Merge remote-tracking branch 'upstream/rawhide' into alex

This commit is contained in:
Alex Manning 2022-07-20 23:50:38 +01:00
commit f66f3a36a8
2 changed files with 63 additions and 94 deletions

View file

@ -1,30 +0,0 @@
From 4e39aa55098734f27f83f4ade53fbb71879255dc Mon Sep 17 00:00:00 2001
From: Dan Callaghan <djc@djc.id.au>
Date: Sun, 18 Jul 2021 13:18:10 +1000
Subject: [PATCH] relax cryptography dependency version requirement
In Fedora, python-cryptography does not bundle OpenSSL, so it's always
up to date. This strict version requirement is not necessary. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1978949
---
synapse/python_dependencies.py | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 1dd39f06cf..2b83353b76 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -78,9 +78,7 @@ REQUIREMENTS = [
"bleach>=1.4.3",
# We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
"typing-extensions>=3.10.0",
- # We enforce that we have a `cryptography` version that bundles an `openssl`
- # with the latest security patches.
- "cryptography>=3.4.7",
+ "cryptography>=3.4",
# ijson 3.1.4 fixes a bug with "." in property names
"ijson>=3.1.4",
"matrix-common~=1.1.0",
--
2.35.1

View file

@ -2,7 +2,7 @@
# Version suffix in URL when building release candidates
%global rcx %{nil}
%global ghversion 1.57.0
%global ghversion 1.620
%{?python_enable_dependency_generator}
@ -24,62 +24,17 @@ Source2: synapse.service
Source4: synapse@.service
Source3: matrix-synapse.sysusers
# non-upstreamable patch to accept any version of python-cryptography, see RHBZ#1978949
Patch1: 0001-relax-cryptography-dependency-version-requirement.patch
BuildArch: noarch
Recommends: %{name}+postgres
Recommends: %{name}+systemd
BuildRequires: python3-devel
BuildRequires: python3-setuptools
# Test dependencies
BuildRequires: python3-parameterized >= 0.7.0
BuildRequires: /usr/bin/openssl
# Package dependencies
#BuildRequires: python3-txacme >= 0.9.2
BuildRequires: (python3-attrs >= 19.2.0 without python3-attrs = 21.1.0)
BuildRequires: python3-authlib
BuildRequires: python3-bcrypt >= 3.1.0
BuildRequires: python3-bleach >= 1.4.3
BuildRequires: python3-canonicaljson >= 1.4.0
# v3.4.7 affects only the binary distribution, so using v3.4.6 is fine.
BuildRequires: python3-cryptography >= 3.4.6
BuildRequires: python3-daemonize >= 2.3.1
BuildRequires: (python3-frozendict without python3-frozendict = 2.1.2)
BuildRequires: python3-idna >= 2.5
BuildRequires: python3-ijson
BuildRequires: python3-jinja2
BuildRequires: python3-jsonschema
BuildRequires: python3-jwt
BuildRequires: python3-lxml
BuildRequires: python3-matrix-common
BuildRequires: python3-matrix-synapse-ldap3 >= 0.1
BuildRequires: python3-msgpack >= 0.5.2
BuildRequires: python3-netaddr >= 0.7.18
BuildRequires: python3-phonenumbers >= 8.2.0
BuildRequires: python3-pillow
BuildRequires: python3-prometheus_client
BuildRequires: python3-pyOpenSSL >= 16.0.0
BuildRequires: python3-pyasn1 >= 0.1.9
BuildRequires: python3-pyasn1-modules >= 0.0.7
BuildRequires: python3-pymacaroons-pynacl >= 0.13.0
BuildRequires: python3-pynacl >= 1.2.1
BuildRequires: python3-pysaml2 >= 4.5.0
BuildRequires: python3-pyyaml >= 3.11
BuildRequires: python3-service-identity >= 18.1.0
BuildRequires: python3-signedjson >= 1.1.0
BuildRequires: python3-sortedcontainers >= 1.4.4
BuildRequires: python3-systemd >= 231
BuildRequires: python3-treq >= 15.1
BuildRequires: python3-twisted >= 18.9.0
BuildRequires: python3-typing-extensions
BuildRequires: python3-unpaddedbase64 >= 1.1.0
BuildRequires: systemd
BuildRequires: systemd-rpm-macros
# Workaround missing python-saml2 dependencies in f35 and f36.
BuildRequires: xmlsec1
Requires(pre): shadow-utils
Requires: systemd
%{?systemd_requires}
BuildRequires: xmlsec1-openssl
%description
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
@ -89,6 +44,8 @@ to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.
%pyproject_extras_subpkg -n %{name} matrix-synapse-ldap3 postgres saml2 oidc systemd url_preview jwt cache_memory
%prep
%autosetup -p1 -n %{srcname}-%{ghversion}%{rcx}
@ -100,17 +57,20 @@ the ecosystem.
rm -rf synapse/static
%generate_buildrequires
# Missing: sentry,opentracing,redis
%pyproject_buildrequires -x test,matrix-synapse-ldap3,postgres,saml2,oidc,systemd,url_preview,jwt,cache_memory
%build
%py3_build
%pyproject_wheel
%install
%py3_install
# Synapse includes some benchmarks in a separate Python package named "synmark"
# which is installed by default. Remove it to avoid shipping it in the Fedora
# package, since it is unlikely to be useful to end users.
rm -r %{buildroot}%{python3_sitelib}/synmark/
%pyproject_install
%py3_shebang_fix %{buildroot}%{python3_sitelib}/%{srcname}/_scripts
%pyproject_save_files %{srcname}
install -p -D -T -m 0644 contrib/systemd/log_config.yaml %{buildroot}%{_sysconfdir}/synapse/log_config.yaml
install -p -D -T -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/synapse
@ -120,30 +80,44 @@ install -p -d -m 755 %{buildroot}/%{_sharedstatedir}/synapse
install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
%check
PYTHONPATH=. trial-3 tests
set -o pipefail
PYTHONPATH=%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}:$PWD trial-3 tests | tee trial.stdout
# Guard against new types of tests being skipped.
WHITELIST="Requires hiredis
Requires jaeger_client
Requires Postgres
\`BaseFederationServlet\` does not support cancellation yet."
REASONS=$(cat trial.stdout | sed -n '/^\[SKIPPED\]$/{n;p;}')
SKIPPED=$(comm -23 <(echo "$REASONS" | sort | uniq) <(echo "$WHITELIST" | sort | uniq))
if [ ! -z "$SKIPPED" ]; then
echo -e "Failing, because tests were skipped:\n$SKIPPED"
exit 1
fi
%pre
%sysusers_create_compat %{SOURCE3}
%post
%systemd_post synapse.service
%systemd_post synapse@*.service
%preun
%systemd_preun synapse.service
%systemd_preun synapse@*.service
%postun
%systemd_postun_with_restart synapse.service
%systemd_postun_with_restart synapse@*.service
%files
%files -f %{pyproject_files}
%license LICENSE
%doc *.rst
%config(noreplace) %{_sysconfdir}/sysconfig/synapse
%{python3_sitelib}/synapse/
%{python3_sitelib}/matrix_synapse*.egg-info/
%{_bindir}/*
%{_unitdir}/synapse.service
%{_unitdir}/synapse@.service
@ -154,7 +128,32 @@ PYTHONPATH=. trial-3 tests
%changelog
* Thu Apr 05 2022 Kai A. Hiller <V02460@gmail.com> - 1.56.0-1
* Thu Jul 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.62.0-1
- Update to v1.62.0
* Wed Jun 29 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.1-1
- Update to v1.61.1
- Fix CVE-2022-31052
* Tue Jun 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.0-1
- Update to v1.61.0
* Thu Jun 09 2022 Kai A. Hiller <V02460@gmail.com> - 1.60.0-1
- Update to v1.60.0
* Thu May 19 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.1-1
- Update to v1.59.1
* Wed May 18 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.0-1
- Update to v1.59.0
* Wed May 04 2022 Kai A. Hiller <V02460@gmail.com> - 1.58.0-1
- Update to v1.58.0
* Thu Apr 21 2022 Dan Callaghan <djc@djc.id.au> - 1.57.0-1
- Update to v1.57.0
* Tue Apr 05 2022 Kai A. Hiller <V02460@gmail.com> - 1.56.0-1
- Update to v1.56.0
* Thu Mar 24 2022 Kai A. Hiller <V02460@gmail.com> - 1.55.0-1