# python3-synta.spec.in — Fedora RPM packaging for the synta Python bindings # # Source package: python3-synta # # NOTE: Source0 is a git archive of the synta workspace, NOT the synta-python # crate tarball from crates.io. The maturin build system requires: # - pyproject.toml (workspace root, references synta-python/Cargo.toml) # - python/ (Python source files: __init__.py, krb5.py, cms.py, …) # Neither of these files is included in the synta-python crates.io tarball. # A full git archive is therefore used as Source0. # # Binary packages produced: # python3-synta Python extension module (PyO3 / maturin, abi3-py38+) # python3-synta-doc Python bindings documentation # # Source preparation notes # ───────────────────────── # Source0 (workspace tarball): # git archive --prefix=synta-%%{version}/ v%%{version} \ # | gzip > synta-%%{version}.tar.gz # (Use 'make python-tarball' from contrib/packages/ to automate this.) # # Source1 (vendor tarball): # Same approach as the workspace spec: apply the workspace patch to remove # synta-bench (publish=false, pulls git-only deps) and the [patch.crates-io] # git overrides that break offline cargo invocations, then run cargo vendor. # 'make python-vendor' in contrib/packages/ regenerates this tarball. # # Version note: the Python package version is governed by pyproject.toml # (currently 0.1.0); the synta-python Rust crate version (Cargo.toml) may # differ. The RPM Version field tracks the Python package version. # Update pyproject.toml whenever bumping the Python package release. # Suppress the pyproject buildsystem auto-detection hook. # RPM 4.20 passes -d (dependency-groups) to this hook but pyproject-rpm-macros # 1.18 does not accept that flag. All Python build requirements are listed # statically below so the hook output is not needed. %global buildsystem_pyproject_generate_buildrequires() %nil %global crate synta %global snapdate 202604101407 %global snapcommit f615d67 Name: python3-%{crate} Version: 0.1.4 Release: 1.%{snapdate}.git%{snapcommit}%{?dist} Summary: Python bindings for the Synta ASN.1 library License: MIT OR Apache-2.0 URL: https://codeberg.org/abbra/synta Source0: %{crate}-%{version}.tar.gz Source1: %{crate}-%{version}-vendor.tar.gz Patch0001: 0001-packaging-remove-synta-bench-from-workspace.patch # Rust build infrastructure BuildRequires: cargo-rpm-macros >= 25 # Python extension (maturin / PyO3) BuildRequires: python3-devel BuildRequires: python3-pip BuildRequires: pyproject-rpm-macros BuildRequires: %{py3_dist maturin} >= 1.0 BuildRequires: %{py3_dist maturin} < 2.0 # pytest is in [dependency-groups] dev in pyproject.toml; list it explicitly # because the pyproject buildrequires macro without -d does not emit it. BuildRequires: %{py3_dist pytest} >= 7 # OpenSSL development headers (openssl-devel). The maturin build enables # both the openssl and deprecated-pkcs12-algorithms features (PQC ML-DSA / # ML-KEM support); the vendor tarball includes the PQC-capable rust-openssl # fork (github.com/abbra/rust-openssl, branch pqc-prs). OpenSSL 3.5+ # system libraries are required for ML-DSA/ML-KEM at runtime. BuildRequires: openssl-devel # Rust crate dependencies installed as system packages. BuildRequires: rust-synta-devel >= 0.1.4 BuildRequires: rust-synta-certificate-devel >= 0.1.4 BuildRequires: rust-synta-krb5-devel >= 0.1.4 BuildRequires: rust-synta-mtc-devel >= 0.1.4 BuildRequires: rust-synta-derive-devel >= 0.1.4 BuildRequires: rust-synta-x509-verification-devel >= 0.1.4 %description Python bindings for the Synta high-performance ASN.1 parser and encoder, providing a Python API for DER/BER decoding, DER encoding, X.509 certificate and PKI structure parsing, PKCS#7/PKCS#12 archive reading, Kerberos V5 ASN.1 structure handling, SPNEGO/GSSAPI negotiation token parsing, Merkle Tree Certificate support, and RFC 5280 / CABF X.509 certificate chain verification (synta.x509 submodule, backed by OpenSSL). The main extension module (_synta.abi3.so) is built with maturin; two additional per-subsystem modules are built separately with cargo: _krb5.abi3.so (Kerberos V5 + SPNEGO/GSSAPI) and _mtc.abi3.so (Merkle Tree Certificates). All modules use PyO3 against the stable Python ABI (abi3) and are compatible with Python 3.8 and later. # ────────────────────────────────────────────────────────────────────────────── # python3-synta-doc — Python bindings documentation # ────────────────────────────────────────────────────────────────────────────── %package doc Summary: Documentation for the python3-synta Python bindings License: MIT OR Apache-2.0 BuildArch: noarch %description doc User guide and reference documentation for the python3-synta Python bindings, including the Python API overview, bindings reference, and integration guide. # ══════════════════════════════════════════════════════════════════════════════ # PREP # ══════════════════════════════════════════════════════════════════════════════ %prep %autosetup -n %{crate}-%{version} -p1 # Extract the vendor tarball; same approach as the workspace spec. tar xf %{SOURCE1} # Set up .cargo/config.toml pointing all crate lookups at vendor/ for offline # builds. %%cargo_prep -v vendor writes the crates-io → vendored-sources stanza. %cargo_prep -v vendor # Append any git-source redirect stanzas saved during 'cargo vendor'. awk '/^\[source\."git\+/{s=1; print; next} /^\[/{s=0} s{print} /^[[:space:]]*$/{s=0}' \ vendor-config.toml >> .cargo/config.toml || : # ══════════════════════════════════════════════════════════════════════════════ # GENERATE BUILD REQUIREMENTS # ══════════════════════════════════════════════════════════════════════════════ %generate_buildrequires %cargo_generate_buildrequires # All Python build requirements are listed statically in BuildRequires above; # %%pyproject_buildrequires is intentionally omitted to avoid version-dependent # macro behavior when building the SRPM locally. # ══════════════════════════════════════════════════════════════════════════════ # BUILD # ══════════════════════════════════════════════════════════════════════════════ %build # %%pyproject_wheel calls `maturin build --release` via the maturin backend # declared in pyproject.toml. maturin respects CARGO_HOME / .cargo/config.toml # set up by %%cargo_prep above, so it uses the vendored crate sources. %pyproject_wheel # Build the per-subsystem extension modules that are not managed by maturin. # _krb5.so covers both synta.krb5 and synta.spnego (SPNEGO is always used # alongside Kerberos so both live in the same shared library). cargo build --release -p synta-python-krb5 --features openssl cargo build --release -p synta-python-mtc --features openssl # ══════════════════════════════════════════════════════════════════════════════ # INSTALL # ══════════════════════════════════════════════════════════════════════════════ %install %pyproject_install # Install the per-subsystem extension modules built above. # The abi3 naming (_NAME.abi3.so) matches the PyO3 abi3-py38 feature used # by each crate and is consistent with the _synta.abi3.so installed by maturin. # _krb5.abi3.so covers both synta.krb5 and synta.spnego. install -pm 755 target/release/lib_krb5.so \ %{buildroot}%{python3_sitearch}/synta/_krb5.abi3.so install -pm 755 target/release/lib_mtc.so \ %{buildroot}%{python3_sitearch}/synta/_mtc.abi3.so # Install the Python bindings documentation. install -d %{buildroot}%{_docdir}/python3-%{crate}-doc/examples install -pm 644 examples/*.py %{buildroot}%{_docdir}/python3-%{crate}-doc/examples/ install -pm 644 \ synta-python/README.md \ synta-python/CHANGELOG.md \ %{buildroot}%{_docdir}/python3-%{crate}-doc/ # ══════════════════════════════════════════════════════════════════════════════ # CHECK # ══════════════════════════════════════════════════════════════════════════════ %check %pytest tests/python/ # ══════════════════════════════════════════════════════════════════════════════ # FILES # ══════════════════════════════════════════════════════════════════════════════ # ── python3-synta ───────────────────────────────────────────────────────────── %files %license LICENSE-MIT LICENSE-APACHE # The synta Python package directory: __init__.py, _synta.abi3.so and all # pure-Python submodules (krb5.py, cms.py, oids/, …), plus the three # per-subsystem extension modules installed manually above. %{python3_sitearch}/synta/ %{python3_sitearch}/synta-%{version}.dist-info/ # ── python3-synta-doc ───────────────────────────────────────────────────────── %files doc %license LICENSE-MIT LICENSE-APACHE %{_docdir}/python3-%{crate}-doc/README.md %{_docdir}/python3-%{crate}-doc/CHANGELOG.md %{_docdir}/python3-%{crate}-doc/examples/ # ══════════════════════════════════════════════════════════════════════════════ # CHANGELOG # ══════════════════════════════════════════════════════════════════════════════ %changelog * Fri Apr 10 2026 Synta Contributors - 0.1.4-1 - Bump to 0.1.4; update BuildRequires to >= 0.1.4 for all rust-synta-* crates - Update workspace patch: add synta-python-common/krb5/mtc members - Vendor PQC-capable rust-openssl fork (pqc-prs) in Source1; enable deprecated-pkcs12-algorithms maturin feature for ML-DSA/ML-KEM support - Fix tests path (tests/python/), fix doc file paths (synta-python/README.md) * Sun Apr 05 2026 Synta Contributors - 0.1.3-1 - Add CertificationRequest extension API, CertificateList version/crl_number, PublicKey.from_rsa/ec_components, and 8 new synta.oids.attr constants * Mon Mar 23 2026 Synta Contributors - 0.1.0-1 - Initial individual package (split from synta workspace spec)