SLFO-pool/python-certifi
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main python-certifi revision f9411ca30d047dca8f6452073e9ea59d

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 20:18:25 +02:00
commit de55aab1de
6 changed files with 613 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
certifi-2023.7.22.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

120
python-certifi-shipped-requests-cabundle.patch Normal file
View File

@ -0,0 +1,120 @@
diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.py
--- certifi-2022.9.24.orig/certifi/core.py 2022-09-13 22:15:32.000000000 +0200
+++ certifi-2022.9.24/certifi/core.py 2022-11-15 12:56:32.415823730 +0100
@@ -3,106 +3,18 @@
~~~~~~~~~~
This module returns the installation location of cacert.pem or its contents.
-"""
-import sys
-
-if sys.version_info >= (3, 11):
+Patched by openSUSE: return the system bundle
+"""
- from importlib.resources import as_file, files
+import io
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the file
- # in cases where we're inside of a zipimport situation until someone
- # actually calls where(), but we don't want to re-extract the file
- # on every call of where(), so we'll do it once then store it in a
- # global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you to
- # manage the cleanup of this file, so it doesn't actually return a
- # path, it returns a context manager that will give you the path
- # when you enter it and will do any cleanup when you leave it. In
- # the common case of not needing a temporary file, it will just
- # return the file system location and the __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = as_file(files("certifi").joinpath("cacert.pem"))
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")
-
-elif sys.version_info >= (3, 7):
-
- from importlib.resources import path as get_path, read_text
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
- def where() -> str:
- # This is slightly terrible, but we want to delay extracting the
- # file in cases where we're inside of a zipimport situation until
- # someone actually calls where(), but we don't want to re-extract
- # the file on every call of where(), so we'll do it once then store
- # it in a global variable.
- global _CACERT_CTX
- global _CACERT_PATH
- if _CACERT_PATH is None:
- # This is slightly janky, the importlib.resources API wants you
- # to manage the cleanup of this file, so it doesn't actually
- # return a path, it returns a context manager that will give
- # you the path when you enter it and will do any cleanup when
- # you leave it. In the common case of not needing a temporary
- # file, it will just return the file system location and the
- # __exit__() is a no-op.
- #
- # We also have to hold onto the actual context manager, because
- # it will do the cleanup whenever it gets garbage collected, so
- # we will also store that at the global level as well.
- _CACERT_CTX = get_path("certifi", "cacert.pem")
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
-
- return _CACERT_PATH
-
- def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
-
-else:
- import os
- import types
- from typing import Union
-
- Package = Union[types.ModuleType, str]
- Resource = Union[str, "os.PathLike"]
-
- # This fallback will work for Python versions prior to 3.7 that lack the
- # importlib.resources module but relies on the existing `where` function
- # so won't address issues with environments like PyOxidizer that don't set
- # __file__ on modules.
- def read_text(
- package: Package,
- resource: Resource,
- encoding: str = 'utf-8',
- errors: str = 'strict'
- ) -> str:
- with open(where(), encoding=encoding) as data:
- return data.read()
-
- # If we don't have importlib.resources, then we will just do the old logic
- # of assuming we're on the filesystem and munge the path directly.
- def where() -> str:
- f = os.path.dirname(__file__)
+def read_text(_module=None, _path=None, encoding="ascii"):
+ with io.open(where(), "r", encoding=encoding) as data:
+ return data.read()
- return os.path.join(f, "cacert.pem")
+def where():
+ return "/etc/ssl/ca-bundle.pem"
- def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
+def contents() -> str:
+ return read_text(encoding="ascii")

305
python-certifi.changes Normal file
View File

@ -0,0 +1,305 @@
-------------------------------------------------------------------
Wed Aug 9 07:54:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2023.7.22:
Added certs:
# CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited
# CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited
# CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation
# CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation
# CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos
# CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos
Removed certs:
# CN=Hongkong Post Root CA 1 O=Hongkong Post
# CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim
Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi
# CN=E-Tugra Global Root CA RSA v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center
# CN=E-Tugra Global Root CA ECC v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center
-------------------------------------------------------------------
Mon May 8 18:01:26 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2023.5.7:
Added certs:
* CN=BJCA Global Root CA1 O=BEIJING CERTIFICATE AUTHORITY
-------------------------------------------------------------------
Wed May 3 15:36:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2022.12.7 (bsc#1206212 CVE-2022-23491):
* obsoletes removeTrustCor.patch in older dists
Removed certs:
* CN=Network Solutions Certificate Authority O=Network Solutions L.L.C.
* CN=Staat der Nederlanden EV Root CA O=Staat der Nederlanden
* CN=TrustCor RootCert CA-1 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority
* CN=TrustCor RootCert CA-2 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority
* CN=TrustCor ECA-1 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority
-------------------------------------------------------------------
Fri Apr 21 12:23:08 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add sle15_python_module_pythons (jsc#PED-68)
-------------------------------------------------------------------
Thu Apr 13 22:40:27 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Make calling of %{sle15modernpython} optional.
-------------------------------------------------------------------
Thu Nov 17 09:31:30 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2022.9.24:
* (no changes)
- from version 2022.09.24:
* (no changes)
- from version 2022.09.14:
* (no changes)
- from version 2022.06.15.2:
* Only use importlib.resources's new files() /
Traversable API on Python ≥3.11 (#204)
- from version 2022.06.15.1:
* Fix deprecation warning on Python 3.11 (#199)
* fixes #198 -- update link in license
- from version 2022.06.15:
* Add py.typed to MANIFEST.in to package in sdist (#196)
- from version 2022.05.18.1:
* Add support for Python 3.10 and drop EOL 3.5 (#167)
- from version 2022.05.18:
* Automatically lock github issues after
they've been closed for 90 days (#189)
* Remove universal wheel, python 2 is unsupported (#187)
* Add type annotations to package
* Added Required Python Version (#152)
* Fix homepage link (#145)
- Refresh patches for new version
* python-certifi-shipped-requests-cabundle.patch
-------------------------------------------------------------------
Sat Jan 15 17:54:53 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2021.10.8:
added certs:
* CN=TunTrust Root CA O=Agence Nationale de Certification Electronique
* CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA
-------------------------------------------------------------------
Thu Jun 17 20:53:23 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2021.5.30:
Added certs:
* CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS O=FNMT-RCM OU=Ceres
* CN=GlobalSign Root R46 O=GlobalSign nv-sa
* CN=GlobalSign Root E46 O=GlobalSign nv-sa
* CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
* CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz
* CN=Certum EC-384 CA O=Asseco Data Systems S.A. OU=Certum Certification Authority
* CN=Certum Trusted Root CA O=Asseco Data Systems S.A. OU=Certum Certification Authority
-------------------------------------------------------------------
Sat Dec 19 10:43:30 UTC 2020 - Dirk Müller <dmueller@suse.com>
- update to 2020.12.5
-------------------------------------------------------------------
Thu Nov 26 09:21:35 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 2020.11.8:
* Python 3.8+ support
-------------------------------------------------------------------
Wed Nov 25 11:41:29 UTC 2020 - Matej Cepl <mcepl@suse.com>
- Add two-basic-unit-tests.patch which includes two at least simple test
patches (gh#certifi/python-certifi#137).
-------------------------------------------------------------------
Sun Aug 16 17:45:09 UTC 2020 - Benjamin Greiner <code@bnavigator.de>
- Update package description
- Fix the butchered python-certifi-shipped-requests-cabundle.patch
broken by last update.
- Add comment about missing tests gh#certifi/python-certifi#136
-------------------------------------------------------------------
Sat Aug 15 17:09:57 UTC 2020 - Arun Persaud <arun@gmx.de>
- specfile:
* update line numbers and whitespace in patch
- update to version 2020.6.20:
* Updates in enabled CAs
- changes from version 2020.04.05.2:
* Document policy for cert addition (#127)
* Clarify trust origin is Mozilla (#126)
* Fix where() so that it works with importlib.resources when
available
* Goodbye python 2
-------------------------------------------------------------------
Wed Jun 3 11:12:41 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 2020.4.5.1:
adds Agencia Catalana de Certificacio (NIF Q-0801176-I) OU=Serveis
Publics de Certificacio/Vegeu
-------------------------------------------------------------------
Fri Jan 24 15:06:39 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
- update to 2019.11.28
* Updates in enabled CAs
-------------------------------------------------------------------
Fri Sep 20 12:43:15 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Sync to the latest 2019.9.11:
* Updates in enabled CAs
-------------------------------------------------------------------
Wed Jul 24 09:12:13 UTC 2019 - pgajdos@suse.com
- version update to 2019.6.16
* remove Certinomis Root CA
-------------------------------------------------------------------
Mon Mar 11 09:58:08 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 2019.3.9:
* Add emSign Root CA - G1
* Add emSign ECC Root CA - G3
* Add Hongkong Post Root CA 3
- Rebase python-certifi-shipped-requests-cabundle.patch
-------------------------------------------------------------------
Mon Feb 11 22:29:47 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Update to 2018.11.29
* Deprecated old_where() has been removed
* Removed certificates
+ Visa eCommerce Root
+ Certplus Root CA G1
+ Certplus Root CA G2
+ OpenTrust Root CA G1
+ OpenTrust Root CA G2
+ OpenTrust Root CA G3
-------------------------------------------------------------------
Tue Jan 8 23:55:51 UTC 2019 - Jonathan Brownell <jbrownell@suse.com>
- Limit SUSE certificate patch to exclude Red Hat platforms since
the relevant /etc/ssl/ca-bundle.pem does not exist there
- %py_compile and %py3_compile macros do not exist on Red Hat;
substitute them with equivalent %python_exec invocations
-------------------------------------------------------------------
Tue Dec 4 12:46:35 UTC 2018 - Matej Cepl <mcepl@suse.com>
- Remove superfluous devel dependency for noarch package
-------------------------------------------------------------------
Tue Apr 17 10:53:35 UTC 2018 - michael@stroeder.com
- update to 2018.4.16
* Remove Elektronik Sertifika Hizket from cacert.pem
- This is noop as we use our cacert list from /etc/ssl/ca-bundle.pem
-------------------------------------------------------------------
Sun Feb 4 00:36:29 UTC 2018 - arun@gmx.de
- specfile:
* update copyright year
- update to version 2018.1.18:
* Remove 1024-bit root certificates
* Include license in the list of trove classifiers
* Include license file in the generated wheel package
-------------------------------------------------------------------
Tue Nov 14 23:19:14 UTC 2017 - dmueller@suse.com
- update to 2017.11.5:
* Sync with bundle mozilla release
- remove python-certifi-fix-version-string.patch: obsolete
-------------------------------------------------------------------
Wed Oct 18 17:23:39 UTC 2017 - jmatejek@suse.com
- fix macros to support not having python2
-------------------------------------------------------------------
Thu Oct 12 08:52:57 UTC 2017 - adrian.glaubitz@suse.com
- add patch to fix version string from 2017.07.27.1 to
2017.7.27.1 to fix the build on SLE12_SP3 and earlier
+ python-certifi-fix-version-string.patch
-------------------------------------------------------------------
Tue Oct 3 05:42:11 UTC 2017 - arun@gmx.de
- updated patch
- update to version 2017.7.27.1:
* Use a more expressive API for getting the dir a path is in
* set zip_safe=False to help out setuptools (#63)
* Change license from ISC to MPL-2.0 in setup.py
* Add trove classifiers for missing supported Python versions
* Rename [wheel] section to [bdist_wheel] as the former is legacy
-------------------------------------------------------------------
Mon Jul 10 18:42:12 UTC 2017 - toddrme2178@gmail.com
- Fix wrong-script-interpreter rpmlint error.
- Fix script-without-shebang rpmlint warning.
-------------------------------------------------------------------
Sun Jun 11 20:37:21 UTC 2017 - dmueller@suse.com
- require ca-certificates-mozilla, otherwise certifi does not
provide any ca bundle (the bundled one that openSUSE patches
out is the mozilla bundle as well)
-------------------------------------------------------------------
Sat Jun 10 08:46:52 UTC 2017 - dmueller@suse.com
- update to 2017.4.17
-------------------------------------------------------------------
Sat Apr 8 17:51:03 UTC 2017 - aloisio@gmx.com
- Updated to version 2017.1.23
- Converted to single-spec
- Updated source URL
-------------------------------------------------------------------
Fri Jun 3 23:00:13 UTC 2016 - jacobwinski@gmail.com
- Update to version 2016.2.28
- Update copyright year in spec file
- Fix executable warning (fix taken from python3-certifi)
-------------------------------------------------------------------
Fri Jan 22 12:22:53 UTC 2016 - michael@stroeder.com
- Update to version 2015.11.20.1
-------------------------------------------------------------------
Sat Sep 26 10:27:12 UTC 2015 - toddrme2178@gmail.com
- Update to version 2015.9.6.2:
* Actually ship weak cert bundle.
* Provide old cert bundle.
* Use secure roots by default.
* Update scripts to use mkcert.org
* Concatenate the two roots
* Add the needed 1024-bit roots
* Move mkcert output to non-core file
- Fix dependencies on SLES 11
- Certifi is released under MPL-2.0; fix the license tag
- Rebase python-certifi-shipped-requests-cabundle.patch
-------------------------------------------------------------------
Wed Apr 22 13:31:54 UTC 2015 - mcihar@suse.cz
- Initial packaging

79
python-certifi.spec Normal file
View File

@ -0,0 +1,79 @@
#
# spec file for package python-certifi
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%{?sle15_python_module_pythons}
Name: python-certifi
Version: 2023.7.22
Release: 0
Summary: Python package for providing Mozilla's CA Bundle
License: MPL-2.0
Group: Development/Languages/Python
URL: https://github.com/certifi/python-certifi
Source: https://files.pythonhosted.org/packages/source/c/certifi/certifi-%{version}.tar.gz
# PATCH-FIX-SUSE -- prefer SUSE certificates
Patch0: python-certifi-shipped-requests-cabundle.patch
# PATCH-FEATURE-UPSTREAM two-basic-unit-tests.patch gh#certifi/python-certifi#137 mcepl@suse.com
# Add at least primitive test suite (by bnavigator)
Patch1: two-basic-unit-tests.patch
BuildRequires: %{python_module setuptools}
BuildRequires: ca-certificates
BuildRequires: ca-certificates-mozilla
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: ca-certificates
Requires: ca-certificates-mozilla
BuildArch: noarch
%python_subpackages
%description
Certifi provides Mozilla's carefully curated collection of Root Certificates
for validating the trustworthiness of SSL certificates while verifying the
identity of TLS hosts. It has been extracted from the Requests project.
Note that on SUSE packages the used CA bundle is actually the system bundle
%prep
%autosetup -p1 -n certifi-%{version}
%build
%python_build
%install
%python_install
%{python_expand chmod +x %{buildroot}%{$python_sitelib}/certifi/core.py
sed -i "s|#!%{_bindir}/env python|#!%__$python|" %{buildroot}/%{$python_sitelib}/certifi/core.py
rm %{buildroot}%{$python_sitelib}/certifi/cacert.pem
}
%python_expand $python -m compileall %{buildroot}%{$python_sitelib}/certifi/
%python_expand $python -O -m compileall %{buildroot}%{$python_sitelib}/certifi/
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
%pyunittest -v certifi.tests.test_certifi
%files %{python_files}
%license LICENSE
%doc README.rst
%{python_sitelib}/certifi/
%{python_sitelib}/certifi-%{version}-py*.egg-info
%changelog

83
two-basic-unit-tests.patch Normal file
View File

@ -0,0 +1,83 @@
From 7d617ff9dddee73bde86b79c9aa2f1c98f19e339 Mon Sep 17 00:00:00 2001
From: Benjamin Greiner <code@bnavigator.de>
Date: Sun, 16 Aug 2020 20:17:39 +0200
Subject: [PATCH 1/2] add 2 basic unit tests
---
.github/workflows/python-package.yml | 40 +++++++++++++++++++++++++++++++++++
certifi/tests/__init__.py | 2 +
certifi/tests/test_certifi.py | 19 ++++++++++++++++
3 files changed, 61 insertions(+)
create mode 100644 certifi/tests/__init__.py
create mode 100755 certifi/tests/test_certifi.py
--- /dev/null
+++ b/certifi/tests/__init__.py
@@ -0,0 +1,2 @@
+# certifi.tests module
+
--- /dev/null
+++ b/certifi/tests/test_certifi.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+"""
+unit tests to make sure everything behaves as expected
+"""
+
+import os
+import unittest
+
+import certifi
+
+
+class TestCertifi(unittest.TestCase):
+ def test_cabundle_exists(self):
+ """Check that the reported bundle exists"""
+ self.assertTrue(os.path.exists(certifi.where()))
+
+ def test_read_contents(self):
+ """Check that the returned contents contain a certificate"""
+ self.assertIn("-----BEGIN CERTIFICATE-----", certifi.contents())
--- /dev/null
+++ b/.github/workflows/python-package.yml
@@ -0,0 +1,40 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Python package
+
+on:
+ push:
+ branches: [ master ]
+ pull_request:
+ branches: [ master ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ python-version: [3.5, 3.6, 3.7, 3.8]
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Python ${{ matrix.python-version }}
+ uses: actions/setup-python@v2
+ with:
+ python-version: ${{ matrix.python-version }}
+ - name: Install test dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install pytest
+ # pip install flake8 pytest
+ # if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+ #- name: Lint with flake8
+ # run: |
+ # # stop the build if there are Python syntax errors or undefined names
+ # flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+ # # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+ # flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+ - name: Test with pytest
+ run: |
+ pytest