duplicity: fix ssl problem

[halfbusy]

• [x ] Have you followed the guidelines for contributing?
• [x ] Have you ensured that your commits follow the commit style guide?
• [ x] Have you checked that there aren't other open pull requests for the same formula update/change?
• [x ] Have you built your formula locally with HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>, where <formula> is the name of the formula you're submitting?
• [x ] Is your test running fine brew test <formula>, where <formula> is the name of the formula you're submitting?
• [x ] Does your build pass brew audit --strict <formula> (after doing HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>)? If this is a new formula, does it pass brew audit --new <formula>?

---

Fixes issue:
duplicity 3.0.2 fails when using an s3 target due to outdated pyOpenSSL version.

    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/urllib3/contrib/pyopenssl.py", line 43, in <module>
      import OpenSSL.SSL  # type: ignore[import-untyped]
      ^^^^^^^^^^^^^^^^^^
    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/OpenSSL/__init__.py", line 8, in <module>
      from OpenSSL import crypto, SSL
    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/OpenSSL/crypto.py", line 1579, in <module>
      class X509StoreFlags(object):
      ...<19 lines>...
          CHECK_SS_SIGNATURE = _lib.X509_V_FLAG_CHECK_SS_SIGNATURE
    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/OpenSSL/crypto.py", line 1598, in X509StoreFlags
      NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'. Did you mean: 'X509_V_FLAG_EXPLICIT_POLICY'?

  Attempt of list Nr. 1 failed. AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'

Discussion:
https://gitlab.com/duplicity/duplicity/-/issues/835

Solution:
Upgrade to pyopenssl-24.3.0.

[cho-m]

This will get auto-reverted on next version bump due to dependency resolver (EDIT: next version should be fine) if brew update-python-resources is run, e.g. prior attempt (#182946) got accidentally reverted.

Also, this specific minor version doesn't look compatible with pydrive2 dependency:

• https://github.com/iterative/PyDrive2/blob/main/pyproject.toml#L30
• pyOpenSSL version of 24.3.0 breaks PyDrive iterative/PyDrive2#361

---

Probably need to update to newer duplicity version (https://pypi.org/project/duplicity/#history) as 3.0.2 has a problematic pin https://gitlab.com/duplicity/duplicity/-/blob/rel.3.0.2/requirements.txt?ref_type=tags#L5

cryptography==3.4.8

This is why 21.0.0 is picked rather than 24.2.1

[halfbusy]

Ah. I see.
Starting from duplicity 3.0.3, cryptography is no longer a requirement.
https://gitlab.com/duplicity/duplicity/-/blob/rel.3.0.3/requirements.txt?ref_type=tags#L5

Latest version is 3.0.3.2. If my change is breaking pydrive2, make sense to close and go straight to release that version.

[cho-m]

Looks like autobump may not have triggered after 3.13 migration (#194416) as there is no release with https://gitlab.com/duplicity/duplicity/-/commit/98e7113bdb20f76b4d636a996a63afb3bda809cf so resolver skips recent versions.

❯ /opt/homebrew/opt/[email protected]/libexec/bin/python -m pip install -q --disable-pip-version-check --dry-run --ignore-installed --report=/dev/stdout 'duplicity==3.0.3.2'
ERROR: Ignored the following yanked versions: 0.8.21.post1, 0.8.21.post2.dev4, 0.8.21.post2, 0.8.21.post6, 0.8.21.post7, 0.8.22.dev4, 1.2.0, 2.0.0, 2.2.3.dev18
ERROR: Ignored the following versions that require a different python version: 3.0.1 Requires-Python <3.13,>=3.8; 3.0.2 Requires-Python <3.13,>=3.8; 3.0.3 Requires-Python <3.13,>=3.8; 3.0.3.1 Requires-Python <3.13,>=3.8; 3.0.3.2 Requires-Python <3.13,>=3.8

---

On side note, based on pydrive2 issue, it looks like cryptography will need to be bundled as the formula is 44.0.0 so may have problems. May need to check if the upper bound is for breaking change or just pyopenssl being conservative and functionality is fine.