From 53ee1e79ed6016cde08fe5cab08b504122e0056b Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Thu, 15 Aug 2019 09:07:49 -0500 Subject: [PATCH 1/8] "Adding package.cfg file" --- package.cfg | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 package.cfg diff --git a/package.cfg b/package.cfg new file mode 100644 index 0000000..66ea79d --- /dev/null +++ b/package.cfg @@ -0,0 +1,2 @@ +[koji] +targets = epel8 epel8-playground \ No newline at end of file From b564f3f78bf90bfefe30ff9c5a7d3485a6f5a4b7 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 7 Jun 2021 21:26:54 -0600 Subject: [PATCH 2/8] Fix tests for EPEL8 --- conda.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/conda.spec b/conda.spec index 3fa8d1a..c438af1 100644 --- a/conda.spec +++ b/conda.spec @@ -83,7 +83,9 @@ BuildRequires: %py3_reqs BuildRequires: python%{python3_pkgversion}-cytoolz >= 0.8.2 %endif # For tests +%if 0%{?fedora} BuildRequires: python-unversioned-command +%endif BuildRequires: python%{python3_pkgversion}-mock BuildRequires: python%{python3_pkgversion}-pytest-cov BuildRequires: python%{python3_pkgversion}-responses @@ -189,6 +191,7 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} conda info # them for now. # tests/core/test_initialize.py tries to unlink /usr/bin/python3 and fails when python is a release candidate # tests/core/test_solve.py::test_cuda_fail_1 fails on non-x86_64 +%if 0%{?fedora} || 0%{?rhel} >= 9 py.test-%{python3_version} -vv -m "not integration" \ --deselect=tests/test_cli.py::TestJson::test_list \ --deselect=tests/test_cli.py::TestRun::test_run_returns_int \ @@ -199,6 +202,11 @@ py.test-%{python3_version} -vv -m "not integration" \ --deselect=tests/core/test_subdir_data.py::test_use_only_tar_bz2 \ --deselect=tests/core/test_initialize.py \ --deselect=tests/core/test_solve.py::test_cuda_fail_1 +%else +rm tests/gateways/test_subprocess.py +py.test-%{python3_version} -vv -m "not integration" \ + -k 'not (test_list or test_run_returns_int or test_run_returns_nonzero_errorlevel or test_run_returns_zero_errorlevel or test_ProgressiveFetchExtract_prefers_conda_v2_format or test_subdir_data_prefers_conda_to_tar_bz2 or test_use_only_tar_bz2 or test_cuda_fail_1 or InitializeTests)' +%endif %files From 18322e53957fd0f38e756ae0a88c443a2a9a2019 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Sep 2021 21:45:45 +0200 Subject: [PATCH 3/8] Add --without tests option for quicker builds Also drop unused define for bootstrap. --- conda.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/conda.spec b/conda.spec index c438af1..2ff3ac5 100644 --- a/conda.spec +++ b/conda.spec @@ -1,4 +1,4 @@ -%{!?_with_bootstrap: %global bootstrap 0} +%bcond_without tests Name: conda Version: 4.10.1 @@ -175,6 +175,7 @@ install -m 0644 -Dt %{buildroot}%{bash_completionsdir}/ %SOURCE1 %check +%if %{with tests} export PATH=%{buildroot}%{_bindir}:$PATH PYTHONPATH=%{buildroot}%{python3_sitelib} conda info @@ -207,6 +208,7 @@ rm tests/gateways/test_subprocess.py py.test-%{python3_version} -vv -m "not integration" \ -k 'not (test_list or test_run_returns_int or test_run_returns_nonzero_errorlevel or test_run_returns_zero_errorlevel or test_ProgressiveFetchExtract_prefers_conda_v2_format or test_subdir_data_prefers_conda_to_tar_bz2 or test_use_only_tar_bz2 or test_cuda_fail_1 or InitializeTests)' %endif +%endif %files From bb59448249288f7d66fe3679c399c2906de9c8c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Sep 2021 10:02:11 +0200 Subject: [PATCH 4/8] Version 4.10.3 (#1977150) New --dry-run option for conda env create and other bugfixes. --- ...back-conda-and-conda_env-entry-point.patch | 29 ++++++++++++++++++ 0002-Go-back-to-ruamel_yaml.patch | 30 +++++++++++++++++++ conda.spec | 14 +++++---- setup.patch | 16 ---------- sources | 2 +- 5 files changed, 69 insertions(+), 22 deletions(-) create mode 100644 0001-Add-back-conda-and-conda_env-entry-point.patch create mode 100644 0002-Go-back-to-ruamel_yaml.patch delete mode 100644 setup.patch diff --git a/0001-Add-back-conda-and-conda_env-entry-point.patch b/0001-Add-back-conda-and-conda_env-entry-point.patch new file mode 100644 index 0000000..c91e727 --- /dev/null +++ b/0001-Add-back-conda-and-conda_env-entry-point.patch @@ -0,0 +1,29 @@ +From ce24f4787ea5647be849590f7eff6f6c1951b504 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 12 Sep 2021 21:04:40 +0200 +Subject: [PATCH 1/2] Add back conda and conda_env entry point + +Partially reverts 0ccc029997e0dc0a28420a89e0cb39c08ff0b738. +'conda init' is designed to fail and emit a warning. Go back +to the normal init. +--- + setup.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 84ecb55cca..bb3db39c4d 100644 +--- a/setup.py ++++ b/setup.py +@@ -86,7 +86,8 @@ setup( + }, + entry_points={ + 'console_scripts': [ +- 'conda=conda.cli.main_pip:main', ++ 'conda=conda.cli.main:main', ++ 'conda-env = conda_env.cli.main:main', + ], + }, + install_requires=install_requires, +-- +2.32.0 + diff --git a/0002-Go-back-to-ruamel_yaml.patch b/0002-Go-back-to-ruamel_yaml.patch new file mode 100644 index 0000000..7890f54 --- /dev/null +++ b/0002-Go-back-to-ruamel_yaml.patch @@ -0,0 +1,30 @@ +From 4eefe365897af2fcd91b47433140f994777ebd31 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 12 Sep 2021 21:12:27 +0200 +Subject: [PATCH] Go back to ruamel.yaml + +What a mess conda is! +--- + conda.recipe/run_test.sh | 2 +- + setup.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/setup.py b/setup.py +index cd9c5715b0..56bb5bbeaf 100644 +--- a/setup.py ++++ b/setup.py +@@ -37,9 +37,9 @@ install_requires = [ + ] + + if os.getenv('CONDA_BUILD', None) == '1': +- install_requires.append("ruamel_yaml_conda >=0.11.14") ++ install_requires.append("ruamel.yaml >=0.11.14") + else: +- install_requires.append("ruamel_yaml_conda >=0.11.14") ++ install_requires.append("ruamel.yaml >=0.11.14") + + + def package_files(*root_directories): +-- +2.32.0 + diff --git a/conda.spec b/conda.spec index 2ff3ac5..c55b00e 100644 --- a/conda.spec +++ b/conda.spec @@ -1,8 +1,8 @@ %bcond_without tests Name: conda -Version: 4.10.1 -Release: 2%{?dist} +Version: 4.10.3 +Release: 1%{?dist} Summary: Cross-platform, Python-agnostic binary package manager License: BSD and ASL 2.0 and LGPLv2+ and MIT @@ -17,7 +17,6 @@ Source0: https://github.com/conda/conda/archive/%{version}/%{name}-%{vers Source1: https://raw.githubusercontent.com/tartansandal/conda-bash-completion/1.5/conda Patch0: conda_sys_prefix.patch Patch1: conda_gateways_disk_create.patch -Patch2: setup.patch # Use system cpuinfo Patch3: conda-cpuinfo.patch # Fix tests on 32bit @@ -29,6 +28,8 @@ Patch10003: 0003-Drop-fs-path-encoding-manipulation-under-python2.patch Patch10004: 0004-Do-not-try-to-run-usr-bin-python.patch Patch10005: 0005-Fix-failing-tests-in-test_api.py.patch Patch10006: 0006-shell-assume-shell-plugins-are-in-etc.patch +Patch10007: 0001-Add-back-conda-and-conda_env-entry-point.patch +Patch10008: 0002-Go-back-to-ruamel_yaml.patch BuildArch: noarch @@ -64,6 +65,7 @@ can only use conda to create and manage new environments.} python%{python3_pkgversion}-frozendict >= 1.2 \ python%{python3_pkgversion}-pycosat >= 0.6.3 \ python%{python3_pkgversion}-pyOpenSSL >= 16.2.0 \ + python%{python3_pkgversion}-pyyaml \ python%{python3_pkgversion}-requests >= 2.18.4 \ python%{python3_pkgversion}-ruamel-yaml >= 0.11.14 \ python%{python3_pkgversion}-tqdm >= 4.22.0 \ @@ -88,6 +90,7 @@ BuildRequires: python-unversioned-command %endif BuildRequires: python%{python3_pkgversion}-mock BuildRequires: python%{python3_pkgversion}-pytest-cov +BuildRequires: python%{python3_pkgversion}-pytest-timeout BuildRequires: python%{python3_pkgversion}-responses Requires: %py3_reqs @@ -144,12 +147,10 @@ sed -i -e s/linux-64/%{python3_platform}/ tests/data/conda_format_repo/%{python3 %build # build conda executable -%define py_setup utils/setup-testing.py %py3_build %install # install conda executable -%define py_setup utils/setup-testing.py %py3_install mkdir -p %{buildroot}%{_datadir}/conda/condarc.d @@ -234,6 +235,9 @@ py.test-%{python3_version} -vv -m "not integration" \ %changelog +* Sun Sep 12 2021 Zbigniew Jędrzejewski-Szmek - 4.10.3-1 +- Update to 4.10.3 + * Fri Jun 04 2021 Python Maint - 4.10.1-2 - Rebuilt for Python 3.10 diff --git a/setup.patch b/setup.patch deleted file mode 100644 index cf2fb6b..0000000 --- a/setup.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/utils/setup-testing.py b/utils/setup-testing.py -index 7036d44..19793f8 100755 ---- a/utils/setup-testing.py -+++ b/utils/setup-testing.py -@@ -3,10 +3,7 @@ - from __future__ import absolute_import, division, print_function, unicode_literals - import os - import sys --if 'develop' in sys.argv: -- from setuptools import setup --else: -- from distutils.core import setup -+from setuptools import setup - - if not (sys.version_info[:2] == (2, 7) or sys.version_info[:2] >= (3, 3)): - sys.exit("conda is only meant for Python 2.7 or 3.3 and up. " diff --git a/sources b/sources index 6b16fb9..64c0855 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (conda-4.10.1.tar.gz) = 75796b580abcc91c449461302cecb98cd067285ef03d6630c882177b0b0f8f9df56101480943d5a14855ecfca10c5ea7dcb57c569a3ff538add713f82772a6f0 +SHA512 (conda-4.10.3.tar.gz) = 1f12506229975a04920745eaca2a06d3ef4b2ef76a7bd78473f156dfc64f16b63f0303a2a14cfa25cdb25081de2a24e451cc401184d7a4f77174292b901224c6 From 00f84a234836fb09870f3b3228d77ba04a0c05bb Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 11 Oct 2021 20:38:31 -0600 Subject: [PATCH 5/8] Remove unused patch --- ...x-import-of-collections.abc.Iterable.patch | 43 ------------------- 1 file changed, 43 deletions(-) delete mode 100644 0007-Fix-import-of-collections.abc.Iterable.patch diff --git a/0007-Fix-import-of-collections.abc.Iterable.patch b/0007-Fix-import-of-collections.abc.Iterable.patch deleted file mode 100644 index debbcae..0000000 --- a/0007-Fix-import-of-collections.abc.Iterable.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d0d6e937582d673d7b319ff9f26d55a39c3b6b7f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 4 Feb 2020 14:15:35 +0100 -Subject: [PATCH] Fix import of collections.abc.Iterable - -Required for python3.9 compatibility. ---- - conda/_vendor/auxlib/compat.py | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/conda/_vendor/auxlib/compat.py b/conda/_vendor/auxlib/compat.py -index 2cd720e0e5..efb4c111bf 100644 ---- a/conda/_vendor/auxlib/compat.py -+++ b/conda/_vendor/auxlib/compat.py -@@ -2,7 +2,6 @@ - from __future__ import absolute_import, division, print_function - - import codecs --import collections - from itertools import chain - import os - import sys -@@ -17,6 +16,11 @@ from shlex import split - from functools import partial - from tempfile import NamedTemporaryFile, template - -+try: -+ from collections.abc import Iterable # NOQA -+except ImportError: -+ from collections import Iterable # NOQA -+ - try: - from collections import OrderedDict as odict # NOQA - except ImportError: -@@ -34,7 +38,7 @@ def isiterable(obj): - and not isinstance(obj, string_types) - and type(obj) is not type) - else: -- return not isinstance(obj, string_types) and isinstance(obj, collections.Iterable) -+ return not isinstance(obj, string_types) and isinstance(obj, Iterable) - - - # shlex.split() is a poor function to use for anything general purpose (like calling subprocess). From 18aac1659d2f59144804ee33e240de8a9ffc95ae Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Fri, 28 Jan 2022 08:19:26 -0800 Subject: [PATCH 6/8] Remove package.cfg; Part of epel8-playground decommission --- package.cfg | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 package.cfg diff --git a/package.cfg b/package.cfg deleted file mode 100644 index 66ea79d..0000000 --- a/package.cfg +++ /dev/null @@ -1,2 +0,0 @@ -[koji] -targets = epel8 epel8-playground \ No newline at end of file From ab2324e5acd2e26d7e23fbf9a21b1ea8eeb842bc Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 16 Nov 2024 17:36:05 -0700 Subject: [PATCH 7/8] Use usedforsecurity=False for hashlib.md5 for FIPS compliance (rhbz#2326223) --- 11658.patch | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++ conda.spec | 8 ++++- 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 11658.patch diff --git a/11658.patch b/11658.patch new file mode 100644 index 0000000..1dbbf9f --- /dev/null +++ b/11658.patch @@ -0,0 +1,88 @@ +From 90dbad6b08c7006dc8af2dca0937e45cc57389bb Mon Sep 17 00:00:00 2001 +From: Christopher Howard +Date: Tue, 26 Jul 2022 14:19:31 -0400 +Subject: [PATCH 1/3] add usedforsecurity=False for hashlib.md5 for FIPS + compliance + +--- + conda/core/subdir_data.py | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/conda/core/subdir_data.py b/conda/core/subdir_data.py +index 80f24cc58d6..b0957329aad 100644 +--- a/conda/core/subdir_data.py ++++ b/conda/core/subdir_data.py +@@ -905,8 +905,11 @@ def cache_fn_url(url, repodata_fn=REPODATA_FN): + # are looking for the cache under keys without this. + if repodata_fn != REPODATA_FN: + url += repodata_fn +- md5 = hashlib.md5(ensure_binary(url)).hexdigest() +- return '%s.json' % (md5[:8],) ++ try: ++ md5 = hashlib.md5(ensure_binary(url)) ++ except ValueError: ++ md5 = hashlib.md5(ensure_binary(url), usedforsecurity=False) ++ return '%s.json' % (md5.hexdigest()[:8],) + + + def add_http_value_to_dict(resp, http_key, d, dict_key): + +From 5614fe05036d833139a6cabca2ec7dff3868c78b Mon Sep 17 00:00:00 2001 +From: Christopher Howard +Date: Tue, 26 Jul 2022 14:38:59 -0400 +Subject: [PATCH 2/3] Add news for FIPS support fix + +--- + news/11658-add-fips-md5-support | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + create mode 100644 news/11658-add-fips-md5-support + +diff --git a/news/11658-add-fips-md5-support b/news/11658-add-fips-md5-support +new file mode 100644 +index 00000000000..8c7275302a5 +--- /dev/null ++++ b/news/11658-add-fips-md5-support +@@ -0,0 +1,19 @@ ++### Enhancements ++ ++* ++ ++### Bug fixes ++ ++* Fix MD5 hash generation for FIPS-enabled systems (#11658) ++ ++### Deprecations ++ ++* ++ ++### Docs ++ ++* ++ ++### Other ++ ++* + +From 7bd0dddad07c480a6dd29da1f32971f8ef2da17e Mon Sep 17 00:00:00 2001 +From: Christopher Howard +Date: Wed, 27 Jul 2022 09:33:18 -0400 +Subject: [PATCH 3/3] Add TODO for FIPS MD5 refactor when Python 3.9+ + +--- + conda/core/subdir_data.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/conda/core/subdir_data.py b/conda/core/subdir_data.py +index b0957329aad..7ab4a1d4f6a 100644 +--- a/conda/core/subdir_data.py ++++ b/conda/core/subdir_data.py +@@ -905,6 +905,9 @@ def cache_fn_url(url, repodata_fn=REPODATA_FN): + # are looking for the cache under keys without this. + if repodata_fn != REPODATA_FN: + url += repodata_fn ++ ++ # TODO: remove try-except when conda only supports Python 3.9+, as ++ # `usedforsecurity=False` was added in 3.9. + try: + md5 = hashlib.md5(ensure_binary(url)) + except ValueError: diff --git a/conda.spec b/conda.spec index c55b00e..04793bf 100644 --- a/conda.spec +++ b/conda.spec @@ -2,7 +2,7 @@ Name: conda Version: 4.10.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Cross-platform, Python-agnostic binary package manager License: BSD and ASL 2.0 and LGPLv2+ and MIT @@ -17,6 +17,9 @@ Source0: https://github.com/conda/conda/archive/%{version}/%{name}-%{vers Source1: https://raw.githubusercontent.com/tartansandal/conda-bash-completion/1.5/conda Patch0: conda_sys_prefix.patch Patch1: conda_gateways_disk_create.patch +# Use usedforsecurity=False for hashlib.md5 for FIPS compliance +# https://bugzilla.redhat.com/show_bug.cgi?id=2326223 +Patch2: https://github.com/conda/conda/pull/11658.patch # Use system cpuinfo Patch3: conda-cpuinfo.patch # Fix tests on 32bit @@ -235,6 +238,9 @@ py.test-%{python3_version} -vv -m "not integration" \ %changelog +* Sun Nov 17 2024 Orion Poplawski - 4.10.3-2 +- Use usedforsecurity=False for hashlib.md5 for FIPS compliance (rhbz#2326223) + * Sun Sep 12 2021 Zbigniew Jędrzejewski-Szmek - 4.10.3-1 - Update to 4.10.3 From 3a561cb7c4d1a94793ce8d78b14ba7e1eda69926 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 16 Nov 2024 20:07:18 -0700 Subject: [PATCH 8/8] Exclude more tests due to whitespace differences --- conda.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/conda.spec b/conda.spec index 04793bf..c8857ae 100644 --- a/conda.spec +++ b/conda.spec @@ -208,9 +208,14 @@ py.test-%{python3_version} -vv -m "not integration" \ --deselect=tests/core/test_initialize.py \ --deselect=tests/core/test_solve.py::test_cuda_fail_1 %else +# Whitespace differences +# tests/cli/test_config.py::test_channels_* +# tests/cli/test_config.py::test_set_*key +# tests/cli/test_config.py::test_add_key +# tests/common/test_yaml.py::test_yaml_complex rm tests/gateways/test_subprocess.py py.test-%{python3_version} -vv -m "not integration" \ - -k 'not (test_list or test_run_returns_int or test_run_returns_nonzero_errorlevel or test_run_returns_zero_errorlevel or test_ProgressiveFetchExtract_prefers_conda_v2_format or test_subdir_data_prefers_conda_to_tar_bz2 or test_use_only_tar_bz2 or test_cuda_fail_1 or InitializeTests)' + -k 'not (test_list or test_run_returns_int or test_run_returns_nonzero_errorlevel or test_run_returns_zero_errorlevel or test_ProgressiveFetchExtract_prefers_conda_v2_format or test_subdir_data_prefers_conda_to_tar_bz2 or test_use_only_tar_bz2 or test_cuda_fail_1 or InitializeTests or test_channels_prepend or test_channels_prepend_duplicate or test_channels_append or test_channels_append_duplicate or test_channels_remove or test_set_key or test_set_map_key or test_add_key or test_yaml_complex or test_set_unconfigured_key)' %endif %endif