PR#2: Rebase to M2Crypto-0.32.0 and modernize spec to fix build for F29+ - rpms/m2crypto

rpms / m2crypto

#2 Rebase to M2Crypto-0.32.0 and modernize spec to fix build for F29+

Merged 4 years ago by ngompa. Opened 5 years ago by ngompa.

rpms/ ngompa/m2crypto rebase-to-0.32.0 into master

Neal Gompa • 5 years ago

c71cdc9

.gitignore

file modified

		`@@ -18,3 +18,4 @@`
		`/M2Crypto-0.28.2.tar.gz.asc`
		`/M2Crypto-0.30.1.tar.gz`
		`/M2Crypto-0.30.1.tar.gz.asc`
		`+ /M2Crypto-0.32.0.tar.gz`

0001-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch

file added

+38

		`@@ -0,0 +1,38 @@`
		`+ From 0a5a3569346c58af69a12a9c91656bdc8da1b7b4 Mon Sep 17 00:00:00 2001`
		`+ From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>`
		`+ Date: Sat, 2 Mar 2019 17:08:39 +0100`
		`+ Subject: [PATCH] tests/test_ssl: use -ciphercuites for TLS1.3 cipher in`
		`+ openssl1.1`
		`+`
		`+ The -cipher can not be used in OpenSSL 1.1.b+ for TLS1.3 cipher since`
		`+ openssl upstream commit 1c31fe7eb093a ("Ignore cipher suites when`
		`+ setting cipher list").`
		`+`
		`+ Use -ciphersuites for TLS1.3 cipher as documented.`
		`+`
		`+ Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>`
		`+`
		`+ Fixes #251`
		`+ ---`
		`+ tests/test_ssl.py \| 3 ++-`
		`+ 1 file changed, 2 insertions(+), 1 deletion(-)`
		`+`
		`+ diff --git a/tests/test_ssl.py b/tests/test_ssl.py`
		`+ index a3e2a31..925d365 100644`
		`+ --- a/tests/test_ssl.py`
		`+ +++ b/tests/test_ssl.py`
		`+ @@ -460,9 +460,10 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):`
		`+ def test_cipher_ok(self):`
		`+ if OPENSSL111:`
		`+ TCIPHER = 'TLS_AES_256_GCM_SHA384'`
		`+ + self.args = self.args + ['-ciphersuites', TCIPHER]`
		`+ else:`
		`+ TCIPHER = 'AES128-SHA'`
		`+ - self.args = self.args + ['-cipher', TCIPHER]`
		`+ + self.args = self.args + ['-cipher', TCIPHER]`
		`+`
		`+ pid = self.start_server(self.args)`
		`+ try:`
		`+ --`
		`+ 2.20.1`
		`+`

m2crypto-0.30.1-gcc_macros.patch

file removed

-23

		`@@ -1,23 +0,0 @@`
		`- diff -up M2Crypto-0.30.1/SWIG/_m2crypto.i.gcc_macros M2Crypto-0.30.1/SWIG/_m2crypto.i`
		`- --- M2Crypto-0.30.1/SWIG/_m2crypto.i.gcc_macros 2018-02-24 14:54:59.000000000 +0100`
		`- +++ M2Crypto-0.30.1/SWIG/_m2crypto.i 2018-05-19 06:07:31.032986837 +0200`
		`- @@ -7,6 +7,7 @@`
		`- * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.`
		`- *`
		`- */`
		`- +%import "gcc_macros.h"`
		`-`
		`- %module(threads=1) m2crypto`
		`- /* We really don't need threadblock (PyGILState_Ensure() etc.) anywhere.`
		`- @@ -15,11 +16,6 @@`
		`- %nothreadblock;`
		`- %nothreadallow;`
		`-`
		`- -#if SWIG_VERSION >= 0x030000`
		`- -#define __WCHAR_MAX__ __WCHAR_MAX`
		`- -#define __WCHAR_MIN__ __WCHAR_MIN`
		`- -#endif`
		`- -`
		`- %{`
		`- #ifdef _WIN32`
		`- #define _WINSOCKAPI_`

m2crypto.spec

file modified

+53 -57

		`@@ -1,98 +1,94 @@`
		`- Summary: Support for using OpenSSL in Python 2 scripts`
		`- Name: m2crypto`
		`- Version: 0.30.1`
		`- Release: 4%{?dist}`
		`- Source0: https://files.pythonhosted.org/packages/41/50/7d85dc99b1c4f29eca83873d851ec29a8e484a66b31351e62e30be9db7d1/M2Crypto-0.30.1.tar.gz`
		`- Source1: https://files.pythonhosted.org/packages/41/50/7d85dc99b1c4f29eca83873d851ec29a8e484a66b31351e62e30be9db7d1/M2Crypto-0.30.1.tar.gz.asc`
		`- # This is only precautionary, it does fix anything - not sent upstream`
		`- Patch0: m2crypto-0.30.1-gcc_macros.patch`
		`- Requires: python2-typing`
		`-`
		`- License: MIT`
		`- URL: https://gitlab.com/m2crypto/m2crypto/`
		`- BuildRequires: gcc`
		`- BuildRequires: openssl, openssl-devel, python2-devel, python2-setuptools`
		`- BuildRequires: python3-devel, python3-setuptools`
		`- BuildRequires: perl-interpreter, pkgconfig, python2-typing, swig, which`
		`+ Name: m2crypto`
		`+ Version: 0.32.0`
		`+ Release: 1%{?dist}`
		`+ Summary: Support for using OpenSSL in Python scripts`
		`+`
		`+ License: MIT`
		`+ URL: https://gitlab.com/m2crypto/m2crypto/`
		`+ Source0: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz`

		`- %filter_provides_in %{python2_sitearch}/M2Crypto/__m2crypto.so`
		`- %filter_setup`
		`+ # Backports from upstream`
		`+ ## Fix from upstream to fix compatibility with OpenSSL 1.1.0h by adding the patch`
		`+ ## From: https://gitlab.com/m2crypto/m2crypto/commit/0a5a3569346c58af69a12a9c91656bdc8da1b7b4`
		`+ Patch0001: 0001-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch`
		`+`
		`+ BuildRequires: gcc`
		`+ BuildRequires: openssl`
		`+ BuildRequires: openssl-devel`
		`+ BuildRequires: perl-interpreter`
		`+ BuildRequires: pkgconfig`
		`+ BuildRequires: swig`
		`+ BuildRequires: which`

		`%description`
		`+ This package allows you to call OpenSSL functions from Python scripts.`
		`+`
		`+ %package -n python2-m2crypto`
		`+ Summary: Support for using OpenSSL in Python 2 scripts`
		`+ %{?python_provide:%python_provide python2-m2crypto}`
		`+ BuildRequires: python2-devel`
		`+ BuildRequires: python2-setuptools`
		`+ BuildRequires: python2-typing`
		`+ Requires: python2-typing`
		`+ Obsoletes: m2crypto < 0.32.0`
		`+ Provides: m2crypto = %{version}-%{release}`
		`+`
		`+ %description -n python2-m2crypto`
		`This package allows you to call OpenSSL functions from Python 2 scripts.`

		`%package -n python3-m2crypto`
		`- Summary: Support for using OpenSSL in Python 3 scripts`
		`+ Summary: Support for using OpenSSL in Python 3 scripts`
		`+ %{?python_provide:%python_provide python3-m2crypto}`
		`+ BuildRequires: python3-devel`
		`+ BuildRequires: python3-setuptools`

		`%description -n python3-m2crypto`
		`This package allows you to call OpenSSL functions from Python 3 scripts.`

		`%prep`
		`- %setup -q -T -c -a 0`
		`-`
		`- pushd M2Crypto-%{version}`
		`- %patch0 -p1 -b .gcc_macros`
		`-`
		`- # __REGISTER_PREFIX__ is defined to unquoted $ on some platforms; gcc handles`
		`- # this fine, but swig chokes on it.`
		`- # __GNUC__ really should be included in gcc_macros.h, but this currently breaks`
		`- # builds on ppc64: https://bugzilla.redhat.com/show_bug.cgi?id=1317553 .`
		`- # __STDC_HOSTED__ really should be included as well, but that causes`
		`- # /usr/lib/gcc///include/stdint.h to try to #include_next <stdint.h>, which`
		`- # is unsupported by swig. Without it, gcc uses its own definitions, which better`
		`- # be the same as the glibc ones.`
		`- gcc -E -dM - < /dev/null \| grep -v '__$STDC\\|REGISTER_PREFIX\\|GNUC\\|STDC_HOSTED$__' \`
mitr commented 5 years ago Why was the code that ensures swig, the OpenSSL binaries, and gcc, all use a consistent set of macros, removed?
ngompa commented 5 years ago Because this logic is what breaks m2crypto on ppc64 architectures. When it is removed, m2crypto builds and works perfectly fine on all architectures.
		`- \| sed 's/^$#define \([^ ]$ .\)$/#undef \2\n\1/' > SWIG/gcc_macros.h`
		`- popd`
		`- cp -a M2Crypto-%{version} M2Crypto-python3`
		`+ %autosetup -n M2Crypto-%{version} -p1`

		`%build`
		`- CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS`
		`+ %set_build_flags`
		`if pkg-config openssl ; then`
		CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS
		LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS
		`fi`

		`- pushd M2Crypto-%{version}`
		`- %{__python2} setup.py build`
		`- popd`
		`- pushd M2Crypto-python3`
		`+ %py2_build`
mitr commented 5 years ago Why is this safe? AFAICS setup.py generates `SWIG/_m2crypto_wrap.c`, and that depends on the version of Python, so sharing the same directory for Python 2 and 3 is not trivially OK.
ngompa commented 5 years ago This is safe because the build already generates a Python version specific subdirectory (this is a behavior of setuptools) where the output of the build contents are stored. Basically, the extra copying of the source trees was unnecessary for the purpose of keeping the built output clean. In addition, the SWIG stuff is regenerated with each `setup.py build` invocation, so it stays clean for each version of Python it builds for.
		`%py3_build`
		`- popd`

		`%install`
		`- CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS`
		`+ %set_build_flags`
		`if pkg-config openssl ; then`
		CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS
		LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS
		`fi`

		`- pushd M2Crypto-%{version}`
		`- %{__python2} setup.py install --root=$RPM_BUILD_ROOT`
		`- popd`
		`- pushd M2Crypto-python3`
		`+ %py2_install`
		`%py3_install`
		`- popd`

		`%check`
		`- pushd M2Crypto-%{version}`
		`%{__python2} setup.py test`
		`- popd`
		`- pushd M2Crypto-python3`
		`%{__python3} setup.py test`
		`- popd`

		`- %files`
		`- %doc M2Crypto-%{version}/CHANGES M2Crypto-%{version}/LICENCE M2Crypto-%{version}/README.rst`
		`+ %files -n python2-m2crypto`
		`+ %doc CHANGES README.rst`
		`+ %license LICENCE`
		`%{python2_sitearch}/M2Crypto`
		`- %{python2_sitearch}/M2Crypto-*.egg-info`
		`+ %{python2_sitearch}/M2Crypto-*.egg-info/`

		`%files -n python3-m2crypto`
		`- %doc M2Crypto-python3/CHANGES M2Crypto-python3/LICENCE M2Crypto-python3/README.rst`
		`+ %doc CHANGES README.rst`
		`+ %license LICENCE`
		`%{python3_sitearch}/M2Crypto`
		`- %{python3_sitearch}/M2Crypto-*.egg-info`
		`+ %{python3_sitearch}/M2Crypto-*.egg-info/`

		`%changelog`
		`+ * Sat Mar 23 2019 Neal Gompa <ngompa13@gmail.com> - 0.32.0-1`
		`+ - Rebase to M2Crypto-0.32.0`
		`+ - Modernize spec and fix build for F29+ (RH#1606827)`
		`+`
		`* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.30.1-4`
		`- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild`

sources

file modified

+1 -2

		`@@ -1,2 +1,1 @@`
		`- SHA512 (M2Crypto-0.30.1.tar.gz) = c85b6350d8b6b4a14e9c76b755cdc1a88d7ba63ae75ebfbb32d42389225c0a3cf9d530f95c2651ff3811c755cd9bbb482f81fdb0dcf670d7a0015320622725b2`
		`- SHA512 (M2Crypto-0.30.1.tar.gz.asc) = 5ec4ad657395a370af3044889acf8b88a50d95a7f46d39f64039296181bdb7c419e2e4151aeef289d016899a27a7389d5c26832e21c6ebcac64285177bb846fa`
		`+ SHA512 (M2Crypto-0.32.0.tar.gz) = 477cc30748b3ddc21b66872a88ba0e111a592928ce0d2edc9b72c9a8fa7aa2b422e1b785b830e8d8fcab9f1678928634627b0ea3d57632ec5769ba4ed64c16f8`

ngompa commented 5 years ago

This PR rebases M2Crypto to v0.32.0. In addition to rebasing to a new version, the spec file is cleaned up and simplified to follow modern Python module packaging guidelines.

The combination of these things fixes the build for Fedora 29 and newer.

This resolves RH#1606827.

Please at least merge this into Fedora 30 and Rawhide.

Koji scratch builds:

Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=33713848
Fedora 30: https://koji.fedoraproject.org/koji/taskinfo?taskID=33713855
Fedora 29: https://koji.fedoraproject.org/koji/taskinfo?taskID=33713879

ngompa commented 5 years ago

cc: @pviktori, @churchyard

churchyard commented on line 134 of m2crypto.spec 5 years ago

when you are changing this. are those directories? add trailing slashes?

rebased onto c71cdc9

5 years ago

ngompa commented 5 years ago

@churchyard They've always been directories, it seems. But I've made that clear now.

mitr commented on line 82 of m2crypto.spec 5 years ago

Why was the code that ensures swig, the OpenSSL binaries, and gcc, all use a consistent set of macros, removed?

mitr commented on line 100 of m2crypto.spec 5 years ago

Why is this safe? AFAICS setup.py generates SWIG/_m2crypto_wrap.c, and that depends on the version of Python, so sharing the same directory for Python 2 and 3 is not trivially OK.

mitr commented 5 years ago

Thanks for the PR, especially identifying a fix for the test suite.

Yet, this is a single commit that changes ~5 things at once, and some are not obviously safe.

(I have very little time for Fedora nowadays, so if anyone wants to take over the package and the responsibility for this, I’d be happily hand it over.)

ngompa commented on line 82 of m2crypto.spec 5 years ago

Because this logic is what breaks m2crypto on ppc64 architectures. When it is removed, m2crypto builds and works perfectly fine on all architectures.

ngompa commented on line 100 of m2crypto.spec 5 years ago

This is safe because the build already generates a Python version specific subdirectory (this is a behavior of setuptools) where the output of the build contents are stored. Basically, the extra copying of the source trees was unnecessary for the purpose of keeping the built output clean. In addition, the SWIG stuff is regenerated with each setup.py build invocation, so it stays clean for each version of Python it builds for.

ngompa commented 5 years ago

@mitr I have a very high degree of confidence in this being safe, as upstream leverages setuptools to make sure M2Crypto builds properly. If they were using distutils, then we might have the issues you indicate, but setuptools already enforces versioned build directories in order to keep things clean.

Moreover, upstream packages M2Crypto this way in openSUSE, and I know Matej Cepl is paranoid as heck about how M2Crypto is built.

churchyard commented 5 years ago

How can we move this forward?

ngompa commented 5 years ago

@mitr Can we please merge this and get it into F30+?

ngompa commented 5 years ago

@mitr I'd be happy to comaintain this package, as I need it for one of my own.

mitr commented 4 years ago

I’m afraid I just can’t find enough time for m2crypto any more.

@ngompa Would you be willing to be the primary owner of m2crypto? If so, I’ll transfer the package directly to you; otherwise I’ll orphan it.

ngompa commented 4 years ago

@mitr Sure, I'd be willing to take it.