Bug 2120929 - python-bcrypt-4.0.1 is available
Summary: python-bcrypt-4.0.1 is available
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-bcrypt
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Pierre-YvesChibon
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 2190188
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-08-24 03:45 UTC by Upstream Release Monitoring
Modified: 2023-05-01 17:52 UTC (History)
9 users (show)

Fixed In Version: python-bcrypt-4.0.1-3.fc39
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-05-01 17:52:06 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Update to 4.0.0 (#2120929) (1.13 KB, patch)
2022-08-24 03:45 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 4.0.1 (#2120929) (1.13 KB, patch)
2022-10-09 17:31 UTC, Upstream Release Monitoring
no flags Details | Diff

Description Upstream Release Monitoring 2022-08-24 03:45:47 UTC
Releases retrieved: 4.0.0
Upstream release that is considered latest: 4.0.0
Current version/release in rawhide: 3.2.2-4.fc37
URL: http://pypi.python.org/pypi/bcrypt

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/9047/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-bcrypt

Comment 1 Upstream Release Monitoring 2022-08-24 03:45:53 UTC
Created attachment 1907310 [details]
Update to 4.0.0 (#2120929)

Comment 2 Upstream Release Monitoring 2022-08-24 03:51:09 UTC
the-new-hotness/release-monitoring.org's scratch build of python-bcrypt-4.0.0-1.fc36.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=91194916

Comment 3 Upstream Release Monitoring 2022-10-09 17:31:30 UTC
Releases retrieved: 4.0.1
Upstream release that is considered latest: 4.0.1
Current version/release in rawhide: 3.2.2-4.fc37
URL: http://pypi.python.org/pypi/bcrypt

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/9047/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-bcrypt

Comment 4 Upstream Release Monitoring 2022-10-09 17:31:34 UTC
Created attachment 1916931 [details]
Update to 4.0.1 (#2120929)

Comment 5 Upstream Release Monitoring 2022-10-09 17:38:59 UTC
the-new-hotness/release-monitoring.org's scratch build of python-bcrypt-4.0.1-1.fc36.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=92846785

Comment 6 Kevin Fenzi 2023-01-07 22:43:05 UTC
It seems python-bcrypt is now redone in rust. 

I am not sure if that means we need a rename (but I think not, as it still provides python interface) or just adjustment to the new source/building... adding decathorpe for advice.

Comment 7 Fabio Valentini 2023-01-07 23:10:49 UTC
I took a quick look, and I don't think it should be too difficult to do this.

The bcrypt package uses setuptools_rust to build its native (Rust) module, which works pretty well for our purposes, in my experience - the python-cryptography package has already done this for a few versions and we haven't had problems with it. I recommend that you take a look at what we've done in the python-cryptography package and steal it for python-bcrypt :)

For now, the only blockers are probably the Rust dependencies which aren't packaged for Fedora yet (the "bcrypt" and "bcrypt-pbkdf" crates), and their dependencies (of which two are missing from Fedora right now: the "blowfish" crate, which is not packaged yet, and the "pbkdf2" crate, which is too old in Fedora - we have v0.9, and bcrypt-pbkdf2 needs v0.10).

The next steps would probably be:

- package v0.9.1 of the blowfish crate as rust-blowfish
- update rust-pbkdf2 to v0.10 (and probably add a compat package for v0.9, which is still needed for other packages)
- package v0.8.1 of the the bcrypt-pbkdf crate as rust-bcrypt-pbkdf (latest version is 0.9.0, but python-bcrypt explicitly needs v0.8)
- package v0.13.0 of the bcrypt crate as rust-bcrypt

I don't know how much time I can allocate to help with this, but I can try by either submitting missing packages for review or doing the reviews, and by updating the pbkdf2 crate to the required version?

Comment 8 Kevin Fenzi 2023-01-08 18:54:08 UTC
Yeah, not sure how much time I have either. ;(

If you could submit reviews/get pbkdf2 updated that would be great. I'm happy to review the new packages, just let me know...

Comment 9 Sandro Mani 2023-03-07 16:05:52 UTC
I did some work for this here [1]. It requires rust-bcrypt [2], rust-bcrypt-pbkdf [3] and rust-blowfish [4] as new packages and an update of rust-pbkdf2 [5].

[1] https://copr.fedorainfracloud.org/coprs/smani/python-flask-security-too-5.1.0/
[2] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2176199
[3] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2176197
[4] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2176200
[5] https://src.fedoraproject.org/rpms/rust-pbkdf2/pull-request/1

Comment 10 Sandro Mani 2023-03-28 13:36:26 UTC
All dependenceis are since available. I've submitted a PR for this package: https://src.fedoraproject.org/rpms/python-bcrypt/pull-request/8

Comment 11 Major Hayden 🤠 2023-04-27 13:11:40 UTC
pgadmin4 has an upper bound set for python-bcrypt. Opened BZ 2190188 for that.

Comment 12 Fedora Update System 2023-05-01 17:50:20 UTC
FEDORA-2023-3aea3bbfe9 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-3aea3bbfe9

Comment 13 Fedora Update System 2023-05-01 17:52:06 UTC
FEDORA-2023-3aea3bbfe9 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.