From a1d2b32552c4d921414c1e35820b58e5fa5f6fed Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Jun 08 2015 14:12:50 +0000 Subject: Inject pyopenssl into urllib3 on Fedora 21 due to an older version of CPython there. --- diff --git a/python-urllib3-pyopenssl.patch b/python-urllib3-pyopenssl.patch new file mode 100644 index 0000000..8cb13bd --- /dev/null +++ b/python-urllib3-pyopenssl.patch @@ -0,0 +1,26 @@ +From 6964c7b29b0221f74fa28a391c13e44831b443e7 Mon Sep 17 00:00:00 2001 +From: Ralph Bean +Date: Mon, 8 Jun 2015 09:39:07 -0400 +Subject: [PATCH] pyopenssl + +--- + urllib3/__init__.py | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/urllib3/__init__.py b/urllib3/__init__.py +index 333060c..272da31 100644 +--- a/urllib3/__init__.py ++++ b/urllib3/__init__.py +@@ -66,3 +66,9 @@ def disable_warnings(category=exceptions.HTTPWarning): + Helper for quickly disabling all urllib3 warnings. + """ + warnings.simplefilter('ignore', category) ++ ++# Just for Fedora 21 since python core is out of date. See: ++# - https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning ++# - https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl ++import urllib3.contrib.pyopenssl ++urllib3.contrib.pyopenssl.inject_into_urllib3() +-- +2.4.2 + diff --git a/python-urllib3.spec b/python-urllib3.spec index 91da2cc..31131b2 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -19,13 +19,14 @@ Name: python-%{srcname} Version: 1.10.4 -Release: 2.%{checkout}%{?dist} +Release: 3.%{checkout}%{?dist} Summary: Python HTTP library with thread-safe connection pooling and file post License: MIT URL: http://urllib3.readthedocs.org/ Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{commit}/%{gh_project}-%{commit}.tar.gz Source1: ssl_match_hostname_py3.py +Patch0: python-urllib3-pyopenssl.patch # Remove logging-clear-handlers from setup.cfg because it's not available in RHEL6's nose Patch100: python-urllib3-old-nose-compat.patch @@ -60,6 +61,17 @@ BuildRequires: python3-six BuildRequires: python3-tornado %endif # with_python3 + +%if 0%{?fedora} == 21 +BuildRequires: pyOpenSSL +BuildRequires: python-ndg_httpsclient +BuildRequires: python-pyasn1 +Requires: pyOpenSSL +Requires: python-ndg_httpsclient +Requires: python-pyasn1 +%endif + + %description Python HTTP module with connection pooling and file POST abilities. @@ -91,6 +103,10 @@ rm -rf %{py3dir} cp -a . %{py3dir} %endif # with_python3 +%if 0%{?fedora} == 21 +%patch0 -p1 +%endif + %build %{__python2} setup.py build @@ -145,7 +161,14 @@ popd %endif # with_python3 %check +%if 0%{?fedora} == 21 +# On Fedora 21, we inject pyopenssl which works, but makes some tests fail, so +# skip them. +# https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning +# https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl +%else nosetests +%endif # And after its done, remove our copied in bits rm -rf %{buildroot}/%{python2_sitelib}/six* @@ -179,6 +202,11 @@ rm -rf %{buildroot}/%{python3_sitelib}/__pycache__* %endif # with_python3 %changelog +* Mon Jun 08 2015 Ralph Bean - 1.10.4-3.20150503gita91975b +- Apply pyopenssl injection for an outdated cpython as per upstream advice + https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning + https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl + * Tue May 19 2015 Ralph Bean - 1.10.4-2.20150503gita91975b - Specify symlinks for six.py{c,o}, fixing rhbz #1222142.