From cfee53065f8f9b797a2fcf6df5d3679a19fe383aad70e5a0e9655083fb09c470 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Thu, 31 Oct 2024 07:37:47 +0000 Subject: [PATCH] Accepting request 1219775 from home:dgarcia:branches:security - Move not mandatory requirements to Suggests - Update to version 1.1.0: * SigstoreSigner: Re-enable compatibility with Sigstore (#781) - 1.0.0: Added * Signer: add public_key attribute to interface (#756) * VaultSigner: Signer implementation for HashiCorp Vault (#800) * CryptoSigner: support ecdsa keytype that is no longer in spec (#711) * CryptoSigner: add private_bytes property (#799) * CryptoSigner: add "file2" signer uri (#759) * test: use localstack to test AWSSigner (#777) Removed * CryptoSigner: remove "file" signer uri (#759) * migration script for legacy keys (#770) * SSlibSigner class and *_securesystemslib_key methods (#771) * legacy key key*, interface, util and schema modules (#772, #773, #776) * unused functions in hash, and formats module (#774, #776) * unused global key constants (#806) Changed * SSlibKey: strengthen input validation (#780, #795) * AWSSigner: support default scheme and add stronger input validation (#724, #778) * dsse: change Envelope.signatures type to dict (#743) * vendor: update ed25519 copy (#793) * docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796) * test: improve and temporarily disable SigstoreSigner test (#779, #785) * ci: use dependabot groups, update weekly (#735) * ci: test macOS and Windows on latest Python only (#797) * Make securessystemslib.gpg internal (#792) Fixed * Fix check-upstream-ed25519 workflow permission (#706) OBS-URL: https://build.opensuse.org/request/show/1219775 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-securesystemslib?expand=0&rev=6 --- _service | 4 ++-- python-securesystemslib.changes | 38 +++++++++++++++++++++++++++++++++ python-securesystemslib.spec | 31 ++++++++++++++++----------- securesystemslib-0.21.0.obscpio | 3 --- securesystemslib-1.1.0.obscpio | 3 +++ securesystemslib.obsinfo | 6 +++--- 6 files changed, 64 insertions(+), 21 deletions(-) delete mode 100644 securesystemslib-0.21.0.obscpio create mode 100644 securesystemslib-1.1.0.obscpio diff --git a/_service b/_service index 99e1030..6e64685 100644 --- a/_service +++ b/_service @@ -2,8 +2,8 @@ https://github.com/secure-systems-lab/securesystemslib git - 0.21.0 - v0.21.0 + 1.1.0 + v1.1.0 diff --git a/python-securesystemslib.changes b/python-securesystemslib.changes index e1edf1e..34a6f1b 100644 --- a/python-securesystemslib.changes +++ b/python-securesystemslib.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Thu Oct 31 07:30:30 UTC 2024 - Daniel Garcia + +- Move not mandatory requirements to Suggests +- Update to version 1.1.0: + * SigstoreSigner: Re-enable compatibility with Sigstore (#781) +- 1.0.0: + Added + * Signer: add public_key attribute to interface (#756) + * VaultSigner: Signer implementation for HashiCorp Vault (#800) + * CryptoSigner: support ecdsa keytype that is no longer in spec (#711) + * CryptoSigner: add private_bytes property (#799) + * CryptoSigner: add "file2" signer uri (#759) + * test: use localstack to test AWSSigner (#777) + Removed + * CryptoSigner: remove "file" signer uri (#759) + * migration script for legacy keys (#770) + * SSlibSigner class and *_securesystemslib_key methods (#771) + * legacy key key*, interface, util and schema modules (#772, #773, #776) + * unused functions in hash, and formats module (#774, #776) + * unused global key constants (#806) + Changed + * SSlibKey: strengthen input validation (#780, #795) + * AWSSigner: support default scheme and add stronger input validation (#724, #778) + * dsse: change Envelope.signatures type to dict (#743) + * vendor: update ed25519 copy (#793) + * docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796) + * test: improve and temporarily disable SigstoreSigner test (#779, #785) + * ci: use dependabot groups, update weekly (#735) + * ci: test macOS and Windows on latest Python only (#797) + * Make securessystemslib.gpg internal (#792) + Fixed + * Fix check-upstream-ed25519 workflow permission (#706) + * SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794) +[...] +Other release notes can be found in the CHANGELOG.md file: +https://github.com/secure-systems-lab/securesystemslib/blob/v1.1.0/CHANGELOG.md + ------------------------------------------------------------------- Mon Mar 27 05:47:20 UTC 2023 - Steve Kowalik diff --git a/python-securesystemslib.spec b/python-securesystemslib.spec index 72be8fc..729afc6 100644 --- a/python-securesystemslib.spec +++ b/python-securesystemslib.spec @@ -1,7 +1,7 @@ # # spec file for package python-securesystemslib # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,28 +17,24 @@ Name: python-securesystemslib -Version: 0.21.0 +Version: 1.1.0 Release: 0 License: MIT Summary: Cryptographic and general routines for Secure Systems Lab URL: https://github.com/secure-systems-lab/securesystemslib Source: securesystemslib-%{version}.tar.xz -# PATCH-FIX-UPSTREAM Contained in debian/patches directory -Patch0: use_python3_interpreter_in_tests.diff -BuildRequires: %{python_module PyNaCl} +BuildRequires: %{python_module PyKCS11} BuildRequires: %{python_module asn1crypto} BuildRequires: %{python_module cryptography >= 3.3.2} BuildRequires: %{python_module ed25519} BuildRequires: %{python_module hatchling} BuildRequires: %{python_module pip} BuildRequires: %{python_module pytest} -BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros -Requires: python-PyNaCl -Requires: python-asn1crypto -Requires: python-colorama -Requires: python-cryptography >= 3.3.2 +Suggests: python-asn1crypto +Suggests: python-cryptography +Suggests: python-PyKCS11 BuildArch: noarch %python_subpackages @@ -48,16 +44,25 @@ Cryptographic and general-purpose routines for Secure Systems Lab projects at NY %prep %autosetup -p1 -n securesystemslib-%version +# Remove exec permission from python scripts +find . -type f -name *.py -exec chmod 0644 {} \; %build -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install +# Remove not needed files +%{python_expand # +rm -rf %{buildroot}%{$python_sitelib}/securesystemslib/_vendor/ed25519/.gitignore +} %python_expand %fdupes %{buildroot}%{$python_sitelib} %check -%pytest -k 'not (test_ed25519_kat or test_checkparams)' +donttest="test_ed25519_kat or test_checkparams" +# spinhcs+ key support requires the pyspx library +donttest+=" or test_sphincs" +%pytest -k "not ($donttest)" %files %{python_files} %{python_sitelib}/securesystemslib diff --git a/securesystemslib-0.21.0.obscpio b/securesystemslib-0.21.0.obscpio deleted file mode 100644 index 5ef6f5f..0000000 --- a/securesystemslib-0.21.0.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3b762bac882d98a9f2b8ac46974792c4097fc1b6ef282589bda53ae8b097bf66 -size 3133452 diff --git a/securesystemslib-1.1.0.obscpio b/securesystemslib-1.1.0.obscpio new file mode 100644 index 0000000..e763d60 --- /dev/null +++ b/securesystemslib-1.1.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:27769b9b809ec8a00ec29ab52034814ef91cb8328eef12e88fe4041975e2afbd +size 2984460 diff --git a/securesystemslib.obsinfo b/securesystemslib.obsinfo index 5945df2..eb86d88 100644 --- a/securesystemslib.obsinfo +++ b/securesystemslib.obsinfo @@ -1,4 +1,4 @@ name: securesystemslib -version: 0.21.0 -mtime: 1629887732 -commit: 9b3ea003ab93ab6909d1327dfb2ab7af0309e7cc +version: 1.1.0 +mtime: 1717502370 +commit: c70d7be2b89659265d9fb50df4b6968780de30ab