diff --git a/.gitignore b/.gitignore index bd7832a..cf9ac7e 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ /cryptography-3.4.5.tar.gz.asc /cryptography-3.4.6.tar.gz /cryptography-3.4.6.tar.gz.asc +/cryptography-3.4.7.tar.gz diff --git a/README.md b/README.md index ee71b2b..33554c0 100644 --- a/README.md +++ b/README.md @@ -8,57 +8,7 @@ The example assumes * Fedora Rawhide (f34) * PyCA cryptography release ``3.4`` -* Update Bugzilla issues are ``RHBZ#00000001`` and ``RHBZ#00000002`` -* Build side tag is ``f34-build-side-12345`` - -### Request a side tag for building - -python-cryptography builds depend on python-cryptography-vectors -package. Both packages must be build in a side tag. - -```shell -fedpkg request-side-tag --base-tag f34-build -``` - -### Build new python-cryptography-vectors first - -```shell -pushd ../python-cryptography-vectors -``` - -Switch and update branch - -```shell -fedpkg switch-branch rawhide -fedpkg pull -``` - -Bump version and get sources - -```shell -rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography-vectors.spec -spectool -gf python-cryptography-vectors.spec -``` - -Upload sources - -```shell -fedpkg new-sources cryptography_vectors-3.4.tar.gz -``` - -Commit changes - -```shell -fedpkg commit --clog -fedpkg push -``` - -Build and wait for repo to regenerate - -```shell -fedpkg build --target=f34-build-side-12345 -koji wait-repo --build python-cryptography-vectors-3.4-1 f34-build-side-12345 -``` +* Update Bugzilla issue is ``RHBZ#00000001`` ### Build new python-cryptography @@ -72,14 +22,14 @@ fedpkg pull Bump version and get sources ```shell -rpmdev-bumpspec -c "Update to 3.4 (#00000002)" -n 3.4 python-cryptography.spec +rpmdev-bumpspec -c "Update to 3.4 (#00000001)" -n 3.4 python-cryptography.spec spectool -gf python-cryptography.spec ``` -Upload new sources (**two files!**) +Upload new source ```shell -fedpkg new-sources cryptography-3.4.tar.gz cryptography-3.4.tar.gz.asc +fedpkg new-sources cryptography-3.4.tar.gz ``` Commit changes @@ -92,7 +42,7 @@ fedpkg push Build ```shell -fedpkg build --target=f34-build-side-12345 +fedpkg build ``` ## RHEL/CentOS builds diff --git a/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg b/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg deleted file mode 100644 index dcae2d2..0000000 Binary files a/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg and /dev/null differ diff --git a/python-cryptography.spec b/python-cryptography.spec index f157ee4..f107e9b 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -6,23 +6,17 @@ %global pyo3_version 0.13.1 Name: python-%{srcname} -Version: 3.4.6 +Version: 3.4.7 Release: 1%{?dist} Summary: PyCA's cryptography library License: ASL 2.0 or BSD URL: https://cryptography.io/en/latest/ -Source0: %{pypi_source} -Source1: %{pypi_source}.asc -# key ids of upstream authors are published in the AUTHORS file: -# https://github.com/pyca/cryptography/blob/master/AUTHORS.rst -# gpg2 --recv-keys "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" -# gpg2 --export --export-options export-minimal "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" > gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg -Source2: gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg +Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz %if 0%{?rhel} # created by ./vendor_rust.py helper script -Source3: cryptography-%{version}-vendor.tar.bz2 -Source4: conftest-skipper.py +Source1: cryptography-%{version}-vendor.tar.bz2 +Source2: conftest-skipper.py %endif ExclusiveArch: %{rust_arches} @@ -43,7 +37,6 @@ BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.3 BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 %if %{with tests} -BuildRequires: python%{python3_pkgversion}-cryptography-vectors = %{version} %if 0%{?fedora} BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 BuildRequires: python%{python3_pkgversion}-iso8601 @@ -66,13 +59,16 @@ Summary: PyCA's cryptography library Requires: openssl-libs Requires: python%{python3_pkgversion}-six >= 1.4.1 Requires: python%{python3_pkgversion}-cffi >= 1.7 +%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 +# Can be safely removed in Fedora 37 +Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7 +%endif %description -n python%{python3_pkgversion}-%{srcname} cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. %prep -%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 -n %{srcname}-%{version} %generate_buildrequires @@ -86,7 +82,7 @@ rm -f Cargo.lock cd ../.. %else # RHEL: use vendored Rust crates -%cargo_prep -V 3 +%cargo_prep -V 1 %endif %build @@ -104,12 +100,14 @@ find . -name .keep -print -delete # skip hypothesis tests on RHEL rm -rf tests/hypothesis # append skipper to skip iso8601 and pretend tests -cat < %{SOURCE4} >> tests/conftest.py +cat < %{SOURCE2} >> tests/conftest.py %endif # see https://github.com/pyca/cryptography/issues/4885 and # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests -PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)" +PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ + %{__python3} -m pytest \ + -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)" %endif %files -n python%{python3_pkgversion}-%{srcname} @@ -119,6 +117,11 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_ %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info %changelog +* Wed Apr 21 2021 Christian Heimes - 3.4.7-1 +- Update to 3.4.7 +- Remove dependency on python-cryptography-vectors package and use vectors + directly from Github source tar ball. (#1952024) + * Wed Mar 03 2021 Christian Heimes - 3.4.6-1 - Update to 3.4.6 (#1927044) diff --git a/sources b/sources index da81927..a6bf867 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (cryptography-3.4.6.tar.gz) = 30b712adc5cc114faeb7bfef0b9de88c6daefa5a8b99e53bd6d37b8ed560bd1d396cbb202902c307b90f40d695bde151164436bf233fb726dc836c8b70126653 -SHA512 (cryptography-3.4.6.tar.gz.asc) = 91e8c5f5e9e0d440d0882f0bf2f5f039b299c88f03f52d4060f0ee2a18d46ca6503d77444196db91b8d29c7b302b238461795d252777f9bc2953c52789df9fad +SHA512 (cryptography-3.4.7.tar.gz) = e76d0949fbaca06d2f72805bdce8ea85056ae45b978f51d70d1367bbfb1067e9db76a9f080f890e95ec52c788a3d2fd3ba0a286901f97ee2911ebd7a7a8f71a9