Sync from SUSE:ALP:Source:Standard:1.0 saltbundlepy-certifi revision 82863fa4c321bb717f7f9152ecf3fb76

This commit is contained in:
Adrian Schröter 2024-07-12 12:16:28 +02:00
commit cad0e3fe80
6 changed files with 590 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
certifi-2023.7.22.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,120 @@
diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.py
--- certifi-2022.9.24.orig/certifi/core.py 2022-09-13 22:15:32.000000000 +0200
+++ certifi-2022.9.24/certifi/core.py 2022-11-15 12:56:32.415823730 +0100
@@ -3,106 +3,18 @@
~~~~~~~~~~
This module returns the installation location of cacert.pem or its contents.
-"""
-import sys
-
-if sys.version_info >= (3, 11):
+Patched by openSUSE: return the system bundle
+"""
- from importlib.resources import as_file, files
+import io
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the file
- # in cases where we're inside of a zipimport situation until someone
- # actually calls where(), but we don't want to re-extract the file
- # on every call of where(), so we'll do it once then store it in a
- # global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you to
- # manage the cleanup of this file, so it doesn't actually return a
- # path, it returns a context manager that will give you the path
- # when you enter it and will do any cleanup when you leave it. In
- # the common case of not needing a temporary file, it will just
- # return the file system location and the __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = as_file(files("certifi").joinpath("cacert.pem"))
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")
-
-elif sys.version_info >= (3, 7):
-
- from importlib.resources import path as get_path, read_text
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the
- # file in cases where we're inside of a zipimport situation until
- # someone actually calls where(), but we don't want to re-extract
- # the file on every call of where(), so we'll do it once then store
- # it in a global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you
- # to manage the cleanup of this file, so it doesn't actually
- # return a path, it returns a context manager that will give
- # you the path when you enter it and will do any cleanup when
- # you leave it. In the common case of not needing a temporary
- # file, it will just return the file system location and the
- # __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = get_path("certifi", "cacert.pem")
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
-
-else:
- import os
- import types
- from typing import Union
-
- Package = Union[types.ModuleType, str]
- Resource = Union[str, "os.PathLike"]
-
- # This fallback will work for Python versions prior to 3.7 that lack the
- # importlib.resources module but relies on the existing `where` function
- # so won't address issues with environments like PyOxidizer that don't set
- # __file__ on modules.
- def read_text(
- package: Package,
- resource: Resource,
- encoding: str = 'utf-8',
- errors: str = 'strict'
- ) -> str:
- with open(where(), encoding=encoding) as data:
- return data.read()
-
- # If we don't have importlib.resources, then we will just do the old logic
- # of assuming we're on the filesystem and munge the path directly.
- def where() -> str:
- f = os.path.dirname(__file__)
+def read_text(_module=None, _path=None, encoding="ascii"):
+ with io.open(where(), "r", encoding=encoding) as data:
+ return data.read()
- return os.path.join(f, "cacert.pem")
+def where():
+ return "/etc/ssl/ca-bundle.pem"
- def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
+def contents() -> str:
+ return read_text(encoding="ascii")

View File

@ -0,0 +1,264 @@
-------------------------------------------------------------------
Fri Dec 15 15:07:16 UTC 2023 - Victor Zhestkov <vzhestkov@suse.com>
- Update to 2023.7.22:
Added certs:
* CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited
* CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited
* CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation
* CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation
* CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos
* CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos
Removed certs:
* CN=Hongkong Post Root CA 1 O=Hongkong Post
* CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim
Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi
* CN=E-Tugra Global Root CA RSA v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center
* CN=E-Tugra Global Root CA ECC v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center
- Update to 2023.5.7:
Added certs:
* CN=BJCA Global Root CA1 O=BEIJING CERTIFICATE AUTHORITY
- Update to 2022.12.7 (bsc#1206212 CVE-2022-23491):
* obsoletes removeTrustCor.patch in older dists
Removed certs:
* CN=Network Solutions Certificate Authority O=Network Solutions L.L.C.
* CN=Staat der Nederlanden EV Root CA O=Staat der Nederlanden
* CN=TrustCor RootCert CA-1 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority
* CN=TrustCor RootCert CA-2 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority
* CN=TrustCor ECA-1 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority
- Update to 2022.9.24:
* (no changes)
- from version 2022.09.24:
* (no changes)
- from version 2022.09.14:
* (no changes)
- from version 2022.06.15.2:
* Only use importlib.resources's new files() /
Traversable API on Python ≥3.11 (#204)
- from version 2022.06.15.1:
* Fix deprecation warning on Python 3.11 (#199)
* fixes #198 -- update link in license
- from version 2022.06.15:
* Add py.typed to MANIFEST.in to package in sdist (#196)
- from version 2022.05.18.1:
* Add support for Python 3.10 and drop EOL 3.5 (#167)
- from version 2022.05.18:
* Automatically lock github issues after
they've been closed for 90 days (#189)
* Remove universal wheel, python 2 is unsupported (#187)
* Add type annotations to package
* Added Required Python Version (#152)
* Fix homepage link (#145)
- Update to 2021.10.8:
added certs:
* CN=TunTrust Root CA O=Agence Nationale de Certification Electronique
* CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA
- Update to 2021.5.30:
Added certs:
* CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS O=FNMT-RCM OU=Ceres
* CN=GlobalSign Root R46 O=GlobalSign nv-sa
* CN=GlobalSign Root E46 O=GlobalSign nv-sa
* CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
* CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz
* CN=Certum EC-384 CA O=Asseco Data Systems S.A. OU=Certum Certification Authority
* CN=Certum Trusted Root CA O=Asseco Data Systems S.A. OU=Certum Certification Authority
- Update to 2020.12.5:
* (no changes)
- Update to 2020.11.8:
* Python 3.8+ support
- Update to 2020.6.20:
* Updates in enabled CAs
- changes from version 2020.04.05.2:
* Document policy for cert addition (#127)
* Clarify trust origin is Mozilla (#126)
* Fix where() so that it works with importlib.resources when
available
* Goodbye python 2
- Update to 2020.4.5.1:
adds Agencia Catalana de Certificacio (NIF Q-0801176-I) OU=Serveis
Publics de Certificacio/Vegeu
- Update to 2019.11.28:
* Updates in enabled CAs
- Update to 2019.9.11:
* Updates in enabled CAs
- Update to 2019.6.16:
* remove Certinomis Root CA
- Update to 2019.3.9:
* Add emSign Root CA - G1
* Add emSign ECC Root CA - G3
* Add Hongkong Post Root CA 3
- Update to 2018.11.29:
* Deprecated old_where() has been removed
* Removed certificates:
Visa eCommerce Root
Certplus Root CA G1
Certplus Root CA G2
OpenTrust Root CA G1
OpenTrust Root CA G2
OpenTrust Root CA G3
- Update to 2018.4.16:
* Remove Elektronik Sertifika Hizket from cacert.pem
- Added:
* python-certifi-shipped-requests-cabundle.patch
* two-basic-unit-tests.patch
- Removed:
* return-CA-bundle-for-distro.patch
-------------------------------------------------------------------
Tue Oct 3 10:49:11 UTC 2023 - Victor Zhestkov <vzhestkov@suse.com>
- Add openEuler CA bundle path
-------------------------------------------------------------------
Sat Dec 31 14:36:43 UTC 2022 - dbenini@suse.com
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
-------------------------------------------------------------------
Thu Aug 25 06:55:42 UTC 2022 - Victor Zhestkov <victor.zhestkov@suse.com>
- fix the condition for rhel detection to include Fedora
-------------------------------------------------------------------
Fri Aug 12 15:58:51 UTC 2022 - Dirk Müller <dmueller@suse.com>
- fix rhel detection (%%rhel is referring to the major
version and exists on all clones as well)
-------------------------------------------------------------------
Mon Apr 4 12:28:22 UTC 2022 - Victor Zhestkov <victor.zhestkov@suse.com>
- Strictly require Python 3.10 with saltbundlepy requrement
-------------------------------------------------------------------
Fri Mar 18 08:33:18 UTC 2022 - Victor Zhestkov <victor.zhestkov@suse.com>
- Use unified method of returning CA bundle path for the distros
- Added:
* return-CA-bundle-for-distro.patch
- Removed:
* python-certifi-shipped-requests-cabundle.patch
-------------------------------------------------------------------
Sun Feb 4 00:36:29 UTC 2018 - arun@gmx.de
- specfile:
* update copyright year
- update to version 2018.1.18:
* Remove 1024-bit root certificates
* Include license in the list of trove classifiers
* Include license file in the generated wheel package
-------------------------------------------------------------------
Tue Nov 14 23:19:14 UTC 2017 - dmueller@suse.com
- update to 2017.11.5:
* Sync with bundle mozilla release
- remove python-certifi-fix-version-string.patch: obsolete
-------------------------------------------------------------------
Wed Oct 18 17:23:39 UTC 2017 - jmatejek@suse.com
- fix macros to support not having python2
-------------------------------------------------------------------
Thu Oct 12 08:52:57 UTC 2017 - adrian.glaubitz@suse.com
- add patch to fix version string from 2017.07.27.1 to
2017.7.27.1 to fix the build on SLE12_SP3 and earlier
+ python-certifi-fix-version-string.patch
-------------------------------------------------------------------
Tue Oct 3 05:42:11 UTC 2017 - arun@gmx.de
- updated patch
- update to version 2017.7.27.1:
* Use a more expressive API for getting the dir a path is in
* set zip_safe=False to help out setuptools (#63)
* Change license from ISC to MPL-2.0 in setup.py
* Add trove classifiers for missing supported Python versions
* Rename [wheel] section to [bdist_wheel] as the former is legacy
-------------------------------------------------------------------
Mon Jul 10 18:42:12 UTC 2017 - toddrme2178@gmail.com
- Fix wrong-script-interpreter rpmlint error.
- Fix script-without-shebang rpmlint warning.
-------------------------------------------------------------------
Sun Jun 11 20:37:21 UTC 2017 - dmueller@suse.com
- require ca-certificates-mozilla, otherwise certifi does not
provide any ca bundle (the bundled one that openSUSE patches
out is the mozilla bundle as well)
-------------------------------------------------------------------
Sat Jun 10 08:46:52 UTC 2017 - dmueller@suse.com
- update to 2017.4.17
-------------------------------------------------------------------
Sat Apr 8 17:51:03 UTC 2017 - aloisio@gmx.com
- Updated to version 2017.1.23
- Converted to single-spec
- Updated source URL
-------------------------------------------------------------------
Fri Jun 3 23:00:13 UTC 2016 - jacobwinski@gmail.com
- Update to version 2016.2.28
- Update copyright year in spec file
- Fix executable warning (fix taken from python3-certifi)
-------------------------------------------------------------------
Fri Jan 22 12:22:53 UTC 2016 - michael@stroeder.com
- Update to version 2015.11.20.1
-------------------------------------------------------------------
Sat Sep 26 10:27:12 UTC 2015 - toddrme2178@gmail.com
- Update to version 2015.9.6.2:
* Actually ship weak cert bundle.
* Provide old cert bundle.
* Use secure roots by default.
* Update scripts to use mkcert.org
* Concatenate the two roots
* Add the needed 1024-bit roots
* Move mkcert output to non-core file
- Fix dependencies on SLES 11
- Certifi is released under MPL-2.0; fix the license tag
- Rebase python-certifi-shipped-requests-cabundle.patch
-------------------------------------------------------------------
Wed Apr 22 13:31:54 UTC 2015 - mcihar@suse.cz
- Initial packaging

97
saltbundlepy-certifi.spec Normal file
View File

@ -0,0 +1,97 @@
#
# spec file for package saltbundlepy-certifi
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}}
%define pythons saltbundlepy
# Disable python bytecompile for all distros
# It's called explicitly in the spec
%global __brp_python_bytecompile %{nil}
Name: saltbundlepy-certifi
Version: 2023.7.22
Release: 0
Summary: Python package for providing Mozilla's CA Bundle
License: MPL-2.0
Group: Development/Languages/Python
URL: https://pypi.python.org/pypi/certifi
Source: https://files.pythonhosted.org/packages/source/c/certifi/certifi-%{version}.tar.gz
# PATCH-FIX-SUSE -- prefer SUSE certificates
Patch0: python-certifi-shipped-requests-cabundle.patch
# PATCH-FEATURE-UPSTREAM two-basic-unit-tests.patch gh#certifi/python-certifi#137 mcepl@suse.com
# Add at least primitive test suite (by bnavigator)
Patch1: two-basic-unit-tests.patch
BuildRequires: %{saltbundlepy_module devel >= 3.10}
BuildRequires: %{saltbundlepy_module setuptools}
BuildRequires: ca-certificates
BuildRequires: fdupes
BuildRequires: saltbundlepy-rpm-macros
Requires: ca-certificates
Requires: ca-certificates-mozilla
Requires: saltbundlepy-base
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%python_subpackages
%description
Certifi provides Mozilla's carefully curated collection of Root Certificates
for validating the trustworthiness of SSL certificates while verifying the
identity of TLS hosts. It has been extracted from the Requests project.
Note that on SUSE packages the used CA bundle is actually the system bundle
%prep
%autosetup -p1 -n certifi-%{version}
%if 0%{?suse_version}
export CA_BUNDLE_PATH=/etc/ssl/ca-bundle.pem
%endif
%if 0%{?rhel} || 0%{?fedora} || 0%{?openeuler_version}
export CA_BUNDLE_PATH=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
%endif
%if 0%{?debian_version} || 0%{?ubuntu_version}
export CA_BUNDLE_PATH=/etc/ssl/certs/ca-certificates.crt
%endif
if [ -z "${CA_BUNDLE_PATH}" ]; then
echo "Error: Unable to define CA bundle path!"
exit 1
fi
sed -i "s#/etc/ssl/ca-bundle.pem#${CA_BUNDLE_PATH}#" certifi/core.py
%build
%python_build
%install
%python_install
%{python_expand chmod +x %{buildroot}%{$python_sitelib}/certifi/core.py
sed -i "s|#!/usr/bin/env python|#!%{__$python}|" %{buildroot}/%{$python_sitelib}/certifi/core.py
rm %{buildroot}%{$python_sitelib}/certifi/cacert.pem
find %{buildroot}%{$python_sitelib} -name '*.pyc' -delete
%{__$python} -m compileall -d %{$python_sitelib} %{buildroot}%{$python_sitelib}
%{__$python} -O -m compileall -d %{$python_sitelib} %{buildroot}%{$python_sitelib}
%fdupes %{buildroot}%{$python_sitelib}
}
%files %{python_files}
%defattr(-,root,root,-)
%doc README.rst LICENSE
%{python_sitelib}/certifi/
%{python_sitelib}/certifi-%{version}-py*.egg-info
%changelog

View File

@ -0,0 +1,83 @@
From 7d617ff9dddee73bde86b79c9aa2f1c98f19e339 Mon Sep 17 00:00:00 2001
From: Benjamin Greiner <code@bnavigator.de>
Date: Sun, 16 Aug 2020 20:17:39 +0200
Subject: [PATCH 1/2] add 2 basic unit tests
---
.github/workflows/python-package.yml | 40 +++++++++++++++++++++++++++++++++++
certifi/tests/__init__.py | 2 +
certifi/tests/test_certifi.py | 19 ++++++++++++++++
3 files changed, 61 insertions(+)
create mode 100644 certifi/tests/__init__.py
create mode 100755 certifi/tests/test_certifi.py
--- /dev/null
+++ b/certifi/tests/__init__.py
@@ -0,0 +1,2 @@
+# certifi.tests module
+
--- /dev/null
+++ b/certifi/tests/test_certifi.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+"""
+unit tests to make sure everything behaves as expected
+"""
+
+import os
+import unittest
+
+import certifi
+
+
+class TestCertifi(unittest.TestCase):
+ def test_cabundle_exists(self):
+ """Check that the reported bundle exists"""
+ self.assertTrue(os.path.exists(certifi.where()))
+
+ def test_read_contents(self):
+ """Check that the returned contents contain a certificate"""
+ self.assertIn("-----BEGIN CERTIFICATE-----", certifi.contents())
--- /dev/null
+++ b/.github/workflows/python-package.yml
@@ -0,0 +1,40 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Python package
+
+on:
+ push:
+ branches: [ master ]
+ pull_request:
+ branches: [ master ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ python-version: [3.5, 3.6, 3.7, 3.8]
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Python ${{ matrix.python-version }}
+ uses: actions/setup-python@v2
+ with:
+ python-version: ${{ matrix.python-version }}
+ - name: Install test dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install pytest
+ # pip install flake8 pytest
+ # if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+ #- name: Lint with flake8
+ # run: |
+ # # stop the build if there are Python syntax errors or undefined names
+ # flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+ # # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+ # flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+ - name: Test with pytest
+ run: |
+ pytest