From f5f5709b962ce34acb87e6cc8214b4617d9055dcaba0cfed2bf838670b56396b Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Tue, 25 Mar 2025 04:51:37 +0000 Subject: [PATCH 1/2] - Lowercase metadata directory name. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyKMIP?expand=0&rev=22 --- .gitattributes | 23 + .gitignore | 1 + PyKMIP-0.10.0.tar.gz | 3 + crypto-39.patch | 79 +++ crypto-42.patch | 47 ++ fix-tests-SQLAlchemy-140.patch | 496 ++++++++++++++++++ fix_test_mac_with_cryptographic_failure.patch | 44 ++ no-ssl-wrap-socket.patch | 101 ++++ python-PyKMIP-no-mock.patch | 158 ++++++ python-PyKMIP.changes | 184 +++++++ python-PyKMIP.spec | 97 ++++ 11 files changed, 1233 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 PyKMIP-0.10.0.tar.gz create mode 100644 crypto-39.patch create mode 100644 crypto-42.patch create mode 100644 fix-tests-SQLAlchemy-140.patch create mode 100644 fix_test_mac_with_cryptographic_failure.patch create mode 100644 no-ssl-wrap-socket.patch create mode 100644 python-PyKMIP-no-mock.patch create mode 100644 python-PyKMIP.changes create mode 100644 python-PyKMIP.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/PyKMIP-0.10.0.tar.gz b/PyKMIP-0.10.0.tar.gz new file mode 100644 index 0000000..c893387 --- /dev/null +++ b/PyKMIP-0.10.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bb6ff310bba8b1130ffe675347f668f7234d022ba3d51edea5ea7e2ea9523897 +size 542498 diff --git a/crypto-39.patch b/crypto-39.patch new file mode 100644 index 0000000..f80159b --- /dev/null +++ b/crypto-39.patch @@ -0,0 +1,79 @@ +From 3a50c8484e355e03bea1399f1e72b1c1ef716680 Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Thu, 26 Jan 2023 13:07:54 +0100 +Subject: [PATCH] Add cryptography >= 39.0.0 support + +The cryptography release 39.0.0 added a new parameter to the serializer +that's required. + +https://cryptography.io/en/latest/changelog/#v39-0-0 + +This patch fixes the tests test_encrypt_decrypt_asymmetric +--- + kmip/services/server/crypto/engine.py | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py +index 838e1b92..e9e8593e 100644 +--- a/kmip/services/server/crypto/engine.py ++++ b/kmip/services/server/crypto/engine.py +@@ -16,6 +16,7 @@ + import logging + import os + ++import cryptography + from cryptography import exceptions as errors + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import serialization, hashes, hmac, cmac +@@ -930,17 +931,22 @@ def _decrypt_asymmetric( + ) + + backend = default_backend() ++ params = {} ++ if cryptography.__version__ >= "39.0.0": ++ params["unsafe_skip_rsa_key_validation"] = False + + try: + private_key = backend.load_der_private_key( + decryption_key, +- None ++ None, ++ **params, + ) + except Exception: + try: + private_key = backend.load_pem_private_key( + decryption_key, +- None ++ None, ++ **params, + ) + except Exception: + raise exceptions.CryptographicFailure( +@@ -1279,18 +1285,24 @@ def _create_RSA_private_key(self, + RSA private key created from key bytes. + """ + ++ params = {} ++ if cryptography.__version__ >= "39.0.0": ++ params["unsafe_skip_rsa_key_validation"] = False ++ + try: + private_key = serialization.load_pem_private_key( + bytes, + password=None, +- backend=default_backend() ++ backend=default_backend(), ++ **params, + ) + return private_key + except Exception: + private_key = serialization.load_der_private_key( + bytes, + password=None, +- backend=default_backend() ++ backend=default_backend(), ++ **params, + ) + return private_key + diff --git a/crypto-42.patch b/crypto-42.patch new file mode 100644 index 0000000..6e0e080 --- /dev/null +++ b/crypto-42.patch @@ -0,0 +1,47 @@ +Index: PyKMIP-0.10.0/kmip/services/server/crypto/engine.py +=================================================================== +--- PyKMIP-0.10.0.orig/kmip/services/server/crypto/engine.py ++++ PyKMIP-0.10.0/kmip/services/server/crypto/engine.py +@@ -588,10 +588,10 @@ class CryptographyEngine(api.Cryptograph + backend = default_backend() + + try: +- public_key = backend.load_der_public_key(encryption_key) ++ public_key = serialization.load_der_public_key(encryption_key) + except Exception: + try: +- public_key = backend.load_pem_public_key(encryption_key) ++ public_key = serialization.load_pem_public_key(encryption_key) + except Exception: + raise exceptions.CryptographicFailure( + "The public key bytes could not be loaded." +@@ -935,14 +935,14 @@ class CryptographyEngine(api.Cryptograph + params["unsafe_skip_rsa_key_validation"] = False + + try: +- private_key = backend.load_der_private_key( ++ private_key = serialization.load_der_private_key( + decryption_key, + None, + **params, + ) + except Exception: + try: +- private_key = backend.load_pem_private_key( ++ private_key = serialization.load_pem_private_key( + decryption_key, + None, + **params, +@@ -1500,10 +1500,10 @@ class CryptographyEngine(api.Cryptograph + ) + + try: +- public_key = backend.load_der_public_key(signing_key) ++ public_key = serialization.load_der_public_key(signing_key) + except Exception: + try: +- public_key = backend.load_pem_public_key(signing_key) ++ public_key = serialization.load_pem_public_key(signing_key) + except Exception: + raise exceptions.CryptographicFailure( + "The signing key bytes could not be loaded." diff --git a/fix-tests-SQLAlchemy-140.patch b/fix-tests-SQLAlchemy-140.patch new file mode 100644 index 0000000..89f5150 --- /dev/null +++ b/fix-tests-SQLAlchemy-140.patch @@ -0,0 +1,496 @@ +From 01307c08937890db38b9ae6135c5b8d5f720e595 Mon Sep 17 00:00:00 2001 +From: Tim Burke +Date: Tue, 21 Sep 2021 18:16:09 -0700 +Subject: [PATCH] Fix tests to pass with SQLAlchemy>=1.4.0 + +I'm not *entirely* sure what's going on here, but it seems that when we +do something like + + obj = OpaqueObject(...) + Session = sessionmaker(...) + session = Session() + ... + session.add(obj) + session.commit() + +the primary key (and maybe some foreign relations?) aren't automatically +populated on `obj` following the commit, and will attempt to lazy-load +on next reference. Since expire_on_commit defaults to True, the session +attached to `obj` (which is no longer the `session` in locals!) is closed +out when we later do + + session = Session() + get_obj = session.query(OpaqueObject).filter( + ManagedObject.unique_identifier == obj.unique_identifier).one() + +leading to a DetachedInstanceError. + +There seem to be a few different ways we can fix this: + +* Set expire_on_commit=False so the old session is still useful for the + lazy-loading. +* Re-use the same session instead of creating a new one. +* Explicitly refresh added objects post-commit. + +Generally prefer the first one; there's some prior art to follow in +services/server/test_engine.py. Curiously, that same file runs into +trouble despite already setting expire_on_commit=False -- so do the +explicit refresh, on the assumption that there was a reason we went to +the trouble of creating a fresh session. + +Closes #649 +--- + kmip/tests/unit/pie/objects/test_opaque_object.py | 14 +++++++------- + kmip/tests/unit/pie/objects/test_private_key.py | 14 +++++++------- + kmip/tests/unit/pie/objects/test_public_key.py | 14 +++++++------- + kmip/tests/unit/pie/objects/test_secret_data.py | 14 +++++++------- + kmip/tests/unit/pie/objects/test_split_key.py | 3 ++- + kmip/tests/unit/pie/objects/test_symmetric_key.py | 14 +++++++------- + .../unit/pie/objects/test_x509_certificate.py | 14 +++++++------- + kmip/tests/unit/services/server/test_engine.py | 3 +++ + 8 files changed, 47 insertions(+), 43 deletions(-) + +diff --git a/kmip/tests/unit/pie/objects/test_opaque_object.py b/kmip/tests/unit/pie/objects/test_opaque_object.py +index c742a17e..f41f1b0e 100644 +--- a/kmip/tests/unit/pie/objects/test_opaque_object.py ++++ b/kmip/tests/unit/pie/objects/test_opaque_object.py +@@ -224,7 +224,7 @@ def test_get(self): + test_name = 'bowser' + obj = OpaqueObject( + self.bytes_a, enums.OpaqueDataType.NONE, name=test_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -259,7 +259,7 @@ def test_add_multiple_names(self): + expected_mo_names.append(sqltypes.ManagedObjectName(name, i)) + self.assertEquals(expected_mo_names, obj._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -295,7 +295,7 @@ def test_remove_name(self): + self.assertEquals(expected_names, obj.names) + self.assertEquals(expected_mo_names, obj._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -334,7 +334,7 @@ def test_remove_and_add_name(self): + self.assertEquals(expected_names, obj.names) + self.assertEquals(expected_mo_names, obj._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -362,7 +362,7 @@ def test_update_with_add_name(self): + first_name = 'bowser' + obj = OpaqueObject( + self.bytes_a, enums.OpaqueDataType.NONE, name=first_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -402,7 +402,7 @@ def test_update_with_remove_name(self): + obj.names.append(names[1]) + obj.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -444,7 +444,7 @@ def test_update_with_remove_and_add_name(self): + obj.names.append(names[1]) + obj.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +diff --git a/kmip/tests/unit/pie/objects/test_private_key.py b/kmip/tests/unit/pie/objects/test_private_key.py +index c58daf83..0ad425f4 100644 +--- a/kmip/tests/unit/pie/objects/test_private_key.py ++++ b/kmip/tests/unit/pie/objects/test_private_key.py +@@ -563,7 +563,7 @@ def test_get(self): + key = PrivateKey( + enums.CryptographicAlgorithm.RSA, 2048, self.bytes_2048, + enums.KeyFormatType.PKCS_1, masks=masks, name=test_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -603,7 +603,7 @@ def test_add_multiple_names(self): + expected_mo_names.append(sqltypes.ManagedObjectName(name, i)) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -640,7 +640,7 @@ def test_remove_name(self): + self.assertEquals(expected_names, key.names) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -680,7 +680,7 @@ def test_remove_and_add_name(self): + self.assertEquals(expected_names, key.names) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -709,7 +709,7 @@ def test_update_with_add_name(self): + key = PrivateKey( + enums.CryptographicAlgorithm.RSA, 2048, self.bytes_2048, + enums.KeyFormatType.PKCS_1, name=first_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -750,7 +750,7 @@ def test_update_with_remove_name(self): + key.names.append(names[1]) + key.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -793,7 +793,7 @@ def test_update_with_remove_and_add_name(self): + key.names.append(names[1]) + key.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +diff --git a/kmip/tests/unit/pie/objects/test_public_key.py b/kmip/tests/unit/pie/objects/test_public_key.py +index f0571913..cf71833b 100644 +--- a/kmip/tests/unit/pie/objects/test_public_key.py ++++ b/kmip/tests/unit/pie/objects/test_public_key.py +@@ -461,7 +461,7 @@ def test_get(self): + key = PublicKey( + enums.CryptographicAlgorithm.RSA, 2048, self.bytes_2048, + enums.KeyFormatType.PKCS_1, masks=masks, name=test_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -501,7 +501,7 @@ def test_add_multiple_names(self): + expected_mo_names.append(sqltypes.ManagedObjectName(name, i)) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -538,7 +538,7 @@ def test_remove_name(self): + self.assertEquals(expected_names, key.names) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -578,7 +578,7 @@ def test_remove_and_add_name(self): + self.assertEquals(expected_names, key.names) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -607,7 +607,7 @@ def test_update_with_add_name(self): + key = PublicKey( + enums.CryptographicAlgorithm.RSA, 2048, self.bytes_2048, + enums.KeyFormatType.PKCS_1, name=first_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -648,7 +648,7 @@ def test_update_with_remove_name(self): + key.names.append(names[1]) + key.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -691,7 +691,7 @@ def test_update_with_remove_and_add_name(self): + key.names.append(names[1]) + key.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +diff --git a/kmip/tests/unit/pie/objects/test_secret_data.py b/kmip/tests/unit/pie/objects/test_secret_data.py +index 5a12132d..1cfe075d 100644 +--- a/kmip/tests/unit/pie/objects/test_secret_data.py ++++ b/kmip/tests/unit/pie/objects/test_secret_data.py +@@ -243,7 +243,7 @@ def test_get(self): + test_name = 'bowser' + obj = SecretData(self.bytes_a, enums.SecretDataType.PASSWORD, + name=test_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -278,7 +278,7 @@ def test_add_multiple_names(self): + expected_mo_names.append(sqltypes.ManagedObjectName(name, i)) + self.assertEquals(expected_mo_names, obj._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -314,7 +314,7 @@ def test_remove_name(self): + self.assertEquals(expected_names, obj.names) + self.assertEquals(expected_mo_names, obj._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -353,7 +353,7 @@ def test_remove_and_add_name(self): + self.assertEquals(expected_names, obj.names) + self.assertEquals(expected_mo_names, obj._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -381,7 +381,7 @@ def test_update_with_add_name(self): + first_name = 'bowser' + obj = SecretData(self.bytes_a, enums.SecretDataType.PASSWORD, + name=first_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -421,7 +421,7 @@ def test_update_with_remove_name(self): + obj.names.append(names[1]) + obj.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +@@ -463,7 +463,7 @@ def test_update_with_remove_and_add_name(self): + obj.names.append(names[1]) + obj.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(obj) + session.commit() +diff --git a/kmip/tests/unit/pie/objects/test_split_key.py b/kmip/tests/unit/pie/objects/test_split_key.py +index a81c304d..755d7bc8 100644 +--- a/kmip/tests/unit/pie/objects/test_split_key.py ++++ b/kmip/tests/unit/pie/objects/test_split_key.py +@@ -595,7 +595,8 @@ def test_get(self): + prime_field_size=104729 + ) + +- session = sqlalchemy.orm.sessionmaker(bind=self.engine)() ++ session = sqlalchemy.orm.sessionmaker( ++ bind=self.engine, expire_on_commit=False)() + session.add(split_key) + session.commit() + +diff --git a/kmip/tests/unit/pie/objects/test_symmetric_key.py b/kmip/tests/unit/pie/objects/test_symmetric_key.py +index ccc4cdfa..cf7f5dff 100644 +--- a/kmip/tests/unit/pie/objects/test_symmetric_key.py ++++ b/kmip/tests/unit/pie/objects/test_symmetric_key.py +@@ -408,7 +408,7 @@ def test_get(self): + enums.CryptographicAlgorithm.AES, 128, self.bytes_128a, + masks=masks, + name=test_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -448,7 +448,7 @@ def test_add_multiple_names(self): + expected_mo_names.append(sqltypes.ManagedObjectName(name, i)) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -485,7 +485,7 @@ def test_remove_name(self): + self.assertEquals(expected_names, key.names) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -525,7 +525,7 @@ def test_remove_and_add_name(self): + self.assertEquals(expected_names, key.names) + self.assertEquals(expected_mo_names, key._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -554,7 +554,7 @@ def test_update_with_add_name(self): + key = SymmetricKey( + enums.CryptographicAlgorithm.AES, 128, self.bytes_128a, + name=first_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -595,7 +595,7 @@ def test_update_with_remove_name(self): + key.names.append(names[1]) + key.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +@@ -638,7 +638,7 @@ def test_update_with_remove_and_add_name(self): + key.names.append(names[1]) + key.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(key) + session.commit() +diff --git a/kmip/tests/unit/pie/objects/test_x509_certificate.py b/kmip/tests/unit/pie/objects/test_x509_certificate.py +index 43d66ca4..f4d76ada 100644 +--- a/kmip/tests/unit/pie/objects/test_x509_certificate.py ++++ b/kmip/tests/unit/pie/objects/test_x509_certificate.py +@@ -320,7 +320,7 @@ def test_get(self): + masks = [enums.CryptographicUsageMask.ENCRYPT, + enums.CryptographicUsageMask.WRAP_KEY] + cert = X509Certificate(self.bytes_a, masks=masks, name=test_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(cert) + session.commit() +@@ -354,7 +354,7 @@ def test_add_multiple_names(self): + expected_mo_names.append(sqltypes.ManagedObjectName(name, i)) + self.assertEquals(expected_mo_names, cert._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(cert) + session.commit() +@@ -389,7 +389,7 @@ def test_remove_name(self): + self.assertEquals(expected_names, cert.names) + self.assertEquals(expected_mo_names, cert._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(cert) + session.commit() +@@ -427,7 +427,7 @@ def test_remove_and_add_name(self): + self.assertEquals(expected_names, cert.names) + self.assertEquals(expected_mo_names, cert._names) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(cert) + session.commit() +@@ -454,7 +454,7 @@ def test_update_with_add_name(self): + """ + first_name = 'bowser' + cert = X509Certificate(self.bytes_a, name=first_name) +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(cert) + session.commit() +@@ -493,7 +493,7 @@ def test_update_with_remove_name(self): + cert.names.append(names[1]) + cert.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(cert) + session.commit() +@@ -534,7 +534,7 @@ def test_update_with_remove_and_add_name(self): + cert.names.append(names[1]) + cert.names.append(names[2]) + +- Session = sessionmaker(bind=self.engine) ++ Session = sessionmaker(bind=self.engine, expire_on_commit=False) + session = Session() + session.add(cert) + session.commit() +diff --git a/kmip/tests/unit/services/server/test_engine.py b/kmip/tests/unit/services/server/test_engine.py +index 617fcc1b..ad596dfe 100644 +--- a/kmip/tests/unit/services/server/test_engine.py ++++ b/kmip/tests/unit/services/server/test_engine.py +@@ -1386,6 +1386,7 @@ def test_get_attribute_from_managed_object(self): + e._data_session.add(certificate) + e._data_session.add(opaque_object) + e._data_session.commit() ++ e._data_session.refresh(symmetric_key) + e._data_session = e._data_store_session_factory() + + result = e._get_attribute_from_managed_object( +@@ -1660,6 +1661,7 @@ def test_get_attribute_index_from_managed_object(self): + e._data_session.add(symmetric_key) + e._data_session.add(certificate) + e._data_session.commit() ++ e._data_session.refresh(symmetric_key) + e._data_session = e._data_store_session_factory() + + e._set_attribute_on_managed_object( +@@ -2302,6 +2304,7 @@ def test_set_attribute_on_managed_object_by_index(self): + + e._data_session.add(symmetric_key) + e._data_session.commit() ++ e._data_session.refresh(symmetric_key) + e._data_session = e._data_store_session_factory() + + e._set_attribute_on_managed_object( diff --git a/fix_test_mac_with_cryptographic_failure.patch b/fix_test_mac_with_cryptographic_failure.patch new file mode 100644 index 0000000..80e9493 --- /dev/null +++ b/fix_test_mac_with_cryptographic_failure.patch @@ -0,0 +1,44 @@ +From c70dbe4ed1d53a1a5dbd3aecaaba7fe654a4fbf1 Mon Sep 17 00:00:00 2001 +From: arp102 <92389169+arp102@users.noreply.github.com> +Date: Tue, 8 Aug 2023 15:35:21 -0400 +Subject: [PATCH] Fix test_mac_with_cryptographic_failure unit test. + +This test is meant to intentionally trigger an exception in the cryptography library +by creating a CMAC with a non-block cipher algorithm, IDEA. +That doesn't work any more because IDEA is now treated as a block cipher algorithm. +To fix this, we now use the ARC4 algorithm instead, +which does trigger the expected exception. +--- + kmip/services/server/crypto/engine.py | 3 +-- + kmip/tests/unit/services/server/crypto/test_engine.py | 4 ++-- + 2 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py +index e6527e4b..15527701 100644 +--- a/kmip/services/server/crypto/engine.py ++++ b/kmip/services/server/crypto/engine.py +@@ -269,8 +269,7 @@ def mac(self, algorithm, key, data): + ) + cipher_algorithm = self._symmetric_key_algorithms.get(algorithm) + try: +- # ARC4 and IDEA algorithms will raise exception as CMAC +- # requires block ciphers ++ # ARC4 and other non-block cipher algorithms will raise TypeError exceptions + c = cmac.CMAC(cipher_algorithm(key), backend=default_backend()) + c.update(data) + mac_data = c.finalize() +diff --git a/kmip/tests/unit/services/server/crypto/test_engine.py b/kmip/tests/unit/services/server/crypto/test_engine.py +index 4adb222b..edb52832 100644 +--- a/kmip/tests/unit/services/server/crypto/test_engine.py ++++ b/kmip/tests/unit/services/server/crypto/test_engine.py +@@ -247,8 +247,8 @@ def __init__(self): + + engine = crypto.CryptographyEngine() + +- # IDEA is not block cipher so cmac should raise exception +- args = [enums.CryptographicAlgorithm.IDEA, key, data] ++ # RC4 is not block cipher so cmac should raise exception ++ args = [enums.CryptographicAlgorithm.RC4, key, data] + self.assertRaises( + exceptions.CryptographicFailure, + engine.mac, diff --git a/no-ssl-wrap-socket.patch b/no-ssl-wrap-socket.patch new file mode 100644 index 0000000..5b37460 --- /dev/null +++ b/no-ssl-wrap-socket.patch @@ -0,0 +1,101 @@ +From 433ab3ef43241155ee64196574daae2f41feac4e Mon Sep 17 00:00:00 2001 +From: Steven Silvester +Date: Wed, 4 Oct 2023 09:59:43 -0500 +Subject: [PATCH 01/11] Add python 3.12 support + +--- + .github/workflows/tox.yml | 3 ++- + kmip/services/kmip_client.py | 19 +++++++------- + kmip/services/server/server.py | 25 ++++++++++--------- + .../tests/unit/services/server/test_server.py | 4 +-- + 4 files changed, 27 insertions(+), 24 deletions(-) + +Index: PyKMIP-0.10.0/kmip/services/kmip_client.py +=================================================================== +--- PyKMIP-0.10.0.orig/kmip/services/kmip_client.py ++++ PyKMIP-0.10.0/kmip/services/kmip_client.py +@@ -285,13 +285,15 @@ class KMIPProxy(object): + six.reraise(*last_error) + + def _create_socket(self, sock): +- self.socket = ssl.wrap_socket( ++ context = ssl.SSLContext(protocol=self.ssl_version) ++ context.load_verify_locations(capath=self.ca_certs) ++ context.check_hostname = False ++ context.verify_mode = self.cert_reqs ++ if self.certfile: ++ context.load_cert_chain(self.certfile, self.keyfile) ++ self.socket = context.wrap_socket( + sock, +- keyfile=self.keyfile, +- certfile=self.certfile, +- cert_reqs=self.cert_reqs, +- ssl_version=self.ssl_version, +- ca_certs=self.ca_certs, ++ server_side=False, + do_handshake_on_connect=self.do_handshake_on_connect, + suppress_ragged_eofs=self.suppress_ragged_eofs) + self.socket.settimeout(self.timeout) +Index: PyKMIP-0.10.0/kmip/services/server/server.py +=================================================================== +--- PyKMIP-0.10.0.orig/kmip/services/server/server.py ++++ PyKMIP-0.10.0/kmip/services/server/server.py +@@ -287,17 +287,22 @@ class KmipServer(object): + for cipher in auth_suite_ciphers: + self._logger.debug(cipher) + +- self._socket = ssl.wrap_socket( ++ capath = self.config.settings.get('ca_path') ++ context = ssl.SSLContext(protocol=self.auth_suite.protocol) ++ if capath is not None: ++ context.load_verify_locations(capath=capath) ++ context.verify_mode = ssl.CERT_REQUIRED ++ context.set_ciphers(self.auth_suite.ciphers) ++ certfile = self.config.settings.get('certificate_path') ++ if certfile: ++ keyfile = self.config.settings.get('key_path') ++ context.load_cert_chain(certfile, keyfile=keyfile) ++ ++ self._socket = context.wrap_socket( + self._socket, +- keyfile=self.config.settings.get('key_path'), +- certfile=self.config.settings.get('certificate_path'), + server_side=True, +- cert_reqs=ssl.CERT_REQUIRED, +- ssl_version=self.auth_suite.protocol, +- ca_certs=self.config.settings.get('ca_path'), + do_handshake_on_connect=False, +- suppress_ragged_eofs=True, +- ciphers=self.auth_suite.ciphers ++ suppress_ragged_eofs=True + ) + + try: +Index: PyKMIP-0.10.0/kmip/tests/unit/services/server/test_server.py +=================================================================== +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_server.py ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/test_server.py +@@ -210,9 +210,9 @@ class TestKmipServer(testtools.TestCase) + # Test that in ideal cases no errors are generated and the right + # log messages are. + with mock.patch('socket.socket') as socket_mock: +- with mock.patch('ssl.wrap_socket') as ssl_mock: ++ with mock.patch('ssl.SSLContext') as ssl_mock: + socket_mock.return_value = a_mock +- ssl_mock.return_value = b_mock ++ ssl_mock.return_value.wrap_socket.return_value = b_mock + + manager_mock.assert_not_called() + monitor_mock.assert_not_called() +@@ -271,9 +271,9 @@ class TestKmipServer(testtools.TestCase) + + # Test that a NetworkingError is generated if the socket bind fails. + with mock.patch('socket.socket') as socket_mock: +- with mock.patch('ssl.wrap_socket') as ssl_mock: ++ with mock.patch('ssl.SSLContext') as ssl_mock: + socket_mock.return_value = a_mock +- ssl_mock.return_value = b_mock ++ ssl_mock.return_value.wrap_socket.return_value = b_mock + + test_exception = Exception() + b_mock.bind.side_effect = test_exception diff --git a/python-PyKMIP-no-mock.patch b/python-PyKMIP-no-mock.patch new file mode 100644 index 0000000..9e2b66f --- /dev/null +++ b/python-PyKMIP-no-mock.patch @@ -0,0 +1,158 @@ +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/core/objects/test_credentials.py PyKMIP-0.10.0/kmip/tests/unit/core/objects/test_credentials.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/core/objects/test_credentials.py 2022-05-04 11:45:14.586835230 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/core/objects/test_credentials.py 2022-05-04 11:45:14.642835575 +0200 +@@ -14,7 +14,7 @@ + # under the License. + + import enum +-import mock ++from unittest import mock + import testtools + + from kmip import enums +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/core/test_config_helper.py PyKMIP-0.10.0/kmip/tests/unit/core/test_config_helper.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/core/test_config_helper.py 2022-05-04 11:45:14.586835230 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/core/test_config_helper.py 2022-05-04 11:45:14.622835452 +0200 +@@ -19,8 +19,8 @@ except ImportError: + import ConfigParser as configparser + + from testtools import TestCase +-from mock import MagicMock +-from mock import Mock ++from unittest.mock import MagicMock ++from unittest.mock import Mock + + from kmip.core.config_helper import ConfigHelper + +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/pie/test_client.py PyKMIP-0.10.0/kmip/tests/unit/pie/test_client.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/pie/test_client.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/pie/test_client.py 2022-05-04 11:45:14.614835402 +0200 +@@ -13,7 +13,7 @@ + # License for the specific language governing permissions and limitations + # under the License. + +-import mock ++from unittest import mock + import six + import ssl + import testtools +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/auth/test_slugs.py PyKMIP-0.10.0/kmip/tests/unit/services/server/auth/test_slugs.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/auth/test_slugs.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/auth/test_slugs.py 2022-05-04 11:45:14.618835427 +0200 +@@ -13,7 +13,7 @@ + # License for the specific language governing permissions and limitations + # under the License. + +-import mock ++from unittest import mock + import requests + import testtools + +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/auth/test_utils.py PyKMIP-0.10.0/kmip/tests/unit/services/server/auth/test_utils.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/auth/test_utils.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/auth/test_utils.py 2022-05-04 11:45:14.618835427 +0200 +@@ -19,7 +19,7 @@ from cryptography.hazmat.primitives impo + from cryptography.hazmat.primitives.asymmetric import rsa + + import datetime +-import mock ++from unittest import mock + import ssl + import testtools + +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/crypto/test_engine.py PyKMIP-0.10.0/kmip/tests/unit/services/server/crypto/test_engine.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/crypto/test_engine.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/crypto/test_engine.py 2022-05-04 11:45:14.618835427 +0200 +@@ -13,7 +13,7 @@ + # License for the specific language governing permissions and limitations + # under the License. + +-import mock ++from unittest import mock + import pytest + import testtools + +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_config.py PyKMIP-0.10.0/kmip/tests/unit/services/server/test_config.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_config.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/test_config.py 2022-05-04 11:45:14.618835427 +0200 +@@ -14,7 +14,7 @@ + # under the License. + + import logging +-import mock ++from unittest import mock + + import six + from six.moves import configparser +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_engine.py PyKMIP-0.10.0/kmip/tests/unit/services/server/test_engine.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_engine.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/test_engine.py 2022-05-04 11:45:14.622835452 +0200 +@@ -14,7 +14,7 @@ + # under the License. + + import six +-import mock ++from unittest import mock + import shutil + import sqlalchemy + +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_monitor.py PyKMIP-0.10.0/kmip/tests/unit/services/server/test_monitor.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_monitor.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/test_monitor.py 2022-05-04 11:45:14.618835427 +0200 +@@ -14,7 +14,7 @@ + # under the License. + + import logging +-import mock ++from unittest import mock + import multiprocessing + import os + import shutil +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_server.py PyKMIP-0.10.0/kmip/tests/unit/services/server/test_server.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_server.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/test_server.py 2022-05-04 11:45:14.618835427 +0200 +@@ -18,7 +18,7 @@ import logging + try: + import unittest.mock as mock + except Exception: +- import mock ++ from unittest import mock + + import signal + import socket +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_session.py PyKMIP-0.10.0/kmip/tests/unit/services/server/test_session.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/server/test_session.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/server/test_session.py 2022-05-04 11:45:14.618835427 +0200 +@@ -20,7 +20,7 @@ from cryptography.hazmat.primitives.asym + + + import datetime +-import mock ++from unittest import mock + import socket + import testtools + import time +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/test_kmip_client.py PyKMIP-0.10.0/kmip/tests/unit/services/test_kmip_client.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/test_kmip_client.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/test_kmip_client.py 2022-05-04 11:45:14.614835402 +0200 +@@ -66,7 +66,7 @@ from kmip.services.results import Operat + from kmip.services.results import QueryResult + from kmip.services.results import RekeyKeyPairResult + +-import mock ++from unittest import mock + import os + import socket + import ssl +diff -upr PyKMIP-0.10.0.orig/kmip/tests/unit/services/test_kmip_protocol.py PyKMIP-0.10.0/kmip/tests/unit/services/test_kmip_protocol.py +--- PyKMIP-0.10.0.orig/kmip/tests/unit/services/test_kmip_protocol.py 2022-05-04 11:45:14.582835205 +0200 ++++ PyKMIP-0.10.0/kmip/tests/unit/services/test_kmip_protocol.py 2022-05-04 11:45:14.614835402 +0200 +@@ -13,7 +13,7 @@ + # License for the specific language governing permissions and limitations + # under the License. + +-from mock import call, MagicMock ++from unittest.mock import call, MagicMock + from testtools import TestCase + + import binascii diff --git a/python-PyKMIP.changes b/python-PyKMIP.changes new file mode 100644 index 0000000..0c9f913 --- /dev/null +++ b/python-PyKMIP.changes @@ -0,0 +1,184 @@ +------------------------------------------------------------------- +Tue Mar 25 04:51:22 UTC 2025 - Steve Kowalik + +- Lowercase metadata directory name. + +------------------------------------------------------------------- +Thu Mar 28 03:58:37 UTC 2024 - Steve Kowalik + +- Clean up Python 2 leftovers. +- Add patch crypto-42.patch: + * Use cryptography.hazmat.primitives.serialization to load private keys. +- Add patch no-ssl-wrap-socket.patch: + * Do not use removed in Python 3.12 function, ssl.wrap_socket. +- Switch to pyproject macros. + +------------------------------------------------------------------- +Fri Sep 8 06:13:02 UTC 2023 - Daniel Garcia + +- Add upstream patch fix_test_mac_with_cryptographic_failure.patch + gh#OpenKMIP/PyKMIP#702, this fixes the issue with the + test_mac_with_cryptographic_failure. + +------------------------------------------------------------------- +Thu Feb 23 10:44:02 UTC 2023 - Daniel Garcia + +- Disable broken test, test_mac_with_cryptographic_failure, + gh#OpenKMIP/PyKMIP#690 + +------------------------------------------------------------------- +Thu Jan 26 12:36:34 UTC 2023 - Daniel Garcia + +- Add crypto-39.patch to make it work with python-cryptography >= 39.0.0 + gh#OpenKMIP/PyKMIP#689 + +------------------------------------------------------------------- +Wed May 4 09:55:17 UTC 2022 - pgajdos@suse.com + +- do not require python-mock for build +- added patches + fix https://github.com/OpenKMIP/PyKMIP/issues/668 + + python-PyKMIP-no-mock.patch + +------------------------------------------------------------------- +Fri Sep 24 22:07:08 UTC 2021 - Matej Cepl + +- Remove SQL-issues.patch with the patch + fix-tests-SQLAlchemy-140.patch which actually resolves the + problems (gh#OpenKMIP/PyKMIP#656). + +------------------------------------------------------------------- +Sat Jun 5 12:12:59 UTC 2021 - Matej Cepl + +- Add SQL-issues.patch skipping tests failing due to + incompatibilities with the current version of SQLAlchemy + (gh#OpenKMIP/PyKMIP#649). + +------------------------------------------------------------------- +Mon Apr 20 10:38:03 UTC 2020 - Tomáš Chvátal + +- Fix build without python2 + +------------------------------------------------------------------- +Mon Mar 16 10:39:58 UTC 2020 - Dirk Mueller + +- update to 0.10.0 + * Add server debug logging for message encodings + * Add server Locate filtering for all currently supported attributes + * Add server Locate filtering using offset and maximum item constraints + * Add server cryptography engine support for AES GCM mode + * Add server support for the SplitKey object + * Add client/server support for the ApplicationSpecificInformation attribute + * Add client/server support for the ObjectGroup and Sensitive attributes + * Add client/server support for the DeleteAttribute operation + * Add client/server support for the SetAttribute operation + * Add client/server support for the ModifyAttribute operation + * Add a variety of unit and integration tests to cover all new functionality + * Add new ProxyKmipClient demo scripts to show how to use the new operations + * Add pending deprecation warnings for Python 2.7 and 3.4 due to their EOL + * Update server Locate filtering to return results sorted by creation date + * Update encoding support for SplitKey objects + * Update the Travis CI configuration to better support default Python versions + * Update library and testing dependencies to maintain Python 3.4 support + * Update the library documentation to reflect new features and security details + * Fix a bug with how key pair names are handled by the client for KMIP 2.0 + +------------------------------------------------------------------- +Thu Jul 25 11:33:13 UTC 2019 - Marketa Calabkova + +- update to 0.9.1 + * Add various support for KMIP 2.0 + * Add support for Python 3.7 + * Add utilities to handle bit mask style enumerations + * Update library logging defaults to log at INFO but still support DEBUG + * Update the PyKMIP clients to support changing their KMIP version + * Update the server TLS handshake handling to avoid thread hanging + * Remove escape sequences to comply with Python 3.6 style deprecations + * See upstream changelog for more + +------------------------------------------------------------------- +Sun Jan 6 11:57:50 UTC 2019 - Dirk Mueller + +- update to 0.8.0: + * Add Sphinx-based client and server library documentation + * Add server support for third-party authentication systems + * Add client support for the Check operation + * Add client support for the Rekey operation + * Add client support for attestation credentials + * Add a functional test suite for server authentication and access control + * Add payloads for the Archive, Cancel, and GetUsageAllocation operations + * Add payloads for the ObtainLease, Poll, and Recover operations + * Update the server to support group-based operation policies + * Update the server to support live loading of operation policy files + * Update the server to support custom backend database file paths + * Update the server to raise PermissionDenied on access control violations + * Update the client to support custom configuration file paths + * Update the ProxyKmipClient to support custom names for the Register operation + * Update the ProxyKmipClient to set cryptographic usage masks for Derived keys + * Update the README to reference the new documentation + * Update the Travis CI configuration to include building the documentation + * Update the Travis CI configuration to run integration and functional tests + * Remove support for Python 3.3 + * Fix a denial-of-service bug by setting the server socket timeout + * Fix a ProxyKmipClient bug with generic cryptographic parameter handling + * Fix a ProxyKmipClient bug with cryptographic usage mask processing + +------------------------------------------------------------------- +Thu Feb 15 13:05:03 UTC 2018 - tbechtold@suse.com + +- update to 0.7.0: + * Add support for Python 3.6 + * Add support for the InitialDate attribute + * Add server support for the GetAttributeList operation + * Add server support for the Locate operation + * Add client and server support for the MAC operation + * Add client and server support for the Revoke operation + * Add client and server support for the Encrypt operation + * Add client and server support for the Decrypt operation + * Add client and server support for the DeriveKey operation + * Add client and server support for the Sign operation + * Add client and server support for the SignatureVerify operation + * Add client and server support for retrieving wrapped keys + * Add client and server support for storing wrapped keys + * Add KMIP 1.4 enumerations + * Add server config option enabling certificate extension checks + * Add server config option defining set of usable TLS ciphers + * Add server config option setting the server log level + * Update the server to enforce checking object state and usage masks + * Update server Locate support to allow object name filtering + * Remove support for Python 2.6 + * Fix bug with multithreading support with the SQLite backend + * Fix bug with how open() is mocked in the server test suite + * Fix bug with mismapped polymorphic identity for certificate objects + * Fix bug with socket interrupt handling under Python 3.5 + * Fix bug with detached instance errors in the server test suite +- Use pytest for testing. That's what upstream does +- Use fdupes + +------------------------------------------------------------------- +Fri Aug 25 07:27:27 UTC 2017 - tbechtold@suse.com + +- update to 0.6.0: + * Add support for Python 3.5 + * Add support for the State and OperationPolicyName attributes + * Add server support for the Activate and GetAttributes operations + * Add server support for certificate-based client authentication + * Add server support for object access control via operation policies + * Add server support for loading of user-defined operation policies + * Add client support for the GetAttributes operation + * Update clients to support operation policy names with objects + * Update ProxyKmipClient to support names when creating new objects + * Remove coveralls integration + * Fix bug with early server termination on missing request credential + * Fix bug with closing the client while unconnected to a server + * Fix bug with default values overriding server config file settings + * Fix bug with early server termination on bad client certificates + * Fix bug with deprecated usage of the bandit config file + * Fix bug with ProxyKmipClient registering unset object attributes +- convert to singlespec + +------------------------------------------------------------------- +Tue May 24 12:28:59 UTC 2016 - slunkad@suse.com, johannes.grassler@suse.com + +- Initial Packaging (version 0.5.0) + diff --git a/python-PyKMIP.spec b/python-PyKMIP.spec new file mode 100644 index 0000000..04ca6ef --- /dev/null +++ b/python-PyKMIP.spec @@ -0,0 +1,97 @@ +# +# spec file for package python-PyKMIP +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: python-PyKMIP +Version: 0.10.0 +Release: 0 +Summary: KMIP v11 library +License: Apache-2.0 +URL: https://github.com/OpenKMIP/PyKMIP +Source: https://files.pythonhosted.org/packages/source/P/PyKMIP/PyKMIP-%{version}.tar.gz +# PATCH-FIX-UPSTREAM fix-tests-SQLAlchemy-140.patch gh#OpenKMIP/PyKMIP#656 mcepl@suse.com +# fix tests to work with SQLAlchemy >= 1.4.0 +Patch0: fix-tests-SQLAlchemy-140.patch +# https://github.com/OpenKMIP/PyKMIP/issues/668 +Patch1: python-PyKMIP-no-mock.patch +# PATCH-FIX-UPSTREAM crypto-39.patch gh#OpenKMIP/PyKMIP#689 +Patch2: crypto-39.patch +# PATCH-FIX-UPSTREAM fix_test_mac_with_cryptographic_failure.patch gh#OpenKMIP/PyKMIP#702 +Patch3: fix_test_mac_with_cryptographic_failure.patch +# PATCH-FIX-OPENSUSE Use cryptography.hazmat.primitives.serialization for loading private keys. +Patch4: crypto-42.patch +# PATCH-FIX-UPSTREAM Based on gh#OpenKMIP/PyKMIP#707, including some changes suggested +Patch5: no-ssl-wrap-socket.patch +BuildRequires: %{python_module SQLAlchemy} +BuildRequires: %{python_module cryptography} +BuildRequires: %{python_module devel} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module requests} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module six} +BuildRequires: %{python_module testtools} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-SQLAlchemy +Requires: python-cryptography +Requires: python-requests +Requires: python-six +Requires(post): update-alternatives +Requires(postun): update-alternatives +BuildArch: noarch +%python_subpackages + +%description +PyKMIP is a Python implementation of the Key Management Interoperability +Protocol (KMIP). KMIP is a client/server communication protocol for the +storage and maintenance of key, certificate, and secret objects. The standard +is governed by the `Organization for the Advancement of Structured Information +Standards`_ (OASIS). PyKMIP supports a subset of features in versions +1.0 - 1.2 of the KMIP specification. + +%prep +%autosetup -p1 -n PyKMIP-%{version} +# Not needed, we use Python 3.4+ only +sed -i '/"enum-compat",/d' setup.py + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_clone -a %{buildroot}%{_bindir}/pykmip-server +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%pytest kmip/tests/unit + +%post +%python_install_alternative pykmip-server + +%postun +%python_uninstall_alternative pykmip-server + +%files %{python_files} +%license LICENSE.txt +%doc README.rst +%{python_sitelib}/kmip +%{python_sitelib}/pykmip-%{version}.dist-info +%python_alternative %{_bindir}/pykmip-server + +%changelog From 15cb243ef0b24188504f97b2709829ee30c6099f29a3865b57ffd6a76fb653fe Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Mon, 14 Apr 2025 06:23:51 +0000 Subject: [PATCH 2/2] - Support both lowercased and unnormalized metadata directory names. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyKMIP?expand=0&rev=23 --- python-PyKMIP.changes | 5 +++++ python-PyKMIP.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/python-PyKMIP.changes b/python-PyKMIP.changes index 0c9f913..d6d1eef 100644 --- a/python-PyKMIP.changes +++ b/python-PyKMIP.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Apr 14 06:23:18 UTC 2025 - Steve Kowalik + +- Support both lowercased and unnormalized metadata directory names. + ------------------------------------------------------------------- Tue Mar 25 04:51:22 UTC 2025 - Steve Kowalik diff --git a/python-PyKMIP.spec b/python-PyKMIP.spec index 04ca6ef..bb0ae6c 100644 --- a/python-PyKMIP.spec +++ b/python-PyKMIP.spec @@ -91,7 +91,7 @@ sed -i '/"enum-compat",/d' setup.py %license LICENSE.txt %doc README.rst %{python_sitelib}/kmip -%{python_sitelib}/pykmip-%{version}.dist-info +%{python_sitelib}/[Pp]y[Kk][Mm][Ii][Pp]-%{version}.dist-info %python_alternative %{_bindir}/pykmip-server %changelog