Bug#927856: unblock: python-jwcrypto/0.6.0-1

2019-06-04 Thread Paul Gevers 
Ping... [adding the team]

On 30-05-2019 22:18, Paul Gevers wrote:
> Hi Timo,
> 
> On 30-05-2019 13:18, Timo Aaltonen wrote:
>> Hi, I don't know how much would have to be backported, but it's probably
>> better to just unblock freeipa 4.7.2-3 instead, because python-jwcrypto
>> is a dep of freeipa-server (which isn't built on sid/buster).
> 
> Do I understand correctly that the code is present to build it, you just
> don't do that in Debian? Do you suggest to change this bug to "unblock:
> freeipa/4.7.2-3" instead then? (I would be willing to unblock it, but
> then python-jwcrypto would go).
> 
>> That way
>> current client-only freeipa would remain on buster. Custodia is another
>> package which depends on -jwcrypto, but it's again a server thing so can
>> be removed from buster.
> 
> These package are all from the same team, I guess the team agrees?
> 
> Paul
>

Bug#927856: unblock: python-jwcrypto/0.6.0-1

2019-05-30 Thread Paul Gevers 
Hi Timo,

On 30-05-2019 13:18, Timo Aaltonen wrote:
> Hi, I don't know how much would have to be backported, but it's probably
> better to just unblock freeipa 4.7.2-3 instead, because python-jwcrypto
> is a dep of freeipa-server (which isn't built on sid/buster).

Do I understand correctly that the code is present to build it, you just
don't do that in Debian? Do you suggest to change this bug to "unblock:
freeipa/4.7.2-3" instead then? (I would be willing to unblock it, but
then python-jwcrypto would go).

> That way
> current client-only freeipa would remain on buster. Custodia is another
> package which depends on -jwcrypto, but it's again a server thing so can
> be removed from buster.

These package are all from the same team, I guess the team agrees?

Paul

Bug#927856: unblock: python-jwcrypto/0.6.0-1

2019-05-30 Thread Timo Aaltonen 
On 30.5.2019 10.59, Paul Gevers wrote:
> Control: tags -1 moreinfo
> 
> Hi Timo,
> 
> On Wed, 24 Apr 2019 11:06:36 +0300 Timo Aaltonen 
> wrote:
>> Please unblock package python-jwcrypto
>>
>> The new upstream release is needed to fix:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925457
> 
> Can't we have a targeted fix for that issue? New upstream releases are
> typically not appropriate at this stage of the release. If not, I expect
> we'll just let the package be autoremoved from buster.
> 
> Paul
> 

Hi, I don't know how much would have to be backported, but it's probably
better to just unblock freeipa 4.7.2-3 instead, because python-jwcrypto
is a dep of freeipa-server (which isn't built on sid/buster). That way
current client-only freeipa would remain on buster. Custodia is another
package which depends on -jwcrypto, but it's again a server thing so can
be removed from buster.

-- 
t

Bug#927856: unblock: python-jwcrypto/0.6.0-1

2019-05-30 Thread Paul Gevers 
Control: tags -1 moreinfo

Hi Timo,

On Wed, 24 Apr 2019 11:06:36 +0300 Timo Aaltonen 
wrote:
> Please unblock package python-jwcrypto
> 
> The new upstream release is needed to fix:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925457

Can't we have a targeted fix for that issue? New upstream releases are
typically not appropriate at this stage of the release. If not, I expect
we'll just let the package be autoremoved from buster.

Paul

Bug#927856: unblock: python-jwcrypto/0.6.0-1

2019-04-24 Thread Timo Aaltonen 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-jwcrypto

The new upstream release is needed to fix:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925457


diff -Nru python-jwcrypto-0.4.2/debian/changelog 
python-jwcrypto-0.6.0/debian/changelog
--- python-jwcrypto-0.4.2/debian/changelog  2017-12-23 10:00:03.0 
+0200
+++ python-jwcrypto-0.6.0/debian/changelog  2019-04-02 09:05:15.0 
+0300
@@ -1,3 +1,11 @@
+python-jwcrypto (0.6.0-1) unstable; urgency=medium
+
+  * New upstream release. (Closes: #925457)
+  * control: Update vcs urls.
+  * control: Drop X-Python-Version*.
+
+ -- Timo Aaltonen   Tue, 02 Apr 2019 09:05:15 +0300
+
 python-jwcrypto (0.4.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru python-jwcrypto-0.4.2/debian/control 
python-jwcrypto-0.6.0/debian/control
--- python-jwcrypto-0.4.2/debian/control2017-12-23 09:52:28.0 
+0200
+++ python-jwcrypto-0.6.0/debian/control2019-04-02 09:04:58.0 
+0300
@@ -14,12 +14,10 @@
  python3-cryptography,
  python3-nose,
  python3-setuptools,
-X-Python-Version: >= 2.7
-X-Python3-Version: >= 3.3
 Standards-Version: 4.1.2
 Homepage: https://github.com/latchset/jwcrypto
-Vcs-Git: https://anonscm.debian.org/git/pkg-freeipa/python-jwcrypto.git
-Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/python-jwcrypto.git
+Vcs-Git: https://salsa.debian.org/freeipa-team/python-jwcrypto.git
+Vcs-Browser: https://salsa.debian.org/freeipa-team/python-jwcrypto
 
 Package: python-jwcrypto
 Architecture: all
diff -Nru python-jwcrypto-0.4.2/docs/source/conf.py 
python-jwcrypto-0.6.0/docs/source/conf.py
--- python-jwcrypto-0.4.2/docs/source/conf.py   2017-08-01 18:56:23.0 
+0300
+++ python-jwcrypto-0.6.0/docs/source/conf.py   2018-11-05 17:14:47.0 
+0200
@@ -46,16 +46,16 @@
 
 # General information about the project.
 project = u'JWCrypto'
-copyright = u'2016-2017, JWCrypto Contributors'
+copyright = u'2016-2018, JWCrypto Contributors'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '0.4'
+version = '0.6'
 # The full version, including alpha/beta/rc tags.
-release = '0.4.2'
+release = '0.6'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
diff -Nru python-jwcrypto-0.4.2/docs/source/jwe.rst 
python-jwcrypto-0.6.0/docs/source/jwe.rst
--- python-jwcrypto-0.4.2/docs/source/jwe.rst   2017-08-01 18:56:23.0 
+0300
+++ python-jwcrypto-0.6.0/docs/source/jwe.rst   2018-11-05 17:14:47.0 
+0200
@@ -51,6 +51,9 @@
 Examples
 
 
+Symmetric keys
+~~
+
 Encrypt a JWE token::
 >>> from jwcrypto import jwk, jwe
 >>> from jwcrypto.common import json_encode
@@ -67,3 +70,29 @@
 >>> jwetoken.deserialize(enc)
 >>> jwetoken.decrypt(key)
 >>> payload = jwetoken.payload
+
+Asymmetric keys
+~~~
+
+Encrypt a JWE token::
+>>> from jwcrypto import jwk, jwe
+>>> from jwcrypto.common import json_encode, json_decode
+>>> public_key = jwk.JWK()
+>>> private_key = jwk.JWK.generate(kty='RSA', size=2048)
+>>> public_key.import_key(**json_decode(private_key.export_public()))
+>>> payload = "My Encrypted message"
+>>> protected_header = {
+"alg": "RSA-OAEP-256",
+"enc": "A256CBC-HS512",
+"typ": "JWE",
+"kid": public_key.thumbprint(),
+}
+>>> jwetoken = jwe.JWE(payload.encode('utf-8'),
+   recipient=public_key,
+   protected=protected_header)
+>>> enc = jwetoken.serialize()
+
+Decrypt a JWE token::
+>>> jwetoken = jwe.JWE()
+>>> jwetoken.deserialize(enc, key=private_key)
+>>> payload = jwetoken.payload
diff -Nru python-jwcrypto-0.4.2/jwcrypto/common.py 
python-jwcrypto-0.6.0/jwcrypto/common.py
--- python-jwcrypto-0.4.2/jwcrypto/common.py2017-08-01 18:56:23.0 
+0300
+++ python-jwcrypto-0.6.0/jwcrypto/common.py2018-11-05 17:14:47.0 
+0200
@@ -16,12 +16,12 @@
 
 
 def base64url_decode(payload):
-l = len(payload) % 4
-if l == 2:
+size = len(payload) % 4
+if size == 2:
 payload += '=='
-elif l == 3:
+elif size == 3:
 payload += '='
-elif l != 0:
+elif size != 0:
 raise ValueError('Invalid base64 string')
 return urlsafe_b64decode(payload.encode('utf-8'))
 
diff -Nru python-jwcrypto-0.4.2/jwcrypto/jwa.py 
python-jwcrypto-0.6.0/jwcrypto/jwa.py
--- python-jwcrypto-0.4.2/jwcrypto/jwa.py   2017-08-01 18:56:23.0 
+0300
+++ python-jwcrypto-0.6.0/jwcrypto/jwa.py   2018-11-05 17:14:47.0 
+0200
@@ -14,6 +14,7 @@
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 from