diff --git a/.gitignore b/.gitignore index fca5c45..4ad8197 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,11 @@ /cryptography-42.0.8-vendor.tar.bz2 /cryptography-43.0.0.tar.gz /cryptography-43.0.0-vendor.tar.bz2 +/cryptography-44.0.0.tar.gz +/cryptography-44.0.0-vendor.tar.bz2 +/cryptography-45.0.2.tar.gz +/cryptography-45.0.2-vendor.tar.bz2 +/cryptography-45.0.3.tar.gz +/cryptography-45.0.3-vendor.tar.bz2 +/cryptography-45.0.4.tar.gz +/cryptography-45.0.4-vendor.tar.bz2 diff --git a/11328.patch b/11328.patch deleted file mode 100644 index 3dd1aee..0000000 --- a/11328.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 7a1927b07343ee0e873017c3f5d58c56ea9e9ab1 Mon Sep 17 00:00:00 2001 -From: Christian Heimes -Date: Mon, 22 Jul 2024 09:09:05 +0200 -Subject: [PATCH] Don't include engine.h when OPENSSL_NO_ENGINE is defined - -Fedora 41 and RHEL 10 are deprecating and phasing out OpenSSL ENGINE -support. Downstream has moved `openssl/engine.h` into a separate RPM -package and is recompiling packages with `-DOPENSSL_NO_ENGINE=1`. The -compiler flag disables PyCA cryptography's ENGINE support successfully. -We also like to build the downstream package without the `engine.h` -header file present. - -This commit makes the include conditional. The `ENGINE` type is -defined in `openssl/types.h`. - -See: https://src.fedoraproject.org/rpms/openssl/c/e67e9d9c40cd2cb9547e539c658e2b63f2736762?branch=rawhide -See: https://issues.redhat.com/browse/RHEL-33747 -Signed-off-by: Christian Heimes ---- - src/_cffi_src/openssl/engine.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py -index 9629a2c8f929..f47e20327003 100644 ---- a/src/_cffi_src/openssl/engine.py -+++ b/src/_cffi_src/openssl/engine.py -@@ -5,7 +5,9 @@ - from __future__ import annotations - - INCLUDES = """ -+#if !defined(OPENSSL_NO_ENGINE) || CRYPTOGRAPHY_IS_LIBRESSL - #include -+#endif - """ - - TYPES = """ diff --git a/python-cryptography.spec b/python-cryptography.spec index d83d2b1..16b4d7e 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -5,22 +5,26 @@ %global srcname cryptography Name: python-%{srcname} -Version: 43.0.0 +Version: 45.0.4 Release: %autorelease Summary: PyCA's cryptography library # cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause, # as well as the Python Software Foundation license for the OS random # engine derived by CPython. -License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 +# Rust crate dependency licenses: +# Apache-2.0 +# Apache-2.0 OR MIT +# BSD-3-Clause +# MIT +# MIT OR Apache-2.0 +License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0) URL: https://cryptography.io/en/latest/ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz # created by ./vendor_rust.py helper script Source1: cryptography-%{version}-vendor.tar.bz2 Source2: conftest-skipper.py -Patch: 11328.patch - ExclusiveArch: %{rust_arches} BuildRequires: openssl-devel @@ -45,7 +49,6 @@ BuildRequires: python%{python3_pkgversion}-iso8601 BuildRequires: python%{python3_pkgversion}-pretend BuildRequires: python%{python3_pkgversion}-pytest-benchmark BuildRequires: python%{python3_pkgversion}-pytest-xdist -BuildRequires: python%{python3_pkgversion}-pytz %endif BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0 %endif @@ -69,14 +72,13 @@ cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. %prep -%autosetup -p1 -n %{srcname}-%{version} +%autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version} %if 0%{?fedora} %cargo_prep sed -i 's/locked = true//g' pyproject.toml -rm src/rust/Cargo.lock %else # RHEL: use vendored Rust crates -%cargo_prep -V 1 +%cargo_prep -v vendor %endif %if ! 0%{?fedora} @@ -88,9 +90,7 @@ sed -i 's,--benchmark-disable,,' pyproject.toml %pyproject_buildrequires %if 0%{?fedora} # Fedora: use RPMified crates -cd src/rust %cargo_generate_buildrequires -cd ../.. %endif @@ -100,11 +100,18 @@ export OPENSSL_NO_VENDOR=1 export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 " %pyproject_wheel +%cargo_license_summary +%{cargo_license} > LICENSE.dependencies +%if ! 0%{?fedora} +%cargo_vendor_manifest +%endif + %install # Actually other *.c and *.h are appropriate # see https://github.com/pyca/cryptography/issues/1463 find . -name .keep -print -delete +find . -name Cargo.toml -print -delete %pyproject_install %pyproject_save_files %{srcname} @@ -112,8 +119,8 @@ find . -name .keep -print -delete %check %if %{with tests} %if 0%{?rhel} -# skip benchmark, hypothesis, and pytz tests on RHEL -rm -rf tests/bench tests/hypothesis tests/x509 +# skip benchmark and hypothesis tests on RHEL +rm -rf tests/bench tests/hypothesis # append skipper to skip iso8601 and pretend tests cat < %{SOURCE2} >> tests/conftest.py %endif @@ -137,6 +144,10 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files} %doc README.rst docs %license LICENSE LICENSE.APACHE LICENSE.BSD +%license LICENSE.dependencies +%if ! 0%{?fedora} +%license cargo-vendor.txt +%endif %changelog diff --git a/sources b/sources index fe39107..e79ea50 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (cryptography-43.0.0.tar.gz) = 3a65539b2f1639d789ea732c6d24d55293c0ca6943c5182d00411fbd1668ab6cac7865f8148bd5f6d4ba676b89780187b77c49da34f4ed34705c94c074037ee7 -SHA512 (cryptography-43.0.0-vendor.tar.bz2) = e3111e086690b28068cc639be8d3c441bb9ffc2a826e3350fff35f746016c5affdf2481df1e6b1f1e5e566ea76e4c20092a3d11aeeaa5b036dc0929a55c80924 +SHA512 (cryptography-45.0.4.tar.gz) = 08b35f414d81f83ee242f5d208f8aabc12dc53f1a0cbffc5be1ed7f9173e9c9863225a7eb5cff4e9f3dacf5e9fcb3e8701e33c441e1562ee13f9e3927fafb3df +SHA512 (cryptography-45.0.4-vendor.tar.bz2) = 5ff616412e65bd342d2b98110d0b058aaa1719ddf0d1a1164b49451b8f5bc49def81cf4913b6b4c2917f28a33cef28a74ad4391b303c2e36752b81f491a4da06