Do not build OpenSSL ENGINE support on RHEL >= 10
OpenSSL ENGINEs are deprecated upstream, have subtle bugs, and (as all deprecated functionality) are not supposed to be used in FIPS mode. There is now a good alternative in pkcs11-provider, so remove support for ENGINEs from python-cryptography. Also, the OpenSSL engine headers were moved to a separate package on Fedora 41, so add the necessary dependency on the new subpackage if engine support is enabled on Fedora >= 41. Fixes: RHEL-33747 Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
This commit is contained in:
Francisco Trivino
parent
cf26149d18
commit
8b20f8b3cf
1 changed files with 13 additions and 0 deletions
|
|
@ -4,6 +4,12 @@
|
|||
|
||||
%global srcname cryptography
|
||||
|
||||
%if 0%{?rhel} >= 10
|
||||
%bcond openssl_engine 0
|
||||
%else
|
||||
%bcond openssl_engine 1
|
||||
%endif
|
||||
|
||||
Name: python-%{srcname}
|
||||
Version: 42.0.8
|
||||
Release: %autorelease
|
||||
|
|
@ -24,7 +30,9 @@ Patch1: skip-overflow-tests-32bit.patch
|
|||
ExclusiveArch: %{rust_arches}
|
||||
|
||||
BuildRequires: openssl-devel
|
||||
%if %{with openssl_engine} && 0%{fedora} >= 41
|
||||
BuildRequires: openssl-devel-engine
|
||||
%endif
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gnupg2
|
||||
%if 0%{?fedora}
|
||||
|
|
@ -98,6 +106,11 @@ cd ../..
|
|||
%build
|
||||
export RUSTFLAGS="%build_rustflags"
|
||||
export OPENSSL_NO_VENDOR=1
|
||||
|
||||
%if !%{with openssl_engine}
|
||||
export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1"
|
||||
%endif
|
||||
|
||||
# Temporary work-around for using pyo3 0.20 with Python 3.13 on ELN; This can
|
||||
# be dropped when a cryptography release bumps to pyo3 >= 0.22
|
||||
%if 0%{?rhel}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue