From add4acbe37af95a4dfcb4b2a8dbead6f7546fb1a Mon Sep 17 00:00:00 2001 From: Olivia Crain Date: Thu, 17 Mar 2022 18:00:57 -0700 Subject: [PATCH] Promote libsodium to core and upgrade python-pynacl to 1.5.0 (#2503) --- .../libsodium/libsodium.signatures.json | 2 +- .../libsodium/libsodium.spec | 78 +++++++------------ .../python-pynacl.signatures.json | 4 +- SPECS/python-pynacl/python-pynacl.spec | 53 ++++++------- cgmanifest.json | 6 +- 5 files changed, 59 insertions(+), 84 deletions(-) rename {SPECS-EXTENDED => SPECS}/libsodium/libsodium.signatures.json (98%) rename {SPECS-EXTENDED => SPECS}/libsodium/libsodium.spec (85%) diff --git a/SPECS-EXTENDED/libsodium/libsodium.signatures.json b/SPECS/libsodium/libsodium.signatures.json similarity index 98% rename from SPECS-EXTENDED/libsodium/libsodium.signatures.json rename to SPECS/libsodium/libsodium.signatures.json index 27f0483e5b..31821e8b7e 100644 --- a/SPECS-EXTENDED/libsodium/libsodium.signatures.json +++ b/SPECS/libsodium/libsodium.signatures.json @@ -2,4 +2,4 @@ "Signatures": { "libsodium-1.0.18.tar.gz": "6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1" } -} \ No newline at end of file +} diff --git a/SPECS-EXTENDED/libsodium/libsodium.spec b/SPECS/libsodium/libsodium.spec similarity index 85% rename from SPECS-EXTENDED/libsodium/libsodium.spec rename to SPECS/libsodium/libsodium.spec index 289fd14631..9b5a533265 100644 --- a/SPECS-EXTENDED/libsodium/libsodium.spec +++ b/SPECS/libsodium/libsodium.spec @@ -1,65 +1,40 @@ -Vendor: Microsoft Corporation -Distribution: Mariner -# Fedora spec file for libsodium -# -# License: MIT -# http://opensource.org/licenses/MIT -# -# Please preserve changelog entries -# %global libname libsodium %global soname 23 - +Summary: The Sodium crypto library Name: libsodium Version: 1.0.18 -Release: 4%{?dist} -Summary: The Sodium crypto library +Release: 5%{?dist} License: ISC -URL: http://libsodium.org/ -Source0: http://download.libsodium.org/libsodium/releases/%{name}-%{version}.tar.gz - -BuildRequires: gcc - -# manage update from 3rd party repository -Obsoletes: %{libname}%{soname} <= %{version} - +Vendor: Microsoft Corporation +Distribution: Mariner +URL: https://libsodium.org/ +Source0: https://download.libsodium.org/%{name}/releases/%{name}-%{version}.tar.gz +BuildRequires: gcc +BuildRequires: make %description -Sodium is a new, easy-to-use software library for encryption, decryption, -signatures, password hashing and more. It is a portable, cross-compilable, -installable, packageable fork of NaCl, with a compatible API, and an extended -API to improve usability even further. Its goal is to provide all of the core -operations needed to build higher-level cryptographic tools. The design +Sodium is a new, easy-to-use software library for encryption, decryption, +signatures, password hashing and more. It is a portable, cross-compilable, +installable, packageable fork of NaCl, with a compatible API, and an extended +API to improve usability even further. Its goal is to provide all of the core +operations needed to build higher-level cryptographic tools. The design choices emphasize security, and "magic constants" have clear rationales. -The same cannot be said of NIST curves, where the specific origins of certain -constants are not described by the standards. And despite the emphasis on -higher security, primitives are faster across-the-board than most +The same cannot be said of NIST curves, where the specific origins of certain +constants are not described by the standards. And despite the emphasis on +higher security, primitives are faster across-the-board than most implementations of the NIST standards. - %package devel Summary: Development files for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} -Obsoletes: %{libname}%{soname}-devel <= %{version} +Requires: %{name} = %{version}-%{release} %description devel This package contains libraries and header files for developing applications that use %{name} libraries. -%package static -Summary: Static library for %{name} -Requires: %{name}-devel%{?_isa} = %{version}-%{release} -Obsoletes: %{libname}%{soname}-static <= %{version} - -%description static -This package contains the static library for statically -linking applications to use %{name}. - - %prep -%setup -q - +%autosetup %build %configure \ @@ -72,12 +47,11 @@ linking applications to use %{name}. %install %make_install -rm -f %{buildroot}%{_libdir}/%{libname}.la - +find %{buildroot} -type f -name "*.la" -delete -print +find %{buildroot} -type f -name "*.a" -delete -print %check -make check - +%make_build check %files %license LICENSE @@ -92,11 +66,15 @@ make check %{_libdir}/%{libname}.so %{_libdir}/pkgconfig/%{libname}.pc -%files static -%{_libdir}/libsodium.a - %changelog +* Mon Mar 14 2022 Thomas Crain - 1.0.18-5 +- Move package from Mariner Extended to Mariner Core repo +- Use HTTPS source URL instead of HTTP +- Remove static subpackage and static library +- Lint spec +- License verified + * Fri Oct 15 2021 Pawel Winogrodzki - 1.0.18-4 - Initial CBL-Mariner import from Fedora 32 (license: MIT). diff --git a/SPECS/python-pynacl/python-pynacl.signatures.json b/SPECS/python-pynacl/python-pynacl.signatures.json index 6dbafc67bd..ffe5db10a5 100644 --- a/SPECS/python-pynacl/python-pynacl.signatures.json +++ b/SPECS/python-pynacl/python-pynacl.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "PyNaCl-1.3.0.tar.gz": "0c6100edd16fefd1557da078c7a31e7b7d7a52ce39fdca2bec29d4f7b6e7600c" + "pynacl-1.5.0.tar.gz": "f7de97b0995a56faaf0c95c5e4b19b061e8b3d06af8ff60441fec1a5a2ac144e" } -} \ No newline at end of file +} diff --git a/SPECS/python-pynacl/python-pynacl.spec b/SPECS/python-pynacl/python-pynacl.spec index 582b0654ea..5ac61c8bbb 100644 --- a/SPECS/python-pynacl/python-pynacl.spec +++ b/SPECS/python-pynacl/python-pynacl.spec @@ -1,55 +1,45 @@ Summary: PyNaCl is a Python binding to libsodium Name: python-pynacl -Version: 1.3.0 -Release: 8%{?dist} +Version: 1.5.0 +Release: 1%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner Group: Development/Languages/Python URL: https://github.com/pyca/pynacl -# The official source is under https://github.com/pyca/pynacl/archive/1.3.0.tar.gz. -# Source to be fixed as part of https://microsoft.visualstudio.com/OS/_workitems/edit/25936171. -Source0: https://files.pythonhosted.org/packages/61/ab/2ac6dea8489fa713e2b4c6c5b549cc962dd4a842b5998d9e80cf8440b7cd/PyNaCl-%{version}.tar.gz -Patch1: fix_import_unlimited_error.patch -Patch2: fix_average_value_hypothesis_error.patch +Source0: https://github.com/pyca/pynacl/archive/refs/tags/%{version}.tar.gz#/pynacl-%{version}.tar.gz +BuildRequires: libsodium-devel +BuildRequires: python3-cffi +BuildRequires: python3-devel +BuildRequires: python3-setuptools +%if %{with_check} +BuildRequires: python3-pip +%endif %description Good password hashing for your software and your servers. %package -n python3-pynacl Summary: PyNaCl is a Python binding to libsodium -BuildRequires: python3-cffi -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-six -BuildRequires: python3-xml -%if %{with_check} -BuildRequires: python3-atomicwrites -# Need newer version. Use pip3 untils pkg upgrade -#BuildRequires: python3-attrs -BuildRequires: python3-hypothesis -BuildRequires: python3-pip -BuildRequires: python3-pytest -BuildRequires: python3-wheel -%endif Requires: python3 -Requires: python3-libs +Requires: python3-cffi %description -n python3-pynacl Good password hashing for your software and your servers. %prep -%autosetup -n PyNaCl-%{version} -p1 +%autosetup -n pynacl-%{version} %build +export SODIUM_INSTALL=system %py3_build %install %py3_install %check -%{python3} -m pip install pluggy more-itertools sortedcontainers attrs -PYTHONPATH=%{buildroot}%{python3_sitelib} py.test3 -v +pip3 install tox +tox -e py%{python3_version_nodots} %files -n python3-pynacl %defattr(-,root,root) @@ -57,7 +47,14 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} py.test3 -v %{python3_sitelib}/* %changelog -* Thu Mar 10 2022 Bala - 1.3.0-8 +* Mon Mar 14 2022 Thomas Crain - 1.5.0-1 +- Upgrade to latest upstream version +- Use system libsodium instead of bundled version +- Switch source from PyPI to GitHub +- Use tox to run package tests +- Remove test patches meant for previous releases + + Thu Mar 10 2022 Bala - 1.3.0-8 - BR necessary packages for PTest - Patch test cases written with older verion libraries @@ -82,5 +79,5 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} py.test3 -v * Tue Sep 03 2019 Mateusz Malisz - 1.3.0-2 - Initial CBL-Mariner import from Photon (license: Apache2). -* Wed Mar 06 2019 Tapas Kundu 1.3.0-1 -- Initial packaging for Photon +* Wed Mar 06 2019 Tapas Kundu 1.3.0-1 +- Initial packaging for Photon diff --git a/cgmanifest.json b/cgmanifest.json index 42f7d5cf74..36df2ba281 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -11032,7 +11032,7 @@ "other": { "name": "libsodium", "version": "1.0.18", - "downloadUrl": "http://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz" + "downloadUrl": "https://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz" } } }, @@ -23794,8 +23794,8 @@ "type": "other", "other": { "name": "python-pynacl", - "version": "1.3.0", - "downloadUrl": "https://files.pythonhosted.org/packages/61/ab/2ac6dea8489fa713e2b4c6c5b549cc962dd4a842b5998d9e80cf8440b7cd/PyNaCl-1.3.0.tar.gz" + "version": "1.5.0", + "downloadUrl": "https://github.com/pyca/pynacl/archive/refs/tags/1.5.0.tar.gz" } } },