#
# spec file for package python-service_identity
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%define oname   service_identity
%{?sle15_python_module_pythons}
Name:           python-service_identity
Version:        24.2.0
Release:        1.5
Summary:        Service identity verification for pyOpenSSL
License:        MIT
Group:          Development/Languages/Python
URL:            https://github.com/pyca/service_identity
# no tests in upstream tarball
Source:         https://github.com/pyca/service_identity/archive/%{version}.tar.gz
BuildRequires:  %{python_module attrs >= 19.1.0}
BuildRequires:  %{python_module cryptography}
BuildRequires:  %{python_module hatch-fancy-pypi-readme}
BuildRequires:  %{python_module hatch_vcs}
BuildRequires:  %{python_module hatchling >= 1.14.0}
BuildRequires:  %{python_module idna}
BuildRequires:  %{python_module pip}
BuildRequires:  %{python_module pyOpenSSL >= 17.1.0}
BuildRequires:  %{python_module pyasn1-modules}
BuildRequires:  %{python_module pyasn1}
BuildRequires:  %{python_module pytest}
BuildRequires:  %{python_module wheel}
BuildRequires:  fdupes
BuildRequires:  python-rpm-macros
Requires:       python-attrs >= 19.1.0
Requires:       python-cryptography
Requires:       python-pyasn1
Requires:       python-pyasn1-modules
Recommends:     python-idna
Recommends:     python-pyOpenSSL >= 17.1.0
BuildArch:      noarch
%ifpython2
Requires:       python-ipaddress
%endif
%python_subpackages

%description
service_identity aspires to give you all the tools you need for
verifying whether a certificate is valid for the intended purposes.

In the simplest case, this means host name verification. However,
service_identity implements RFC 6125 fully and plans to add other
relevant RFCs too.

%prep
%setup -q -n service-identity-%{version}

%build
%pyproject_wheel

%install
%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}

%check
%pytest

%files %{python_files}
%license LICENSE
%doc README.md
%{python_sitelib}/%{oname}
%{python_sitelib}/%{oname}-%{version}*-info

%changelog
* Wed Oct 30 2024 Dirk Müller <dmueller@suse.com>
- update to 24.2.0:
  * Python 3.13 is now officially supported.
  * pyOpenSSL's identity extraction has been reimplemented using
  * cryptography*'s primitives instead of deprecated pyOpenSSL
    APIs.
  * As a result, the oldest supported pyOpenSSL version is now
    17.1.0.
* Sat Jan 20 2024 Dirk Müller <dmueller@suse.com>
- update to 24.1.0:
  * If a certificate doesn't contain any `subjectAltName`s, we
    now raise `service_identity.CertificateError` instead of
    `service_identity.VerificationError` to make the problem
    easier to debug.
* Mon Sep 18 2023 pgajdos@suse.com
- python-six is not required
* Wed Jun 21 2023 ecsos <ecsos@opensuse.org>
- Update to 23.1.0
  * Removed
  - All Python versions up to and including 3.7 have been dropped.
  - Support for commonName in certificates has been dropped.
    It has been deprecated since 2017 and isn't supported by any
    major browser.
  - The oldest supported pyOpenSSL version (when using the
    pyopenssl backend) is now 17.0.0.
    When using such an old pyOpenSSL version, you have to pin
    cryptography yourself to ensure compatibility between them.
    Please check out contraints/oldest-pyopenssl.txt to verify
    what we are testing against.
  * Deprecated
  - If you've used service_identity.(cryptography|pyopenssl).extract_ids(),
    please switch to the new names extract_patterns(). #56
  * Added
  - service_identity.(cryptography|pyopenssl).extract_patterns()
    are now public APIs (FKA extract_ids()).
    You can use them to extract the patterns from a certificate
    without verifying anything. #55
  - service-identity is now fully typed. #57
* Fri Apr 21 2023 Dirk Müller <dmueller@suse.com>
- add sle15_python_module_pythons (jsc#PED-68)
* Thu Apr 13 2023 Matej Cepl <mcepl@suse.com>
- Make calling of %%{sle15modernpython} optional.
* Fri Feb 24 2023 Matej Cepl <mcepl@suse.com>
- Clean up the SPEC file.
* Mon Feb  7 2022 Matej Cepl <mcepl@suse.com>
- Update to 21.1.0:
  - Python 3.4 is not supported anymore. It has been unsupported
    by the Python core team for a while now, its PyPI downloads
    are negligible, and our CI provider removed it as a supported
    option.
  - It's very unlikely that service-identity will break under 3.4
    anytime soon, which is why we do not block its installation
    on Python 3.4. But we don't test it anymore and will block it
    once someone reports breakage.
  - service_identity.exceptions.VerificationError can now be
    pickled and is overall more well-behaved as an exception.
    This raises the requirement of attrs to 19.1.0.
- This package actually truly requires six (it is expected to
  work with Python 2.7 as well).
* Thu Mar 12 2020 Tomáš Chvátal <tchvatal@suse.com>
- Fix build without python2
* Fri Jan  3 2020 Tomáš Chvátal <tchvatal@suse.com>
- Format with spec-cleaner
- Upstream seems to rebase the tarball, refetch it
* Fri Mar  1 2019 Ondřej Súkup <mimi.vx@gmail.com>
- update to 18.1.0
- drop fetch-intersphinx-inventories.sh
- drop local-intersphinx-inventories.patch
- cleanup spec + enable tests
  * pyOpenSSL is optional now if you use service_identity.cryptography.* only.
  * Added support for iPAddress subjectAltNames.
* Mon Feb 25 2019 Todd R <toddrme2178@gmail.com>
- add fetch-intersphinx-inventories.sh to the sources
* Mon Feb  4 2019 Hans-Peter Jansen <hpj@urpla.net>
- add local-intersphinx-inventories.patch for generating the docs
  correctly
- add fetch-intersphinx-inventories.sh to fetch the inventories
* Tue Dec  4 2018 Matej Cepl <mcepl@suse.com>
- Remove superfluous devel dependency for noarch package
* Mon Oct  1 2018 Bernhard Wiedemann <bwiedemann@suse.com>
- Reduce parallelism of sphinx-build
  to ensure reproducible builds (boo#1102408)
* Tue Sep 25 2018 Tomáš Chvátal <tchvatal@suse.com>
- Drop some SLE11 code that is quite useless today
* Mon Sep 24 2018 ecsos@opensuse.org
- Update to 17.0.0:
  * Deprecations:
  - Since Chrome 58 and Firefox 48 both don’t accept certificates
    that contain only a Common Name, its usage is hereby
    deprecated in service_identity too. We have been raising
    a warning since 16.0.0 and the support will be removed in
    mid-2018 for good.
  * Changes:
  - When service_identity.SubjectAltNameWarning is raised, the
    Common Name of the certificate is now included in the warning
    message. #17
  - Added cryptography.x509 backend for verifying certificates.
    [#18]
  - Wildcards (*) are now only allowed if they are the leftmost
    label in a certificate. This is common practice by all major
    browsers. #19
* Sat Jul  1 2017 okurz@suse.com
- Convert to singlespec
* Thu Jun  2 2016 jacobwinski@gmail.com
- Update to 16.0.0:
  * Changes:
    +  Officially support Python 3.5.
    +  service_identity.SubjectAltNameWarning is now raised if the server certicate lacks a proper SubjectAltName. [#9]
    +  Add a __str__ method to VerificationError.
    +  Port from characteristic to its spiritual successor attrs.
  * Backward-incompatible changes:
    +  Python 3.3 and 2.6 aren't supported anymore. They may work by chance but any effort to keep them working has ceased.
    +  pyOpenSSL versions older than 0.14 are not tested anymore. They don't even build with recent OpenSSL versions.
- Update spec file with new upstream package requirements.
* Tue Jul 21 2015 nemysis@gmx.ch
- Change URL
- Use %%{oname} instead of service_identity
- Add BuildRequires for python-Sphinx for Documentation
- Change Description
- Change Documentation add index.html
- Add Man Page
* Thu Jul 16 2015 jacobwinski@gmail.com
- update pkg description to reflect upstream
- rm warnings in description about this pkg being alpha / possibly broken
* Thu Jul 16 2015 jacobwinski@gmail.com
- alphabetize BuildRequires & Requires
- remove no longer needed commented out test fail workaround
* Thu Jul 16 2015 jacobwinski@gmail.com
- update to 14.0.0:
  * update spec file with new requirements per instructions by upstream
  * update spec file comment out no longer needed test fail workaround
  * upstream changes:
    + Switch to year-based version numbers.
    + Port to characteristic 14.0 (get rid of deprecation warnings).
    + Package docs with sdist.
-update to 1.0.0:
  * Backward-incompatible changes:
    + Drop support for Python 3.2. There is no justification to add complexity and unnecessary function calls for a Python version that nobody uses.
  * changes:
    + Move into the Python Cryptography Authority’s GitHub account.
    + Move exceptions into service_identity.exceptions so tracebacks don’t contain private module names.
    + Promoting to stable since Twisted 14.0 is optionally depending on service_identity now.
    + Use characteristic instead of a home-grown solution.
    + idna 0.6 did some backward-incompatible fixes that broke Python 3 support. This has been fixed now therefore service_identity only works with idna 0.6 and later. Unfortunately since idna doesn’t offer version introspection, service_identity can’t warn about it.
* Thu May 15 2014 hpj@urpla.net
- version 0.2: initial build