URL: https://github.com/freeipa/freeipa/pull/159 Author: jcholast Title: #159: spec file: clean up BuildRequires Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/159/head:pr159 git checkout pr159
From 506b3e9324bf0497162405594f8bc316b723f7ad Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 12 Oct 2016 13:20:32 +0200 Subject: [PATCH 1/7] spec file: clean up BuildRequires Add missing cyrus-sasl-devel, python-cffi, python-custodia, python-nose, python-paste, python-sssdconfig and systemd-python BuildRequires. Remove unused custodia, java-headless, m4, policycoreutils, python-kdcproxy, python-rhsm, pyOpenSSL and systemd-units BuildRequires. Correct versioned BuildRequires and provide explanatory comments. --- freeipa.spec.in | 125 +++++++++++++++++++++++++++++++++----------------------- 1 file changed, 75 insertions(+), 50 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index e5e1292..c44929b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -43,82 +43,107 @@ URL: http://www.freeipa.org/ Source0: freeipa-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -%if ! %{ONLY_CLIENT} -BuildRequires: 389-ds-base-devel >= 1.3.5.6 -BuildRequires: svrcore-devel -BuildRequires: policycoreutils >= 2.1.12-5 -BuildRequires: systemd-units -BuildRequires: samba-devel >= %{samba_version} -BuildRequires: samba-python -BuildRequires: libtalloc-devel -BuildRequires: libtevent-devel -%endif # ONLY_CLIENT -BuildRequires: nspr-devel -BuildRequires: nss-devel -BuildRequires: openssl-devel BuildRequires: openldap-devel -BuildRequires: krb5-devel >= 1.13 -BuildRequires: krb5-workstation -BuildRequires: libuuid-devel -BuildRequires: libcurl-devel >= 7.21.7-2 +# 1.12: libkrad (http://krbdev.mit.edu/rt/Ticket/Display.html?id=7678) +BuildRequires: krb5-devel >= 1.12 +BuildRequires: libcurl-devel +# 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation BuildRequires: xmlrpc-c-devel >= 1.27.4 BuildRequires: popt-devel BuildRequires: autoconf BuildRequires: automake -BuildRequires: m4 BuildRequires: libtool BuildRequires: gettext BuildRequires: python-devel +%if 0%{?with_python3} +BuildRequires: python3-devel +%endif # with_python3 +# %{_unitdir}, %{_tmpfilesdir} +BuildRequires: systemd +BuildRequires: libini_config-devel +BuildRequires: cyrus-sasl-devel +%if ! %{ONLY_CLIENT} +# 1.3.3.9: DS_Sleep (https://fedorahosted.org/389/ticket/48005) +BuildRequires: 389-ds-base-devel >= 1.3.3.9 +BuildRequires: svrcore-devel +%if 0%{?rhel} +BuildRequires: samba-devel >= 4.0.0 +%else +BuildRequires: samba-devel >= 2:4.0.0 +%endif +BuildRequires: libtalloc-devel +BuildRequires: libtevent-devel +BuildRequires: nspr-devel +BuildRequires: nss-devel +BuildRequires: openssl-devel +BuildRequires: libuuid-devel BuildRequires: python-ldap -BuildRequires: python-setuptools -BuildRequires: python-nss -BuildRequires: python-cryptography >= 0.9 BuildRequires: python-netaddr -BuildRequires: python-gssapi >= 1.1.2 -BuildRequires: python-rhsm -BuildRequires: pyOpenSSL -BuildRequires: pylint >= 1.0 -# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 -BuildRequires: python2-polib -BuildRequires: python-libipa_hbac -BuildRequires: python-memcached -BuildRequires: python-lxml -BuildRequires: python-pyasn1 >= 0.0.9a -BuildRequires: python-qrcode-core >= 5.0.0 -BuildRequires: python-dns >= 1.11.1 +BuildRequires: python-gssapi +BuildRequires: python-dns BuildRequires: libsss_idmap-devel +# 1.14.0: sss_nss_getnamebycert (https://fedorahosted.org/sssd/ticket/2897) BuildRequires: libsss_nss_idmap-devel >= 1.14.0 -BuildRequires: java-headless -BuildRequires: jsl BuildRequires: rhino BuildRequires: libverto-devel -BuildRequires: systemd BuildRequires: libunistring-devel BuildRequires: python-lesscpy -BuildRequires: python-yubico >= 1.2.3 -BuildRequires: openssl-devel -BuildRequires: pki-base >= 10.3.3-3 -BuildRequires: python-pytest-multihost >= 0.5 -BuildRequires: python-pytest-sourceorder -BuildRequires: python-kdcproxy >= 0.3 BuildRequires: python-six -BuildRequires: python-jwcrypto -BuildRequires: custodia -BuildRequires: libini_config-devel >= 1.2.0 +BuildRequires: python-netifaces +%endif # ONLY_CLIENT + +# +# Build dependencies for makeapi/makeaci +# +BuildRequires: krb5-workstation +BuildRequires: python-setuptools +BuildRequires: python-nss +# 0.6: serialization.load_pem_private_key, load_pem_public_key +BuildRequires: python-cryptography >= 0.6 +BuildRequires: python-libipa_hbac +BuildRequires: python-memcached +BuildRequires: python-lxml +BuildRequires: python-pyasn1 +# pki Python package +BuildRequires: pki-base BuildRequires: dbus-python -BuildRequires: python-netifaces >= 0.10.4 BuildRequires: python-libsss_nss_idmap +BuildRequires: python-cffi + +# +# Build dependencies for lint +# +BuildRequires: samba-python +BuildRequires: pylint >= 1.0 +# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 +BuildRequires: python2-polib +# 5.0.0: QRCode.print_ascii +BuildRequires: python-qrcode-core >= 5.0.0 +# 1.11.0: resolver.YXDOMAIN, Resolver.set_flags +BuildRequires: python-dns >= 1.11.0 +BuildRequires: jsl +BuildRequires: python-yubico +# 10.2.1: crypto.NSSCryptoProvider(password_file) +BuildRequires: pki-base >= 10.2.1 +BuildRequires: python-pytest-multihost +BuildRequires: python-pytest-sourceorder +BuildRequires: python-jwcrypto +BuildRequires: python-custodia BuildRequires: python-sss +BuildRequires: python-sssdconfig +BuildRequires: systemd-python +BuildRequires: python-nose +BuildRequires: python-paste +# # Build dependencies for unit tests +# +%if ! %{ONLY_CLIENT} BuildRequires: libcmocka-devel BuildRequires: nss_wrapper # Required by ipa_kdb_tests BuildRequires: %{_libdir}/krb5/plugins/kdb/db2.so - -%if 0%{?with_python3} -BuildRequires: python3-devel -%endif # with_python3 +%endif # ONLY_CLIENT %description IPA is an integrated solution to provide centrally managed Identity (users, From a53cbce81a1609a5025efb8a46beb2263eb7a9b8 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 12 Oct 2016 13:27:16 +0200 Subject: [PATCH 2/7] spec file: do not include BuildRequires for lint by default Lint is never executed from rpmbuild, so the BuildRequires for lint are purely informational. Include them only if %with_lint RPM macro is specified. Update .travis.yml accordingly. --- .travis.yml | 2 +- freeipa.spec.in | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index f221e82..d95eb25 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,4 +13,4 @@ script: - > docker run -v $PWD:/freeipa -w /freeipa martbab/freeipa-fedora-builder:${TRAVIS_BRANCH}-latest - /bin/bash -c 'dnf builddep -y --spec freeipa.spec.in && make rpms' + /bin/bash -c 'dnf builddep -y -D "with_lint 1" --spec freeipa.spec.in && make rpms' diff --git a/freeipa.spec.in b/freeipa.spec.in index c44929b..2236758 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -8,6 +8,9 @@ %global with_python3 1 %endif +# lint is not executed during rpmbuild +%{!?with_lint:%global with_lint 0} + %global alt_name ipa %if 0%{?rhel} %global samba_version 4.0.5-1 @@ -113,6 +116,7 @@ BuildRequires: python-cffi # # Build dependencies for lint # +%if 0%{?with_lint} BuildRequires: samba-python BuildRequires: pylint >= 1.0 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 @@ -134,6 +138,7 @@ BuildRequires: python-sssdconfig BuildRequires: systemd-python BuildRequires: python-nose BuildRequires: python-paste +%endif # with_lint # # Build dependencies for unit tests From 3bbd2f49b4dfd34ed9a22f8b1ebac576456dd3fc Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:37:30 +0200 Subject: [PATCH 3/7] pylint: enable the import-error check Check for import errors with pylint to make sure new python package dependencies are not overlooked. --- client/ipa-client-automount | 2 ++ contrib/nssciphersuite/nssciphersuite.py | 5 ++++- install/tools/ipa-replica-manage | 4 +++- ipaclient/ipa_certupdate.py | 2 ++ ipalib/config.py | 2 ++ ipalib/parameters.py | 4 +++- ipalib/rpc.py | 1 + ipapython/config.py | 4 +++- ipapython/cookie.py | 2 ++ ipapython/dogtag.py | 3 +++ ipapython/nsslib.py | 1 + ipapython/secrets/kem.py | 6 +++++- ipapython/sysrestore.py | 2 ++ ipaserver/dcerpc.py | 11 +++++------ ipaserver/install/cainstance.py | 3 +++ ipaserver/install/installutils.py | 2 ++ ipaserver/install/ipa_backup.py | 6 ++++-- ipaserver/install/ipa_replica_prepare.py | 2 ++ ipaserver/install/ipa_restore.py | 2 ++ ipaserver/install/krainstance.py | 2 ++ ipaserver/install/server/upgrade.py | 2 ++ ipaserver/plugins/ldap2.py | 2 +- ipaserver/plugins/trust.py | 6 +++--- ipaserver/rpcserver.py | 4 +++- ipaserver/session.py | 2 ++ ipatests/test_ipalib/test_parameters.py | 4 +++- ipatests/test_ipalib/test_rpc.py | 5 +++-- ipatests/test_ipaserver/httptest.py | 1 + ipatests/test_webui/ui_driver.py | 5 ++++- pylintrc | 2 -- 30 files changed, 75 insertions(+), 24 deletions(-) diff --git a/client/ipa-client-automount b/client/ipa-client-automount index 88adb0a..fc619d0 100755 --- a/client/ipa-client-automount +++ b/client/ipa-client-automount @@ -30,7 +30,9 @@ import tempfile import gssapi import SSSDConfig +# pylint: disable=import-error from six.moves.urllib.parse import urlsplit +# pylint: enable=import-error from optparse import OptionParser from ipalib import api, errors diff --git a/contrib/nssciphersuite/nssciphersuite.py b/contrib/nssciphersuite/nssciphersuite.py index dee05d4..66e2b27 100755 --- a/contrib/nssciphersuite/nssciphersuite.py +++ b/contrib/nssciphersuite/nssciphersuite.py @@ -25,7 +25,10 @@ import operator import re -from urllib.request import urlopen # pylint: disable=no-name-in-module + +# pylint: disable=import-error,no-name-in-module +from urllib.request import urlopen +# pylint: enable=import-error,no-name-in-module SOURCE = "https://git.fedorahosted.org/cgit/mod_nss.git/plain/nss_engine_cipher.c"; diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index d9dee9c..5ca7f59 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -28,7 +28,10 @@ import ldap import socket import traceback +# pylint: disable=import-error from six.moves.urllib.parse import urlparse +from six.moves.xmlrpc_client import MAXINT +# pylint: enable=import-error from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils @@ -42,7 +45,6 @@ from ipapython.ipa_log_manager import root_logger, standard_logging_setup from ipapython.dn import DN from ipapython.config import IPAOptionParser from ipaclient import ipadiscovery -from six.moves.xmlrpc_client import MAXINT from ipaplatform.paths import paths # dict of command name and tuples of min/max num of args needed diff --git a/ipaclient/ipa_certupdate.py b/ipaclient/ipa_certupdate.py index 2c6b94f..24cd041 100644 --- a/ipaclient/ipa_certupdate.py +++ b/ipaclient/ipa_certupdate.py @@ -21,7 +21,9 @@ import tempfile import shutil +# pylint: disable=import-error from six.moves.urllib.parse import urlsplit +# pylint: enable=import-error from ipapython import (admintool, ipautil, ipaldap, sysrestore, certmonger, certdb) diff --git a/ipalib/config.py b/ipalib/config.py index a273e3d..cf9e925 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -34,8 +34,10 @@ import sys import six +# pylint: disable=import-error from six.moves.urllib.parse import urlparse, urlunparse from six.moves.configparser import RawConfigParser, ParsingError +# pylint: enable=import-error from ipapython.dn import DN from ipalib.base import check_name diff --git a/ipalib/parameters.py b/ipalib/parameters.py index 1117fbe..073e138 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -103,9 +103,11 @@ import decimal import base64 import datetime -from six.moves.xmlrpc_client import MAXINT, MININT import six +# pylint: disable=import-error +from six.moves.xmlrpc_client import MAXINT, MININT +# pylint: enable=import-error from ipalib.text import _ as ugettext from ipalib.base import check_name diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 19ce0cc..9594ab5 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -76,6 +76,7 @@ from xmlrpclib import (Binary, Fault, DateTime, dumps, loads, ServerProxy, Transport, ProtocolError, MININT, MAXINT) except ImportError: + # pylint: disable=import-error from xmlrpc.client import (Binary, Fault, DateTime, dumps, loads, ServerProxy, Transport, ProtocolError, MININT, MAXINT) diff --git a/ipapython/config.py b/ipapython/config.py index 59e4aa7..8e5708e 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -22,12 +22,14 @@ from dns import resolver, rdatatype from dns.exception import DNSException +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +from six.moves.urllib.parse import urlsplit +# pylint: enable=import-error from ipapython.dn import DN from ipaplatform.paths import paths import dns.name -from six.moves.urllib.parse import urlsplit import socket diff --git a/ipapython/cookie.py b/ipapython/cookie.py index 97f24b2..8abd961 100644 --- a/ipapython/cookie.py +++ b/ipapython/cookie.py @@ -23,7 +23,9 @@ from calendar import timegm import six +# pylint: disable=import-error from six.moves.urllib.parse import urlparse +# pylint: enable=import-error from ipapython.ipa_log_manager import log_mgr diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 179ce6d..f4f1955 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -22,7 +22,9 @@ import nss.nss as nss import six +# pylint: disable=import-error from six.moves.urllib.parse import urlencode +# pylint: enable=import-error from ipalib import api, errors from ipalib.errors import NetworkError @@ -35,6 +37,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib if six.PY3: diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index f9f64c1..08d05fc 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -35,6 +35,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib # NSS database currently open diff --git a/ipapython/secrets/kem.py b/ipapython/secrets/kem.py index fb51e64..7f92c9f 100644 --- a/ipapython/secrets/kem.py +++ b/ipapython/secrets/kem.py @@ -2,8 +2,12 @@ from __future__ import print_function import os -from ipaplatform.paths import paths + +# pylint: disable=import-error from six.moves.configparser import ConfigParser +# pylint: enable=import-error + +from ipaplatform.paths import paths from ipapython.dn import DN from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py index 6257268..b1bf4b9 100644 --- a/ipapython/sysrestore.py +++ b/ipapython/sysrestore.py @@ -30,7 +30,9 @@ import random import six +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipaplatform.tasks import tasks from ipaplatform.paths import paths diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index bd1d8c1..ac13aac 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -44,12 +44,6 @@ import random from cryptography.hazmat.primitives.ciphers import Cipher, algorithms from cryptography.hazmat.backends import default_backend -# pylint: disable=F0401 -try: - from ldap.controls import RequestControl as LDAPControl -except ImportError: - from ldap.controls import LDAPControl as LDAPControl -# pylint: enable=F0401 import ldap as _ldap from ipapython.ipaldap import IPAdmin from ipaserver.session import krbccache_dir, krbccache_prefix @@ -63,6 +57,11 @@ from ldap.filter import escape_filter_chars from time import sleep +try: + from ldap.controls import RequestControl as LDAPControl +except ImportError: + from ldap.controls import LDAPControl as LDAPControl + if six.PY3: unicode = str long = int diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 384abc3..f115624 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -39,8 +39,10 @@ import shlex import pipes +# pylint: disable=import-error from six.moves import urllib from six.moves.configparser import ConfigParser, RawConfigParser +# pylint: enable=import-error from ipalib import api from ipalib import pkcs10, x509 @@ -79,6 +81,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib # We need to reset the template because the CA uses the regular boot diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index f240dc3..8111f18 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -40,7 +40,9 @@ import ldap import ldapurl import six +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser, NoOptionError +# pylint: enable=import-error import ipaplatform diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index e7fefd8..0ebcc35 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -22,11 +22,13 @@ import tempfile import time import pwd -from ipaplatform.paths import paths -from ipaplatform import services +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error +from ipaplatform.paths import paths +from ipaplatform import services from ipalib import api, errors from ipapython import version from ipapython.ipautil import run, write_tmp_file diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index d7ab813..2eef5fe 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -28,7 +28,9 @@ from optparse import OptionGroup, SUPPRESS_HELP import dns.resolver +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipaserver.install import certs, installutils, bindinstance, dsinstance from ipaserver.install.replication import enable_replication_version_checking diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 64ab9e4..ae0b28f 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -25,7 +25,9 @@ import ldif import itertools +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipalib import api, errors from ipalib.constants import FQDN diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 590a840..a2210a2 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -22,7 +22,9 @@ import shutil import tempfile +# pylint: disable=import-error from six.moves.configparser import ConfigParser +# pylint: enable=import-error from ipalib import api from ipalib import x509 diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 4426b7f..021d02e 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -14,7 +14,9 @@ import dns.exception import six +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipalib import api import SSSDConfig diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 1793503..1b90573 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -39,7 +39,7 @@ try: - from ldap.controls.simple import GetEffectiveRightsControl #pylint: disable=F0401,E0611 + from ldap.controls.simple import GetEffectiveRightsControl except ImportError: """ python-ldap 2.4.x introduced a new API for effective rights control, which diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py index 5326255..c0c080d 100644 --- a/ipaserver/plugins/trust.py +++ b/ipaserver/plugins/trust.py @@ -49,20 +49,20 @@ unicode = str try: - import pysss_murmur #pylint: disable=F0401 + import pysss_murmur _murmur_installed = True except Exception as e: _murmur_installed = False try: - import pysss_nss_idmap #pylint: disable=F0401 + import pysss_nss_idmap _nss_idmap_installed = True except Exception as e: _nss_idmap_installed = False if api.env.in_server and api.env.context in ['lite', 'server']: try: - import ipaserver.dcerpc # pylint: disable=F0401 + import ipaserver.dcerpc from ipaserver.dcerpc import (TRUST_ONEWAY, TRUST_BIDIRECTIONAL, TRUST_JOIN_EXTERNAL) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index c4f724a..502629f 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -24,7 +24,6 @@ """ from xml.sax.saxutils import escape -from six.moves.xmlrpc_client import Fault import os import datetime import json @@ -36,7 +35,10 @@ from pyasn1.type import univ, namedtype from pyasn1.codec.ber import encoder import six +# pylint: disable=import-error from six.moves.urllib.parse import parse_qs +from six.moves.xmlrpc_client import Fault +# pylint: enable=import-error from ipalib import plugable, errors from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES diff --git a/ipaserver/session.py b/ipaserver/session.py index c5e5fac..85deb15 100644 --- a/ipaserver/session.py +++ b/ipaserver/session.py @@ -22,7 +22,9 @@ import re import time +# pylint: disable=import-error from six.moves.urllib.parse import urlparse +# pylint: enable=import-error from ipalib import errors from ipalib.text import _ diff --git a/ipatests/test_ipalib/test_parameters.py b/ipatests/test_ipalib/test_parameters.py index a23f97d..d0bab40 100644 --- a/ipatests/test_ipalib/test_parameters.py +++ b/ipatests/test_ipalib/test_parameters.py @@ -30,10 +30,12 @@ import sys from decimal import Decimal from inspect import isclass -from six.moves.xmlrpc_client import MAXINT, MININT import pytest import six +# pylint: disable=import-error +from six.moves.xmlrpc_client import MAXINT, MININT +# pylint: enable=import-error from ipatests.util import raises, ClassChecker, read_only from ipatests.util import dummy_ugettext, assert_equal diff --git a/ipatests/test_ipalib/test_rpc.py b/ipatests/test_ipalib/test_rpc.py index cfa1515..80cf2e7 100644 --- a/ipatests/test_ipalib/test_rpc.py +++ b/ipatests/test_ipalib/test_rpc.py @@ -22,10 +22,11 @@ """ from __future__ import print_function -from six.moves.xmlrpc_client import Binary, Fault, dumps, loads - import nose import six +# pylint: disable=import-error +from six.moves.xmlrpc_client import Binary, Fault, dumps, loads +# pylint: enable=import-error from ipatests.util import raises, assert_equal, PluginTester, DummyClass from ipatests.data import binary_bytes, utf8_bytes, unicode_str diff --git a/ipatests/test_ipaserver/httptest.py b/ipatests/test_ipaserver/httptest.py index 75d30af..c816456 100644 --- a/ipatests/test_ipaserver/httptest.py +++ b/ipatests/test_ipaserver/httptest.py @@ -29,6 +29,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib class Unauthorized_HTTP_test(object): diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py index d581ad4..4ce3668 100644 --- a/ipatests/test_webui/ui_driver.py +++ b/ipatests/test_webui/ui_driver.py @@ -32,6 +32,10 @@ from functools import wraps from nose.plugins.skip import SkipTest +# pylint: disable=import-error +from six.moves.urllib.error import URLError +# pylint: enable=import-error + try: from selenium import webdriver from selenium.common.exceptions import NoSuchElementException @@ -53,7 +57,6 @@ NO_YAML = False except ImportError: NO_YAML = True -from six.moves.urllib.error import URLError from ipaplatform.paths import paths ENV_MAP = { diff --git a/pylintrc b/pylintrc index 8643f8d..07acb1f 100644 --- a/pylintrc +++ b/pylintrc @@ -18,7 +18,6 @@ enable= disable= I, duplicate-code, - import-error, interface-not-implemented, no-self-use, redefined-variable-type, @@ -33,7 +32,6 @@ disable= too-many-public-methods, too-many-return-statements, too-many-statements, - import-error, abstract-method, anomalous-backslash-in-string, arguments-differ, From a5b013d41aa665d54ab54cd011679e3736a0043e Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 12:52:08 +0200 Subject: [PATCH 4/7] ipaserver: remove ipalib import from setup.py Instead of importing ipalib to get IPA version string, create setup.py from a template and have the version string automatically filled in. This makes it possible to build the ipaserver package without having to have ipalib dependencies installed. --- Makefile | 2 ++ freeipa.spec.in | 12 ++++---- setup.py | 86 --------------------------------------------------------- setup.py.in | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 93 insertions(+), 92 deletions(-) delete mode 100755 setup.py create mode 100755 setup.py.in diff --git a/Makefile b/Makefile index 6324308..c593990 100644 --- a/Makefile +++ b/Makefile @@ -166,6 +166,8 @@ version-update: release-update freeipa.spec.in > freeipa.spec sed -e s/__VERSION__/$(IPA_VERSION)/ version.m4.in \ > version.m4 + sed -e s/__VERSION__/$(IPA_VERSION)/ setup.py.in \ + > setup.py sed -e s/__VERSION__/$(IPA_VERSION)/ ipapython/setup.py.in \ > ipapython/setup.py sed -e s/__VERSION__/$(IPA_VERSION)/ ipaplatform/setup.py.in \ diff --git a/freeipa.spec.in b/freeipa.spec.in index 2236758..9db9f55 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -80,10 +80,6 @@ BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: openssl-devel BuildRequires: libuuid-devel -BuildRequires: python-ldap -BuildRequires: python-netaddr -BuildRequires: python-gssapi -BuildRequires: python-dns BuildRequires: libsss_idmap-devel # 1.14.0: sss_nss_getnamebycert (https://fedorahosted.org/sssd/ticket/2897) BuildRequires: libsss_nss_idmap-devel >= 1.14.0 @@ -91,25 +87,29 @@ BuildRequires: rhino BuildRequires: libverto-devel BuildRequires: libunistring-devel BuildRequires: python-lesscpy -BuildRequires: python-six -BuildRequires: python-netifaces %endif # ONLY_CLIENT # # Build dependencies for makeapi/makeaci # BuildRequires: krb5-workstation +BuildRequires: python-ldap BuildRequires: python-setuptools BuildRequires: python-nss # 0.6: serialization.load_pem_private_key, load_pem_public_key BuildRequires: python-cryptography >= 0.6 +BuildRequires: python-netaddr +BuildRequires: python-gssapi BuildRequires: python-libipa_hbac BuildRequires: python-memcached BuildRequires: python-lxml BuildRequires: python-pyasn1 +BuildRequires: python-dns # pki Python package BuildRequires: pki-base +BuildRequires: python-six BuildRequires: dbus-python +BuildRequires: python-netifaces BuildRequires: python-libsss_nss_idmap BuildRequires: python-cffi diff --git a/setup.py b/setup.py deleted file mode 100755 index 960a8f2..0000000 --- a/setup.py +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/python2 - -# Authors: -# Jason Gerard DeRose <jder...@redhat.com> -# -# Copyright (C) 2008 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -""" -Python-level packaging using distutils. -""" - -from distutils.core import setup -from distutils.command.install_data import install_data as _install_data -from distutils.util import change_root, convert_path -from distutils import log -import ipalib -import os - -class install_data(_install_data): - """Override the built-in install_data to gzip files once they - are installed. - """ - - def run(self): - # install_data is a classic class so super() won't work. Call it - # directly to copy the files first. - _install_data.run(self) - - # Now gzip them - for f in self.data_files: - if isinstance(f, str): - # it's a simple file - f = convert_path(f) - cmd = '/bin/gzip %s/%s' % (self.install_dir, f) - log.info("gzipping %s/%s" % (self.install_dir, f)) - os.system(cmd) - else: - # it's a tuple with path and a list of files - dir = convert_path(f[0]) - if not os.path.isabs(dir): - dir = os.path.join(self.install_dir, dir) - elif self.root: - dir = change_root(self.root, dir) - - if f[1] == []: - # If there are no files listed the user must be - # trying to create an empty directory. So nothing - # to do here. - pass - else: - # gzip the files - for data in f[1]: - data = convert_path(data) - cmd = '/bin/gzip %s/%s' % (dir, data) - log.info("gzipping %s/%s" % (dir, data)) - os.system(cmd) - -setup( - name='freeipa', - version=ipalib.__version__, - license='GPLv3+', - url='http://freeipa.org/', - packages=[ - 'ipaserver', - 'ipaserver.advise', - 'ipaserver.advise.plugins', - 'ipaserver.plugins', - 'ipaserver.install', - 'ipaserver.install.plugins', - 'ipaserver.install.server', - ], -) diff --git a/setup.py.in b/setup.py.in new file mode 100755 index 0000000..dca81cc --- /dev/null +++ b/setup.py.in @@ -0,0 +1,85 @@ +#!/usr/bin/python2 + +# Authors: +# Jason Gerard DeRose <jder...@redhat.com> +# +# Copyright (C) 2008 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Python-level packaging using distutils. +""" + +from distutils.core import setup +from distutils.command.install_data import install_data as _install_data +from distutils.util import change_root, convert_path +from distutils import log +import os + +class install_data(_install_data): + """Override the built-in install_data to gzip files once they + are installed. + """ + + def run(self): + # install_data is a classic class so super() won't work. Call it + # directly to copy the files first. + _install_data.run(self) + + # Now gzip them + for f in self.data_files: + if isinstance(f, str): + # it's a simple file + f = convert_path(f) + cmd = '/bin/gzip %s/%s' % (self.install_dir, f) + log.info("gzipping %s/%s" % (self.install_dir, f)) + os.system(cmd) + else: + # it's a tuple with path and a list of files + dir = convert_path(f[0]) + if not os.path.isabs(dir): + dir = os.path.join(self.install_dir, dir) + elif self.root: + dir = change_root(self.root, dir) + + if f[1] == []: + # If there are no files listed the user must be + # trying to create an empty directory. So nothing + # to do here. + pass + else: + # gzip the files + for data in f[1]: + data = convert_path(data) + cmd = '/bin/gzip %s/%s' % (dir, data) + log.info("gzipping %s/%s" % (dir, data)) + os.system(cmd) + +setup( + name='freeipa', + version='__VERSION__', + license='GPLv3+', + url='http://freeipa.org/', + packages=[ + 'ipaserver', + 'ipaserver.advise', + 'ipaserver.advise.plugins', + 'ipaserver.plugins', + 'ipaserver.install', + 'ipaserver.install.plugins', + 'ipaserver.install.server', + ], +) From 501c4be68daec6caf2a927181952b62a86c0cd19 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:36:12 +0200 Subject: [PATCH 5/7] makeapi, makeaci: do not fail on missing imports Add import hook to makeapi and makeaci which makes them ignore import errors in modules in our source tree and instead print a warning. This makes it possible to build IPA without having to have most of our runtime dependencies installed. --- freeipa.spec.in | 21 ++++++------ ignore_import_errors.py | 86 +++++++++++++++++++++++++++++++++++++++++++++++++ makeaci | 2 ++ makeapi | 3 ++ 4 files changed, 101 insertions(+), 11 deletions(-) create mode 100644 ignore_import_errors.py diff --git a/freeipa.spec.in b/freeipa.spec.in index 9db9f55..9b5800c 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -94,22 +94,11 @@ BuildRequires: python-lesscpy # BuildRequires: krb5-workstation BuildRequires: python-ldap -BuildRequires: python-setuptools BuildRequires: python-nss -# 0.6: serialization.load_pem_private_key, load_pem_public_key -BuildRequires: python-cryptography >= 0.6 BuildRequires: python-netaddr -BuildRequires: python-gssapi -BuildRequires: python-libipa_hbac -BuildRequires: python-memcached -BuildRequires: python-lxml BuildRequires: python-pyasn1 BuildRequires: python-dns -# pki Python package -BuildRequires: pki-base BuildRequires: python-six -BuildRequires: dbus-python -BuildRequires: python-netifaces BuildRequires: python-libsss_nss_idmap BuildRequires: python-cffi @@ -118,21 +107,31 @@ BuildRequires: python-cffi # %if 0%{?with_lint} BuildRequires: samba-python +BuildRequires: python-setuptools +# 0.6: serialization.load_pem_private_key, load_pem_public_key +BuildRequires: python-cryptography >= 0.6 +BuildRequires: python-gssapi BuildRequires: pylint >= 1.0 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 BuildRequires: python2-polib +BuildRequires: python-libipa_hbac +BuildRequires: python-memcached +BuildRequires: python-lxml # 5.0.0: QRCode.print_ascii BuildRequires: python-qrcode-core >= 5.0.0 # 1.11.0: resolver.YXDOMAIN, Resolver.set_flags BuildRequires: python-dns >= 1.11.0 BuildRequires: jsl BuildRequires: python-yubico +# pki Python package # 10.2.1: crypto.NSSCryptoProvider(password_file) BuildRequires: pki-base >= 10.2.1 BuildRequires: python-pytest-multihost BuildRequires: python-pytest-sourceorder BuildRequires: python-jwcrypto BuildRequires: python-custodia +BuildRequires: dbus-python +BuildRequires: python-netifaces BuildRequires: python-sss BuildRequires: python-sssdconfig BuildRequires: systemd-python diff --git a/ignore_import_errors.py b/ignore_import_errors.py new file mode 100644 index 0000000..1fb594a --- /dev/null +++ b/ignore_import_errors.py @@ -0,0 +1,86 @@ +# +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license +# + +""" +ImportError ignoring import hook. +""" + +from __future__ import print_function + +import imp +import inspect +import os.path +import sys + +DIRNAME = os.path.dirname(os.path.abspath(__file__)) + + +class FailedImport(object): + def __init__(self, loader, name): + self.__file__ = __file__ + self.__name__ = name + self.__path__ = [] + self.__loader__ = loader + self.__package__ = name + + def __repr__(self): + return '<failed import {!r}>'.format(self.__name__) + + +class IgnoringImporter(object): + def find_module(self, fullname, path=None): + parentname, dot, name = fullname.rpartition('.') + assert (not dot and path is None) or (dot and path is not None) + + # check if the module can be found + try: + file, _filename, _description = imp.find_module(name, path) + except ImportError: + pass + else: + if file is not None: + file.close() + # it can be found, do normal import + return None + + # check if the parent module import failed + if dot and isinstance(sys.modules[parentname], FailedImport): + # it did fail, so this import will fail as well + return self + + # find out from where are we importing + if path is None: + path = sys.path + for pathname in path: + pathname = os.path.abspath(pathname) + if not pathname.startswith(DIRNAME): + break + else: + # importing from our source tree, do normal import + return None + + # find out into what .py file are we importing + frame = inspect.currentframe().f_back + filename = frame.f_code.co_filename + if filename.startswith('<'): + # not a file, do normal import + return None + filename = os.path.abspath(filename) + if not filename.startswith(DIRNAME): + # not a file in our source tree, do normal import + return None + + return self + + def load_module(self, fullname): + frame = inspect.currentframe().f_back + print("{}:{}: No module named {}".format( + os.path.relpath(frame.f_code.co_filename), + frame.f_lineno, + fullname)) + + return sys.modules.setdefault(fullname, FailedImport(self, fullname)) + + +sys.meta_path.insert(0, IgnoringImporter()) diff --git a/makeaci b/makeaci index 6673112..98b199c 100755 --- a/makeaci +++ b/makeaci @@ -30,6 +30,8 @@ import sys import difflib from argparse import ArgumentParser +import ignore_import_errors # pylint: disable=unused-import + from ipalib import api from ipapython.dn import DN from ipapython.ipaldap import LDAPClient diff --git a/makeapi b/makeapi index 38ae166..a02a491 100755 --- a/makeapi +++ b/makeapi @@ -32,6 +32,9 @@ import os import re import inspect import operator + +import ignore_import_errors # pylint: disable=unused-import + from ipalib import api from ipalib.parameters import Param from ipalib.output import Output From 7fdfd7af52df15f9bb192a59184f9866f9939642 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:31:36 +0200 Subject: [PATCH 6/7] client: remove unused libcurl build dependency --- client/Makefile.am | 1 - client/configure.ac | 12 ------------ freeipa.spec.in | 1 - 3 files changed, 14 deletions(-) diff --git a/client/Makefile.am b/client/Makefile.am index 3d135a3..44a5ab6 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -86,7 +86,6 @@ ipa_join_LDADD = \ $(KRB5_LIBS) \ $(OPENLDAP_LIBS) \ $(SASL_LIBS) \ - $(CURL_LIBS) \ $(XMLRPC_LIBS) \ $(POPT_LIBS) \ $(LIBINTL_LIBS) \ diff --git a/client/configure.ac b/client/configure.ac index 58f23af..7d1a8cd 100644 --- a/client/configure.ac +++ b/client/configure.ac @@ -139,18 +139,6 @@ AC_CHECK_LIB(sasl2, sasl_client_init, [SASL_LIBS="-lsasl2"]) AC_SUBST(SASL_LIBS) dnl --------------------------------------------------------------------------- -dnl - Check for CURL -dnl --------------------------------------------------------------------------- - -CURL_LIBS= -AC_CHECK_HEADER(curl/curl.h, [], [AC_MSG_ERROR([curl/curl.h not found])]) -AC_CHECK_LIB(curl, curl_easy_init, [CURL_LIBS="-lcurl"]) -if test "x$CURL_LIBS" = "x" ; then - AC_MSG_ERROR([curl not found]) -fi -AC_SUBST(CURL_LIBS) - -dnl --------------------------------------------------------------------------- dnl - Check for XMLRPC-C dnl --------------------------------------------------------------------------- diff --git a/freeipa.spec.in b/freeipa.spec.in index 9b5800c..4430a73 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -49,7 +49,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openldap-devel # 1.12: libkrad (http://krbdev.mit.edu/rt/Ticket/Display.html?id=7678) BuildRequires: krb5-devel >= 1.12 -BuildRequires: libcurl-devel # 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation BuildRequires: xmlrpc-c-devel >= 1.27.4 BuildRequires: popt-devel From 606b2ef442648a798c9e108535bbd4f906d194d2 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:32:29 +0200 Subject: [PATCH 7/7] pwpolicy: do not run klist on import On pwpolicy module import, "klist -V" is run to determine if the installed krb5 version supports account lockout (>= 1.8). Remove the check, as we require a krb5 version which does support account lockout (1.12). --- freeipa.spec.in | 1 - ipaserver/plugins/pwpolicy.py | 56 +++++++++++++++---------------------------- 2 files changed, 19 insertions(+), 38 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 4430a73..c91b860 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -91,7 +91,6 @@ BuildRequires: python-lesscpy # # Build dependencies for makeapi/makeaci # -BuildRequires: krb5-workstation BuildRequires: python-ldap BuildRequires: python-nss BuildRequires: python-netaddr diff --git a/ipaserver/plugins/pwpolicy.py b/ipaserver/plugins/pwpolicy.py index e5e68fb..988a526 100644 --- a/ipaserver/plugins/pwpolicy.py +++ b/ipaserver/plugins/pwpolicy.py @@ -31,9 +31,7 @@ from ipalib import _ from ipalib.plugable import Registry from ipalib.request import context -from ipapython.ipautil import run from ipapython.dn import DN -from distutils import version import six @@ -282,40 +280,6 @@ class pwpolicy(LDAPObject): }, } - MIN_KRB5KDC_WITH_LOCKOUT = "1.8" - has_lockout = False - lockout_params = () - - result = run(['klist', '-V'], raiseonerr=False, capture_output=True) - if result.returncode == 0: - verstr = result.output.split()[-1] - ver = version.LooseVersion(verstr) - min = version.LooseVersion(MIN_KRB5KDC_WITH_LOCKOUT) - if ver >= min: - has_lockout = True - - if has_lockout: - lockout_params = ( - Int('krbpwdmaxfailure?', - cli_name='maxfail', - label=_('Max failures'), - doc=_('Consecutive failures before lockout'), - minvalue=0, - ), - Int('krbpwdfailurecountinterval?', - cli_name='failinterval', - label=_('Failure reset interval'), - doc=_('Period after which failure count will be reset (seconds)'), - minvalue=0, - ), - Int('krbpwdlockoutduration?', - cli_name='lockouttime', - label=_('Lockout duration'), - doc=_('Period for which lockout is enforced (seconds)'), - minvalue=0, - ), - ) - label = _('Password Policies') label_singular = _('Password Policy') @@ -365,7 +329,25 @@ class pwpolicy(LDAPObject): minvalue=0, flags=('virtual_attribute',), ), - ) + lockout_params + Int('krbpwdmaxfailure?', + cli_name='maxfail', + label=_('Max failures'), + doc=_('Consecutive failures before lockout'), + minvalue=0, + ), + Int('krbpwdfailurecountinterval?', + cli_name='failinterval', + label=_('Failure reset interval'), + doc=_('Period after which failure count will be reset (seconds)'), + minvalue=0, + ), + Int('krbpwdlockoutduration?', + cli_name='lockouttime', + label=_('Lockout duration'), + doc=_('Period for which lockout is enforced (seconds)'), + minvalue=0, + ), + ) def get_dn(self, *keys, **options): if keys[-1] is not None:
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
