URL: https://github.com/freeipa/freeipa/pull/159 Author: jcholast Title: #159: spec file: clean up BuildRequires Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/159/head:pr159 git checkout pr159
From 01474d0c5d18ad0ca9138a1a98f83fb061148a89 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 12 Oct 2016 13:20:32 +0200 Subject: [PATCH 1/7] spec file: clean up BuildRequires Add missing cyrus-sasl-devel, python-cffi, python-custodia, python-dateutil, python-nose, python-paste, python-sss-murmur, python-sssdconfig and systemd-python BuildRequires. Remove unused custodia, java-headless, m4, policycoreutils, python-kdcproxy, python-rhsm, pyOpenSSL and systemd-units BuildRequires. Correct versioned BuildRequires and provide explanatory comments. https://fedorahosted.org/freeipa/ticket/6418 --- freeipa.spec.in | 127 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 77 insertions(+), 50 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 423884f..2dfe9da 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -38,82 +38,109 @@ URL: http://www.freeipa.org/ Source0: freeipa-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -%if ! %{ONLY_CLIENT} -BuildRequires: 389-ds-base-devel >= 1.3.5.6 -BuildRequires: svrcore-devel -BuildRequires: policycoreutils >= 2.1.12-5 -BuildRequires: systemd-units -BuildRequires: samba-devel >= %{samba_version} -BuildRequires: samba-python -BuildRequires: libtalloc-devel -BuildRequires: libtevent-devel -%endif # ONLY_CLIENT -BuildRequires: nspr-devel -BuildRequires: nss-devel -BuildRequires: openssl-devel BuildRequires: openldap-devel -BuildRequires: krb5-devel >= 1.13 -BuildRequires: krb5-workstation -BuildRequires: libuuid-devel -BuildRequires: libcurl-devel >= 7.21.7-2 +# 1.12: libkrad (http://krbdev.mit.edu/rt/Ticket/Display.html?id=7678) +BuildRequires: krb5-devel >= 1.12 +BuildRequires: libcurl-devel +# 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation BuildRequires: xmlrpc-c-devel >= 1.27.4 BuildRequires: popt-devel BuildRequires: autoconf BuildRequires: automake -BuildRequires: m4 BuildRequires: libtool BuildRequires: gettext BuildRequires: python-devel +%if 0%{?with_python3} +BuildRequires: python3-devel +%endif # with_python3 +# %{_unitdir}, %{_tmpfilesdir} +BuildRequires: systemd +BuildRequires: libini_config-devel +BuildRequires: cyrus-sasl-devel +%if ! %{ONLY_CLIENT} +# 1.3.3.9: DS_Sleep (https://fedorahosted.org/389/ticket/48005) +BuildRequires: 389-ds-base-devel >= 1.3.3.9 +BuildRequires: svrcore-devel +%if 0%{?rhel} +BuildRequires: samba-devel >= 4.0.0 +%else +BuildRequires: samba-devel >= 2:4.0.0 +%endif +BuildRequires: libtalloc-devel +BuildRequires: libtevent-devel +BuildRequires: nspr-devel +BuildRequires: nss-devel +BuildRequires: openssl-devel +BuildRequires: libuuid-devel BuildRequires: python-ldap -BuildRequires: python-setuptools -BuildRequires: python-nss -BuildRequires: python-cryptography >= 0.9 BuildRequires: python-netaddr -BuildRequires: python-gssapi >= 1.1.2 -BuildRequires: python-rhsm -BuildRequires: pyOpenSSL -BuildRequires: pylint >= 1.0 -# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 -BuildRequires: python2-polib -BuildRequires: python-libipa_hbac -BuildRequires: python-memcached -BuildRequires: python-lxml -BuildRequires: python-pyasn1 >= 0.0.9a -BuildRequires: python-qrcode-core >= 5.0.0 -BuildRequires: python-dns >= 1.11.1 +BuildRequires: python-gssapi +BuildRequires: python-dns BuildRequires: libsss_idmap-devel +# 1.14.0: sss_nss_getnamebycert (https://fedorahosted.org/sssd/ticket/2897) BuildRequires: libsss_nss_idmap-devel >= 1.14.0 -BuildRequires: java-headless -BuildRequires: jsl BuildRequires: rhino BuildRequires: libverto-devel -BuildRequires: systemd BuildRequires: libunistring-devel BuildRequires: python-lesscpy -BuildRequires: python-yubico >= 1.2.3 -BuildRequires: openssl-devel -BuildRequires: pki-base >= 10.3.3-3 -BuildRequires: python-pytest-multihost >= 0.5 -BuildRequires: python-pytest-sourceorder -BuildRequires: python-kdcproxy >= 0.3 BuildRequires: python-six -BuildRequires: python-jwcrypto -BuildRequires: custodia -BuildRequires: libini_config-devel >= 1.2.0 +BuildRequires: python-netifaces +%endif # ONLY_CLIENT + +# +# Build dependencies for makeapi/makeaci +# +BuildRequires: krb5-workstation +BuildRequires: python-setuptools +BuildRequires: python-nss +# 0.6: serialization.load_pem_private_key, load_pem_public_key +BuildRequires: python-cryptography >= 0.6 +BuildRequires: python-libipa_hbac +BuildRequires: python-memcached +BuildRequires: python-lxml +BuildRequires: python-pyasn1 +# pki Python package +BuildRequires: pki-base BuildRequires: dbus-python -BuildRequires: python-netifaces >= 0.10.4 BuildRequires: python-libsss_nss_idmap +BuildRequires: python-cffi + +# +# Build dependencies for lint +# +BuildRequires: samba-python +BuildRequires: pylint >= 1.0 +# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 +BuildRequires: python2-polib +# 5.0.0: QRCode.print_ascii +BuildRequires: python-qrcode-core >= 5.0.0 +# 1.11.0: resolver.YXDOMAIN, Resolver.set_flags +BuildRequires: python-dns >= 1.11.0 +BuildRequires: jsl +BuildRequires: python-yubico +# 10.2.1: crypto.NSSCryptoProvider(password_file) +BuildRequires: pki-base >= 10.2.1 +BuildRequires: python-pytest-multihost +BuildRequires: python-pytest-sourceorder +BuildRequires: python-jwcrypto +BuildRequires: python-custodia +BuildRequires: python-dateutil BuildRequires: python-sss +BuildRequires: python-sss-murmur +BuildRequires: python-sssdconfig +BuildRequires: python-nose +BuildRequires: python-paste +BuildRequires: systemd-python +# # Build dependencies for unit tests +# +%if ! %{ONLY_CLIENT} BuildRequires: libcmocka-devel BuildRequires: nss_wrapper # Required by ipa_kdb_tests BuildRequires: %{_libdir}/krb5/plugins/kdb/db2.so - -%if 0%{?with_python3} -BuildRequires: python3-devel -%endif # with_python3 +%endif # ONLY_CLIENT %description IPA is an integrated solution to provide centrally managed Identity (users, From af1794ae569390b75fe269978c1904ab6694b95f Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 12 Oct 2016 13:27:16 +0200 Subject: [PATCH 2/7] spec file: do not include BuildRequires for lint by default Lint is never executed from rpmbuild, so the BuildRequires for lint are purely informational. Include them only if %with_lint RPM macro is specified. Update .travis.yml accordingly. https://fedorahosted.org/freeipa/ticket/6418 --- .travis.yml | 2 +- BUILD.txt | 2 +- freeipa.spec.in | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f221e82..d95eb25 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,4 +13,4 @@ script: - > docker run -v $PWD:/freeipa -w /freeipa martbab/freeipa-fedora-builder:${TRAVIS_BRANCH}-latest - /bin/bash -c 'dnf builddep -y --spec freeipa.spec.in && make rpms' + /bin/bash -c 'dnf builddep -y -D "with_lint 1" --spec freeipa.spec.in && make rpms' diff --git a/BUILD.txt b/BUILD.txt index b5660aa..10faa6f 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -7,7 +7,7 @@ For more information, see http://www.freeipa.org/page/Build The quickest way to get the dependencies needed for building is: -# dnf builddep -b --spec freeipa.spec.in +# dnf builddep -b -D "with_lint 1" --spec freeipa.spec.in or diff --git a/freeipa.spec.in b/freeipa.spec.in index 2dfe9da..c730b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -8,6 +8,9 @@ %global with_python3 1 %endif +# lint is not executed during rpmbuild +# %global with_lint 1 + %global alt_name ipa %if 0%{?rhel} %global samba_version 4.0.5-1 @@ -108,6 +111,7 @@ BuildRequires: python-cffi # # Build dependencies for lint # +%if 0%{?with_lint} BuildRequires: samba-python BuildRequires: pylint >= 1.0 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 @@ -131,6 +135,7 @@ BuildRequires: python-sssdconfig BuildRequires: python-nose BuildRequires: python-paste BuildRequires: systemd-python +%endif # with_lint # # Build dependencies for unit tests From 2f068639e9bed47435ef5cd17d69f775fd3fe1fc Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:37:30 +0200 Subject: [PATCH 3/7] pylint: enable the import-error check Check for import errors with pylint to make sure new python package dependencies are not overlooked. https://fedorahosted.org/freeipa/ticket/6418 --- client/ipa-client-automount | 2 ++ contrib/nssciphersuite/nssciphersuite.py | 5 ++++- install/tools/ipa-replica-manage | 4 +++- ipaclient/ipa_certupdate.py | 2 ++ ipalib/config.py | 2 ++ ipalib/parameters.py | 4 +++- ipalib/rpc.py | 1 + ipapython/config.py | 4 +++- ipapython/cookie.py | 2 ++ ipapython/dogtag.py | 3 +++ ipapython/nsslib.py | 1 + ipapython/secrets/kem.py | 6 +++++- ipapython/sysrestore.py | 2 ++ ipaserver/dcerpc.py | 11 +++++------ ipaserver/install/cainstance.py | 3 +++ ipaserver/install/installutils.py | 2 ++ ipaserver/install/ipa_backup.py | 6 ++++-- ipaserver/install/ipa_replica_prepare.py | 2 ++ ipaserver/install/ipa_restore.py | 2 ++ ipaserver/install/krainstance.py | 2 ++ ipaserver/install/server/upgrade.py | 2 ++ ipaserver/plugins/ldap2.py | 2 +- ipaserver/plugins/trust.py | 6 +++--- ipaserver/rpcserver.py | 4 +++- ipaserver/session.py | 2 ++ ipatests/test_ipalib/test_parameters.py | 4 +++- ipatests/test_ipalib/test_rpc.py | 5 +++-- ipatests/test_ipaserver/httptest.py | 1 + ipatests/test_webui/ui_driver.py | 5 ++++- pylintrc | 2 -- 30 files changed, 75 insertions(+), 24 deletions(-) diff --git a/client/ipa-client-automount b/client/ipa-client-automount index 88adb0a..fc619d0 100755 --- a/client/ipa-client-automount +++ b/client/ipa-client-automount @@ -30,7 +30,9 @@ import tempfile import gssapi import SSSDConfig +# pylint: disable=import-error from six.moves.urllib.parse import urlsplit +# pylint: enable=import-error from optparse import OptionParser from ipalib import api, errors diff --git a/contrib/nssciphersuite/nssciphersuite.py b/contrib/nssciphersuite/nssciphersuite.py index dee05d4..66e2b27 100755 --- a/contrib/nssciphersuite/nssciphersuite.py +++ b/contrib/nssciphersuite/nssciphersuite.py @@ -25,7 +25,10 @@ import operator import re -from urllib.request import urlopen # pylint: disable=no-name-in-module + +# pylint: disable=import-error,no-name-in-module +from urllib.request import urlopen +# pylint: enable=import-error,no-name-in-module SOURCE = "https://git.fedorahosted.org/cgit/mod_nss.git/plain/nss_engine_cipher.c" diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index d9dee9c..5ca7f59 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -28,7 +28,10 @@ import ldap import socket import traceback +# pylint: disable=import-error from six.moves.urllib.parse import urlparse +from six.moves.xmlrpc_client import MAXINT +# pylint: enable=import-error from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils @@ -42,7 +45,6 @@ from ipapython.ipa_log_manager import root_logger, standard_logging_setup from ipapython.dn import DN from ipapython.config import IPAOptionParser from ipaclient import ipadiscovery -from six.moves.xmlrpc_client import MAXINT from ipaplatform.paths import paths # dict of command name and tuples of min/max num of args needed diff --git a/ipaclient/ipa_certupdate.py b/ipaclient/ipa_certupdate.py index 2c6b94f..24cd041 100644 --- a/ipaclient/ipa_certupdate.py +++ b/ipaclient/ipa_certupdate.py @@ -21,7 +21,9 @@ import tempfile import shutil +# pylint: disable=import-error from six.moves.urllib.parse import urlsplit +# pylint: enable=import-error from ipapython import (admintool, ipautil, ipaldap, sysrestore, certmonger, certdb) diff --git a/ipalib/config.py b/ipalib/config.py index a273e3d..cf9e925 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -34,8 +34,10 @@ import sys import six +# pylint: disable=import-error from six.moves.urllib.parse import urlparse, urlunparse from six.moves.configparser import RawConfigParser, ParsingError +# pylint: enable=import-error from ipapython.dn import DN from ipalib.base import check_name diff --git a/ipalib/parameters.py b/ipalib/parameters.py index 1117fbe..073e138 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -103,9 +103,11 @@ import decimal import base64 import datetime -from six.moves.xmlrpc_client import MAXINT, MININT import six +# pylint: disable=import-error +from six.moves.xmlrpc_client import MAXINT, MININT +# pylint: enable=import-error from ipalib.text import _ as ugettext from ipalib.base import check_name diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 19ce0cc..9594ab5 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -76,6 +76,7 @@ from xmlrpclib import (Binary, Fault, DateTime, dumps, loads, ServerProxy, Transport, ProtocolError, MININT, MAXINT) except ImportError: + # pylint: disable=import-error from xmlrpc.client import (Binary, Fault, DateTime, dumps, loads, ServerProxy, Transport, ProtocolError, MININT, MAXINT) diff --git a/ipapython/config.py b/ipapython/config.py index 59e4aa7..8e5708e 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -22,12 +22,14 @@ from dns import resolver, rdatatype from dns.exception import DNSException +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +from six.moves.urllib.parse import urlsplit +# pylint: enable=import-error from ipapython.dn import DN from ipaplatform.paths import paths import dns.name -from six.moves.urllib.parse import urlsplit import socket diff --git a/ipapython/cookie.py b/ipapython/cookie.py index 97f24b2..8abd961 100644 --- a/ipapython/cookie.py +++ b/ipapython/cookie.py @@ -23,7 +23,9 @@ from calendar import timegm import six +# pylint: disable=import-error from six.moves.urllib.parse import urlparse +# pylint: enable=import-error from ipapython.ipa_log_manager import log_mgr diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 179ce6d..f4f1955 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -22,7 +22,9 @@ import nss.nss as nss import six +# pylint: disable=import-error from six.moves.urllib.parse import urlencode +# pylint: enable=import-error from ipalib import api, errors from ipalib.errors import NetworkError @@ -35,6 +37,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib if six.PY3: diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index f9f64c1..08d05fc 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -35,6 +35,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib # NSS database currently open diff --git a/ipapython/secrets/kem.py b/ipapython/secrets/kem.py index fb51e64..7f92c9f 100644 --- a/ipapython/secrets/kem.py +++ b/ipapython/secrets/kem.py @@ -2,8 +2,12 @@ from __future__ import print_function import os -from ipaplatform.paths import paths + +# pylint: disable=import-error from six.moves.configparser import ConfigParser +# pylint: enable=import-error + +from ipaplatform.paths import paths from ipapython.dn import DN from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py index 6257268..b1bf4b9 100644 --- a/ipapython/sysrestore.py +++ b/ipapython/sysrestore.py @@ -30,7 +30,9 @@ import random import six +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipaplatform.tasks import tasks from ipaplatform.paths import paths diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index bd1d8c1..ac13aac 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -44,12 +44,6 @@ import random from cryptography.hazmat.primitives.ciphers import Cipher, algorithms from cryptography.hazmat.backends import default_backend -# pylint: disable=F0401 -try: - from ldap.controls import RequestControl as LDAPControl -except ImportError: - from ldap.controls import LDAPControl as LDAPControl -# pylint: enable=F0401 import ldap as _ldap from ipapython.ipaldap import IPAdmin from ipaserver.session import krbccache_dir, krbccache_prefix @@ -63,6 +57,11 @@ from ldap.filter import escape_filter_chars from time import sleep +try: + from ldap.controls import RequestControl as LDAPControl +except ImportError: + from ldap.controls import LDAPControl as LDAPControl + if six.PY3: unicode = str long = int diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 384abc3..f115624 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -39,8 +39,10 @@ import shlex import pipes +# pylint: disable=import-error from six.moves import urllib from six.moves.configparser import ConfigParser, RawConfigParser +# pylint: enable=import-error from ipalib import api from ipalib import pkcs10, x509 @@ -79,6 +81,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib # We need to reset the template because the CA uses the regular boot diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index f240dc3..8111f18 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -40,7 +40,9 @@ import ldap import ldapurl import six +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser, NoOptionError +# pylint: enable=import-error import ipaplatform diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index e7fefd8..0ebcc35 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -22,11 +22,13 @@ import tempfile import time import pwd -from ipaplatform.paths import paths -from ipaplatform import services +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error +from ipaplatform.paths import paths +from ipaplatform import services from ipalib import api, errors from ipapython import version from ipapython.ipautil import run, write_tmp_file diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index d7ab813..2eef5fe 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -28,7 +28,9 @@ from optparse import OptionGroup, SUPPRESS_HELP import dns.resolver +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipaserver.install import certs, installutils, bindinstance, dsinstance from ipaserver.install.replication import enable_replication_version_checking diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 64ab9e4..ae0b28f 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -25,7 +25,9 @@ import ldif import itertools +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipalib import api, errors from ipalib.constants import FQDN diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 590a840..a2210a2 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -22,7 +22,9 @@ import shutil import tempfile +# pylint: disable=import-error from six.moves.configparser import ConfigParser +# pylint: enable=import-error from ipalib import api from ipalib import x509 diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 0d57e23..18c2a6e 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -14,7 +14,9 @@ import dns.exception import six +# pylint: disable=import-error from six.moves.configparser import SafeConfigParser +# pylint: enable=import-error from ipalib import api import SSSDConfig diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 1793503..1b90573 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -39,7 +39,7 @@ try: - from ldap.controls.simple import GetEffectiveRightsControl #pylint: disable=F0401,E0611 + from ldap.controls.simple import GetEffectiveRightsControl except ImportError: """ python-ldap 2.4.x introduced a new API for effective rights control, which diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py index 5326255..c0c080d 100644 --- a/ipaserver/plugins/trust.py +++ b/ipaserver/plugins/trust.py @@ -49,20 +49,20 @@ unicode = str try: - import pysss_murmur #pylint: disable=F0401 + import pysss_murmur _murmur_installed = True except Exception as e: _murmur_installed = False try: - import pysss_nss_idmap #pylint: disable=F0401 + import pysss_nss_idmap _nss_idmap_installed = True except Exception as e: _nss_idmap_installed = False if api.env.in_server and api.env.context in ['lite', 'server']: try: - import ipaserver.dcerpc # pylint: disable=F0401 + import ipaserver.dcerpc from ipaserver.dcerpc import (TRUST_ONEWAY, TRUST_BIDIRECTIONAL, TRUST_JOIN_EXTERNAL) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index c4f724a..502629f 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -24,7 +24,6 @@ """ from xml.sax.saxutils import escape -from six.moves.xmlrpc_client import Fault import os import datetime import json @@ -36,7 +35,10 @@ from pyasn1.type import univ, namedtype from pyasn1.codec.ber import encoder import six +# pylint: disable=import-error from six.moves.urllib.parse import parse_qs +from six.moves.xmlrpc_client import Fault +# pylint: enable=import-error from ipalib import plugable, errors from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES diff --git a/ipaserver/session.py b/ipaserver/session.py index c5e5fac..85deb15 100644 --- a/ipaserver/session.py +++ b/ipaserver/session.py @@ -22,7 +22,9 @@ import re import time +# pylint: disable=import-error from six.moves.urllib.parse import urlparse +# pylint: enable=import-error from ipalib import errors from ipalib.text import _ diff --git a/ipatests/test_ipalib/test_parameters.py b/ipatests/test_ipalib/test_parameters.py index a23f97d..d0bab40 100644 --- a/ipatests/test_ipalib/test_parameters.py +++ b/ipatests/test_ipalib/test_parameters.py @@ -30,10 +30,12 @@ import sys from decimal import Decimal from inspect import isclass -from six.moves.xmlrpc_client import MAXINT, MININT import pytest import six +# pylint: disable=import-error +from six.moves.xmlrpc_client import MAXINT, MININT +# pylint: enable=import-error from ipatests.util import raises, ClassChecker, read_only from ipatests.util import dummy_ugettext, assert_equal diff --git a/ipatests/test_ipalib/test_rpc.py b/ipatests/test_ipalib/test_rpc.py index cfa1515..80cf2e7 100644 --- a/ipatests/test_ipalib/test_rpc.py +++ b/ipatests/test_ipalib/test_rpc.py @@ -22,10 +22,11 @@ """ from __future__ import print_function -from six.moves.xmlrpc_client import Binary, Fault, dumps, loads - import nose import six +# pylint: disable=import-error +from six.moves.xmlrpc_client import Binary, Fault, dumps, loads +# pylint: enable=import-error from ipatests.util import raises, assert_equal, PluginTester, DummyClass from ipatests.data import binary_bytes, utf8_bytes, unicode_str diff --git a/ipatests/test_ipaserver/httptest.py b/ipatests/test_ipaserver/httptest.py index 75d30af..c816456 100644 --- a/ipatests/test_ipaserver/httptest.py +++ b/ipatests/test_ipaserver/httptest.py @@ -29,6 +29,7 @@ try: import httplib except ImportError: + # pylint: disable=import-error import http.client as httplib class Unauthorized_HTTP_test(object): diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py index d581ad4..4ce3668 100644 --- a/ipatests/test_webui/ui_driver.py +++ b/ipatests/test_webui/ui_driver.py @@ -32,6 +32,10 @@ from functools import wraps from nose.plugins.skip import SkipTest +# pylint: disable=import-error +from six.moves.urllib.error import URLError +# pylint: enable=import-error + try: from selenium import webdriver from selenium.common.exceptions import NoSuchElementException @@ -53,7 +57,6 @@ NO_YAML = False except ImportError: NO_YAML = True -from six.moves.urllib.error import URLError from ipaplatform.paths import paths ENV_MAP = { diff --git a/pylintrc b/pylintrc index 8643f8d..07acb1f 100644 --- a/pylintrc +++ b/pylintrc @@ -18,7 +18,6 @@ enable= disable= I, duplicate-code, - import-error, interface-not-implemented, no-self-use, redefined-variable-type, @@ -33,7 +32,6 @@ disable= too-many-public-methods, too-many-return-statements, too-many-statements, - import-error, abstract-method, anomalous-backslash-in-string, arguments-differ, From 1ee0602cdaa5df01282a61e0afb634f72b1e5c6b Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 12:52:08 +0200 Subject: [PATCH 4/7] ipaserver: remove ipalib import from setup.py Instead of importing ipalib to get IPA version string, create setup.py from a template and have the version string automatically filled in. This makes it possible to build the ipaserver package without having to have ipalib dependencies installed. https://fedorahosted.org/freeipa/ticket/6418 --- freeipa.spec.in | 12 ++++++------ ipaserver/setup.py | 2 -- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index c730b32..5aef391 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -75,10 +75,6 @@ BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: openssl-devel BuildRequires: libuuid-devel -BuildRequires: python-ldap -BuildRequires: python-netaddr -BuildRequires: python-gssapi -BuildRequires: python-dns BuildRequires: libsss_idmap-devel # 1.14.0: sss_nss_getnamebycert (https://fedorahosted.org/sssd/ticket/2897) BuildRequires: libsss_nss_idmap-devel >= 1.14.0 @@ -86,25 +82,29 @@ BuildRequires: rhino BuildRequires: libverto-devel BuildRequires: libunistring-devel BuildRequires: python-lesscpy -BuildRequires: python-six -BuildRequires: python-netifaces %endif # ONLY_CLIENT # # Build dependencies for makeapi/makeaci # BuildRequires: krb5-workstation +BuildRequires: python-ldap BuildRequires: python-setuptools BuildRequires: python-nss # 0.6: serialization.load_pem_private_key, load_pem_public_key BuildRequires: python-cryptography >= 0.6 +BuildRequires: python-netaddr +BuildRequires: python-gssapi BuildRequires: python-libipa_hbac BuildRequires: python-memcached BuildRequires: python-lxml BuildRequires: python-pyasn1 +BuildRequires: python-dns # pki Python package BuildRequires: pki-base +BuildRequires: python-six BuildRequires: dbus-python +BuildRequires: python-netifaces BuildRequires: python-libsss_nss_idmap BuildRequires: python-cffi diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 33b1c51..73afb70 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -28,14 +28,12 @@ # include ../ for ipasetup.py and ipalib sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -import ipalib # noqa: E402 from ipasetup import ipasetup # noqa: E402 ipasetup( name='freeipa', doc=__doc__, - version=ipalib.__version__, package_dir={'ipaserver': ''}, packages=[ 'ipaserver', From 3e1717dc0762ed461dc3c91f9e3f8d6f16ee48fb Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:36:12 +0200 Subject: [PATCH 5/7] makeapi, makeaci: do not fail on missing imports Add import hook to makeapi and makeaci which makes them ignore import errors in modules in our source tree and instead print a warning. This makes it possible to build IPA without having to have most of our runtime dependencies installed. https://fedorahosted.org/freeipa/ticket/6418 --- freeipa.spec.in | 21 ++++++------ ignore_import_errors.py | 87 +++++++++++++++++++++++++++++++++++++++++++++++++ makeaci | 2 ++ makeapi | 3 ++ 4 files changed, 102 insertions(+), 11 deletions(-) create mode 100644 ignore_import_errors.py diff --git a/freeipa.spec.in b/freeipa.spec.in index 5aef391..debbdf1 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -89,22 +89,11 @@ BuildRequires: python-lesscpy # BuildRequires: krb5-workstation BuildRequires: python-ldap -BuildRequires: python-setuptools BuildRequires: python-nss -# 0.6: serialization.load_pem_private_key, load_pem_public_key -BuildRequires: python-cryptography >= 0.6 BuildRequires: python-netaddr -BuildRequires: python-gssapi -BuildRequires: python-libipa_hbac -BuildRequires: python-memcached -BuildRequires: python-lxml BuildRequires: python-pyasn1 BuildRequires: python-dns -# pki Python package -BuildRequires: pki-base BuildRequires: python-six -BuildRequires: dbus-python -BuildRequires: python-netifaces BuildRequires: python-libsss_nss_idmap BuildRequires: python-cffi @@ -113,22 +102,32 @@ BuildRequires: python-cffi # %if 0%{?with_lint} BuildRequires: samba-python +BuildRequires: python-setuptools +# 0.6: serialization.load_pem_private_key, load_pem_public_key +BuildRequires: python-cryptography >= 0.6 +BuildRequires: python-gssapi BuildRequires: pylint >= 1.0 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 BuildRequires: python2-polib +BuildRequires: python-libipa_hbac +BuildRequires: python-memcached +BuildRequires: python-lxml # 5.0.0: QRCode.print_ascii BuildRequires: python-qrcode-core >= 5.0.0 # 1.11.0: resolver.YXDOMAIN, Resolver.set_flags BuildRequires: python-dns >= 1.11.0 BuildRequires: jsl BuildRequires: python-yubico +# pki Python package # 10.2.1: crypto.NSSCryptoProvider(password_file) BuildRequires: pki-base >= 10.2.1 BuildRequires: python-pytest-multihost BuildRequires: python-pytest-sourceorder BuildRequires: python-jwcrypto BuildRequires: python-custodia +BuildRequires: dbus-python BuildRequires: python-dateutil +BuildRequires: python-netifaces BuildRequires: python-sss BuildRequires: python-sss-murmur BuildRequires: python-sssdconfig diff --git a/ignore_import_errors.py b/ignore_import_errors.py new file mode 100644 index 0000000..4ee6ee9 --- /dev/null +++ b/ignore_import_errors.py @@ -0,0 +1,87 @@ +# +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license +# + +""" +ImportError ignoring import hook. +""" + +from __future__ import print_function + +import imp +import inspect +import os.path +import sys + +DIRNAME = os.path.dirname(os.path.abspath(__file__)) + + +class FailedImport(object): + def __init__(self, loader, name): + self.__file__ = __file__ + self.__name__ = name + self.__path__ = [] + self.__loader__ = loader + self.__package__ = name + + def __repr__(self): + return '<failed import {!r}>'.format(self.__name__) + + +class IgnoringImporter(object): + def find_module(self, fullname, path=None): + parentname, dot, name = fullname.rpartition('.') + assert (not dot and path is None) or (dot and path is not None) + + # check if the module can be found + try: + file, _filename, _description = imp.find_module(name, path) + except ImportError: + pass + else: + if file is not None: + file.close() + # it can be found, do normal import + return None + + # check if the parent module import failed + if dot and isinstance(sys.modules[parentname], FailedImport): + # it did fail, so this import will fail as well + return self + + # find out from where are we importing + if path is None: + path = sys.path + for pathname in path: + pathname = os.path.abspath(pathname) + if not pathname.startswith(DIRNAME): + break + else: + # importing from our source tree, do normal import + return None + + # find out into what .py file are we importing + frame = inspect.currentframe().f_back + filename = frame.f_code.co_filename + if filename.startswith('<'): + # not a file, do normal import + return None + filename = os.path.abspath(filename) + if not filename.startswith(DIRNAME): + # not a file in our source tree, do normal import + return None + + return self + + def load_module(self, fullname): + frame = inspect.currentframe().f_back + print("{}: {}:{}: ignoring ImportError: No module named {}".format( + sys.argv[0], + os.path.relpath(frame.f_code.co_filename), + frame.f_lineno, + fullname)) + + return sys.modules.setdefault(fullname, FailedImport(self, fullname)) + + +sys.meta_path.insert(0, IgnoringImporter()) diff --git a/makeaci b/makeaci index 6673112..98b199c 100755 --- a/makeaci +++ b/makeaci @@ -30,6 +30,8 @@ import sys import difflib from argparse import ArgumentParser +import ignore_import_errors # pylint: disable=unused-import + from ipalib import api from ipapython.dn import DN from ipapython.ipaldap import LDAPClient diff --git a/makeapi b/makeapi index 38ae166..a02a491 100755 --- a/makeapi +++ b/makeapi @@ -32,6 +32,9 @@ import os import re import inspect import operator + +import ignore_import_errors # pylint: disable=unused-import + from ipalib import api from ipalib.parameters import Param from ipalib.output import Output From 5b83fdee239c7b5f20ba0df6c2dbfee6c90d9ee7 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:31:36 +0200 Subject: [PATCH 6/7] client: remove unused libcurl build dependency The configure script checks for libcurl, but it is never actually used anywhere. https://fedorahosted.org/freeipa/ticket/6418 --- client/Makefile.am | 1 - configure.ac | 5 ----- freeipa.spec.in | 1 - 3 files changed, 7 deletions(-) diff --git a/client/Makefile.am b/client/Makefile.am index d5730aa..30adafd 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -86,7 +86,6 @@ ipa_join_LDADD = \ $(KRB5_LIBS) \ $(LDAP_LIBS) \ $(SASL_LIBS) \ - $(CURL_LIBS) \ $(XMLRPC_LIBS) \ $(POPT_LIBS) \ $(LIBINTL_LIBS) \ diff --git a/configure.ac b/configure.ac index 1f4865c..b9f424e 100644 --- a/configure.ac +++ b/configure.ac @@ -217,11 +217,6 @@ dnl --------------------------------------------------------------------------- PKG_CHECK_MODULES([SASL], [libsasl2]) dnl --------------------------------------------------------------------------- -dnl - Check for CURL -dnl --------------------------------------------------------------------------- -PKG_CHECK_MODULES([CURL], [libcurl]) - -dnl --------------------------------------------------------------------------- dnl - Check for XMLRPC-C dnl --------------------------------------------------------------------------- PKG_CHECK_MODULES([XMLRPC], [xmlrpc_client]) diff --git a/freeipa.spec.in b/freeipa.spec.in index debbdf1..036e76e 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -44,7 +44,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openldap-devel # 1.12: libkrad (http://krbdev.mit.edu/rt/Ticket/Display.html?id=7678) BuildRequires: krb5-devel >= 1.12 -BuildRequires: libcurl-devel # 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation BuildRequires: xmlrpc-c-devel >= 1.27.4 BuildRequires: popt-devel From 4cfdd9cbde2ee181a62afc55e027dc32f4013980 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 24 Aug 2016 13:32:29 +0200 Subject: [PATCH 7/7] pwpolicy: do not run klist on import On pwpolicy module import, "klist -V" is run to determine if the installed krb5 version supports account lockout (>= 1.8). Remove the check, as we require a krb5 version which does support account lockout (1.12). https://fedorahosted.org/freeipa/ticket/6418 --- freeipa.spec.in | 1 - ipaserver/plugins/pwpolicy.py | 59 ++++++++++++++++--------------------------- 2 files changed, 22 insertions(+), 38 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 036e76e..7d55a71 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -86,7 +86,6 @@ BuildRequires: python-lesscpy # # Build dependencies for makeapi/makeaci # -BuildRequires: krb5-workstation BuildRequires: python-ldap BuildRequires: python-nss BuildRequires: python-netaddr diff --git a/ipaserver/plugins/pwpolicy.py b/ipaserver/plugins/pwpolicy.py index e5e68fb..d0e6b19 100644 --- a/ipaserver/plugins/pwpolicy.py +++ b/ipaserver/plugins/pwpolicy.py @@ -31,9 +31,7 @@ from ipalib import _ from ipalib.plugable import Registry from ipalib.request import context -from ipapython.ipautil import run from ipapython.dn import DN -from distutils import version import six @@ -282,40 +280,6 @@ class pwpolicy(LDAPObject): }, } - MIN_KRB5KDC_WITH_LOCKOUT = "1.8" - has_lockout = False - lockout_params = () - - result = run(['klist', '-V'], raiseonerr=False, capture_output=True) - if result.returncode == 0: - verstr = result.output.split()[-1] - ver = version.LooseVersion(verstr) - min = version.LooseVersion(MIN_KRB5KDC_WITH_LOCKOUT) - if ver >= min: - has_lockout = True - - if has_lockout: - lockout_params = ( - Int('krbpwdmaxfailure?', - cli_name='maxfail', - label=_('Max failures'), - doc=_('Consecutive failures before lockout'), - minvalue=0, - ), - Int('krbpwdfailurecountinterval?', - cli_name='failinterval', - label=_('Failure reset interval'), - doc=_('Period after which failure count will be reset (seconds)'), - minvalue=0, - ), - Int('krbpwdlockoutduration?', - cli_name='lockouttime', - label=_('Lockout duration'), - doc=_('Period for which lockout is enforced (seconds)'), - minvalue=0, - ), - ) - label = _('Password Policies') label_singular = _('Password Policy') @@ -365,7 +329,28 @@ class pwpolicy(LDAPObject): minvalue=0, flags=('virtual_attribute',), ), - ) + lockout_params + Int( + 'krbpwdmaxfailure?', + cli_name='maxfail', + label=_('Max failures'), + doc=_('Consecutive failures before lockout'), + minvalue=0, + ), + Int( + 'krbpwdfailurecountinterval?', + cli_name='failinterval', + label=_('Failure reset interval'), + doc=_('Period after which failure count will be reset (seconds)'), + minvalue=0, + ), + Int( + 'krbpwdlockoutduration?', + cli_name='lockouttime', + label=_('Lockout duration'), + doc=_('Period for which lockout is enforced (seconds)'), + minvalue=0, + ), + ) def get_dn(self, *keys, **options): if keys[-1] is not None:
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code