7 changed files with 86 additions and 79 deletions
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="url">https://github.com/secure-systems-lab/securesystemslib</param>
+    <param name="scm">git</param>
+    <param name="version">0.21.0</param>
+    <param name="revision">v0.21.0</param>
+  </service>
+  <service mode="manual" name="set_version" />
+
+  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+</services>
--- a/python-securesystemslib.changes
+++ b/python-securesystemslib.changes
@ -1,63 +1,9 @@
-------------------------------------------------------------------
-Mon Feb 10 20:35:16 UTC 2025 - Dirk Müller <dmueller@suse.com>
-
- update to 1.2.0:
-  * Small release with mostly internal changes.
-  * SigstoreSigner now has a convenience function for creating a
-    signing identity for GitHub Actions workflow
-  * Linting refactoring, switched to ruff
-  * Modern annotations used in most of the code base
-
-------------------------------------------------------------------
-Tue Jan 14 17:00:34 UTC 2025 - Markéta Machová <mmachova@suse.com>
-
- Remove ed25519 tests to avoid that module in Leap
-
-------------------------------------------------------------------
-Thu Oct 31 07:30:30 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
-
- Remove not needed patch use_python3_interpreter_in_tests.diff
- Move not mandatory requirements to Suggests
- Update to version 1.1.0:
-  * SigstoreSigner: Re-enable compatibility with Sigstore (#781)
- 1.0.0:
-  Added
-  * Signer: add public_key attribute to interface (#756)
-  * VaultSigner: Signer implementation for HashiCorp Vault (#800)
-  * CryptoSigner: support ecdsa keytype that is no longer in spec (#711)
-  * CryptoSigner: add private_bytes property (#799)
-  * CryptoSigner: add "file2" signer uri (#759)
-  * test: use localstack to test AWSSigner (#777)
-  Removed
-  * CryptoSigner: remove "file" signer uri (#759)
-  * migration script for legacy keys (#770)
-  * SSlibSigner class and *_securesystemslib_key methods (#771)
-  * legacy key key*, interface, util and schema modules (#772, #773, #776)
-  * unused functions in hash, and formats module (#774, #776)
-  * unused global key constants (#806)
-  Changed
-  * SSlibKey: strengthen input validation (#780, #795)
-  * AWSSigner: support default scheme and add stronger input validation (#724, #778)
-  * dsse: change Envelope.signatures type to dict (#743)
-  * vendor: update ed25519 copy (#793)
-  * docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796)
-  * test: improve and temporarily disable SigstoreSigner test (#779, #785)
-  * ci: use dependabot groups, update weekly (#735)
-  * ci: test macOS and Windows on latest Python only (#797)
-  * Make securessystemslib.gpg internal (#792)
-  Fixed
-  * Fix check-upstream-ed25519 workflow permission (#706)
-  * SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794)
-[...]
-Other release notes can be found in the CHANGELOG.md file:
-https://github.com/secure-systems-lab/securesystemslib/blob/v1.1.0/CHANGELOG.md
-
 -------------------------------------------------------------------
 Mon Mar 27 05:47:20 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>

 - Add patch use_python3_interpreter_in_tests.diff:
  * Call python3, not python.
- Actually run the testsuite.
+- Actually run the testsuite. 
 - Fix the Summary, and run fdupes to fix the most egregious rpmlint issues.
 - Stop using %{python_sitelib}/*.

--- a/python-securesystemslib.spec
+++ b/python-securesystemslib.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-securesystemslib
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,23 +17,29 @@


 Name:           python-securesystemslib
-Version:        1.2.0
+Version:        0.21.0
 Release:        0
-Summary:        Cryptographic and general routines for Secure Systems Lab
 License:        MIT
+Summary:        Cryptographic and general routines for Secure Systems Lab
 URL:            https://github.com/secure-systems-lab/securesystemslib
-Source:         https://files.pythonhosted.org/packages/source/s/securesystemslib/securesystemslib-%{version}.tar.gz
-BuildRequires:  %{python_module PyKCS11}
+Source:         securesystemslib-%{version}.tar.xz
+# PATCH-FIX-UPSTREAM Contained in debian/patches directory
+Patch0:         use_python3_interpreter_in_tests.diff
+BuildRequires:  %{python_module PyNaCl}
 BuildRequires:  %{python_module asn1crypto}
 BuildRequires:  %{python_module cryptography >= 3.3.2}
+BuildRequires:  %{python_module ed25519}
 BuildRequires:  %{python_module hatchling}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-PyKCS11
+Requires:       python-PyNaCl
 Requires:       python-asn1crypto
-Requires:       python-cryptography
+Requires:       python-colorama
+Requires:       python-cryptography >= 3.3.2
+
 BuildArch:      noarch
 %python_subpackages

@ -41,27 +47,17 @@ BuildArch:      noarch
 Cryptographic and general-purpose routines for Secure Systems Lab projects at NYU

 %prep
-%autosetup -p1 -n securesystemslib-%{version}
-# Remove exec permission from python scripts
-find . -type f -name *.py -exec chmod 0644 {} \;
+%autosetup -p1 -n securesystemslib-%version

 %build
-%pyproject_wheel
+%python_build

 %install
-%pyproject_install
-# Remove not needed files
-%{python_expand #
-rm -rf %{buildroot}%{$python_sitelib}/securesystemslib/_vendor/ed25519/.gitignore
-}
+%python_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}

 %check
-# spinhcs+ key support requires the pyspx library
-donttest="test_sphincs"
-# remove the ed25519 tests, the module is "Not Recommended For New Applications: Use pynacl Instead"
-rm securesystemslib/_vendor/ed25519/test_ed25519.py
-%pytest -k "not ($donttest)"
+%pytest -k 'not (test_ed25519_kat or test_checkparams)'

 %files %{python_files}
 %{python_sitelib}/securesystemslib
--- a/securesystemslib-0.21.0.obscpio
+++ b/securesystemslib-0.21.0.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3b762bac882d98a9f2b8ac46974792c4097fc1b6ef282589bda53ae8b097bf66
+size 3133452
--- a/securesystemslib-1.2.0.tar.gz
+++ b/securesystemslib-1.2.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:34fa63e3296a0540b122a13bf51722ecd015be00c1d2ed45b23442e718920e76
-size 934472
--- a/securesystemslib.obsinfo
+++ b/securesystemslib.obsinfo
@ -0,0 +1,4 @@
+name: securesystemslib
+version: 0.21.0
+mtime: 1629887732
+commit: 9b3ea003ab93ab6909d1327dfb2ab7af0309e7cc
--- a/use_python3_interpreter_in_tests.diff
+++ b/use_python3_interpreter_in_tests.diff
@ -0,0 +1,46 @@
+Description: Use python3 in tests
+ Some upstream tests for the custom `process` module call the python interpreter
+ in a subprocess. In Debian, where we only build for python3, "python" is not
+ available during build and thus makes those tests fail. This patch replaces
+ "python" with "python3" where applicable.
+Author: Lukas Puehringer <lukas.puehringer@nyu.edu>
+Forwarded: not-needed
+
+--- python-securesystemslib-0.16.0.orig/tests/test_process.py
+++ python-securesystemslib-0.16.0/tests/test_process.py
+@@ -38,7 +38,7 @@ class Test_Process(unittest.TestCase):
+ 
+     stdin_file = open(path)
+     cmd = \
+-        "python -c \"import sys; assert(sys.stdin.read() == '{}')\""
+        "python3 -c \"import sys; assert(sys.stdin.read() == '{}')\""
+ 
+     # input is used in favor of stdin
+     securesystemslib.process.run(cmd.format("use input kwarg"),
+@@ -57,7 +57,7 @@ class Test_Process(unittest.TestCase):
+   def test_run_duplicate_streams(self):
+     """Test output as streams and as returned.  """
+     # Command that prints 'foo' to stdout and 'bar' to stderr.
+-    cmd = ("python -c \""
+    cmd = ("python3 -c \""
+         "import sys;"
+         "sys.stdout.write('foo');"
+         "sys.stderr.write('bar');\"")
+@@ -101,7 +101,7 @@ class Test_Process(unittest.TestCase):
+ 
+   def test_run_cmd_arg_return_code(self):
+     """Test command arg as string and list using return code. """
+-    cmd_str = ("python -c \""
+    cmd_str = ("python3 -c \""
+         "import sys;"
+         "sys.exit(100)\"")
+     cmd_list = shlex.split(cmd_str)
+@@ -117,7 +117,7 @@ class Test_Process(unittest.TestCase):
+   def test_run_duplicate_streams_timeout(self):
+     """Test raise TimeoutExpired. """
+     with self.assertRaises(securesystemslib.process.subprocess.TimeoutExpired):
+-      securesystemslib.process.run_duplicate_streams("python --version",
+      securesystemslib.process.run_duplicate_streams("python3 --version",
+           timeout=-1)
+ 
+