Releases retrieved: 4.0.0 Upstream release that is considered latest: 4.0.0 Current version/release in rawhide: 3.2.2-4.fc37 URL: http://pypi.python.org/pypi/bcrypt Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/9047/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-bcrypt
Created attachment 1907310 [details] Update to 4.0.0 (#2120929)
the-new-hotness/release-monitoring.org's scratch build of python-bcrypt-4.0.0-1.fc36.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=91194916
Releases retrieved: 4.0.1 Upstream release that is considered latest: 4.0.1 Current version/release in rawhide: 3.2.2-4.fc37 URL: http://pypi.python.org/pypi/bcrypt Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/9047/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-bcrypt
Created attachment 1916931 [details] Update to 4.0.1 (#2120929)
the-new-hotness/release-monitoring.org's scratch build of python-bcrypt-4.0.1-1.fc36.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=92846785
It seems python-bcrypt is now redone in rust. I am not sure if that means we need a rename (but I think not, as it still provides python interface) or just adjustment to the new source/building... adding decathorpe for advice.
I took a quick look, and I don't think it should be too difficult to do this. The bcrypt package uses setuptools_rust to build its native (Rust) module, which works pretty well for our purposes, in my experience - the python-cryptography package has already done this for a few versions and we haven't had problems with it. I recommend that you take a look at what we've done in the python-cryptography package and steal it for python-bcrypt :) For now, the only blockers are probably the Rust dependencies which aren't packaged for Fedora yet (the "bcrypt" and "bcrypt-pbkdf" crates), and their dependencies (of which two are missing from Fedora right now: the "blowfish" crate, which is not packaged yet, and the "pbkdf2" crate, which is too old in Fedora - we have v0.9, and bcrypt-pbkdf2 needs v0.10). The next steps would probably be: - package v0.9.1 of the blowfish crate as rust-blowfish - update rust-pbkdf2 to v0.10 (and probably add a compat package for v0.9, which is still needed for other packages) - package v0.8.1 of the the bcrypt-pbkdf crate as rust-bcrypt-pbkdf (latest version is 0.9.0, but python-bcrypt explicitly needs v0.8) - package v0.13.0 of the bcrypt crate as rust-bcrypt I don't know how much time I can allocate to help with this, but I can try by either submitting missing packages for review or doing the reviews, and by updating the pbkdf2 crate to the required version?
Yeah, not sure how much time I have either. ;( If you could submit reviews/get pbkdf2 updated that would be great. I'm happy to review the new packages, just let me know...
I did some work for this here [1]. It requires rust-bcrypt [2], rust-bcrypt-pbkdf [3] and rust-blowfish [4] as new packages and an update of rust-pbkdf2 [5]. [1] https://copr.fedorainfracloud.org/coprs/smani/python-flask-security-too-5.1.0/ [2] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2176199 [3] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2176197 [4] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2176200 [5] https://src.fedoraproject.org/rpms/rust-pbkdf2/pull-request/1
All dependenceis are since available. I've submitted a PR for this package: https://src.fedoraproject.org/rpms/python-bcrypt/pull-request/8
pgadmin4 has an upper bound set for python-bcrypt. Opened BZ 2190188 for that.
FEDORA-2023-3aea3bbfe9 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-3aea3bbfe9
FEDORA-2023-3aea3bbfe9 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.