#1 EPEL compatibility
Merged 2 years ago by williamjmorenor. Opened 2 years ago by carlwgeorge.
rpms/ carlwgeorge/python-certifi master  into  master

file modified
+21 -17

@@ -2,7 +2,7 @@ 


  Name:           python-%{pypi_name}

  Version:        2016.9.26

- Release:        3%{?dist}

+ Release:        4%{?dist}

  Summary:        Python package for providing Mozilla's CA Bundle


  License:        MPLv2.0

@@ -12,13 +12,6 @@ 

  Patch1:         certifi-2016.9.26-remove-bundle-cert.patch


  BuildArch:      noarch


- BuildRequires:  python2-devel

- BuildRequires:  python-setuptools

- BuildRequires:  python3-setuptools

- BuildRequires:  python3-devel

- Requires:       python3

- Requires:       ca-certificates



  Certifi is a carefully curated collection of Root Certificates for validating

@@ -30,8 +23,11 @@ 

  instead. For more details on this system, see the ca-certificates package.


  %package -n python2-%{pypi_name}

- Summary:        %{sum}

+ Summary:        %{summary}

  %{?python_provide:%python_provide python2-%{pypi_name}}

+ BuildRequires:  python2-devel

+ BuildRequires:  python%{?fedora:2}-setuptools

+ Requires:       ca-certificates


  %description -n python2-%{pypi_name}

  Certifi is a carefully curated collection of Root Certificates for validating

@@ -45,12 +41,14 @@ 

  This package provides the Python 2 certifi library.



- %package -n python3-%{pypi_name}

- Summary:        Python 3 package for providing Mozilla's CA Bundle

- Group:          Development/Libraries

- %{?python_provide:%python_provide python3-%{pypi_name}}

+ %package -n python%{python3_pkgversion}-%{pypi_name}

+ Summary:        %{summary}

+ %{?python_provide:%python_provide python%{python3_pkgversion}-%{pypi_name}}

+ BuildRequires:  python%{python3_pkgversion}-devel

+ BuildRequires:  python%{python3_pkgversion}-setuptools

+ Requires:       ca-certificates


- %description -n python3-%{pypi_name}

+ %description -n python%{python3_pkgversion}-%{pypi_name}

  Certifi is a carefully curated collection of Root Certificates for validating

  the trustworthiness of SSL certificates while verifying the identity of TLS

  hosts. It has been extracted from the Requests project.

@@ -63,11 +61,10 @@ 




- %setup -q -n %{pypi_name}-%{version}

+ %autosetup -n %{pypi_name}-%{version} -p 1

  # Remove bundled egg-info

  rm -rf %{pypi_name}.egg-info

  rm -rf certifi/*.pem

- %patch1 -p1


  #drop shebangs from python_sitearch

  find %{_builddir}/%{pypi_name}-%{version} -name '*.py' \

@@ -82,16 +79,23 @@ 



  %files -n python2-%{pypi_name}

+ %license LICENSE

  %doc README.rst




- %files -n python3-%{pypi_name}

+ %files -n python%{python3_pkgversion}-%{pypi_name}

+ %license LICENSE

  %doc README.rst





+ * Thu Oct 12 2017 Carl George <carl@george.computer> - 2016.9.26-4

+ - EPEL compatibility

+ - Include license

+ - Move ca-certificates requirement to subpackages


  * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2016.9.26-3

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild


This change makes the spec fully compatible with EPEL. It also adds the license and fixes a few other minor things. I did a scratch build to validate the changes. If you give me commit access on the repo, I'll request the epel7 branch and handle the build as well.

I am fine with the changes to support EPEL7 but Fedora uses the ca-certificates from Mozilla (0) and you remove the path to point to ca-certificates in Fedora, for epel packaging this is fine but can be a issue with Fedora packaging guidelines.

Said that this package exist for pythton-livereload -> mkdocs, maybe a better solution is fix livereload in epel7 to not requires certify.

0: https://fedoraproject.org/wiki/CA-Certificates

What do you mean? I'm not changing or removing any paths with these changes.

Pull-Request has been merged by williamjmorenor

2 years ago

Are you talking about removing the %patch1 -p1 line? The patch is still applied via the %autosetup macro, that was just a clean up step.

My bad, I just mean than the patch for fedora can not work in epel, i have verify and epe7 and fedora have diferent path for the .pem file, there a are proper patch now

I don't think that's accurate. I checked EL6, EL7, F25, F26, F27, and F28, and the ca-certificates package contains /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem on all of them. /etc/pki/tls/certs/ca-bundle.crt is a symbolic link to the same file, except on EL6 where it is it's own file (no idea why), but it exists regardless. I don't actually care about EL6 compatibility, but I would like to merge these changes back to the epel7 branch to push an EL7 package.

It also appears that the new path in the Fedora patch doesn't exist at all, so the 2016.9.26-5 release is broken (please don't push it).


# rpm -q python3-certifi
# ls -l $(python3 -c 'import certifi; print(certifi.core.where())')
lrwxrwxrwx. 1 root root 49 Aug 15 08:49 /etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem


# rpm -q python3-certifi
# ls -l $(python3 -c 'import certifi; print(certifi.core.where())')
ls: cannot access '/etc/pki/ca-trust/pem/tls-ca-bundle.pem': No such file or directory

Thanks for the check

BuildRequires: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

in 2016.9.26-5 should ensure than the correct .pem file exits, at lest in build time, and the same patch work in epel7 and fedora, so python3-certifi -> python3-livereload -> mkdocs should be easy to backport to epel7 now.

Of course, thanks for the merge and follow up.

Would you mind merging these fixes to the epel7 branch and doing a bodhi update for it? If you don't have the time, I'm happy to co-maintain and do it myself if you give me commit permissions on the repo.