Add rpm build

Dockerfile.rpmbuild

@@ -0,0 +1,65 @@
+# syntax=docker/dockerfile:1
+FROM fedora:42
+
+# Minimal toolchain + rpm build tools + python build deps.
+# NOTE: rpmbuild does NOT auto-install BuildRequires. Since we're building
+# directly in a container (not via mock), we install the macro packages too.
+RUN set -eux;     dnf -y update;     dnf -y install         rpm-build rpmdevtools redhat-rpm-config         gcc make findutils tar gzip rsync         python3 python3-devel         python3-setuptools python3-wheel         pyproject-rpm-macros python3-rpm-macros         openssl-devel         ;     dnf -y clean all
+
+# Build runner script (copies repo, tars, runs rpmbuild)
+RUN set -eux;   cat > /usr/local/bin/build-rpm <<'EOF'
+#!/usr/bin/env bash
+set -euo pipefail
+
+SRC="${SRC:-/src}"
+WORKROOT="${WORKROOT:-/work}"
+OUT="${OUT:-/out}"
+
+mkdir -p "${WORKROOT}" "${OUT}"
+WORK="${WORKROOT}/src"
+rm -rf "${WORK}"
+mkdir -p "${WORK}"
+
+rsync -a --delete \
+  --exclude '.git' \
+  --exclude '.venv' \
+  --exclude 'dist' \
+  --exclude 'build' \
+  --exclude '__pycache__' \
+  --exclude '.pytest_cache' \
+  --exclude '.mypy_cache' \
+  "${SRC}/" "${WORK}/"
+
+cd "${WORK}"
+
+# Determine version from pyproject.toml unless provided
+if [ -n "${VERSION:-}" ]; then
+  ver="${VERSION}"
+else
+  ver="$(grep -m1 '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)".*/\1/')"
+fi
+
+TOPDIR="${WORKROOT}/rpmbuild"
+mkdir -p "${TOPDIR}"/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
+
+tarball="${TOPDIR}/SOURCES/bouquin-sqlcipher4-${ver}.tar.gz"
+tar -czf "${tarball}" --transform "s#^#bouquin-sqlcipher4/#" .
+
+spec_src="rpm/bouquin-sqlcipher4.spec"
+
+cp -v "${spec_src}" "${TOPDIR}/SPECS/bouquin-sqlcipher4.spec"
+
+rpmbuild -ba "${TOPDIR}/SPECS/bouquin-sqlcipher4.spec" \
+  --define "_topdir ${TOPDIR}" \
+  --define "upstream_version ${ver}"
+
+shopt -s nullglob
+cp -v "${TOPDIR}"/RPMS/*/*.rpm "${OUT}/" || true
+cp -v "${TOPDIR}"/SRPMS/*.src.rpm "${OUT}/" || true
+echo "Artifacts copied to ${OUT}"
+EOF
+
+RUN chmod +x /usr/local/bin/build-rpm
+
+WORKDIR /work
+ENTRYPOINT ["/usr/local/bin/build-rpm"]

release.sh

@@ -6,7 +6,7 @@ set -eo pipefail
 filedust -y .
 
 mkdir -p src/sqlcipher
-cd sqlcipher && ./configure && make sqlite3.c && cp sqlite3.[ch] ../src/sqlcipher/
+cd sqlcipher && ./configure && make sqlite3.c && cp sqlite3.[ch] ../src/sqlcipher/ && cd ../
 
 # Publish to Pypi
 poetry build
@@ -39,5 +39,29 @@ for dist in ${DISTS[@]}; do
     bouquin-sqlcipher4-deb:${release}
 
   debfile=$(ls -1 dist/${release}/*.deb)
-  #reprepro -b /home/user/git/repo includedeb "${release}" "${debfile}"
+  reprepro -b /home/user/git/repo includedeb "${release}" "${debfile}"
 done
+
+# RPM
+sudo apt-get -y install createrepo-c rpm
+docker build -f Dockerfile.rpmbuild -t bouquin-sqlcipher4-rpm:f42 --progress=plain .
+docker run --rm -v "$PWD":/src -v "$PWD/dist/rpm":/out bouquin-sqlcipher4-rpm:f42
+REPO_ROOT="${HOME}/git/repo_rpm"
+RPM_REPO="${REPO_ROOT}/rpm/x86_64"
+BUILD_OUTPUT="${HOME}/git/bouquin-sqlcipher4/dist"
+REMOTE="letessier.mig5.net:/opt/repo_rpm"
+KEYID="00AE817C24A10C2540461A9C1D7CDE0234DB458D"
+
+echo "==> Updating RPM repo..."
+mkdir -p "$RPM_REPO"
+cp "${BUILD_OUTPUT}/rpm/"*.rpm "$RPM_REPO/"
+
+createrepo_c "$RPM_REPO"
+
+echo "==> Signing repomd.xml..."
+qubes-gpg-client --local-user "$KEYID" --detach-sign --armor "$RPM_REPO/repodata/repomd.xml" > "$RPM_REPO/repodata/repomd.xml.asc"
+
+echo "==> Syncing repo to server..."
+rsync -aHPvz --exclude=.git --delete "$REPO_ROOT/" "$REMOTE/"
+
+echo "Done!"

rpm/bouquin-sqlcipher4.spec

@@ -0,0 +1,77 @@
+# Fedora 42 RPM spec using Fedora's pyproject RPM macros.
+#
+# IMPORTANT: your upstream pyproject.toml declares Poetry as the build backend
+# and lists build-system requires such as conan and lipomerge. Debian packaging
+# disables PEP517 and builds via setup.py.
+#
+# To keep the RPM build closer to Debian while still using %pyproject_* macros,
+# this spec rewrites ONLY the [build-system] table at %prep time so that
+# PEP517 uses setuptools.build_meta with minimal requirements.
+#
+# If you prefer zero PEP517 involvement, use the "-setup.spec" instead.
+%global upstream_version 4.12.0
+
+Name:           bouquin-sqlcipher4
+Version:        %{upstream_version}
+Release:        1%{?dist}.bouquin1
+Summary:        SQLCipher 4-backed sqlcipher module (Bouquin fork)
+
+License:        MIT
+URL:            https://git.mig5.net/mig5/bouquin-sqlcipher4
+Source0:        %{name}-%{version}.tar.gz
+
+BuildRequires:  gcc
+BuildRequires:  make
+BuildRequires:  redhat-rpm-config
+BuildRequires:  openssl-devel
+
+BuildRequires:  pyproject-rpm-macros
+BuildRequires:  python3-devel
+
+Provides:       python3-sqlcipher4 = %{version}-%{release}
+
+%description
+Provides the `sqlcipher4` Python module compiled against a bundled SQLCipher 4
+amalgamation, suitable for use by Bouquin. Built for internal distribution.
+
+%prep
+%autosetup -n bouquin-sqlcipher4
+
+# Keep Python dist metadata in sync with the RPM Version.
+sed -ri 's/version="[^"]+"/version="%{version}"/' setup.py
+
+# Rewrite [build-system] to avoid Poetry backend + non-packaged build requirements.
+%{python3} - <<'PY'
+from pathlib import Path
+import re
+p = Path("pyproject.toml")
+txt = p.read_text(encoding="utf-8")
+pat = re.compile(r'(?ms)^\[build-system\]\n.*?(?=^\[|\Z)')
+replacement = (
+    "[build-system]\n"
+    "requires = [\"setuptools>=45\", \"wheel\"]\n"
+    "build-backend = \"setuptools.build_meta\"\n\n"
+)
+p.write_text(pat.sub(replacement, txt), encoding="utf-8")
+PY
+
+%generate_buildrequires
+export BOUQUIN_SYSTEM_OPENSSL=1
+%pyproject_buildrequires
+
+%build
+export BOUQUIN_SYSTEM_OPENSSL=1
+%pyproject_wheel
+
+%install
+export BOUQUIN_SYSTEM_OPENSSL=1
+%pyproject_install
+%pyproject_save_files sqlcipher4
+
+%files -f %{pyproject_files}
+%license LICENSE
+%doc README.md
+
+%changelog
+* Wed Dec 24 2025 Miguel Jacq <mig@mig5.net> - %{upstream_version}
+- New release