diff --git a/conftest-skipper.py b/conftest-skipper.py new file mode 100644 index 0000000000000000000000000000000000000000..5a1de830f3fb89284a9deadf2bcdd850dfaa19c5 --- /dev/null +++ b/conftest-skipper.py @@ -0,0 +1,22 @@ + +class Skipper: + """Skip iso8601 and pretend tests + + RHEL buildroot doesn't have python-iso8601 and python-pretend. Skip + all tests that use the excluded modules. + """ + + def parse_date(self, datestring): + pytest.skip(f"iso8601 module is not available.") + + def stub(self, **kwargs): + pytest.skip(f"pretend module is not available.") + + def raiser(self, exc): + pytest.skip(f"pretend module is not available.") + + +import sys + +sys.modules["iso8601"] = sys.modules["pretend"] = Skipper() + diff --git a/cryptography-36.0.2-vendor.tar.bz2 b/cryptography-36.0.2-vendor.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..8c77a21c4bdda4f67a5f3801294fa98f9851986b Binary files /dev/null and b/cryptography-36.0.2-vendor.tar.bz2 differ diff --git a/cryptography-36.0.2.tar.gz b/cryptography-36.0.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1262dc8188cef7db5753b8b278deea8a7dc18339 Binary files /dev/null and b/cryptography-36.0.2.tar.gz differ diff --git a/python-cryptography.spec b/python-cryptography.spec new file mode 100644 index 0000000000000000000000000000000000000000..ef8702bfc286ebd21398dda9bce7dea919fe8ecd --- /dev/null +++ b/python-cryptography.spec @@ -0,0 +1,102 @@ +%define anolis_release 1 +%bcond_without tests + +%{!?python3_pkgversion:%global python3_pkgversion 3} + +%global srcname cryptography +%global pyo3_version 0.13.1 + +Name: python-%{srcname} +Version: 36.0.2 +Release: %{anolis_release}%{?dist} +Summary: PyCA's cryptography library + +License: ASL 2.0 or BSD +URL: https://cryptography.io/en/latest/ +Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz + # created by ./vendor_rust.py helper script +Source1: cryptography-%{version}-vendor.tar.bz2 +Source2: conftest-skipper.py + +ExclusiveArch: %{rust_arches} + +BuildRequires: openssl-devel +BuildRequires: gcc +BuildRequires: gnupg2 +BuildRequires: rust-packaging + +BuildRequires: python%{python3_pkgversion}-cffi >= 1.7 +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.3 +BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 +# Cargo.toml requires asn1 0.6, but package FTBFS with 0.6.1 +BuildRequires: rust-asn1-devel >= 0.6.4 + +%if %{with tests} +BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 +BuildRequires: python%{python3_pkgversion}-iso8601 +BuildRequires: python%{python3_pkgversion}-pretend +BuildRequires: python%{python3_pkgversion}-pytest-xdist +BuildRequires: python%{python3_pkgversion}-pytest >= 6.0 +BuildRequires: python%{python3_pkgversion}-pytest-subtests >= 0.3.2 +BuildRequires: python%{python3_pkgversion}-pytz +%endif + +%description +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%package -n python%{python3_pkgversion}-%{srcname} +Summary: PyCA's cryptography library +%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}} + +Requires: openssl-libs +Requires: python%{python3_pkgversion}-six >= 1.4.1 +Requires: python%{python3_pkgversion}-cffi >= 1.7 + +Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7 + +%description -n python%{python3_pkgversion}-%{srcname} +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%prep +%autosetup -p1 -n %{srcname}-%{version} + +%generate_buildrequires + +%cargo_prep +cd src/rust +rm -f Cargo.lock +%cargo_generate_buildrequires +cd ../.. + +%build +%py3_build + +%install +# Actually other *.c and *.h are appropriate +find . -name .keep -print -delete +%py3_install + +%check +%if %{with tests} + +# see https://github.com/pyca/cryptography/issues/4885 and +# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests +# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes +# not much sense for downstream testing. +PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ + %{__python3} -m pytest \ + -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_openssl_memleak)" +%endif + +%files -n python%{python3_pkgversion}-%{srcname} +%doc README.rst docs +%license LICENSE LICENSE.APACHE LICENSE.BSD +%{python3_sitearch}/%{srcname} +%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info + +* Sun Apr 24 2022 Zhongling He 36.0.2-1 +- Init package from upstream v36.0.2 diff --git a/vendor_rust.py b/vendor_rust.py new file mode 100644 index 0000000000000000000000000000000000000000..3f71e839293f5630bf9b95757853ce5b7a51ca56 --- /dev/null +++ b/vendor_rust.py @@ -0,0 +1,113 @@ +#!/usr/bin/python3 +"""Vendor PyCA cryptography's Rust crates +""" +import argparse +import os +import re +import tarfile +import tempfile +import shutil +import subprocess +import sys + +VENDOR_DIR = "vendor" +CARGO_TOML = "src/rust/Cargo.toml" +RE_VERSION = re.compile("Version:\s*(.*)") + +parser = argparse.ArgumentParser(description="Vendor Rust packages") +parser.add_argument( + "--spec", default="python-cryptography.spec", help="cryptography source tar bundle" +) + + +def cargo(cmd, manifest): + args = ["cargo", cmd, f"--manifest-path={manifest}"] + return subprocess.check_call( + args, stdout=subprocess.DEVNULL, stderr=sys.stderr, env={} + ) + + +def tar_reset(tarinfo): + """Reset user, group, mtime, and mode to create reproducible tar""" + tarinfo.uid = 0 + tarinfo.gid = 0 + tarinfo.uname = "root" + tarinfo.gname = "root" + tarinfo.mtime = 0 + if tarinfo.type == tarfile.DIRTYPE: + tarinfo.mode = 0o755 + else: + tarinfo.mode = 0o644 + if tarinfo.pax_headers: + raise ValueError(tarinfo.name, tarinfo.pax_headers) + return tarinfo + + +def tar_reproducible(tar, basedir): + """Create reproducible tar file""" + + content = [basedir] + for root, dirs, files in os.walk(basedir): + for directory in dirs: + content.append(os.path.join(root, directory)) + for filename in files: + content.append(os.path.join(root, filename)) + content.sort() + + for fn in content: + tar.add(fn, filter=tar_reset, recursive=False, arcname=fn) + + +def main(): + args = parser.parse_args() + spec = args.spec + + # change cwd to work in bundle directory + here = os.path.dirname(os.path.abspath(spec)) + os.chdir(here) + + # extract version number from bundle name + with open(spec) as f: + for line in f: + mo = RE_VERSION.search(line) + if mo is not None: + version = mo.group(1) + break + else: + raise ValueError(f"Cannot find version in {spec}") + + bundle_file = f"cryptography-{version}.tar.gz" + vendor_file = f"cryptography-{version}-vendor.tar.bz2" + + # remove existing vendor directory and file + if os.path.isdir(VENDOR_DIR): + shutil.rmtree(VENDOR_DIR) + try: + os.unlink(vendor_file) + except FileNotFoundError: + pass + + print(f"Getting crates for {bundle_file}", file=sys.stderr) + + # extract tar file in tempdir + # fetch and vendor Rust crates + with tempfile.TemporaryDirectory(dir=here) as tmp: + with tarfile.open(bundle_file) as tar: + tar.extractall(path=tmp) + manifest = os.path.join(tmp, f"cryptography-{version}", CARGO_TOML) + cargo("fetch", manifest) + cargo("vendor", manifest) + + print("\nCreating tar ball...", file=sys.stderr) + with tarfile.open(vendor_file, "x:bz2") as tar: + tar_reproducible(tar, VENDOR_DIR) + + # remove vendor dir + shutil.rmtree(VENDOR_DIR) + + parser.exit(0, f"Created {vendor_file}\n") + + +if __name__ == "__main__": + main() +