diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..548d0b1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/oauth2client-4.1.2.tar.gz diff --git a/.python-oauth2client.metadata b/.python-oauth2client.metadata new file mode 100644 index 0000000..b2845c0 --- /dev/null +++ b/.python-oauth2client.metadata @@ -0,0 +1 @@ +cd7f51930553caeb51726035831e6b7fa903d1a7 SOURCES/oauth2client-4.1.2.tar.gz diff --git a/SOURCES/docs-build-fix.patch b/SOURCES/docs-build-fix.patch new file mode 100644 index 0000000..457d530 --- /dev/null +++ b/SOURCES/docs-build-fix.patch @@ -0,0 +1,27 @@ +diff -up oauth2client-3.0.0/docs/conf.py.doc oauth2client-3.0.0/docs/conf.py +--- oauth2client-3.0.0/docs/conf.py.doc 2016-12-27 17:01:44.043275431 +0100 ++++ oauth2client-3.0.0/docs/conf.py 2016-12-27 17:02:14.024315815 +0100 +@@ -64,9 +64,9 @@ project = u'oauth2client' + copyright = u'2014, Google, Inc' + + # Version info +-distro = get_distribution('oauth2client') +-version = distro.version +-release = distro.version ++#distro = get_distribution('oauth2client') ++version = '4.1.2' ++release = '4.1.2' + + exclude_patterns = ['_build'] + +diff -up oauth2client-3.0.0/docs/source/oauth2client.contrib.rst.doc oauth2client-3.0.0/docs/source/oauth2client.contrib.rst +--- oauth2client-3.0.0/docs/source/oauth2client.contrib.rst.doc 2016-07-28 20:50:44.000000000 +0200 ++++ oauth2client-3.0.0/docs/source/oauth2client.contrib.rst 2016-12-27 17:01:29.849256312 +0100 +@@ -13,7 +13,6 @@ Submodules + + .. toctree:: + +- oauth2client.contrib.appengine + oauth2client.contrib.devshell + oauth2client.contrib.dictionary_storage + oauth2client.contrib.flask_util diff --git a/SOURCES/rsa-to-cryptography.patch b/SOURCES/rsa-to-cryptography.patch new file mode 100644 index 0000000..54fb3cb --- /dev/null +++ b/SOURCES/rsa-to-cryptography.patch @@ -0,0 +1,101 @@ +diff -uNr a/oauth2client/_pure_python_crypt.py b/oauth2client/_pure_python_crypt.py +--- a/oauth2client/_pure_python_crypt.py 2016-10-14 19:53:53.000000000 +0200 ++++ b/oauth2client/_pure_python_crypt.py 2018-06-21 15:40:25.216478384 +0200 +@@ -23,7 +23,10 @@ + from pyasn1_modules import pem + from pyasn1_modules.rfc2459 import Certificate + from pyasn1_modules.rfc5208 import PrivateKeyInfo +-import rsa ++from cryptography.hazmat.primitives import serialization, hashes ++from cryptography.hazmat.primitives.asymmetric import padding ++from cryptography import x509 ++from cryptography.hazmat.backends import default_backend + import six + + from oauth2client import _helpers +@@ -70,7 +73,8 @@ + """ + + def __init__(self, pubkey): +- self._pubkey = pubkey ++ self._pubkey = serialization.load_pem_public_key(pubkey, ++ backend=default_backend()) + + def verify(self, message, signature): + """Verifies a message against a signature. +@@ -87,8 +91,9 @@ + """ + message = _helpers._to_bytes(message, encoding='utf-8') + try: +- return rsa.pkcs1.verify(message, signature, self._pubkey) +- except (ValueError, rsa.pkcs1.VerificationError): ++ return self._pubkey.verify(signature, message, padding.PKCS1v15(), ++ hashes.SHA256()) ++ except (ValueError, TypeError, InvalidSignature): + return False + + @classmethod +@@ -112,16 +117,18 @@ + """ + key_pem = _helpers._to_bytes(key_pem) + if is_x509_cert: +- der = rsa.pem.load_pem(key_pem, 'CERTIFICATE') ++ der = x509.load_pem_x509_certificate(pem_data, default_backend()) + asn1_cert, remaining = decoder.decode(der, asn1Spec=Certificate()) + if remaining != b'': + raise ValueError('Unused bytes', remaining) + + cert_info = asn1_cert['tbsCertificate']['subjectPublicKeyInfo'] + key_bytes = _bit_list_to_bytes(cert_info['subjectPublicKey']) +- pubkey = rsa.PublicKey.load_pkcs1(key_bytes, 'DER') ++ pubkey = serialization.load_der_public_key(decoded_key, ++ backend=default_backend()) + else: +- pubkey = rsa.PublicKey.load_pkcs1(key_pem, 'PEM') ++ pubkey = serialization.load_pem_public_key(decoded_key, ++ backend=default_backend()) + return cls(pubkey) + + +@@ -134,6 +141,8 @@ + + def __init__(self, pkey): + self._key = pkey ++ self._pubkey = serialization.load_pem_private_key(pkey, ++ backend=default_backend()) + + def sign(self, message): + """Signs a message. +@@ -145,7 +154,7 @@ + string, The signature of the message for the given key. + """ + message = _helpers._to_bytes(message, encoding='utf-8') +- return rsa.pkcs1.sign(message, self._key, 'SHA-256') ++ return self._key.sign(message, padding.PKCS1v15(), hashes.SHA256()) + + @classmethod + def from_string(cls, key, password='notasecret'): +@@ -168,16 +177,19 @@ + six.StringIO(key), _PKCS1_MARKER, _PKCS8_MARKER) + + if marker_id == 0: +- pkey = rsa.key.PrivateKey.load_pkcs1(key_bytes, +- format='DER') ++ pkey = serialization.load_der_private_key( ++ key_bytes, password=None, ++ backend=default_backend()) ++ + elif marker_id == 1: + key_info, remaining = decoder.decode( + key_bytes, asn1Spec=_PKCS8_SPEC) + if remaining != b'': + raise ValueError('Unused bytes', remaining) + pkey_info = key_info.getComponentByName('privateKey') +- pkey = rsa.key.PrivateKey.load_pkcs1(pkey_info.asOctets(), +- format='DER') ++ pkey = serialization.load_der_private_key( ++ pkey_info.asOctets(), password=None, ++ backend=default_backend()) + else: + raise ValueError('No key could be detected.') + diff --git a/SPECS/python-oauth2client.spec b/SPECS/python-oauth2client.spec new file mode 100644 index 0000000..f611d17 --- /dev/null +++ b/SPECS/python-oauth2client.spec @@ -0,0 +1,289 @@ +%global srcname oauth2client +%global sum Python client library for OAuth 2.0 +# Share doc between python- and python3- +%global _docdir_fmt %{name} + + +%if 0%{?fedora} || 0%{?rhel} > 7 +%bcond_without python3 +%else +%bcond_with python3 +%endif + +%if 0%{?rhel} < 7 +%bcond_without python2 +%else +%bcond_with python2 +%endif + +Name: python-%{srcname} +Version: 4.1.2 +Release: 6%{?dist} +Summary: %{sum} + +Group: Development/Languages +License: ASL 2.0 +URL: https://github.com/google/%{srcname} +Source0: https://github.com/google/%{srcname}/archive/v%{version}.tar.gz#/%{srcname}-%{version}.tar.gz +Patch0: docs-build-fix.patch +Patch1: rsa-to-cryptography.patch + +BuildArch: noarch + +%if %{with python2} +BuildRequires: python2-devel +BuildRequires: pytest +BuildRequires: python2-setuptools +BuildRequires: python2-fasteners +BuildRequires: python2-six >= 1.6.1 +%endif + +%if 0%{?fedora} +# Needed for docs build +BuildRequires: pyOpenSSL +BuildRequires: python-crypto +BuildRequires: python2-django1.11 +BuildRequires: python-jsonpickle +BuildRequires: python-flask +BuildRequires: python2-gflags +BuildRequires: python-httplib2 +BuildRequires: python-keyring +BuildRequires: python-mock +BuildRequires: python-nose +BuildRequires: python2-pyasn1 >= 0.1.7 +BuildRequires: python2-pyasn1-modules >= 0.0.5 +BuildRequires: python2-cryptography >= 1.7.2 +BuildRequires: python-sqlalchemy +BuildRequires: python-tox +BuildRequires: python-unittest2 +BuildRequires: python-webtest +# RHEL 7 has too old a version of python-sphinx +BuildRequires: python-sphinx > 1.3 +BuildRequires: python-sphinx_rtd_theme +%endif + +%if %{with python3} +BuildRequires: python3-setuptools +BuildRequires: python3-devel +# For tests only +#BuildRequires: python3-fasteners +#BuildRequires: python3-mock +#BuildRequires: python3-pyasn1 >= 0.1.7 +#BuildRequires: python3-pyasn1-modules >= 0.0.5 +#BuildRequires: python3-tox +#BuildRequires: python3-pytest +%endif + +%description +This is a python client module for accessing resources protected by OAuth 2.0 + +%if %{with python2} +%package -n python2-%{srcname} +Summary: %{sum} +%{?python_provide:%python_provide python2-%{srcname}} + +Requires: pyOpenSSL +Requires: python2-gflags +Requires: python-httplib2 +Requires: python-keyring +Requires: python2-pyasn1 >= 0.1.7 +Requires: python2-pyasn1-modules >= 0.0.5 +Requires: python2-cryptography >= 1.7.2 +Requires: python2-fasteners +Requires: python2-six >= 1.6.1 + +%description -n python2-%{srcname} +This is a python client module for accessing resources protected by OAuth 2.0 +%endif + +%if %{with python3} +%package -n python3-%{srcname} +Summary: %{sum} +%{?python_provide:%python_provide python3-%{srcname}} + +Requires: python3-pyOpenSSL +Requires: python3-gflags +Requires: python3-fasteners +Requires: python3-httplib2 >= 0.9.1 +#Requires: python3-keyring +Requires: python3-pyasn1 >= 0.1.7 +Requires: python3-pyasn1-modules >= 0.0.5 +Requires: python3-cryptography >= 1.7.2 +Requires: python3-six >= 1.6.1 + +%description -n python3-%{srcname} +This is a python client module for accessing resources protected by OAuth 2.0 +%endif + +%if 0%{?fedora} +%package doc +Summary: Documentation for python oauth2client + +%description doc +The python-oauth2client-doc package provides the documentation +for the package. Documentation is shipped in html format. +%endif + +%prep +%setup -q -n %{srcname}-%{version} +%patch0 -p1 -b .doc +%patch1 -p1 + +# Remove the version constraint on httplib2. From reading upstream's git log, +# it seems the only reason they require a new version is to force python3 +# support. That doesn't affect us on EPEL7, so we can loosen the constraint. +sed -i 's/httplib2>=0.9.1/httplib2/' setup.py + +# We do not have the package for google.appengine support +# This is removed because it breaks the docs build otherwise +rm -f docs/source/oauth2client.contrib.appengine.rst oauth2client/appengine.py + +%if %{with python2} +rm -rf %{py2dir} +cp -a . %{py2dir} +%endif + +%build +%if %{with python3} +%py3_build +%endif + +%if 0%{?fedora} +export PYTHONPATH=`pwd` +pushd docs +# Not running with smp_flags as sometimes sphinx fails when run +# with parallel make +make html +popd +unset PYTHONPATH +rm -vr docs/_build/html/_sources +rm -vr docs/_build/html/_static/fonts +rm -v docs/_build/html/{.buildinfo,objects.inv} +%endif + +%if %{with python2} +pushd %{py2dir} +%py2_build +%endif + +%install +%if %{with python3} +%py3_install +%endif + +%if %{with python2} +pushd %{py2dir} +%py2_install +popd +%endif + +%check + +%if %{with python2} +pushd %{py2dir} +tox -v --sitepackages -e py27 +popd +%endif + +%if %{with python3} +#python3-tox --sitepackages -e py35 +%endif + +# We remove tests currently, we will ship them eventually +# This is a bit of a hack until I package the test scripts in a separate package +rm -r $(find %{_buildrootdir} -type d -name 'tests') || /bin/true + + +%if %{with python2} +%files -n python2-%{srcname} +%license LICENSE +%doc CHANGELOG.md CONTRIBUTING.md README.md +%{python2_sitelib}/%{srcname} +%{python2_sitelib}/%{srcname}-%{version}-*.egg-info +%endif + +%if 0%{?fedora} +%files doc +%doc docs/_build/html +%endif + +%if %{with python3} +%files -n python3-%{srcname} +%license LICENSE +%doc CHANGELOG.md CONTRIBUTING.md README.md +%{python3_sitelib}/%{srcname} +%{python3_sitelib}/%{srcname}*.egg-info +%endif + +%changelog +* Mon Jul 30 2018 Oyvind Albrigtsen - 4.1.2-6 +- Use FIPS 140-2 compliant RSA library + +* Tue Jun 05 2018 Troy Dawson - 4.1.2-5.1 +- Do not do python2 in RHEL8 + +* Wed Mar 21 2018 Michele Baldessari - 4.1.2-4 +- Fix FTBFS due to missing python-django (rhbz#1556223) +- Set right version in the docs + +* Fri Feb 09 2018 Fedora Release Engineering - 4.1.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 10 2017 Michele Baldessari - 4.1.2-1 +- New upstream + +* Sat May 13 2017 Michele Baldessari - 4.1.0-1 +- New upstream + +* Thu Mar 30 2017 Ralph Bean - 4.0.0-2 +- Compat for EPEL7. + +* Wed Mar 29 2017 Ralph Bean - 4.0.0-1 +- new version + +* Sat Feb 11 2017 Fedora Release Engineering - 3.0.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Dec 27 2016 Michele Baldessari - 3.0.0-3 +- Fix python 3.6 breakage + +* Mon Dec 19 2016 Miro HronĨok - 3.0.0-2 +- Rebuild for Python 3.6 + +* Thu Nov 10 2016 Michele Baldessari - 3.0.0-1 +- New upstream + +* Tue Jul 19 2016 Fedora Release Engineering - 2.1.0-2 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Sun May 22 2016 Michele Baldessari - 2.1.0-1 +- New upstream +* Tue Mar 08 2016 Michele Baldessari - 2.0.1-1 +- New upstream (NB: for now I am not shipping the tests, to be revised later) +* Thu Feb 04 2016 Fedora Release Engineering - 1.5.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild +* Thu Nov 26 2015 Michele Baldessari - 1.5.2-2 +- Remove dependency on sphinx-contrib-napoleon now that sphinx is at version >= 1.3 +- Tighten versioned dependencies +- Update to latest python policy +* Thu Nov 19 2015 Michele Baldessari - 1.5.2-1 +- New upstream (BZ 1283443) +* Tue Nov 10 2015 Fedora Release Engineering - 1.5.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 +* Tue Oct 13 2015 Michele Baldessari - 1.5.1-2 +- Add versioned requires as per setup.py +* Thu Sep 17 2015 Michele Baldessari - 1.5.1-1 +- New upstream (BZ#1263881) +* Fri Sep 04 2015 Michele Baldessari - 1.5.0-1 +- New upstream (BZ#1259966) +* Sun Jul 12 2015 Michele Baldessari - 1.4.12-1 +- New upstream (BZ#1241304) +* Mon Jun 22 2015 Michele Baldessari - 1.4.11-2 +- Use -O1 for python3 as well +- Use python2 macros +- Remove the extra fonts from the -doc package +* Thu Jun 04 2015 Michele Baldessari - 1.4.11-1 +- Initial packaging