From 78a177912460d18470df2783ed7ef86bdbf84ab5 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jeremycline@linux.microsoft.com>
Date: Tue, 21 Jan 2025 18:39:23 +0000
Subject: [PATCH] Include fix to exclude Cargo.toml from wheels

Merged upstream at https://github.com/pyca/cryptography/pull/12091

[skip changelog]
---
 11328.patch              | 36 ------------------------------------
 11536.patch              | 26 --------------------------
 12091.patch              | 34 ++++++++++++++++++++++++++++++++++
 python-cryptography.spec |  5 +++++
 4 files changed, 39 insertions(+), 62 deletions(-)
 delete mode 100644 11328.patch
 delete mode 100644 11536.patch
 create mode 100644 12091.patch

diff --git a/11328.patch b/11328.patch
deleted file mode 100644
index 3dd1aee..0000000
--- a/11328.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 7a1927b07343ee0e873017c3f5d58c56ea9e9ab1 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Mon, 22 Jul 2024 09:09:05 +0200
-Subject: [PATCH] Don't include engine.h when OPENSSL_NO_ENGINE is defined
-
-Fedora 41 and RHEL 10 are deprecating and phasing out OpenSSL ENGINE
-support. Downstream has moved `openssl/engine.h` into a separate RPM
-package and is recompiling packages with `-DOPENSSL_NO_ENGINE=1`. The
-compiler flag disables PyCA cryptography's ENGINE support successfully.
-We also like to build the downstream package without the `engine.h`
-header file present.
-
-This commit makes the include conditional. The `ENGINE` type is
-defined in `openssl/types.h`.
-
-See: https://src.fedoraproject.org/rpms/openssl/c/e67e9d9c40cd2cb9547e539c658e2b63f2736762?branch=rawhide
-See: https://issues.redhat.com/browse/RHEL-33747
-Signed-off-by: Christian Heimes <christian@python.org>
----
- src/_cffi_src/openssl/engine.py | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py
-index 9629a2c8f929..f47e20327003 100644
---- a/src/_cffi_src/openssl/engine.py
-+++ b/src/_cffi_src/openssl/engine.py
-@@ -5,7 +5,9 @@
- from __future__ import annotations
- 
- INCLUDES = """
-+#if !defined(OPENSSL_NO_ENGINE) || CRYPTOGRAPHY_IS_LIBRESSL
- #include <openssl/engine.h>
-+#endif
- """
- 
- TYPES = """
diff --git a/11536.patch b/11536.patch
deleted file mode 100644
index b18f149..0000000
--- a/11536.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From aa3e70e086b1f36f55d58a0d84eae0b51dbe7dc6 Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Tue, 3 Sep 2024 20:19:02 -0400
-Subject: [PATCH] allow sha1 in OAEP (#11536)
-
-fixes #11512
----
- src/rust/src/backend/rsa.rs | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/rust/src/backend/rsa.rs b/src/rust/src/backend/rsa.rs
-index 3c01e7421..066b1412a 100644
---- a/src/rust/src/backend/rsa.rs
-+++ b/src/rust/src/backend/rsa.rs
-@@ -70,7 +70,7 @@ fn generate_private_key(public_exponent: u32, key_size: u32) -> CryptographyResu
- }
- 
- fn oaep_hash_supported(md: &openssl::hash::MessageDigest) -> bool {
--    (!cryptography_openssl::fips::is_enabled() && md == &openssl::hash::MessageDigest::sha1())
-+    md == &openssl::hash::MessageDigest::sha1()
-         || md == &openssl::hash::MessageDigest::sha224()
-         || md == &openssl::hash::MessageDigest::sha256()
-         || md == &openssl::hash::MessageDigest::sha384()
--- 
-2.46.0
-
diff --git a/12091.patch b/12091.patch
new file mode 100644
index 0000000..96ef95a
--- /dev/null
+++ b/12091.patch
@@ -0,0 +1,34 @@
+From 68369a6dbae71a9314ac0ecc8b88c435600cb4e9 Mon Sep 17 00:00:00 2001
+From: Johan Andersson <johan.andersson@lime.tech>
+Date: Tue, 3 Dec 2024 00:43:31 +0100
+Subject: [PATCH] build: remove cargo.toml files from wheels
+
+---
+ pyproject.toml | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/pyproject.toml b/pyproject.toml
+index 4266e3bd5ba4..0378e78815e3 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -101,15 +101,17 @@ include = [
+     "src/_cffi_src/**/*.c",
+     "src/_cffi_src/**/*.h",
+ 
+-    "**/Cargo.toml",
+-    "**/Cargo.lock",
++    "Cargo.toml",
++    "Cargo.lock",
++    "src/rust/**/Cargo.toml",
++    "src/rust/**/Cargo.lock",
+     "src/rust/**/*.rs",
+ 
+     "tests/**/*.py",
+ ]
+ exclude = [
+     "vectors/**/*",
+-    "src/rust/target/**/*",
++    "target/**/*",
+     "docs/_build/**/*",
+     ".github/**/*",
+     ".readthedocs.yml",
diff --git a/python-cryptography.spec b/python-cryptography.spec
index c4c0e69..110249d 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -19,6 +19,10 @@ Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py
 
+# Merged for 45.0.0+
+# https://github.com/pyca/cryptography/pull/12091
+Patch: 12091.patch
+
 ExclusiveArch:  %{rust_arches}
 
 BuildRequires:  openssl-devel
@@ -102,6 +106,7 @@ export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
 # Actually other *.c and *.h are appropriate
 # see https://github.com/pyca/cryptography/issues/1463
 find . -name .keep -print -delete
+find . -name Cargo.toml -print -delete
 %pyproject_install
 %pyproject_save_files %{srcname}