Accepting request 1248088 from devel:languages:python

- update to 0.10.1:
  * Fixed the patching of Requests' globally-cached
    `ssl.SSLContext` object to work automagically with
    ``truststore.inject_into_ssl()`` regardless of import-order.
  * Speed up import times by skipping feature-checking for known
    Python implementations (CPython and PyPy).

OBS-URL: https://build.opensuse.org/request/show/1248088
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-truststore?expand=0&rev=7

no-network-testing.patch

@@ -1,113 +0,0 @@
----
- pyproject.toml     |    3 +++
- test_truststore.py |    7 +++----
- 2 files changed, 6 insertions(+), 4 deletions(-)
-
-Index: truststore-0.8.0/pyproject.toml
-===================================================================
---- truststore-0.8.0.orig/pyproject.toml
-+++ truststore-0.8.0/pyproject.toml
-@@ -26,6 +26,9 @@ classifiers = [
- ]
- dynamic = ["version", "description"]
- requires-python = ">= 3.10"
-+markers = [
-+    "network: test case requires network connection",
-+]
- 
- [project.urls]
- Source = "https://github.com/sethmlarson/truststore"
-@@ -38,3 +41,6 @@ filterwarnings = [
-   # See: aio-libs/aiohttp#7545
-   "ignore:.*datetime.utcfromtimestamp().*:DeprecationWarning",
- ]
-+markers = [
-+   "network: test case requires network connection",
-+]
-Index: truststore-0.8.0/tests/conftest.py
-===================================================================
---- truststore-0.8.0.orig/tests/conftest.py
-+++ truststore-0.8.0/tests/conftest.py
-@@ -18,7 +18,7 @@ SUBPROCESS_TIMEOUT = 5
- original_SSLContext = ssl.SSLContext
- 
- 
--successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"])
-+successful_hosts = pytest.mark.network
- 
- logger = logging.getLogger("aiohttp.web")
- 
-Index: truststore-0.8.0/tests/test_api.py
-===================================================================
---- truststore-0.8.0.orig/tests/test_api.py
-+++ truststore-0.8.0/tests/test_api.py
-@@ -27,8 +27,8 @@ pytestmark = pytest.mark.flaky
- # if the client drops the connection due to a cert verification error
- socket.setdefaulttimeout(10)
- 
--successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"])
- 
-+successful_hosts = pytest.mark.network
- 
- @dataclass
- class FailureHost:
-@@ -118,9 +118,7 @@ failure_hosts_list = [
-     ),
- ]
- 
--failure_hosts_no_revocation = pytest.mark.parametrize(
--    "failure", failure_hosts_list.copy(), ids=attrgetter("host")
--)
-+failure_hosts_no_revocation = pytest.mark.network
- 
- if platform.system() != "Linux":
-     failure_hosts_list.append(
-@@ -139,9 +137,7 @@ if platform.system() != "Linux":
-         )
-     )
- 
--failure_hosts = pytest.mark.parametrize(
--    "failure", failure_hosts_list, ids=attrgetter("host")
--)
-+failure_hosts = pytest.mark.network
- 
- 
- @pytest.fixture(scope="session")
-@@ -317,7 +313,7 @@ def test_trustme_cert_loaded_via_capath(
-         assert resp.status == 200
-         assert len(resp.data) > 0
- 
--
-+@pytest.mark.network
- def test_trustme_cert_still_uses_system_certs(trustme_ca):
-     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-     trustme_ca.configure_trust(ctx)
-Index: truststore-0.8.0/tests/test_sslcontext.py
-===================================================================
---- truststore-0.8.0.orig/tests/test_sslcontext.py
-+++ truststore-0.8.0/tests/test_sslcontext.py
-@@ -7,7 +7,7 @@ from urllib3.exceptions import InsecureR
- 
- import truststore
- 
--
-+@pytest.mark.network
- def test_minimum_maximum_version():
-     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-     ctx.maximum_version = ssl.TLSVersion.TLSv1_2
-@@ -24,6 +24,7 @@ def test_minimum_maximum_version():
-     assert ctx.maximum_version == ssl.TLSVersion.TLSv1_2
- 
- 
-+@pytest.mark.network
- def test_check_hostname_false():
-     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-     assert ctx.check_hostname is True
-@@ -35,6 +36,7 @@ def test_check_hostname_false():
-         assert "match" in str(e.value)
- 
- 
-+@pytest.mark.network
- def test_verify_mode_cert_none():
-     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-     assert ctx.check_hostname is True

python-truststore.changes

@@ -1,3 +1,51 @@
+-------------------------------------------------------------------
+Mon Feb 24 10:44:14 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.10.1:
+  * Fixed the patching of Requests' globally-cached
+    `ssl.SSLContext` object to work automagically with
+    ``truststore.inject_into_ssl()`` regardless of import-order.
+  * Speed up import times by skipping feature-checking for known
+    Python implementations (CPython and PyPy).
+
+-------------------------------------------------------------------
+Tue Jan 28 10:07:25 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 0.10.0
+  * Added support for macOS 10.13 and earlier using the `SecTrustEvaluate`
+    API. Note that this API doesn't return fine-grained errors like
+    `SecTrustEvaluateWithError` (requires macOS 10.14+).
+  * Added `SSLContext.set_default_verify_paths()` method.
+  * Changed method for disabling hostname verification for macOS and
+    Windows. Previously would ignore hostname verification errors if
+    `SSLContext.check_hostname` was `False`.
+    Now for both macOS and Windows the certificate verification policy
+    is configured to not check certificate hostname. This should have
+    no effect on users.
+- from version 0.9.2
+  * Fixed an issue where implementations supporting Python 3.10 but not
+    the peer certificate chain APIs would fail during the handshake instead
+    of when importing the `truststore` module. The module now raises an error
+    immediately instead of on first handshake. This was added for the GraalPy
+    implementation specifically, but there may be others.
+- Skip test_wrong_host_succeeds_with_hostname_verification_disabled test
+
+-------------------------------------------------------------------
+Thu Oct  3 05:43:57 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add missing BuildRequires on pyOpenSSL for the testsuite, rather than
+  depending on it transitivity.
+
+-------------------------------------------------------------------
+Wed Aug 14 05:38:45 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 0.9.1:
+  * Fixed an issue for CPython 3.13 where `ssl.SSLSocket` and `ssl.SSLObject`
+    certificate chain APIs would return different types.
+  * Added support for Python 3.13.
+  * Fixed loading additional certificates on macOS.
+- Drop patch no-network-testing.patch, not required.
+
 -------------------------------------------------------------------
 Sat Mar  2 08:02:57 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
 

python-truststore.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-truststore
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,22 +17,19 @@
 
 
 %{?sle15_python_module_pythons}
-%define skip_python39 1
 Name:           python-truststore
-Version:        0.8.0
+Version:        0.10.1
 Release:        0
 Summary:        Verify certificates using OS trust stores
 License:        MIT
 URL:            https://github.com/sethmlarson/truststore
 Source:         https://github.com/sethmlarson/truststore/archive/refs/tags/v%{version}.tar.gz#/truststore-%{version}.tar.gz
-# PATCH-FEATURE-UPSTREAM no-network-testing.patch bsc#[0-9]+ mcepl@suse.com
-# skip tests requiring network access
-Patch0:         no-network-testing.patch
 BuildRequires:  %{python_module aiohttp}
 BuildRequires:  %{python_module flaky}
 BuildRequires:  %{python_module flit-core}
 BuildRequires:  %{python_module httpx}
 BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module pyOpenSSL}
 BuildRequires:  %{python_module pytest-asyncio}
 BuildRequires:  %{python_module pytest-httpserver}
 BuildRequires:  %{python_module pytest}
@@ -61,12 +58,12 @@ considered experimental.
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-%pytest -s -k 'not network'
+%pytest -s -k 'not internet and not test_wrong_host_succeeds_with_hostname_verification_disabled'
 
 %files %{python_files}
 %doc README.md
 %license LICENSE
 %{python_sitelib}/truststore
-%{python_sitelib}/truststore-%{version}*-info
+%{python_sitelib}/truststore-%{version}.dist-info
 
 %changelog

truststore-0.10.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a470d2763875f9b9a148d5726af330d15b65d2a83f70610c262de8888ee94b4e
+size 29120

truststore-0.8.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c862292f8d136bfcf2a7827a1fd1c1b27944a982741205fb466005673b570df8
-size 25619