkgversion}-pytz
|
|
%endif
|
|
BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0
|
|
%endif
|
|
|
|
Requires: openssl-libs
|
|
Requires: python%{python3_pkgversion}-cffi >= 1.12
|
|
|
|
# Provides for the bundled crates
|
|
# (continuation of the snippet above the License tag)
|
|
# for pkg in sorted(bundled):
|
|
# print(f"Provides: bundled(crate({pkg})) = {bundled[pkg]['version']}")
|
|
Provides: bundled(crate(asn1)) = 0.21.3
|
|
Provides: bundled(crate(asn1_derive)) = 0.21.3
|
|
Provides: bundled(crate(autocfg)) = 1.4.0
|
|
Provides: bundled(crate(base64)) = 0.22.1
|
|
Provides: bundled(crate(bitflags)) = 2.9.1
|
|
Provides: bundled(crate(cc)) = 1.2.23
|
|
Provides: bundled(crate(cfg-if)) = 1.0.0
|
|
Provides: bundled(crate(foreign-types)) = 0.3.2
|
|
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
|
|
Provides: bundled(crate(heck)) = 0.5.0
|
|
Provides: bundled(crate(indoc)) = 2.0.6
|
|
Provides: bundled(crate(itoa)) = 1.0.15
|
|
Provides: bundled(crate(libc)) = 0.2.172
|
|
Provides: bundled(crate(memoffset)) = 0.9.1
|
|
Provides: bundled(crate(once_cell)) = 1.21.3
|
|
Provides: bundled(crate(openssl)) = 0.10.72
|
|
Provides: bundled(crate(openssl-macros)) = 0.1.1
|
|
Provides: bundled(crate(openssl-sys)) = 0.9.108
|
|
Provides: bundled(crate(pem)) = 3.0.5
|
|
Provides: bundled(crate(pkg-config)) = 0.3.32
|
|
Provides: bundled(crate(portable-atomic)) = 1.11.0
|
|
Provides: bundled(crate(proc-macro2)) = 1.0.95
|
|
Provides: bundled(crate(pyo3)) = 0.25.0
|
|
Provides: bundled(crate(pyo3-build-config)) = 0.25.0
|
|
Provides: bundled(crate(pyo3-ffi)) = 0.25.0
|
|
Provides: bundled(crate(pyo3-macros)) = 0.25.0
|
|
Provides: bundled(crate(pyo3-macros-backend)) = 0.25.0
|
|
Provides: bundled(crate(quote)) = 1.0.40
|
|
Provides: bundled(crate(self_cell)) = 1.2.0
|
|
Provides: bundled(crate(shlex)) = 1.3.0
|
|
Provides: bundled(crate(syn)) = 2.0.101
|
|
Provides: bundled(crate(target-lexicon)) = 0.13.2
|
|
Provides: bundled(crate(unicode-ident)) = 1.0.18
|
|
Provides: bundled(crate(unindent)) = 0.2.4
|
|
Provides: bundled(crate(vcpkg)) = 0.2.15
|
|
|
|
# Cryptography crates
|
|
Provides: bundled(crate(cryptography-cffi)) = 0.1.0
|
|
Provides: bundled(crate(cryptography-crypto)) = 0.1.0
|
|
Provides: bundled(crate(cryptography-keepalive)) = 0.1.0
|
|
Provides: bundled(crate(cryptography-key-parsing)) = 0.1.0
|
|
Provides: bundled(crate(cryptography-rust)) = 0.1.0
|
|
Provides: bundled(crate(cryptography-x509)) = 0.1.0
|
|
Provides: bundled(crate(cryptography-x509-verification)) = 0.1.0
|
|
Provides: bundled(crate(cryptography-openssl)) = 0.1.0
|
|
|
|
%description
|
|
cryptography is a package designed to expose cryptographic primitives and
|
|
recipes to Python developers.
|
|
|
|
%prep
|
|
%autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version}
|
|
%if 0%{?fedora}
|
|
%cargo_prep
|
|
sed -i 's/locked = true//g' pyproject.toml
|
|
%else
|
|
# RHEL: use vendored Rust crates
|
|
%cargo_prep -v vendor
|
|
%endif
|
|
|
|
%if ! 0%{?fedora}
|
|
sed -i 's,--benchmark-disable,,' pyproject.toml
|
|
%endif
|
|
|
|
|
|
%generate_buildrequires
|
|
%pyproject_buildrequires
|
|
%if 0%{?fedora}
|
|
# Fedora: use RPMified crates
|
|
%cargo_generate_buildrequires
|
|
%endif
|
|
|
|
|
|
%build
|
|
export RUSTFLAGS="%build_rustflags"
|
|
export OPENSSL_NO_VENDOR=1
|
|
export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
|
|
%pyproject_wheel
|
|
|
|
%cargo_license_summary
|
|
%{cargo_license} > LICENSE.dependencies
|
|
%if ! 0%{?fedora}
|
|
%cargo_vendor_manifest
|
|
%endif
|
|
|
|
|
|
%install
|
|
# Actually other *.c and *.h are appropriate
|
|
# see https://github.com/pyca/cryptography/issues/1463
|
|
find . -name .keep -print -delete
|
|
find . -name Cargo.toml -print -delete
|
|
%pyproject_install
|
|
%pyproject_save_files %{srcname}
|
|
|
|
|
|
%check
|
|
%if %{with tests}
|
|
%if 0%{?rhel}
|
|
# skip benchmark, hypothesis, and pytz tests on RHEL
|
|
rm -rf tests/bench tests/hypothesis
|
|
# append skipper to skip iso8601 and pretend tests
|
|
cat < %{SOURCE2} >> tests/conftest.py
|
|
%endif
|
|
|
|
# enable SHA-1 signatures for RSA tests
|
|
# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343
|
|
export OPENSSL_ENABLE_SHA1_SIGNATURES=yes
|
|
|
|
# see https://github.com/pyca/cryptography/issues/4885 and
|
|
# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
|
|
# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes
|
|
# not much sense for downstream testing.
|
|
# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure
|
|
PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
|
|
%{__python3} -m pytest \
|
|
--ignore vendor \
|
|
-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
|
|
%endif
|
|
|
|
|
|
%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
|
|
%doc README.rst docs
|
|
%license LICENSE LICENSE.APACHE LICENSE.BSD
|
|
%license LICENSE.dependencies
|
|
%if ! 0%{?fedora}
|
|
%license cargo-vendor.txt
|
|
%endif
|
|
|
|
|
|
%changelog
|
|
%autochangelog
|