Accepting request 1244881 from devel:languages:python

- update to 1.2.0:
  * Small release with mostly internal changes.
  * SigstoreSigner now has a convenience function for creating a
    signing identity for GitHub Actions workflow
  * Linting refactoring, switched to ruff
  * Modern annotations used in most of the code base

- Actually run the testsuite.

OBS-URL: https://build.opensuse.org/request/show/1244881
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-securesystemslib?expand=0&rev=5

_service

@@ -1,15 +0,0 @@
-<services>
-  <service name="obs_scm" mode="manual">
-    <param name="url">https://github.com/secure-systems-lab/securesystemslib</param>
-    <param name="scm">git</param>
-    <param name="version">0.21.0</param>
-    <param name="revision">v0.21.0</param>
-  </service>
-  <service mode="manual" name="set_version" />
-
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">xz</param>
-  </service>
-</services>

python-securesystemslib.changes

@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Mon Feb 10 20:35:16 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.2.0:
+  * Small release with mostly internal changes.
+  * SigstoreSigner now has a convenience function for creating a
+    signing identity for GitHub Actions workflow
+  * Linting refactoring, switched to ruff
+  * Modern annotations used in most of the code base
+
+-------------------------------------------------------------------
+Tue Jan 14 17:00:34 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Remove ed25519 tests to avoid that module in Leap
+
+-------------------------------------------------------------------
+Thu Oct 31 07:30:30 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Remove not needed patch use_python3_interpreter_in_tests.diff
+- Move not mandatory requirements to Suggests
+- Update to version 1.1.0:
+  * SigstoreSigner: Re-enable compatibility with Sigstore (#781)
+- 1.0.0:
+  Added
+  * Signer: add public_key attribute to interface (#756)
+  * VaultSigner: Signer implementation for HashiCorp Vault (#800)
+  * CryptoSigner: support ecdsa keytype that is no longer in spec (#711)
+  * CryptoSigner: add private_bytes property (#799)
+  * CryptoSigner: add "file2" signer uri (#759)
+  * test: use localstack to test AWSSigner (#777)
+  Removed
+  * CryptoSigner: remove "file" signer uri (#759)
+  * migration script for legacy keys (#770)
+  * SSlibSigner class and *_securesystemslib_key methods (#771)
+  * legacy key key*, interface, util and schema modules (#772, #773, #776)
+  * unused functions in hash, and formats module (#774, #776)
+  * unused global key constants (#806)
+  Changed
+  * SSlibKey: strengthen input validation (#780, #795)
+  * AWSSigner: support default scheme and add stronger input validation (#724, #778)
+  * dsse: change Envelope.signatures type to dict (#743)
+  * vendor: update ed25519 copy (#793)
+  * docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796)
+  * test: improve and temporarily disable SigstoreSigner test (#779, #785)
+  * ci: use dependabot groups, update weekly (#735)
+  * ci: test macOS and Windows on latest Python only (#797)
+  * Make securessystemslib.gpg internal (#792)
+  Fixed
+  * Fix check-upstream-ed25519 workflow permission (#706)
+  * SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794)
+[...]
+Other release notes can be found in the CHANGELOG.md file:
+https://github.com/secure-systems-lab/securesystemslib/blob/v1.1.0/CHANGELOG.md
+
 -------------------------------------------------------------------
 Mon Mar 27 05:47:20 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
 

python-securesystemslib.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-securesystemslib
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,29 +17,23 @@
 
 
 Name:           python-securesystemslib
-Version:        0.21.0
+Version:        1.2.0
 Release:        0
-License:        MIT
 Summary:        Cryptographic and general routines for Secure Systems Lab
+License:        MIT
 URL:            https://github.com/secure-systems-lab/securesystemslib
-Source:         securesystemslib-%{version}.tar.xz
+Source:         https://files.pythonhosted.org/packages/source/s/securesystemslib/securesystemslib-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM Contained in debian/patches directory
+BuildRequires:  %{python_module PyKCS11}
-Patch0:         use_python3_interpreter_in_tests.diff
-BuildRequires:  %{python_module PyNaCl}
 BuildRequires:  %{python_module asn1crypto}
 BuildRequires:  %{python_module cryptography >= 3.3.2}
-BuildRequires:  %{python_module ed25519}
 BuildRequires:  %{python_module hatchling}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pytest}
-BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-PyNaCl
+Requires:       python-PyKCS11
 Requires:       python-asn1crypto
-Requires:       python-colorama
+Requires:       python-cryptography
-Requires:       python-cryptography >= 3.3.2
-
 BuildArch:      noarch
 %python_subpackages
 
@@ -47,17 +41,27 @@ BuildArch:      noarch
 Cryptographic and general-purpose routines for Secure Systems Lab projects at NYU
 
 %prep
-%autosetup -p1 -n securesystemslib-%version
+%autosetup -p1 -n securesystemslib-%{version}
+# Remove exec permission from python scripts
+find . -type f -name *.py -exec chmod 0644 {} \;
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
+# Remove not needed files
+%{python_expand #
+rm -rf %{buildroot}%{$python_sitelib}/securesystemslib/_vendor/ed25519/.gitignore
+}
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-%pytest -k 'not (test_ed25519_kat or test_checkparams)'
+# spinhcs+ key support requires the pyspx library
+donttest="test_sphincs"
+# remove the ed25519 tests, the module is "Not Recommended For New Applications: Use pynacl Instead"
+rm securesystemslib/_vendor/ed25519/test_ed25519.py
+%pytest -k "not ($donttest)"
 
 %files %{python_files}
 %{python_sitelib}/securesystemslib

securesystemslib-0.21.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3b762bac882d98a9f2b8ac46974792c4097fc1b6ef282589bda53ae8b097bf66
-size 3133452

securesystemslib-1.2.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:34fa63e3296a0540b122a13bf51722ecd015be00c1d2ed45b23442e718920e76
+size 934472

securesystemslib.obsinfo

@@ -1,4 +0,0 @@
-name: securesystemslib
-version: 0.21.0
-mtime: 1629887732
-commit: 9b3ea003ab93ab6909d1327dfb2ab7af0309e7cc

use_python3_interpreter_in_tests.diff

@@ -1,46 +0,0 @@
-Description: Use python3 in tests
- Some upstream tests for the custom `process` module call the python interpreter
- in a subprocess. In Debian, where we only build for python3, "python" is not
- available during build and thus makes those tests fail. This patch replaces
- "python" with "python3" where applicable.
-Author: Lukas Puehringer <lukas.puehringer@nyu.edu>
-Forwarded: not-needed
-
---- python-securesystemslib-0.16.0.orig/tests/test_process.py
-+++ python-securesystemslib-0.16.0/tests/test_process.py
-@@ -38,7 +38,7 @@ class Test_Process(unittest.TestCase):
- 
-     stdin_file = open(path)
-     cmd = \
--        "python -c \"import sys; assert(sys.stdin.read() == '{}')\""
-+        "python3 -c \"import sys; assert(sys.stdin.read() == '{}')\""
- 
-     # input is used in favor of stdin
-     securesystemslib.process.run(cmd.format("use input kwarg"),
-@@ -57,7 +57,7 @@ class Test_Process(unittest.TestCase):
-   def test_run_duplicate_streams(self):
-     """Test output as streams and as returned.  """
-     # Command that prints 'foo' to stdout and 'bar' to stderr.
--    cmd = ("python -c \""
-+    cmd = ("python3 -c \""
-         "import sys;"
-         "sys.stdout.write('foo');"
-         "sys.stderr.write('bar');\"")
-@@ -101,7 +101,7 @@ class Test_Process(unittest.TestCase):
- 
-   def test_run_cmd_arg_return_code(self):
-     """Test command arg as string and list using return code. """
--    cmd_str = ("python -c \""
-+    cmd_str = ("python3 -c \""
-         "import sys;"
-         "sys.exit(100)\"")
-     cmd_list = shlex.split(cmd_str)
-@@ -117,7 +117,7 @@ class Test_Process(unittest.TestCase):
-   def test_run_duplicate_streams_timeout(self):
-     """Test raise TimeoutExpired. """
-     with self.assertRaises(securesystemslib.process.subprocess.TimeoutExpired):
--      securesystemslib.process.run_duplicate_streams("python --version",
-+      securesystemslib.process.run_duplicate_streams("python3 --version",
-           timeout=-1)
- 
-