From 2d13b6df7d63c77a2320f25462966004661fb9e8aaf2f4bc2954556665da2374 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Thu, 31 Oct 2024 07:37:47 +0000 Subject: [PATCH 1/3] - Move not mandatory requirements to Suggests - Update to version 1.1.0: * SigstoreSigner: Re-enable compatibility with Sigstore (#781) - 1.0.0: Added * Signer: add public_key attribute to interface (#756) * VaultSigner: Signer implementation for HashiCorp Vault (#800) * CryptoSigner: support ecdsa keytype that is no longer in spec (#711) * CryptoSigner: add private_bytes property (#799) * CryptoSigner: add "file2" signer uri (#759) * test: use localstack to test AWSSigner (#777) Removed * CryptoSigner: remove "file" signer uri (#759) * migration script for legacy keys (#770) * SSlibSigner class and *_securesystemslib_key methods (#771) * legacy key key*, interface, util and schema modules (#772, #773, #776) * unused functions in hash, and formats module (#774, #776) * unused global key constants (#806) Changed * SSlibKey: strengthen input validation (#780, #795) * AWSSigner: support default scheme and add stronger input validation (#724, #778) * dsse: change Envelope.signatures type to dict (#743) * vendor: update ed25519 copy (#793) * docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796) * test: improve and temporarily disable SigstoreSigner test (#779, #785) * ci: use dependabot groups, update weekly (#735) * ci: test macOS and Windows on latest Python only (#797) * Make securessystemslib.gpg internal (#792) Fixed * Fix check-upstream-ed25519 workflow permission (#706) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-securesystemslib?expand=0&rev=6 --- .gitattributes | 23 +++++++++ .gitignore | 1 + _service | 15 ++++++ python-securesystemslib.changes | 52 ++++++++++++++++++++ python-securesystemslib.spec | 71 +++++++++++++++++++++++++++ securesystemslib-0.21.0.obscpio | 3 ++ securesystemslib-1.1.0.obscpio | 3 ++ securesystemslib.obsinfo | 4 ++ use_python3_interpreter_in_tests.diff | 46 +++++++++++++++++ 9 files changed, 218 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 python-securesystemslib.changes create mode 100644 python-securesystemslib.spec create mode 100644 securesystemslib-0.21.0.obscpio create mode 100644 securesystemslib-1.1.0.obscpio create mode 100644 securesystemslib.obsinfo create mode 100644 use_python3_interpreter_in_tests.diff diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..6e64685 --- /dev/null +++ b/_service @@ -0,0 +1,15 @@ + + + https://github.com/secure-systems-lab/securesystemslib + git + 1.1.0 + v1.1.0 + + + + + + *.tar + xz + + diff --git a/python-securesystemslib.changes b/python-securesystemslib.changes new file mode 100644 index 0000000..34a6f1b --- /dev/null +++ b/python-securesystemslib.changes @@ -0,0 +1,52 @@ +------------------------------------------------------------------- +Thu Oct 31 07:30:30 UTC 2024 - Daniel Garcia + +- Move not mandatory requirements to Suggests +- Update to version 1.1.0: + * SigstoreSigner: Re-enable compatibility with Sigstore (#781) +- 1.0.0: + Added + * Signer: add public_key attribute to interface (#756) + * VaultSigner: Signer implementation for HashiCorp Vault (#800) + * CryptoSigner: support ecdsa keytype that is no longer in spec (#711) + * CryptoSigner: add private_bytes property (#799) + * CryptoSigner: add "file2" signer uri (#759) + * test: use localstack to test AWSSigner (#777) + Removed + * CryptoSigner: remove "file" signer uri (#759) + * migration script for legacy keys (#770) + * SSlibSigner class and *_securesystemslib_key methods (#771) + * legacy key key*, interface, util and schema modules (#772, #773, #776) + * unused functions in hash, and formats module (#774, #776) + * unused global key constants (#806) + Changed + * SSlibKey: strengthen input validation (#780, #795) + * AWSSigner: support default scheme and add stronger input validation (#724, #778) + * dsse: change Envelope.signatures type to dict (#743) + * vendor: update ed25519 copy (#793) + * docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796) + * test: improve and temporarily disable SigstoreSigner test (#779, #785) + * ci: use dependabot groups, update weekly (#735) + * ci: test macOS and Windows on latest Python only (#797) + * Make securessystemslib.gpg internal (#792) + Fixed + * Fix check-upstream-ed25519 workflow permission (#706) + * SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794) +[...] +Other release notes can be found in the CHANGELOG.md file: +https://github.com/secure-systems-lab/securesystemslib/blob/v1.1.0/CHANGELOG.md + +------------------------------------------------------------------- +Mon Mar 27 05:47:20 UTC 2023 - Steve Kowalik + +- Add patch use_python3_interpreter_in_tests.diff: + * Call python3, not python. +- Actually run the testsuite. +- Fix the Summary, and run fdupes to fix the most egregious rpmlint issues. +- Stop using %{python_sitelib}/*. + +------------------------------------------------------------------- +Fri Dec 10 12:14:29 UTC 2021 - Adrian Schröter + +- initial package of version 0.21.0 + diff --git a/python-securesystemslib.spec b/python-securesystemslib.spec new file mode 100644 index 0000000..729afc6 --- /dev/null +++ b/python-securesystemslib.spec @@ -0,0 +1,71 @@ +# +# spec file for package python-securesystemslib +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: python-securesystemslib +Version: 1.1.0 +Release: 0 +License: MIT +Summary: Cryptographic and general routines for Secure Systems Lab +URL: https://github.com/secure-systems-lab/securesystemslib +Source: securesystemslib-%{version}.tar.xz +BuildRequires: %{python_module PyKCS11} +BuildRequires: %{python_module asn1crypto} +BuildRequires: %{python_module cryptography >= 3.3.2} +BuildRequires: %{python_module ed25519} +BuildRequires: %{python_module hatchling} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pytest} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Suggests: python-asn1crypto +Suggests: python-cryptography +Suggests: python-PyKCS11 + +BuildArch: noarch +%python_subpackages + +%description +Cryptographic and general-purpose routines for Secure Systems Lab projects at NYU + +%prep +%autosetup -p1 -n securesystemslib-%version +# Remove exec permission from python scripts +find . -type f -name *.py -exec chmod 0644 {} \; + +%build +%pyproject_wheel + +%install +%pyproject_install +# Remove not needed files +%{python_expand # +rm -rf %{buildroot}%{$python_sitelib}/securesystemslib/_vendor/ed25519/.gitignore +} +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +donttest="test_ed25519_kat or test_checkparams" +# spinhcs+ key support requires the pyspx library +donttest+=" or test_sphincs" +%pytest -k "not ($donttest)" + +%files %{python_files} +%{python_sitelib}/securesystemslib +%{python_sitelib}/securesystemslib-%{version}*info + +%changelog diff --git a/securesystemslib-0.21.0.obscpio b/securesystemslib-0.21.0.obscpio new file mode 100644 index 0000000..5ef6f5f --- /dev/null +++ b/securesystemslib-0.21.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3b762bac882d98a9f2b8ac46974792c4097fc1b6ef282589bda53ae8b097bf66 +size 3133452 diff --git a/securesystemslib-1.1.0.obscpio b/securesystemslib-1.1.0.obscpio new file mode 100644 index 0000000..e763d60 --- /dev/null +++ b/securesystemslib-1.1.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:27769b9b809ec8a00ec29ab52034814ef91cb8328eef12e88fe4041975e2afbd +size 2984460 diff --git a/securesystemslib.obsinfo b/securesystemslib.obsinfo new file mode 100644 index 0000000..eb86d88 --- /dev/null +++ b/securesystemslib.obsinfo @@ -0,0 +1,4 @@ +name: securesystemslib +version: 1.1.0 +mtime: 1717502370 +commit: c70d7be2b89659265d9fb50df4b6968780de30ab diff --git a/use_python3_interpreter_in_tests.diff b/use_python3_interpreter_in_tests.diff new file mode 100644 index 0000000..af6e8a9 --- /dev/null +++ b/use_python3_interpreter_in_tests.diff @@ -0,0 +1,46 @@ +Description: Use python3 in tests + Some upstream tests for the custom `process` module call the python interpreter + in a subprocess. In Debian, where we only build for python3, "python" is not + available during build and thus makes those tests fail. This patch replaces + "python" with "python3" where applicable. +Author: Lukas Puehringer +Forwarded: not-needed + +--- python-securesystemslib-0.16.0.orig/tests/test_process.py ++++ python-securesystemslib-0.16.0/tests/test_process.py +@@ -38,7 +38,7 @@ class Test_Process(unittest.TestCase): + + stdin_file = open(path) + cmd = \ +- "python -c \"import sys; assert(sys.stdin.read() == '{}')\"" ++ "python3 -c \"import sys; assert(sys.stdin.read() == '{}')\"" + + # input is used in favor of stdin + securesystemslib.process.run(cmd.format("use input kwarg"), +@@ -57,7 +57,7 @@ class Test_Process(unittest.TestCase): + def test_run_duplicate_streams(self): + """Test output as streams and as returned. """ + # Command that prints 'foo' to stdout and 'bar' to stderr. +- cmd = ("python -c \"" ++ cmd = ("python3 -c \"" + "import sys;" + "sys.stdout.write('foo');" + "sys.stderr.write('bar');\"") +@@ -101,7 +101,7 @@ class Test_Process(unittest.TestCase): + + def test_run_cmd_arg_return_code(self): + """Test command arg as string and list using return code. """ +- cmd_str = ("python -c \"" ++ cmd_str = ("python3 -c \"" + "import sys;" + "sys.exit(100)\"") + cmd_list = shlex.split(cmd_str) +@@ -117,7 +117,7 @@ class Test_Process(unittest.TestCase): + def test_run_duplicate_streams_timeout(self): + """Test raise TimeoutExpired. """ + with self.assertRaises(securesystemslib.process.subprocess.TimeoutExpired): +- securesystemslib.process.run_duplicate_streams("python --version", ++ securesystemslib.process.run_duplicate_streams("python3 --version", + timeout=-1) + + From 13ba0326fc029cf6334674ea0729eede4829566287b9d5f66f4dfa6c5220bd08 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Mon, 4 Nov 2024 13:16:18 +0000 Subject: [PATCH 2/3] - Remove not needed patch use_python3_interpreter_in_tests.diff OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-securesystemslib?expand=0&rev=7 --- python-securesystemslib.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/python-securesystemslib.changes b/python-securesystemslib.changes index 34a6f1b..ff4496f 100644 --- a/python-securesystemslib.changes +++ b/python-securesystemslib.changes @@ -1,6 +1,7 @@ ------------------------------------------------------------------- Thu Oct 31 07:30:30 UTC 2024 - Daniel Garcia +- Remove not needed patch use_python3_interpreter_in_tests.diff - Move not mandatory requirements to Suggests - Update to version 1.1.0: * SigstoreSigner: Re-enable compatibility with Sigstore (#781) From ac64e63e7f8e1b2b896be705760093cd51d51126db347ef54d92e2b290191cc9 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Mon, 4 Nov 2024 13:17:52 +0000 Subject: [PATCH 3/3] OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-securesystemslib?expand=0&rev=8 --- use_python3_interpreter_in_tests.diff | 46 --------------------------- 1 file changed, 46 deletions(-) delete mode 100644 use_python3_interpreter_in_tests.diff diff --git a/use_python3_interpreter_in_tests.diff b/use_python3_interpreter_in_tests.diff deleted file mode 100644 index af6e8a9..0000000 --- a/use_python3_interpreter_in_tests.diff +++ /dev/null @@ -1,46 +0,0 @@ -Description: Use python3 in tests - Some upstream tests for the custom `process` module call the python interpreter - in a subprocess. In Debian, where we only build for python3, "python" is not - available during build and thus makes those tests fail. This patch replaces - "python" with "python3" where applicable. -Author: Lukas Puehringer -Forwarded: not-needed - ---- python-securesystemslib-0.16.0.orig/tests/test_process.py -+++ python-securesystemslib-0.16.0/tests/test_process.py -@@ -38,7 +38,7 @@ class Test_Process(unittest.TestCase): - - stdin_file = open(path) - cmd = \ -- "python -c \"import sys; assert(sys.stdin.read() == '{}')\"" -+ "python3 -c \"import sys; assert(sys.stdin.read() == '{}')\"" - - # input is used in favor of stdin - securesystemslib.process.run(cmd.format("use input kwarg"), -@@ -57,7 +57,7 @@ class Test_Process(unittest.TestCase): - def test_run_duplicate_streams(self): - """Test output as streams and as returned. """ - # Command that prints 'foo' to stdout and 'bar' to stderr. -- cmd = ("python -c \"" -+ cmd = ("python3 -c \"" - "import sys;" - "sys.stdout.write('foo');" - "sys.stderr.write('bar');\"") -@@ -101,7 +101,7 @@ class Test_Process(unittest.TestCase): - - def test_run_cmd_arg_return_code(self): - """Test command arg as string and list using return code. """ -- cmd_str = ("python -c \"" -+ cmd_str = ("python3 -c \"" - "import sys;" - "sys.exit(100)\"") - cmd_list = shlex.split(cmd_str) -@@ -117,7 +117,7 @@ class Test_Process(unittest.TestCase): - def test_run_duplicate_streams_timeout(self): - """Test raise TimeoutExpired. """ - with self.assertRaises(securesystemslib.process.subprocess.TimeoutExpired): -- securesystemslib.process.run_duplicate_streams("python --version", -+ securesystemslib.process.run_duplicate_streams("python3 --version", - timeout=-1) - -