From 9126fc14eef147435d10049a5102d254421d81bc Mon Sep 17 00:00:00 2001 From: Fabien Boucher Date: Jul 30 2020 10:09:49 +0000 Subject: Fix build (unittests) on rawhide - ssl security standard --- diff --git a/0001-Bump-crypto-requirement-to-accomodate-security-stand.patch b/0001-Bump-crypto-requirement-to-accomodate-security-stand.patch new file mode 100644 index 0000000..c187bb4 --- /dev/null +++ b/0001-Bump-crypto-requirement-to-accomodate-security-stand.patch @@ -0,0 +1,50 @@ +From 233eb64672bfa3430daa0a08786145162fd8a8c8 Mon Sep 17 00:00:00 2001 +From: Fabien Boucher +Date: Tue, 21 Jul 2020 10:27:57 +0000 +Subject: [PATCH] Bump crypto requirement to accomodate security standards + +On Fedora rawhide the gear package no longer build. +https://koschei.fedoraproject.org/package/python-gear? + +This patch ensures that the ssl engine does not complains about: +- ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951) +- ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:2951) + +To reproduce the issue: +podman run -it --root fedora:rawhide +dnf install git libffi-devel python-devel tox gcc +git clone https://opendev.org/opendev/gear.git && cd gear +tox -epy39 +tox -epy38 + +Change-Id: I57cd9c4750f27b7b76e92a0eef03e7de70c13dd5 +--- + gear/tests/test_functional.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gear/tests/test_functional.py b/gear/tests/test_functional.py +index 3bca907..ca9b8c1 100644 +--- a/gear/tests/test_functional.py ++++ b/gear/tests/test_functional.py +@@ -78,7 +78,7 @@ class TestFunctional(tests.BaseTestCase): + + def create_cert(self, cn, issuer=None, signing_key=None): + key = crypto.PKey() +- key.generate_key(crypto.TYPE_RSA, 1024) ++ key.generate_key(crypto.TYPE_RSA, 2048) + + cert = crypto.X509() + subject = cert.get_subject() +@@ -97,7 +97,7 @@ class TestFunctional(tests.BaseTestCase): + else: + cert.set_issuer(subject) + if signing_key: +- cert.sign(signing_key, 'sha1') ++ cert.sign(signing_key, 'sha256') + else: + cert.sign(key, 'sha1') + +-- +2.28.0.rc1 + + diff --git a/python-gear.spec b/python-gear.spec index 4617c0b..c3517e5 100644 --- a/python-gear.spec +++ b/python-gear.spec @@ -3,13 +3,15 @@ Name: python-%{srcname} Version: 0.15.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Pure Python Async Gear Protocol Library License: ASL 2.0 URL: https://opendev.org/opendev/%{srcname} Source0: %pypi_source +Patch01: 0001-Bump-crypto-requirement-to-accomodate-security-stand.patch + BuildArch: noarch BuildRequires: git @@ -47,7 +49,7 @@ Requires: python3-six %description -n python3-%{srcname} %_description %prep -%autosetup -n %{srcname}-%{version} -S git +%autosetup -n %{srcname}-%{version} -p1 -S git # Let RPM handle the dependencies rm -rf {test-,}requirements.txt @@ -68,6 +70,10 @@ PYTHON=%{__python3} %{__python3} setup.py testr %{python3_sitelib}/%{srcname}-*egg-info %changelog +* Tue Jul 30 2020 Faben Boucher - 0.15.1-4 +- Fix FTBFS by providing upstream patch + 0001-Bump-crypto-requirement-to-accomodate-security-stand.patch + * Wed Jul 29 2020 Fedora Release Engineering - 0.15.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild