The python-cryptography rpms
Find a file
Francisco Trivino 8b20f8b3cf Do not build OpenSSL ENGINE support on RHEL >= 10
OpenSSL ENGINEs are deprecated upstream, have subtle bugs, and (as all
deprecated functionality) are not supposed to be used in FIPS mode.
There is now a good alternative in pkcs11-provider, so remove support
for ENGINEs from python-cryptography.

Also, the OpenSSL engine headers were moved to a separate package on
Fedora 41, so add the necessary dependency on the new subpackage if
engine support is enabled on Fedora >= 41.

Fixes: RHEL-33747

Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
2024-07-17 12:31:53 +02:00
.gitignore Update to 42.0.8, resolves RHBZ#2251816" 2024-07-03 09:25:42 -04:00
changelog Switch to autorelease and autochangelog macros 2024-07-03 10:27:54 -04:00
conftest-skipper.py Skip iso8601 and pretend tests on RHEL 2021-02-12 16:47:08 +01:00
python-cryptography.spec Do not build OpenSSL ENGINE support on RHEL >= 10 2024-07-17 12:31:53 +02:00
README.md Update to 3.4.7, use vectors from sources (#1952024) 2021-04-22 08:07:57 +02:00
skip-overflow-tests-32bit.patch Update to 42.0.8, resolves RHBZ#2251816" 2024-07-03 09:25:42 -04:00
sources Update to 42.0.8, resolves RHBZ#2251816" 2024-07-03 09:25:42 -04:00
vendor_rust.py Update to 42.0.8, resolves RHBZ#2251816" 2024-07-03 09:25:42 -04:00

PyCA cryptography

https://cryptography.io/en/latest/

Packaging python-cryptography

The example assumes

  • Fedora Rawhide (f34)
  • PyCA cryptography release 3.4
  • Update Bugzilla issue is RHBZ#00000001

Build new python-cryptography

Switch and update branch

fedpkg switch-branch rawhide
fedpkg pull

Bump version and get sources

rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec
spectool -gf python-cryptography.spec

Upload new source

fedpkg new-sources cryptography-3.4.tar.gz

Commit changes

fedpkg commit --clog
fedpkg push

Build

fedpkg build

RHEL/CentOS builds

RHEL and CentOS use a different approach for Rust crates packaging than Fedora. On Fedora Rust dependencies are packaged as RPMs, e.g. rust-pyo3+default-devel RPM. These packages don't exist on RHEL and CentOS. Instead python-cryptography uses a tar ball with vendored crates. The tar ball is created by a script:

./vendor_rust.py
rhpkg upload cryptography-3.4-vendor.tar.bz2