[Freeipa-devel] [freeipa PR#732][synchronized] ipa-custodia: use Dogtag's alias/pwdfile.txt
URL: https://github.com/freeipa/freeipa/pull/732 Author: tiran Title: #732: ipa-custodia: use Dogtag's alias/pwdfile.txt Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/732/head:pr732 git checkout pr732 From cef8775779bddf5dd645f004f7e7148e0ca4b593 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 25 Apr 2017 14:52:35 +0200 Subject: [PATCH] ipa-custodia: use Dogtag's alias/pwdfile.txt /etc/pki/pki-tomcat/password.conf contains additional passwords like replicadb. ipa-custodia does not need these passwords. /etc/pki/pki-tomcat/alias/pwdfile.txt holds the passphrase for Tomcat's NSSDB. The file also simplifies implementation because it removes another temporary file. pwdfile.txt is created by CAInstance.create_certstore_passwdfile() Related: https://pagure.io/freeipa/issue/6888 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaplatform/base/paths.py | 1 + ipaserver/secrets/store.py | 34 +++--- 2 files changed, 8 insertions(+), 27 deletions(-) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 2d37c71..6c64bd6 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -93,6 +93,7 @@ class BasePathNamespace(object): NSS_DB_DIR = "/etc/pki/nssdb" PKI_TOMCAT = "/etc/pki/pki-tomcat" PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias" +PKI_TOMCAT_ALIAS_PWDFILE_TXT = "/etc/pki/pki-tomcat/alias/pwdfile.txt" PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf" ETC_REDHAT_RELEASE = "/etc/redhat-release" RESOLV_CONF = "/etc/resolv.conf" diff --git a/ipaserver/secrets/store.py b/ipaserver/secrets/store.py index 56cbfbc..43502c2 100644 --- a/ipaserver/secrets/store.py +++ b/ipaserver/secrets/store.py @@ -34,17 +34,6 @@ def log_error(error): print(error, file=sys.stderr) -def PKI_TOMCAT_password_callback(): -password = None -with open(paths.PKI_TOMCAT_PASSWORD_CONF) as f: -for line in f.readlines(): -key, value = line.strip().split('=') -if key == 'internal': -password = value -break -return password - - class NSSWrappedCertDB(DBMAPHandler): ''' Store that extracts private keys from an NSSDB, wrapped with the @@ -62,20 +51,17 @@ def __init__(self, config, dbmap, nickname): raise ValueError( 'Configuration does not provide nickname of wrapping key') self.nssdb_path = dbmap['path'] -self.nssdb_password = dbmap['pwcallback']() +self.nssdb_pwdfile = dbmap['pwdfile'] self.wrap_nick = dbmap['wrap_nick'] self.target_nick = nickname def export_key(self): tdir = tempfile.mkdtemp(dir=paths.TMP) try: -nsspwfile = os.path.join(tdir, 'nsspwfile') -with open(nsspwfile, 'w+') as f: -f.write(self.nssdb_password) wrapped_key_file = os.path.join(tdir, 'wrapped_key') certificate_file = os.path.join(tdir, 'certificate') ipautil.run([ -paths.PKI, '-d', self.nssdb_path, '-C', nsspwfile, +paths.PKI, '-d', self.nssdb_path, '-C', self.nssdb_pwdfile, 'ca-authority-key-export', '--wrap-nickname', self.wrap_nick, '--target-nickname', self.target_nick, @@ -106,15 +92,12 @@ def __init__(self, config, dbmap, nickname): if 'pwcallback' not in dbmap: raise ValueError('Configuration does not provide Password Calback') self.nssdb_path = dbmap['path'] +self.nssdb_pwdfile = dbmap['pwdfile'] self.nickname = nickname -self.nssdb_password = dbmap['pwcallback']() def export_key(self): tdir = tempfile.mkdtemp(dir=paths.TMP) try: -nsspwfile = os.path.join(tdir, 'nsspwfile') -with open(nsspwfile, 'w+') as f: -f.write(self.nssdb_password) pk12pwfile = os.path.join(tdir, 'pk12pwfile') password = ipautil.ipa_generate_password() with open(pk12pwfile, 'w+') as f: @@ -124,7 +107,7 @@ def export_key(self): "-d", self.nssdb_path, "-o", pk12file, "-n", self.nickname, - "-k", nsspwfile, + "-k", self.nssdb_pwdfile, "-w", pk12pwfile]) with open(pk12file, 'r') as f: data = f.read() @@ -137,9 +120,6 @@ def import_key(self, value): v = json_decode(value) tdir = tempfile.mkdtemp(dir=paths.TMP) try: -nsspwfile = os.path.join(tdir, 'nsspwfile') -
[Freeipa-devel] [freeipa PR#379][synchronized] Packaging: Add IPA commands package
URL: https://github.com/freeipa/freeipa/pull/379 Author: tiran Title: #379: Packaging: Add IPA commands package Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/379/head:pr379 git checkout pr379 From 0544a3834cb23d0664300d1f577a1d30ccc59610 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 16 Feb 2017 15:27:49 +0100 Subject: [PATCH] Packaging: Add IPA commands package The ipacommands package contains ipa-getkeytab and ipa-rmkeytab for installation in a virtual env. The programs are compiled with distutils / setuptools. https://fedorahosted.org/freeipa/ticket/6484 Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 7 ++ Makefile.am | 2 + configure.ac | 1 + pypi/Makefile.am | 1 + pypi/ipacommands/MANIFEST.in | 25 ++ pypi/ipacommands/Makefile.am | 79 ++ pypi/ipacommands/setup.cfg | 5 ++ pypi/ipacommands/setup.py| 194 +++ 8 files changed, 314 insertions(+) create mode 100644 pypi/ipacommands/MANIFEST.in create mode 100644 pypi/ipacommands/Makefile.am create mode 100644 pypi/ipacommands/setup.cfg create mode 100644 pypi/ipacommands/setup.py diff --git a/.gitignore b/.gitignore index 8b57dbc..e18bcf0 100644 --- a/.gitignore +++ b/.gitignore @@ -117,3 +117,10 @@ freeipa2-dev-doc /ipaplatform/paths.py /ipaplatform/services.py /ipaplatform/tasks.py + +/pypi/ipacommands/COPYING +/pypi/ipacommands/Contributors.txt +/pypi/ipacommands/asn1 +/pypi/ipacommands/client +/pypi/ipacommands/ipasetup.py +/pypi/ipacommands/util diff --git a/Makefile.am b/Makefile.am index cbe4f2d..b395033 100644 --- a/Makefile.am +++ b/Makefile.am @@ -285,6 +285,8 @@ bdist_wheel: $(WHEELDISTDIR) for dir in $(IPA_WHEEL_PACKAGES) ipatests; do \ $(MAKE) $(AM_MAKEFLAGS) -C $${dir} $@ || exit 1; \ done + rm -f $(WHEELDISTDIR)/ipacommands-*.tar.gz + $(MAKE) $(AM_MAKEFLAGS) -C pypi/ipacommands sdist || exit 1; wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELBUNDLEDIR)/$(item)-*.whl) diff --git a/configure.ac b/configure.ac index c43759c..24e9408 100644 --- a/configure.ac +++ b/configure.ac @@ -593,6 +593,7 @@ AC_CONFIG_FILES([ pypi/Makefile pypi/freeipa/Makefile pypi/ipa/Makefile +pypi/ipacommands/Makefile pypi/ipaplatform/Makefile pypi/ipaserver/Makefile pypi/ipatests/Makefile diff --git a/pypi/Makefile.am b/pypi/Makefile.am index 5d8be9c..be572c6 100644 --- a/pypi/Makefile.am +++ b/pypi/Makefile.am @@ -7,6 +7,7 @@ NULL = SUBDIRS = \ freeipa \ ipa\ + ipacommands \ ipaplatform \ ipaserver \ ipatests \ diff --git a/pypi/ipacommands/MANIFEST.in b/pypi/ipacommands/MANIFEST.in new file mode 100644 index 000..659a1f5 --- /dev/null +++ b/pypi/ipacommands/MANIFEST.in @@ -0,0 +1,25 @@ +include asn1/*.c +include asn1/*.h +include asn1/asn1c/*.c +include asn1/asn1c/*.h +include asn1/asn1c/ipa.asn1 + +include client/config.c +include client/config.h +include client/ipa-client-common.c +include client/ipa-client-common.h +include client/ipa-getkeytab.c +include client/ipa-join.c +include client/ipa-rmkeytab.c + +include util/ipa_krb5.c +include util/ipa_krb5.h + +prune client/asn1 +prune client/client +prune client/util + +include Contributors.txt COPYING +include config.h +include ipasetup.py +include setup.cfg diff --git a/pypi/ipacommands/Makefile.am b/pypi/ipacommands/Makefile.am new file mode 100644 index 000..645ce7a --- /dev/null +++ b/pypi/ipacommands/Makefile.am @@ -0,0 +1,79 @@ +# This file will be processed with automake-1.7 to create Makefile.in +# +AUTOMAKE_OPTIONS = 1.7 + +NULL = + +pkgname = $(shell basename "$(abs_srcdir)") + +# hack to handle back-in-the-hierarchy depedency on ipasetup.py +.PHONY: $(top_builddir)/ipasetup.py +$(top_builddir)/ipasetup.py: + (cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) ipasetup.py) + +DEPENDENCIES = \ + asn1\ + client\ + util\ + COPYING\ + Contributors.txt \ + config.h \ + ipasetup.py \ + $(NULL) + +# Python setup.py can handle symlinks to directories fine +asn1: $(top_srcdir)/asn1 + if [ ! -e "$@" ]; then ln -rs "$<"; fi + +client: $(top_srcdir)/client + if [ ! -e "$@" ]; then ln -rs "$<"; fi + +util: $(top_srcdir)/util + if [ ! -e "$@" ]; then ln -rs "$<"; fi + +# On the other hand files must be copied to create proper sdist +COPYING: $(top_srcdir)/COPYING + cp -p "$<" "$@" + +Contributors.txt: $(top_srcdir)/Contributors.txt + cp -p "$<" "$@" + +ipasetup.py: $(top_builddir)/ipasetup.py + cp -p "$<" "$@" + +config.h: $(top_builddir)/config.h + cp -p "$<" "$@&q
[Freeipa-devel] [freeipa PR#772][comment] Travis CI: explicitly update pip before running the builds
URL: https://github.com/freeipa/freeipa/pull/772 Title: #772: Travis CI: explicitly update pip before running the builds tiran commented: """ Needs to be merged into 4.5. """ See the full comment at https://github.com/freeipa/freeipa/pull/772#issuecomment-300255483 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#772][+blocker] Travis CI: explicitly update pip before running the builds
URL: https://github.com/freeipa/freeipa/pull/772 Title: #772: Travis CI: explicitly update pip before running the builds Label: +blocker -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#772][+ack] Travis CI: explicitly update pip before running the builds
URL: https://github.com/freeipa/freeipa/pull/772 Title: #772: Travis CI: explicitly update pip before running the builds Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#760][comment] [4.4] Run ipa-custodia under Python 2
URL: https://github.com/freeipa/freeipa/pull/760 Title: #760: [4.4] Run ipa-custodia under Python 2 tiran commented: """ @tomaskrizek yes, custodia 0.5 will no longer have the restriction. """ See the full comment at https://github.com/freeipa/freeipa/pull/760#issuecomment-300173956 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#760][comment] [4.4] Run ipa-custodia under Python 2
URL: https://github.com/freeipa/freeipa/pull/760 Title: #760: [4.4] Run ipa-custodia under Python 2 tiran commented: """ The patch doesn't work with custodia 0.1. It needs at least 0.2.0-1. """ See the full comment at https://github.com/freeipa/freeipa/pull/760#issuecomment-300143282 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#760][synchronized] [4.4] Run ipa-custodia under Python 2
URL: https://github.com/freeipa/freeipa/pull/760 Author: tiran Title: #760: [4.4] Run ipa-custodia under Python 2 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/760/head:pr760 git checkout pr760 From c804d46f1faa265a6951e782213f63ae2e051ede Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 3 May 2017 16:38:21 +0200 Subject: [PATCH] Run ipa-custodia under Python 2 Closes: https://pagure.io/freeipa/issue/6926 Signed-off-by: Christian Heimes <chei...@redhat.com> --- freeipa.spec.in | 10 ++ init/systemd/ipa-custodia.service | 3 +-- install/tools/Makefile.am | 1 + install/tools/ipa-custodia| 6 ++ 4 files changed, 14 insertions(+), 6 deletions(-) create mode 100755 install/tools/ipa-custodia diff --git a/freeipa.spec.in b/freeipa.spec.in index e0f1df2..21f2416 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -112,7 +112,8 @@ BuildRequires: python-pytest-sourceorder BuildRequires: python-kdcproxy >= 0.3 BuildRequires: python-six BuildRequires: python-jwcrypto -BuildRequires: custodia +# install/tools/ipa-custodia needs custodia 0.2+ +BuildRequires: custodia >= 0.2 BuildRequires: libini_config-devel >= 1.2.0 BuildRequires: dbus-python BuildRequires: python-netifaces >= 0.10.4 @@ -246,7 +247,7 @@ BuildArch: noarch Requires: %{name}-client-common = %{version}-%{release} Requires: httpd >= 2.4.6-31 Requires: systemd-units >= 38 -Requires: custodia +Requires: custodia >= 0.2 Provides: %{alt_name}-server-common = %{version} Conflicts: %{alt_name}-server-common @@ -498,7 +499,7 @@ Requires: python-jwcrypto Requires: python-cffi Requires: python-ldap >= 2.4.15 Requires: python-requests -Requires: python-custodia +Requires: python-custodia >= 0.2 Requires: python-dns >= 1.13 Requires: python-netifaces >= 0.10.4 Requires: pyusb @@ -546,7 +547,7 @@ Requires: python3-six Requires: python3-jwcrypto Requires: python3-cffi Requires: python3-pyldap >= 2.4.15 -Requires: python3-custodia +Requires: python3-custodia >= 0.2 Requires: python3-requests Requires: python3-dns >= 1.11.1 Requires: python3-netifaces >= 0.10.4 @@ -1069,6 +1070,7 @@ fi %{_libexecdir}/certmonger/ipa-server-guard %{_libexecdir}/ipa-otpd %dir %{_libexecdir}/ipa +%{_libexecdir}/ipa/ipa-custodia %{_libexecdir}/ipa/ipa-dnskeysyncd %{_libexecdir}/ipa/ipa-dnskeysync-replica %{_libexecdir}/ipa/ipa-ods-exporter diff --git a/init/systemd/ipa-custodia.service b/init/systemd/ipa-custodia.service index ff930fb..63246c4 100644 --- a/init/systemd/ipa-custodia.service +++ b/init/systemd/ipa-custodia.service @@ -3,8 +3,7 @@ Description=IPA Custodia Service [Service] Type=simple - -ExecStart=/usr/sbin/custodia /etc/ipa/custodia/custodia.conf +ExecStart=/usr/libexec/ipa/ipa-custodia /etc/ipa/custodia/custodia.conf PrivateTmp=yes Restart=on-failure RestartSec=60s diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index 2866a30..66ee9e3 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -38,6 +38,7 @@ EXTRA_DIST = \ appdir = $(libexecdir)/ipa/ app_SCRIPTS = \ + ipa-custodia \ ipa-httpd-kdcproxy \ ipa-pki-retrieve-key \ $(NULL) diff --git a/install/tools/ipa-custodia b/install/tools/ipa-custodia new file mode 100755 index 000..2086a9c --- /dev/null +++ b/install/tools/ipa-custodia @@ -0,0 +1,6 @@ +#!/usr/bin/python2 +# Copyright (C) 2017 IPA Project Contributors, see COPYING for license +from custodia.server import main + +if __name__ == '__main__': +main() -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#760][synchronized] [4.4] Run ipa-custodia under Python 2
URL: https://github.com/freeipa/freeipa/pull/760 Author: tiran Title: #760: [4.4] Run ipa-custodia under Python 2 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/760/head:pr760 git checkout pr760 From d30ea463bc0671af542e7d86ec9d753209b7dfa6 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 3 May 2017 16:38:21 +0200 Subject: [PATCH] Run ipa-custodia under Python 2 Closes: https://pagure.io/freeipa/issue/6926 Signed-off-by: Christian Heimes <chei...@redhat.com> --- freeipa.spec.in | 9 + init/systemd/ipa-custodia.service | 3 +-- install/tools/Makefile.am | 1 + install/tools/ipa-custodia| 6 ++ 4 files changed, 13 insertions(+), 6 deletions(-) create mode 100755 install/tools/ipa-custodia diff --git a/freeipa.spec.in b/freeipa.spec.in index e0f1df2..0b0761b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -112,7 +112,7 @@ BuildRequires: python-pytest-sourceorder BuildRequires: python-kdcproxy >= 0.3 BuildRequires: python-six BuildRequires: python-jwcrypto -BuildRequires: custodia +BuildRequires: custodia > 0.2 BuildRequires: libini_config-devel >= 1.2.0 BuildRequires: dbus-python BuildRequires: python-netifaces >= 0.10.4 @@ -246,7 +246,7 @@ BuildArch: noarch Requires: %{name}-client-common = %{version}-%{release} Requires: httpd >= 2.4.6-31 Requires: systemd-units >= 38 -Requires: custodia +Requires: custodia > 0.2 Provides: %{alt_name}-server-common = %{version} Conflicts: %{alt_name}-server-common @@ -498,7 +498,7 @@ Requires: python-jwcrypto Requires: python-cffi Requires: python-ldap >= 2.4.15 Requires: python-requests -Requires: python-custodia +Requires: python-custodia > 0.2 Requires: python-dns >= 1.13 Requires: python-netifaces >= 0.10.4 Requires: pyusb @@ -546,7 +546,7 @@ Requires: python3-six Requires: python3-jwcrypto Requires: python3-cffi Requires: python3-pyldap >= 2.4.15 -Requires: python3-custodia +Requires: python3-custodia > 0.2 Requires: python3-requests Requires: python3-dns >= 1.11.1 Requires: python3-netifaces >= 0.10.4 @@ -1069,6 +1069,7 @@ fi %{_libexecdir}/certmonger/ipa-server-guard %{_libexecdir}/ipa-otpd %dir %{_libexecdir}/ipa +%{_libexecdir}/ipa/ipa-custodia %{_libexecdir}/ipa/ipa-dnskeysyncd %{_libexecdir}/ipa/ipa-dnskeysync-replica %{_libexecdir}/ipa/ipa-ods-exporter diff --git a/init/systemd/ipa-custodia.service b/init/systemd/ipa-custodia.service index ff930fb..63246c4 100644 --- a/init/systemd/ipa-custodia.service +++ b/init/systemd/ipa-custodia.service @@ -3,8 +3,7 @@ Description=IPA Custodia Service [Service] Type=simple - -ExecStart=/usr/sbin/custodia /etc/ipa/custodia/custodia.conf +ExecStart=/usr/libexec/ipa/ipa-custodia /etc/ipa/custodia/custodia.conf PrivateTmp=yes Restart=on-failure RestartSec=60s diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index 2866a30..66ee9e3 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -38,6 +38,7 @@ EXTRA_DIST = \ appdir = $(libexecdir)/ipa/ app_SCRIPTS = \ + ipa-custodia \ ipa-httpd-kdcproxy \ ipa-pki-retrieve-key \ $(NULL) diff --git a/install/tools/ipa-custodia b/install/tools/ipa-custodia new file mode 100755 index 000..2086a9c --- /dev/null +++ b/install/tools/ipa-custodia @@ -0,0 +1,6 @@ +#!/usr/bin/python2 +# Copyright (C) 2017 IPA Project Contributors, see COPYING for license +from custodia.server import main + +if __name__ == '__main__': +main() -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][synchronized] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From de75aafdb0de58e57d452b1bc6b69d60d56dfd50 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 29 Mar 2017 11:20:21 +0200 Subject: [PATCH] Slim down dependencies * Make jinja2 an optional dependency and csrgen an optional plugin * Make otptoken_yubikey an optional plugin Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/plugins/csrgen.py | 10 -- ipaclient/plugins/otptoken_yubikey.py | 11 --- ipaclient/setup.py| 3 +-- tox.ini | 4 ++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py index 568a79f..d18a90c 100644 --- a/ipaclient/plugins/csrgen.py +++ b/ipaclient/plugins/csrgen.py @@ -6,8 +6,6 @@ import six -from ipaclient import csrgen -from ipaclient import csrgen_ffi from ipalib import api from ipalib import errors from ipalib import output @@ -18,6 +16,14 @@ from ipalib.text import _ from ipapython import dogtag +try: +import jinja2 # pylint: disable=unused-import +except ImportError: +raise errors.SkipPluginModule(reason=_("jinja2 is not installed.")) +else: +from ipaclient import csrgen +from ipaclient import csrgen_ffi + if six.PY3: unicode = str diff --git a/ipaclient/plugins/otptoken_yubikey.py b/ipaclient/plugins/otptoken_yubikey.py index 759b722..9993ec8 100644 --- a/ipaclient/plugins/otptoken_yubikey.py +++ b/ipaclient/plugins/otptoken_yubikey.py @@ -20,15 +20,20 @@ import os import six -import usb.core -import yubico from ipalib import _, api, IntEnum -from ipalib.errors import NotFound +from ipalib.errors import NotFound, SkipPluginModule from ipalib.frontend import Command, Method, Object from ipalib.plugable import Registry from ipalib.util import classproperty +try: +import usb.core +import yubico +except ImportError: +# python-yubico depends on pyusb +raise SkipPluginModule(reason=_("python-yubico is not installed.")) + if six.PY3: unicode = str diff --git a/ipaclient/setup.py b/ipaclient/setup.py index 0140fd5..ac947e7 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -50,11 +50,9 @@ ], }, install_requires=[ -"cffi", "cryptography", "ipalib", "ipapython", -"jinja2", "qrcode", "six", ], @@ -66,6 +64,7 @@ extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["python-yubico", "pyusb"], +"csrgen": ["cffi", "jinja2"], }, zip_safe=False, ) diff --git a/tox.ini b/tox.ini index ccface9..931b125 100644 --- a/tox.ini +++ b/tox.ini @@ -13,7 +13,7 @@ changedir={envdir} setenv= HOME={envtmpdir} deps= -ipaclient +ipaclient[csrgen] ipatests commands= {envbindir}/ipa --help @@ -22,7 +22,7 @@ commands= [testenv:pylint2] basepython=python2.7 deps= -ipaclient[otptoken_yubikey] +ipaclient[csrgen,otptoken_yubikey] pylint commands= {envpython} -m pylint \ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#760][opened] Run ipa-custodia under Python 2
URL: https://github.com/freeipa/freeipa/pull/760 Author: tiran Title: #760: Run ipa-custodia under Python 2 Action: opened PR body: """ Closes: https://pagure.io/freeipa/issue/6926 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/760/head:pr760 git checkout pr760 From ad4a281c3543d69f9b27f0b7450efcb639286e97 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 3 May 2017 16:38:21 +0200 Subject: [PATCH] Run ipa-custodia under Python 2 Closes: https://pagure.io/freeipa/issue/6926 Signed-off-by: Christian Heimes <chei...@redhat.com> --- freeipa.spec.in | 9 + init/systemd/ipa-custodia.service | 3 +-- install/tools/Makefile.am | 1 + install/tools/ipa-custodia| 6 ++ 4 files changed, 13 insertions(+), 6 deletions(-) create mode 100755 install/tools/ipa-custodia diff --git a/freeipa.spec.in b/freeipa.spec.in index e0f1df2..0b0761b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -112,7 +112,7 @@ BuildRequires: python-pytest-sourceorder BuildRequires: python-kdcproxy >= 0.3 BuildRequires: python-six BuildRequires: python-jwcrypto -BuildRequires: custodia +BuildRequires: custodia > 0.2 BuildRequires: libini_config-devel >= 1.2.0 BuildRequires: dbus-python BuildRequires: python-netifaces >= 0.10.4 @@ -246,7 +246,7 @@ BuildArch: noarch Requires: %{name}-client-common = %{version}-%{release} Requires: httpd >= 2.4.6-31 Requires: systemd-units >= 38 -Requires: custodia +Requires: custodia > 0.2 Provides: %{alt_name}-server-common = %{version} Conflicts: %{alt_name}-server-common @@ -498,7 +498,7 @@ Requires: python-jwcrypto Requires: python-cffi Requires: python-ldap >= 2.4.15 Requires: python-requests -Requires: python-custodia +Requires: python-custodia > 0.2 Requires: python-dns >= 1.13 Requires: python-netifaces >= 0.10.4 Requires: pyusb @@ -546,7 +546,7 @@ Requires: python3-six Requires: python3-jwcrypto Requires: python3-cffi Requires: python3-pyldap >= 2.4.15 -Requires: python3-custodia +Requires: python3-custodia > 0.2 Requires: python3-requests Requires: python3-dns >= 1.11.1 Requires: python3-netifaces >= 0.10.4 @@ -1069,6 +1069,7 @@ fi %{_libexecdir}/certmonger/ipa-server-guard %{_libexecdir}/ipa-otpd %dir %{_libexecdir}/ipa +%{_libexecdir}/ipa/ipa-custodia %{_libexecdir}/ipa/ipa-dnskeysyncd %{_libexecdir}/ipa/ipa-dnskeysync-replica %{_libexecdir}/ipa/ipa-ods-exporter diff --git a/init/systemd/ipa-custodia.service b/init/systemd/ipa-custodia.service index ff930fb..142c91f 100644 --- a/init/systemd/ipa-custodia.service +++ b/init/systemd/ipa-custodia.service @@ -3,8 +3,7 @@ Description=IPA Custodia Service [Service] Type=simple - -ExecStart=/usr/sbin/custodia /etc/ipa/custodia/custodia.conf +ExecStart=@libexecdir@/ipa/ipa-custodia /etc/ipa/custodia/custodia.conf PrivateTmp=yes Restart=on-failure RestartSec=60s diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index 2866a30..66ee9e3 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -38,6 +38,7 @@ EXTRA_DIST = \ appdir = $(libexecdir)/ipa/ app_SCRIPTS = \ + ipa-custodia \ ipa-httpd-kdcproxy \ ipa-pki-retrieve-key \ $(NULL) diff --git a/install/tools/ipa-custodia b/install/tools/ipa-custodia new file mode 100755 index 000..2086a9c --- /dev/null +++ b/install/tools/ipa-custodia @@ -0,0 +1,6 @@ +#!/usr/bin/python2 +# Copyright (C) 2017 IPA Project Contributors, see COPYING for license +from custodia.server import main + +if __name__ == '__main__': +main() -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#737][comment] Vault: Explicitly default to 3DES CBC
URL: https://github.com/freeipa/freeipa/pull/737 Title: #737: Vault: Explicitly default to 3DES CBC tiran commented: """ I talked to Matt. Dogtag 10.4 will not be pushed to F25 and F26, only rawhide/F27. Additionally, Ade will also address the bug in Dogtag. The next 10.4 release will have a fix, too. """ See the full comment at https://github.com/freeipa/freeipa/pull/737#issuecomment-297749374 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][synchronized] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From 8459a73325b175d5a25bafc406a71e39e946da65 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 29 Mar 2017 11:20:21 +0200 Subject: [PATCH] Slim down dependencies * Make jinja2 an optional dependency and csrgen an optional plugin * Make otptoken_yubikey an optional plugin Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/plugins/csrgen.py | 10 -- ipaclient/plugins/otptoken_yubikey.py | 11 --- ipaclient/setup.py| 3 +-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py index 568a79f..d18a90c 100644 --- a/ipaclient/plugins/csrgen.py +++ b/ipaclient/plugins/csrgen.py @@ -6,8 +6,6 @@ import six -from ipaclient import csrgen -from ipaclient import csrgen_ffi from ipalib import api from ipalib import errors from ipalib import output @@ -18,6 +16,14 @@ from ipalib.text import _ from ipapython import dogtag +try: +import jinja2 # pylint: disable=unused-import +except ImportError: +raise errors.SkipPluginModule(reason=_("jinja2 is not installed.")) +else: +from ipaclient import csrgen +from ipaclient import csrgen_ffi + if six.PY3: unicode = str diff --git a/ipaclient/plugins/otptoken_yubikey.py b/ipaclient/plugins/otptoken_yubikey.py index 759b722..9993ec8 100644 --- a/ipaclient/plugins/otptoken_yubikey.py +++ b/ipaclient/plugins/otptoken_yubikey.py @@ -20,15 +20,20 @@ import os import six -import usb.core -import yubico from ipalib import _, api, IntEnum -from ipalib.errors import NotFound +from ipalib.errors import NotFound, SkipPluginModule from ipalib.frontend import Command, Method, Object from ipalib.plugable import Registry from ipalib.util import classproperty +try: +import usb.core +import yubico +except ImportError: +# python-yubico depends on pyusb +raise SkipPluginModule(reason=_("python-yubico is not installed.")) + if six.PY3: unicode = str diff --git a/ipaclient/setup.py b/ipaclient/setup.py index 0140fd5..ac947e7 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -50,11 +50,9 @@ ], }, install_requires=[ -"cffi", "cryptography", "ipalib", "ipapython", -"jinja2", "qrcode", "six", ], @@ -66,6 +64,7 @@ extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["python-yubico", "pyusb"], +"csrgen": ["cffi", "jinja2"], }, zip_safe=False, ) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][edited] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: edited Changed field: body Original value: """ * Remove unused install requires * Correct dependencies for yubico otptoken * Properly report optional dependency for yubico otptoken * Make jinja2 an optional dependency and csrgen an optional plugin * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap Signed-off-by: Christian Heimes <chei...@redhat.com> """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][synchronized] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From f69db99e4e97d51c6b69300453f75fa1f84236f8 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 29 Mar 2017 11:20:21 +0200 Subject: [PATCH] Slim down dependencies * Make jinja2 an optional dependency and csrgen an optional plugin * otptoken_yubikey has optional dependencies Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/plugins/csrgen.py | 10 -- ipaclient/plugins/otptoken_yubikey.py | 11 --- ipaclient/setup.py| 3 +-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py index 568a79f..d18a90c 100644 --- a/ipaclient/plugins/csrgen.py +++ b/ipaclient/plugins/csrgen.py @@ -6,8 +6,6 @@ import six -from ipaclient import csrgen -from ipaclient import csrgen_ffi from ipalib import api from ipalib import errors from ipalib import output @@ -18,6 +16,14 @@ from ipalib.text import _ from ipapython import dogtag +try: +import jinja2 # pylint: disable=unused-import +except ImportError: +raise errors.SkipPluginModule(reason=_("jinja2 is not installed.")) +else: +from ipaclient import csrgen +from ipaclient import csrgen_ffi + if six.PY3: unicode = str diff --git a/ipaclient/plugins/otptoken_yubikey.py b/ipaclient/plugins/otptoken_yubikey.py index 759b722..9993ec8 100644 --- a/ipaclient/plugins/otptoken_yubikey.py +++ b/ipaclient/plugins/otptoken_yubikey.py @@ -20,15 +20,20 @@ import os import six -import usb.core -import yubico from ipalib import _, api, IntEnum -from ipalib.errors import NotFound +from ipalib.errors import NotFound, SkipPluginModule from ipalib.frontend import Command, Method, Object from ipalib.plugable import Registry from ipalib.util import classproperty +try: +import usb.core +import yubico +except ImportError: +# python-yubico depends on pyusb +raise SkipPluginModule(reason=_("python-yubico is not installed.")) + if six.PY3: unicode = str diff --git a/ipaclient/setup.py b/ipaclient/setup.py index 0140fd5..ac947e7 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -50,11 +50,9 @@ ], }, install_requires=[ -"cffi", "cryptography", "ipalib", "ipapython", -"jinja2", "qrcode", "six", ], @@ -66,6 +64,7 @@ extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["python-yubico", "pyusb"], +"csrgen": ["cffi", "jinja2"], }, zip_safe=False, ) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#744][opened] [4.5] Correct PyPI package dependencies
URL: https://github.com/freeipa/freeipa/pull/744 Author: tiran Title: #744: [4.5] Correct PyPI package dependencies Action: opened PR body: """ * Remove unused install requires from ipapython * Add missing requirements to ipaserver * Correct dependencies for yubico otptoken * Python 2 uses python-ldap, Python 3 pyldap https://pagure.io/freeipa/issue/6875 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/744/head:pr744 git checkout pr744 From 9238366c5aa3be9eff126c2ab4d7320bc588c9aa Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 10 Apr 2017 10:00:23 +0200 Subject: [PATCH] [4.5] Correct PyPI package dependencies * Remove unused install requires from ipapython * Add missing requirements to ipaserver * Correct dependencies for yubico otptoken * Python 2 uses python-ldap, Python 3 pyldap https://pagure.io/freeipa/issue/6875 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/setup.py | 4 +--- ipapython/setup.py | 6 ++ ipaserver/setup.py | 18 +++--- ipasetup.py.in | 16 ipatests/setup.py | 3 ++- 5 files changed, 28 insertions(+), 19 deletions(-) diff --git a/ipaclient/setup.py b/ipaclient/setup.py index ccb5396..d39235a 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -54,8 +54,6 @@ "ipalib", "ipapython", "jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], @@ -66,7 +64,7 @@ }, extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index 2fc039f..10d3831 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,17 +41,15 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency -"pyldap", "netaddr", "netifaces", "python-nss", -"requests", "six", ], extras_require={ -":python_version<'3'": ["enum34"], +":python_version<'3'": ["enum34", "python-ldap"], +":python_version>='3'": ["pyldap"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 42b0c1b..f48cef4 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -55,17 +55,12 @@ "ipalib", "ipaplatform", "ipapython", +"jwcrypto", "lxml", "netaddr", "pyasn1", -"pyldap", +"requests", "six", -# not available on PyPI -# "python-libipa_hbac", -# "python-sss", -# "python-sss-murmur", -# "python-SSSDConfig", -# "samba-python", ], entry_points={ 'custodia.authorizers': [ @@ -75,4 +70,13 @@ 'IPASecStore = ipaserver.secrets.store:IPASecStore', ], }, +extras_require={ +":python_version<'3'": ["python-ldap"], +":python_version>='3'": ["pyldap"], +# These packages are currently not available on PyPI. +"dcerpc": ["samba", "pysss", "pysss_nss_idmap"], +"hbactest": ["pyhbac"], +"install": ["SSSDConfig"], +"trust": ["pysss_murmur", "pysss_nss_idmap"], +} ) diff --git a/ipasetup.py.in b/ipasetup.py.in index 7f9b2c9..245038d 100644 --- a/ipasetup.py.in +++ b/ipasetup.py.in @@ -101,6 +101,7 @@ common_args = dict( "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", +"Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython",
[Freeipa-devel] [freeipa PR#737][comment] Vault: Explicitly default to 3DES CBC
URL: https://github.com/freeipa/freeipa/pull/737 Title: #737: Vault: Explicitly default to 3DES CBC tiran commented: """ * I haven't verified that the patch actually solves the problem * Needs backport to at least 4.5 * Either needs backport to 4.4 or 4.4 must required Dogtag < 10.4 """ See the full comment at https://github.com/freeipa/freeipa/pull/737#issuecomment-297465052 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#737][opened] Vault: Explicitly default to 3DES CBC
URL: https://github.com/freeipa/freeipa/pull/737 Author: tiran Title: #737: Vault: Explicitly default to 3DES CBC Action: opened PR body: """ The server-side plugin for IPA Vault relied on the fact that the default oid for encryption algorithm is 3DES in CBC mode (DES-EDE3-CBC). Dogtag 10.4 has changed the default from 3DES to AES. Pass the correct algorithm OID to KeyClient.archive_encrypted_data(). Closes: https://pagure.io/freeipa/issue/6899 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/737/head:pr737 git checkout pr737 From 5e764ded04de08fb576ad503fea78fe9595b9b71 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 26 Apr 2017 18:15:40 +0200 Subject: [PATCH] Vault: Explicitly default to 3DES CBC The server-side plugin for IPA Vault relied on the fact that the default oid for encryption algorithm is 3DES in CBC mode (DES-EDE3-CBC). Dogtag 10.4 has changed the default from 3DES to AES. Pass the correct algorithm OID to KeyClient.archive_encrypted_data(). Closes: https://pagure.io/freeipa/issue/6899 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaserver/plugins/vault.py | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py index 57e1ed7..d46aca8 100644 --- a/ipaserver/plugins/vault.py +++ b/ipaserver/plugins/vault.py @@ -38,6 +38,14 @@ if api.env.in_server: import pki.account import pki.key +# pylint: disable=no-member +try: +# pki >= 10.4.0 +from pki.crypto import DES_EDE3_CBC_OID +except ImportError: +DES_EDE3_CBC_OID = pki.key.KeyClient.DES_EDE3_CBC_OID +# pylint: enable=no-member + if six.PY3: unicode = str @@ -1059,8 +1067,8 @@ def execute(self, *args, **options): pki.key.KeyClient.PASS_PHRASE_TYPE, wrapped_vault_data, wrapped_session_key, -None, -nonce, +algorithm_oid=DES_EDE3_CBC_OID, +nonce_iv=nonce, ) kra_account.logout() -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#732][opened] ipa-custodia: use Dogtag's alias/pwdfile.txt
URL: https://github.com/freeipa/freeipa/pull/732 Author: tiran Title: #732: ipa-custodia: use Dogtag's alias/pwdfile.txt Action: opened PR body: """ /etc/pki/pki-tomcat/password.conf contains additional passwords like replicadb. ipa-custodia does not need these passwords. /etc/pki/pki-tomcat/alias/pwdfile.txt holds the passphrase for Tomcat's NSSDB. The file also simplifies implementation because it removes another temporary file. pwdfile.txt is created by CAInstance.create_certstore_passwdfile() Related: https://pagure.io/freeipa/issue/6888 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/732/head:pr732 git checkout pr732 From 70296313166b019e040f06f1ce395fc0b0f8199c Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 25 Apr 2017 14:52:35 +0200 Subject: [PATCH] ipa-custodia: use Dogtag's alias/pwdfile.txt /etc/pki/pki-tomcat/password.conf contains additional passwords like replicadb. ipa-custodia does not need these passwords. /etc/pki/pki-tomcat/alias/pwdfile.txt holds the passphrase for Tomcat's NSSDB. The file also simplifies implementation because it removes another temporary file. pwdfile.txt is created by CAInstance.create_certstore_passwdfile() Related: https://pagure.io/freeipa/issue/6888 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaplatform/base/paths.py | 1 + ipaserver/secrets/store.py | 34 +++--- 2 files changed, 8 insertions(+), 27 deletions(-) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 57f185e..7f9297e 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -94,6 +94,7 @@ class BasePathNamespace(object): NSS_DB_DIR = "/etc/pki/nssdb" PKI_TOMCAT = "/etc/pki/pki-tomcat" PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias" +PKI_TOMCAT_ALIAS_PWDFILE_TXT = "/etc/pki/pki-tomcat/alias/pwdfile.txt" PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf" ETC_REDHAT_RELEASE = "/etc/redhat-release" RESOLV_CONF = "/etc/resolv.conf" diff --git a/ipaserver/secrets/store.py b/ipaserver/secrets/store.py index 56cbfbc..43502c2 100644 --- a/ipaserver/secrets/store.py +++ b/ipaserver/secrets/store.py @@ -34,17 +34,6 @@ def log_error(error): print(error, file=sys.stderr) -def PKI_TOMCAT_password_callback(): -password = None -with open(paths.PKI_TOMCAT_PASSWORD_CONF) as f: -for line in f.readlines(): -key, value = line.strip().split('=') -if key == 'internal': -password = value -break -return password - - class NSSWrappedCertDB(DBMAPHandler): ''' Store that extracts private keys from an NSSDB, wrapped with the @@ -62,20 +51,17 @@ def __init__(self, config, dbmap, nickname): raise ValueError( 'Configuration does not provide nickname of wrapping key') self.nssdb_path = dbmap['path'] -self.nssdb_password = dbmap['pwcallback']() +self.nssdb_pwdfile = dbmap['pwdfile'] self.wrap_nick = dbmap['wrap_nick'] self.target_nick = nickname def export_key(self): tdir = tempfile.mkdtemp(dir=paths.TMP) try: -nsspwfile = os.path.join(tdir, 'nsspwfile') -with open(nsspwfile, 'w+') as f: -f.write(self.nssdb_password) wrapped_key_file = os.path.join(tdir, 'wrapped_key') certificate_file = os.path.join(tdir, 'certificate') ipautil.run([ -paths.PKI, '-d', self.nssdb_path, '-C', nsspwfile, +paths.PKI, '-d', self.nssdb_path, '-C', self.nssdb_pwdfile, 'ca-authority-key-export', '--wrap-nickname', self.wrap_nick, '--target-nickname', self.target_nick, @@ -106,15 +92,12 @@ def __init__(self, config, dbmap, nickname): if 'pwcallback' not in dbmap: raise ValueError('Configuration does not provide Password Calback') self.nssdb_path = dbmap['path'] +self.nssdb_pwdfile = dbmap['pwdfile'] self.nickname = nickname -self.nssdb_password = dbmap['pwcallback']() def export_key(self): tdir = tempfile.mkdtemp(dir=paths.TMP) try: -nsspwfile = os.path.join(tdir, 'nsspwfile') -with open(nsspwfile, 'w+') as f: -f.write(self.nssdb_password) pk12pwfile = os.path.join(tdir, 'pk12pwfile') password = ipautil.ipa_generate_password() with open(pk12pwfile, 'w+') as f: @@ -124,7 +107,7 @@ def export_key(self): "-d", self.nssdb_path, "-o", pk12file,
[Freeipa-devel] [freeipa PR#702][comment] Correct PyPI package dependencies
URL: https://github.com/freeipa/freeipa/pull/702 Title: #702: Correct PyPI package dependencies tiran commented: """ You are running into a pip bug. I've added band-aid for the issue. To speed up testing, tox caches packages. I guess I never ran into the problem because I had the packages pre-build and cached. """ See the full comment at https://github.com/freeipa/freeipa/pull/702#issuecomment-296999123 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#702][synchronized] Correct PyPI package dependencies
URL: https://github.com/freeipa/freeipa/pull/702 Author: tiran Title: #702: Correct PyPI package dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/702/head:pr702 git checkout pr702 From 21208052af34b21e14840df73ce4b3a000484d81 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 10 Apr 2017 10:00:23 +0200 Subject: [PATCH 1/2] Correct PyPI package dependencies * Remove unused install requires from ipapython * Add missing requirements to ipaserver * Correct dependencies for yubico otptoken * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap https://pagure.io/freeipa/issue/6875 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/setup.py | 5 ++--- ipapython/setup.py | 6 ++ ipaserver/setup.py | 5 - ipasetup.py.in | 16 ipatests/setup.py | 3 ++- tox.ini| 3 +-- 6 files changed, 23 insertions(+), 15 deletions(-) diff --git a/ipaclient/setup.py b/ipaclient/setup.py index ccb5396..0140fd5 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -50,12 +50,11 @@ ], }, install_requires=[ +"cffi", "cryptography", "ipalib", "ipapython", "jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], @@ -66,7 +65,7 @@ }, extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index f4bc3f8..4f71530 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,16 +41,14 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency -"pyldap", "netaddr", "netifaces", -"requests", "six", ], extras_require={ -":python_version<'3'": ["enum34"], +":python_version<'3'": ["enum34", "python-ldap"], +":python_version>='3'": ["pyldap"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 097508f..f48cef4 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -55,10 +55,11 @@ "ipalib", "ipaplatform", "ipapython", +"jwcrypto", "lxml", "netaddr", "pyasn1", -"pyldap", +"requests", "six", ], entry_points={ @@ -70,6 +71,8 @@ ], }, extras_require={ +":python_version<'3'": ["python-ldap"], +":python_version>='3'": ["pyldap"], # These packages are currently not available on PyPI. "dcerpc": ["samba", "pysss", "pysss_nss_idmap"], "hbactest": ["pyhbac"], diff --git a/ipasetup.py.in b/ipasetup.py.in index b0a5051..2ad57e2 100644 --- a/ipasetup.py.in +++ b/ipasetup.py.in @@ -101,6 +101,7 @@ common_args = dict( "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", +"Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", @@ -138,13 +139,20 @@ def ipasetup(name, doc, **kwargs): cmdclass = setup_kwargs.setdefault('cmdclass', {}) cmdclass['build_py'] = build_py -# Env markers like ":python_version<'3.3'" are not supported by +# Env markers like ":python_version<'3'" are not supported by # setuptools < 18.0. if 'extras_require' in setup_kwargs and SETUPTOOLS_VERSION < (18, 0, 0): for k in list(setup_kwargs['extras_require']): -if k.startswith(':'): -req = setup_kwargs.setdefault('install_requires', []) -req.extend
[Freeipa-devel] [freeipa PR#720][synchronized] tox: use pylint 1.6.x for now
URL: https://github.com/freeipa/freeipa/pull/720 Author: tiran Title: #720: tox: use pylint 1.6.x for now Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/720/head:pr720 git checkout pr720 From c629f1ac97f73e3c4d4a23bcde5b769319368e74 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 19 Apr 2017 10:58:11 +0200 Subject: [PATCH] tox: use pylint 1.6.x for now FreeIPA is not yet compatible with pylint 1.7.1+. Enforce pylint 1.6.x until all issues have been addressed. Related: https://pagure.io/freeipa/issue/6874 Signed-off-by: Christian Heimes <chei...@redhat.com> --- .wheelconstraints.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.wheelconstraints.in b/.wheelconstraints.in index eba4ec9..ba37de7 100644 --- a/.wheelconstraints.in +++ b/.wheelconstraints.in @@ -9,3 +9,5 @@ ipapython == @VERSION@ ipaserver == @VERSION@ ipatests == @VERSION@ +# see https://pagure.io/freeipa/issue/6874 +pylint < 1.7 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#727][opened] Regenerate ASN.1 code with asn1c 0.9.28
URL: https://github.com/freeipa/freeipa/pull/727 Author: tiran Title: #727: Regenerate ASN.1 code with asn1c 0.9.28 Action: opened PR body: """ Regenerate ASN.1 code with asn1c 0.9.28 https://pagure.io/freeipa/issue/6818 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/727/head:pr727 git checkout pr727 From 6468a24595250eaec25d49ac80c0883a4892e093 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 24 Apr 2017 11:12:42 +0200 Subject: [PATCH 1/2] Regenerate ASN.1 code with asn1c 0.9.28 Closes: https://pagure.io/freeipa/issue/6818 Signed-off-by: Christian Heimes <chei...@redhat.com> --- asn1/asn1c/BIT_STRING.c | 26 +- asn1/asn1c/GKCurrentKeys.c | 8 ++-- asn1/asn1c/GKCurrentKeys.h | 4 +- asn1/asn1c/GKNewKeys.c | 10 ++-- asn1/asn1c/GKNewKeys.h | 4 +- asn1/asn1c/GKReply.c| 10 ++-- asn1/asn1c/GKReply.h| 4 +- asn1/asn1c/GetKeytabControl.c | 6 +-- asn1/asn1c/GetKeytabControl.h | 4 +- asn1/asn1c/INTEGER.c| 72 ++-- asn1/asn1c/INTEGER.h| 8 ++-- asn1/asn1c/Int32.c | 10 ++-- asn1/asn1c/Int32.h | 4 +- asn1/asn1c/KrbKey.c | 8 ++-- asn1/asn1c/KrbKey.h | 4 +- asn1/asn1c/NativeEnumerated.c | 54 ++--- asn1/asn1c/NativeInteger.c | 16 +++ asn1/asn1c/OCTET_STRING.c | 103 ++-- asn1/asn1c/OCTET_STRING.h | 2 +- asn1/asn1c/TypeValuePair.c | 8 ++-- asn1/asn1c/TypeValuePair.h | 4 +- asn1/asn1c/asn_application.h| 6 +-- asn1/asn1c/asn_codecs.h | 14 +++--- asn1/asn1c/asn_codecs_prim.c| 16 +++ asn1/asn1c/asn_internal.h | 68 +- asn1/asn1c/asn_system.h | 14 -- asn1/asn1c/ber_decoder.c| 4 +- asn1/asn1c/ber_tlv_length.c | 2 +- asn1/asn1c/constr_CHOICE.c | 94 ++-- asn1/asn1c/constr_CHOICE.h | 4 +- asn1/asn1c/constr_SEQUENCE.c| 91 ++- asn1/asn1c/constr_SEQUENCE.h| 6 +-- asn1/asn1c/constr_SEQUENCE_OF.c | 36 +++--- asn1/asn1c/constr_SET_OF.c | 47 +- asn1/asn1c/constr_SET_OF.h | 2 +- asn1/asn1c/constr_TYPE.c| 2 +- asn1/asn1c/constr_TYPE.h| 18 +++ asn1/asn1c/constraints.h| 8 ++-- asn1/asn1c/der_encoder.c| 18 +++ asn1/asn1c/per_decoder.c| 8 ++-- asn1/asn1c/per_encoder.c| 4 +- asn1/asn1c/per_opentype.c | 24 +- asn1/asn1c/per_support.c| 8 ++-- asn1/asn1c/per_support.h| 8 ++-- asn1/asn1c/xer_decoder.c| 17 --- asn1/asn1c/xer_decoder.h| 7 +-- asn1/asn1c/xer_encoder.c| 8 ++-- asn1/asn1c/xer_support.c| 16 ++- 48 files changed, 474 insertions(+), 445 deletions(-) diff --git a/asn1/asn1c/BIT_STRING.c b/asn1/asn1c/BIT_STRING.c index 9b98271..997ff41 100644 --- a/asn1/asn1c/BIT_STRING.c +++ b/asn1/asn1c/BIT_STRING.c @@ -9,7 +9,7 @@ /* * BIT STRING basic type description. */ -static ber_tlv_tag_t asn_DEF_BIT_STRING_tags[] = { +static const ber_tlv_tag_t asn_DEF_BIT_STRING_tags[] = { (ASN_TAG_CLASS_UNIVERSAL | (3 << 2)) }; static asn_OCTET_STRING_specifics_t asn_DEF_BIT_STRING_specs = { @@ -52,13 +52,13 @@ BIT_STRING_constraint(asn_TYPE_descriptor_t *td, const void *sptr, if(st && st->buf) { if((st->size == 0 && st->bits_unused) || st->bits_unused < 0 || st->bits_unused > 7) { - _ASN_CTFAIL(app_key, td, sptr, + ASN__CTFAIL(app_key, td, sptr, "%s: invalid padding byte (%s:%d)", td->name, __FILE__, __LINE__); return -1; } } else { - _ASN_CTFAIL(app_key, td, sptr, + ASN__CTFAIL(app_key, td, sptr, "%s: value not given (%s:%d)", td->name, __FILE__, __LINE__); return -1; @@ -86,7 +86,7 @@ BIT_STRING_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, uint8_t *end; if(!st || !st->buf) - _ASN_ENCODE_FAILED; + ASN__ENCODE_FAILED; er.encoded = 0; @@ -101,9 +101,9 @@ BIT_STRING_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int nline = xcan?0:(((buf - st->buf) % 8) == 0); if(p >= scend || nline) { er.encoded += p - scratch; - _ASN_CALLBACK(scratch, p - scratch); + ASN__CALLBACK(scratch, p - scratch); p = scratch; - if(nline) _i_ASN_TEXT_INDENT(1, ilevel); + if(nline) ASN__TEXT_INDENT(1, ilevel); } memcpy(p + 0, _bit_pattern[v >> 4], 4); memcpy(p + 4, _bit_pattern[v & 0x0f], 4); @@ -111,9 +111,9 @@ BIT_STRING_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, } if(!xcan && ((buf - st->buf) % 8) == 0) - _i_ASN_TEXT_INDENT(1, ilevel); + ASN__TEX
[Freeipa-devel] [freeipa PR#726][comment] Add check for directory name
URL: https://github.com/freeipa/freeipa/pull/726 Title: #726: Add check for directory name tiran commented: """ What about other types that might cause trouble, e.g. socket, fifo, device files, dangling symlinks? """ See the full comment at https://github.com/freeipa/freeipa/pull/726#issuecomment-296572324 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][edited] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: edited Changed field: body Original value: """ In complex replication setups a replica may try to obtain CA keys from a host that is not the master we initially create the keys against. In this case race conditions may happen due to replication. So we need to make sure the server we are contacting to get the CA keys has our keys in LDAP. We do this by waiting to positively fetch our encryption public key (the last one we create) from the target host LDAP server. Fixes: https://pagure.io/freeipa/issue/6688 Signed-off-by: Simo Sorce""" -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] ipaclient/ipapython macOS compatibility fixes
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: ipaclient/ipapython macOS compatibility fixes tiran commented: """ @abbra is there any reason to delay the merge? I like to get the fixes into 4.5 for the upcoming 4.5.1 release. This commit may not be sufficient for full macOS support, but it's definitely required for macOS support. There is no harm to commit it now and fix remaining issues later. """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-295193893 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#702][synchronized] Correct PyPI package dependencies
URL: https://github.com/freeipa/freeipa/pull/702 Author: tiran Title: #702: Correct PyPI package dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/702/head:pr702 git checkout pr702 From 604ed718f621838bf728633043d9e4b0e58ee5d1 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 10 Apr 2017 10:00:23 +0200 Subject: [PATCH] Correct PyPI package dependencies * Remove unused install requires from ipapython * Add missing requirements to ipaserver * Correct dependencies for yubico otptoken * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap https://pagure.io/freeipa/issue/6875 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/setup.py | 5 ++--- ipapython/setup.py | 6 ++ ipaserver/setup.py | 5 - ipasetup.py.in | 16 ipatests/setup.py | 3 ++- tox.ini| 3 +-- 6 files changed, 23 insertions(+), 15 deletions(-) diff --git a/ipaclient/setup.py b/ipaclient/setup.py index ccb5396..0140fd5 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -50,12 +50,11 @@ ], }, install_requires=[ +"cffi", "cryptography", "ipalib", "ipapython", "jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], @@ -66,7 +65,7 @@ }, extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index f4bc3f8..4f71530 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,16 +41,14 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency -"pyldap", "netaddr", "netifaces", -"requests", "six", ], extras_require={ -":python_version<'3'": ["enum34"], +":python_version<'3'": ["enum34", "python-ldap"], +":python_version>='3'": ["pyldap"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 097508f..f48cef4 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -55,10 +55,11 @@ "ipalib", "ipaplatform", "ipapython", +"jwcrypto", "lxml", "netaddr", "pyasn1", -"pyldap", +"requests", "six", ], entry_points={ @@ -70,6 +71,8 @@ ], }, extras_require={ +":python_version<'3'": ["python-ldap"], +":python_version>='3'": ["pyldap"], # These packages are currently not available on PyPI. "dcerpc": ["samba", "pysss", "pysss_nss_idmap"], "hbactest": ["pyhbac"], diff --git a/ipasetup.py.in b/ipasetup.py.in index b0a5051..2ad57e2 100644 --- a/ipasetup.py.in +++ b/ipasetup.py.in @@ -101,6 +101,7 @@ common_args = dict( "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", +"Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", @@ -138,13 +139,20 @@ def ipasetup(name, doc, **kwargs): cmdclass = setup_kwargs.setdefault('cmdclass', {}) cmdclass['build_py'] = build_py -# Env markers like ":python_version<'3.3'" are not supported by +# Env markers like ":python_version<'3'" are not supported by # setuptools < 18.0. if 'extras_require' in setup_kwargs and SETUPTOOLS_VERSION < (18, 0, 0): for k in list(setup_kwargs['extras_require']): -if k.startswith(':'): -req = setup_kwargs.setdefault('install_requires', []) -req.extend
[Freeipa-devel] [freeipa PR#720][comment] tox: use pylint 1.6.x for now
URL: https://github.com/freeipa/freeipa/pull/720 Title: #720: tox: use pylint 1.6.x for now tiran commented: """ Needs rebase to 4.5 **or** 4.5 must be made compatible with pylint 1.7 before 4.5.1 is released. """ See the full comment at https://github.com/freeipa/freeipa/pull/720#issuecomment-295174341 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#720][opened] tox: use pylint 1.6.x for now
URL: https://github.com/freeipa/freeipa/pull/720 Author: tiran Title: #720: tox: use pylint 1.6.x for now Action: opened PR body: """ FreeIPA is not yet compatible with pylint 1.7.1+. Enforce pylint 1.6.x until all issues have been addressed. Related: https://pagure.io/freeipa/issue/6874 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/720/head:pr720 git checkout pr720 From 29185f722ae376dc578f63a57f82bbe8a122e1b0 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 19 Apr 2017 10:58:11 +0200 Subject: [PATCH] tox: use pylint 1.6.x for now FreeIPA is not yet compatible with pylint 1.7.1+. Enforce pylint 1.6.x until all issues have been addressed. Related: https://pagure.io/freeipa/issue/6874 Signed-off-by: Christian Heimes <chei...@redhat.com> --- tox.ini | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index db551df..f4d307c 100644 --- a/tox.ini +++ b/tox.ini @@ -24,7 +24,8 @@ basepython=python2.7 deps= ipaclient ipapython[certmonger] -pylint +# see https://pagure.io/freeipa/issue/6874 +pylint < 1.7 commands= {envpython} -m pylint \ --rcfile={toxinidir}/pylintrc \ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#718][comment] configure: fix AC_CHECK_LIB usage
URL: https://github.com/freeipa/freeipa/pull/718 Title: #718: configure: fix AC_CHECK_LIB usage tiran commented: """ Is this peculiar behavior of ```AC_CHECK_LIB``` documented somewhere? """ See the full comment at https://github.com/freeipa/freeipa/pull/718#issuecomment-294823623 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#702][comment] Correct PyPI package dependencies
URL: https://github.com/freeipa/freeipa/pull/702 Title: #702: Correct PyPI package dependencies tiran commented: """ With recent changes, 4.5 needs a different patch. Let's merge this one and I'll prepare a new one with a ticket another time. """ See the full comment at https://github.com/freeipa/freeipa/pull/702#issuecomment-293900251 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#702][synchronized] Correct PyPI package dependencies
URL: https://github.com/freeipa/freeipa/pull/702 Author: tiran Title: #702: Correct PyPI package dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/702/head:pr702 git checkout pr702 From 608ebabf0501874bcbd469466685343da8cdf709 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 10 Apr 2017 10:00:23 +0200 Subject: [PATCH] Correct PyPI package dependencies * Remove unused install requires * Correct dependencies for yubico otptoken * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/setup.py | 5 ++--- ipapython/setup.py | 6 ++ ipaserver/setup.py | 3 ++- ipasetup.py.in | 16 ipatests/setup.py | 3 ++- tox.ini| 3 +-- 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/ipaclient/setup.py b/ipaclient/setup.py index ccb5396..0140fd5 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -50,12 +50,11 @@ ], }, install_requires=[ +"cffi", "cryptography", "ipalib", "ipapython", "jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], @@ -66,7 +65,7 @@ }, extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index f4bc3f8..4f71530 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,16 +41,14 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency -"pyldap", "netaddr", "netifaces", -"requests", "six", ], extras_require={ -":python_version<'3'": ["enum34"], +":python_version<'3'": ["enum34", "python-ldap"], +":python_version>='3'": ["pyldap"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 097508f..307e7a8 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -58,7 +58,6 @@ "lxml", "netaddr", "pyasn1", -"pyldap", "six", ], entry_points={ @@ -70,6 +69,8 @@ ], }, extras_require={ +":python_version<'3'": ["python-ldap"], +":python_version>='3'": ["pyldap"], # These packages are currently not available on PyPI. "dcerpc": ["samba", "pysss", "pysss_nss_idmap"], "hbactest": ["pyhbac"], diff --git a/ipasetup.py.in b/ipasetup.py.in index b0a5051..2ad57e2 100644 --- a/ipasetup.py.in +++ b/ipasetup.py.in @@ -101,6 +101,7 @@ common_args = dict( "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", +"Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", @@ -138,13 +139,20 @@ def ipasetup(name, doc, **kwargs): cmdclass = setup_kwargs.setdefault('cmdclass', {}) cmdclass['build_py'] = build_py -# Env markers like ":python_version<'3.3'" are not supported by +# Env markers like ":python_version<'3'" are not supported by # setuptools < 18.0. if 'extras_require' in setup_kwargs and SETUPTOOLS_VERSION < (18, 0, 0): for k in list(setup_kwargs['extras_require']): -if k.startswith(':'): -req = setup_kwargs.setdefault('install_requires', []) -req.extend(setup_kwargs['extras_require'].pop(k)) +if not k.startswith(':'): +continue +values = setup_kwargs['extras_require'].pop(k) +req = setup_kwargs.setdefault('install_requires', []) +if k == ":python_version
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 794f76e8526ac11fa063357b2c7bb662b01befe4 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 6 ++-- configure.ac | 1 + freeipa.spec.in | 3 ++ ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 55 8 files changed, 209 insertions(+), 3 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index ab69f49..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -299,12 +301,12 @@ pypi_packages: $(WHEELPYPIDIR) .w
[Freeipa-devel] [freeipa PR#618][comment] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Title: #618: Tox testing support for client wheel packages tiran commented: """ I added tox to wheel build requirements. Now you can install all dependencies with dnf builddep. ``` $ sudo dnf copr enable @freeipa/freeipa-master $ sudo dnf install redhat-rpm-config $ sudo dnf builddep --spec freeipa.spec.in --define "with_wheels 1" $ tox ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/618#issuecomment-293568255 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From ec1c53805892f3439409e2d2d0d941124583093c Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + freeipa.spec.in | 3 ++ ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 55 8 files changed, 222 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT
[Freeipa-devel] [freeipa PR#618][comment] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Title: #618: Tox testing support for client wheel packages tiran commented: """ I've rebased the branch on master, just in case. Tox works for me before and after rebase. ``` $ git clean -xdf $ tox ... py27: commands succeeded py35: commands succeeded py36: commands succeeded pylint2: commands succeeded pylint3: commands succeeded pypi: commands succeeded congratulations :) ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/618#issuecomment-293562432 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From c0f301f1b103268b0853ba569f9a4c9946cec7a8 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 56 + 7 files changed, 220 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle
[Freeipa-devel] [freeipa PR#618][comment] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Title: #618: Tox testing support for client wheel packages tiran commented: """ Why are you mixing PRs? Don't mix PRs. """ See the full comment at https://github.com/freeipa/freeipa/pull/618#issuecomment-293516717 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][comment] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Title: #671: Slim down dependencies tiran commented: """ Now depends on PR #702 """ See the full comment at https://github.com/freeipa/freeipa/pull/671#issuecomment-293195296 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#686][edited] Stabilize make pypi_packages
URL: https://github.com/freeipa/freeipa/pull/686 Author: tiran Title: #686: Stabilize make pypi_packages Action: edited Changed field: body Original value: """ Parallel make or flags like IPA_OMIT_INSTALL and IPA_SERVER_WHEELS could like to bad packages for PyPI. Only build the packages we want with correct flags. Signed-off-by: Christian Heimes <chei...@redhat.com> """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#686][synchronized] Stabilize make pypi_packages
URL: https://github.com/freeipa/freeipa/pull/686 Author: tiran Title: #686: Stabilize make pypi_packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/686/head:pr686 git checkout pr686 From be5f43167ed99b9cb508d92a833f5c1acb996140 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 3 Apr 2017 13:35:58 +0200 Subject: [PATCH] Stabilize make pypi_packages Parallel make or flags like IPA_OMIT_INSTALL and IPA_SERVER_WHEELS could lead to bad packages for PyPI. Only build the packages we want with correct flags. Placeholder packages from 'make pypi_package' conflict with 'make wheel_bundle' packages. Use a separate destination directory for PyPI packages. Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1989b19..ab69f49 100644 --- a/Makefile.am +++ b/Makefile.am @@ -254,6 +254,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels +WHEELPYPIDIR = $(top_builddir)/dist/pypi WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1) @@ -273,6 +274,9 @@ $(WHEELDISTDIR): $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) +$(WHEELPYPIDIR): + mkdir -p $(WHEELPYPIDIR) + bdist_wheel: $(WHEELDISTDIR) rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELDISTDIR)/$(item)-*.whl) export IPA_OMIT_INSTALL=$(IPA_OMIT_INSTALL); \ @@ -291,14 +295,20 @@ wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints --wheel-dir $(WHEELBUNDLEDIR) \ $(IPA_WHEEL_PACKAGES) $(IPA_EXTRA_WHEELS) -wheel_placeholder: $(WHEELDISTDIR) +pypi_packages: $(WHEELPYPIDIR) .wheelconstraints + rm -f $(WHEELPYPIDIR)/* + for dir in $(IPACLIENT_SUBDIRS); do \ + $(MAKE) $(AM_MAKEFLAGS) \ + IPA_OMIT_INSTALL=1 WHEELDISTDIR=$(abspath $(WHEELPYPIDIR)) \ + -C $${dir} bdist_wheel || exit 1; \ + done for dir in $(IPA_PLACEHOLDERS); do \ - $(MAKE) $(AM_MAKEFLAGS) -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ + $(MAKE) $(AM_MAKEFLAGS) \ + IPA_OMIT_INSTALL=1 WHEELDISTDIR=$(abspath $(WHEELPYPIDIR)) \ + -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ done - -pypi_packages: bdist_wheel wheel_placeholder @echo -e "\n\nTo upload packages to PyPI, run:\n" - @echo -e "twine upload $(WHEELDISTDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" + @echo -e "twine upload $(WHEELPYPIDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" .PHONY: strip-po: -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][synchronized] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From ce8abac5b4f0b8a98b2def8c67c0f853310892f8 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 10 Apr 2017 10:00:23 +0200 Subject: [PATCH 1/2] Correct PyPI package dependencies * Remove unused install requires * Correct dependencies for yubico otptoken * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/setup.py | 5 ++--- ipapython/setup.py | 6 ++ ipaserver/setup.py | 3 ++- ipasetup.py.in | 16 ipatests/setup.py | 3 ++- 5 files changed, 20 insertions(+), 13 deletions(-) diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..64dc47a 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -51,18 +51,17 @@ ], }, install_requires=[ +"cffi", "cryptography", "ipalib", "ipapython", "jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index f4bc3f8..4f71530 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,16 +41,14 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency -"pyldap", "netaddr", "netifaces", -"requests", "six", ], extras_require={ -":python_version<'3'": ["enum34"], +":python_version<'3'": ["enum34", "python-ldap"], +":python_version>='3'": ["pyldap"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 097508f..307e7a8 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -58,7 +58,6 @@ "lxml", "netaddr", "pyasn1", -"pyldap", "six", ], entry_points={ @@ -70,6 +69,8 @@ ], }, extras_require={ +":python_version<'3'": ["python-ldap"], +":python_version>='3'": ["pyldap"], # These packages are currently not available on PyPI. "dcerpc": ["samba", "pysss", "pysss_nss_idmap"], "hbactest": ["pyhbac"], diff --git a/ipasetup.py.in b/ipasetup.py.in index b0a5051..2ad57e2 100644 --- a/ipasetup.py.in +++ b/ipasetup.py.in @@ -101,6 +101,7 @@ common_args = dict( "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", +"Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", @@ -138,13 +139,20 @@ def ipasetup(name, doc, **kwargs): cmdclass = setup_kwargs.setdefault('cmdclass', {}) cmdclass['build_py'] = build_py -# Env markers like ":python_version<'3.3'" are not supported by +# Env markers like ":python_version<'3'" are not supported by # setuptools < 18.0. if 'extras_require' in setup_kwargs and SETUPTOOLS_VERSION < (18, 0, 0): for k in list(setup_kwargs['extras_require']): -if k.startswith(':'): -req = setup_kwargs.setdefault('install_requires', []) -req.extend(setup_kwargs['extras_require'].pop(k)) +if not k.startswith(':'): +continue +values = setup_kwargs['extras_require'].pop(k) +req = setup_kwargs.setdefault('install_requires', []) +if k == ":python_version<'3'" and sys.version_info.major == 2: +
[Freeipa-devel] [freeipa PR#702][opened] Correct PyPI package dependencies
URL: https://github.com/freeipa/freeipa/pull/702 Author: tiran Title: #702: Correct PyPI package dependencies Action: opened PR body: """ * Remove unused install requires * Correct dependencies for yubico otptoken * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap Signed-off-by: Christian Heimes <chei...@redhat.com> Needs backport to 4.5 for 4.5.1 PyPI packaging. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/702/head:pr702 git checkout pr702 From ce8abac5b4f0b8a98b2def8c67c0f853310892f8 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 10 Apr 2017 10:00:23 +0200 Subject: [PATCH] Correct PyPI package dependencies * Remove unused install requires * Correct dependencies for yubico otptoken * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/setup.py | 5 ++--- ipapython/setup.py | 6 ++ ipaserver/setup.py | 3 ++- ipasetup.py.in | 16 ipatests/setup.py | 3 ++- 5 files changed, 20 insertions(+), 13 deletions(-) diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..64dc47a 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -51,18 +51,17 @@ ], }, install_requires=[ +"cffi", "cryptography", "ipalib", "ipapython", "jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index f4bc3f8..4f71530 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,16 +41,14 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency -"pyldap", "netaddr", "netifaces", -"requests", "six", ], extras_require={ -":python_version<'3'": ["enum34"], +":python_version<'3'": ["enum34", "python-ldap"], +":python_version>='3'": ["pyldap"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 097508f..307e7a8 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -58,7 +58,6 @@ "lxml", "netaddr", "pyasn1", -"pyldap", "six", ], entry_points={ @@ -70,6 +69,8 @@ ], }, extras_require={ +":python_version<'3'": ["python-ldap"], +":python_version>='3'": ["pyldap"], # These packages are currently not available on PyPI. "dcerpc": ["samba", "pysss", "pysss_nss_idmap"], "hbactest": ["pyhbac"], diff --git a/ipasetup.py.in b/ipasetup.py.in index b0a5051..2ad57e2 100644 --- a/ipasetup.py.in +++ b/ipasetup.py.in @@ -101,6 +101,7 @@ common_args = dict( "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", +"Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", @@ -138,13 +139,20 @@ def ipasetup(name, doc, **kwargs): cmdclass = setup_kwargs.setdefault('cmdclass', {}) cmdclass['build_py'] = build_py -# Env markers like ":python_version<'3.3'" are not supported by +# Env markers like ":python_version<'3'" are not supported by # setuptools < 18.0. if 'extras_require' in setup_kwargs and SETUPTOOLS_VERSION < (18, 0, 0): for k in list(setup_kwargs['extras_require']): -if k.startswith(':'): -req = setup_kwargs.setdefault('install_requires', []) -req.extend(setup_kwargs[
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 5aef9ff020a241162145fc4c3113774cf5e5faf5 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 56 + 7 files changed, 220 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle
[Freeipa-devel] [freeipa PR#699][comment] ipaclient/ipapython macOS compatibility fixes
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: ipaclient/ipapython macOS compatibility fixes tiran commented: """ No, we don't need to sync the directory. These are cache files. It's only important that we don't have half-written cache files on disk. A missing cache file is fine. """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292865960 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] ipaclient/ipapython macOS compatibility fixes
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: ipaclient/ipapython macOS compatibility fixes tiran commented: """ I wrote that ```fdatasync``` -> ```fsync``` is fine. It's my code after all. Explanation: fdatasync is a slightly optimized version of fsync that does not flush some metadata to disk, https://linux.die.net/man/2/fdatasync > fdatasync() is similar to fsync(), but does not flush modified metadata > unless that metadata is needed in order to allow a subsequent data retrieval > to be correctly handled. For example, changes to st_atime or st_mtime > (respectively, time of last access and time of last modification; see > stat(2)) do not require flushing because they are not necessary for a > subsequent data read to be handled correctly. On the other hand, a change to > the file size (st_size, as made by say ftruncate(2)), would require a > metadata flush. When I write the code, I chose ```fdatasync``` because ```st_mtime``` isn't strictly required for the cache files. ```fdatasync``` is a micro-optimization that fails under macOS. Instead of making the code even more complicated, I have approved the platform agnostic ```fsync``` syscall. It doesn't hurt to flush all data to disk. The files are rarely written anyway. """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292865333 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][+ack] ipaclient/ipapython macOS compatibility fixes
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: ipaclient/ipapython macOS compatibility fixes Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 61384864d2539729004df0a98bf8f94e82e42e94 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 55 7 files changed, 219 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle
[Freeipa-devel] [freeipa PR#700][synchronized] Use entry_points for ipa CLI
URL: https://github.com/freeipa/freeipa/pull/700 Author: tiran Title: #700: Use entry_points for ipa CLI Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/700/head:pr700 git checkout pr700 From 122c95730a3194da5bc1bf9003c33a883e2e7b87 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Fri, 7 Apr 2017 15:03:08 +0200 Subject: [PATCH] Use entry_points for ipa CLI Fix problem with hard-coded shebang in ipa command line tool by using a proper setuptools entry point for the console script. ipaclient is now an executable Python package, too. ``` $ python -m ipaclient ping ``` is equivalent to ``` $ ipa ping ``` Related: https://pagure.io/freeipa/issue/6653 Closes: https://pagure.io/freeipa/issue/6850 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipa | 5 ++--- ipaclient/__main__.py | 15 +++ ipaclient/setup.py| 6 +- 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 ipaclient/__main__.py diff --git a/ipa b/ipa index 9ef3568..d6e01a2 100755 --- a/ipa +++ b/ipa @@ -24,8 +24,7 @@ Command Line Interface for IPA administration. The CLI functionality is implemented in ipalib/cli.py """ - -from ipalib import api, cli +from ipaclient.__main__ import main if __name__ == '__main__': -cli.run(api) +main() diff --git a/ipaclient/__main__.py b/ipaclient/__main__.py new file mode 100644 index 000..65c706f --- /dev/null +++ b/ipaclient/__main__.py @@ -0,0 +1,15 @@ +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +""" +Command Line Interface for IPA administration. + +The CLI functionality is implemented in ipalib/cli.py +""" +from ipalib import api, cli + + +def main(): +cli.run(api) + + +if __name__ == '__main__': +main() diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..ccb5396 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -31,7 +31,6 @@ ipasetup( name="ipaclient", doc=__doc__, -scripts=['../ipa'], package_dir={'ipaclient': ''}, packages=[ "ipaclient", @@ -60,6 +59,11 @@ "qrcode", "six", ], +entry_points={ +'console_scripts': [ +'ipa = ipaclient.__main__:main' +] +}, extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["yubico", "usb"] -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS tiran commented: """ @neffs thanks David. Please squash your commits into a single commit (```git rebase -i @~3``` and use fixup on the 2nd and 3rd commit, then git push --force). """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292534577 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#700][opened] Use entry_points for ipa CLI
URL: https://github.com/freeipa/freeipa/pull/700 Author: tiran Title: #700: Use entry_points for ipa CLI Action: opened PR body: """ Fix problem with hard-coded shebang in ipa command line tool by using a proper setuptools entry point for the console script. ipaclient is now an executable Python package, too. ``` $ python -m ipaclient ping ``` is equivalent to ``` $ ipa ping ``` Related: https://pagure.io/freeipa/issue/6653 Closes: https://pagure.io/freeipa/issue/6850 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/700/head:pr700 git checkout pr700 From 796f70ca60fd3067d2e0cd3cc508512db9a0c658 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Fri, 7 Apr 2017 15:03:08 +0200 Subject: [PATCH] Use entry_points for ipa CLI Fix problem with hard-coded shebang in ipa command line tool by using a proper setuptools entry point for the console script. ipaclient is now an executable Python package, too. ``` $ python -m ipaclient ping ``` is equivalent to ``` $ ipa ping ``` Related: https://pagure.io/freeipa/issue/6653 Closes: https://pagure.io/freeipa/issue/6850 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipa | 5 ++--- ipaclient/__main__.py | 15 +++ ipaclient/setup.py| 6 +- 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 ipaclient/__main__.py diff --git a/ipa b/ipa index 9ef3568..d6e01a2 100755 --- a/ipa +++ b/ipa @@ -24,8 +24,7 @@ Command Line Interface for IPA administration. The CLI functionality is implemented in ipalib/cli.py """ - -from ipalib import api, cli +from ipaclient.__main__ import main if __name__ == '__main__': -cli.run(api) +main() diff --git a/ipaclient/__main__.py b/ipaclient/__main__.py new file mode 100644 index 000..513de7d --- /dev/null +++ b/ipaclient/__main__.py @@ -0,0 +1,15 @@ +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +""" +Command Line Interface for IPA administration. + +The CLI functionality is implemented in ipalib/cli.py +""" +from ipalib import api, cli + + +def main(): +cli.run(api) + + +if __name__ == '__main__': +main() \ No newline at end of file diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..ccb5396 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -31,7 +31,6 @@ ipasetup( name="ipaclient", doc=__doc__, -scripts=['../ipa'], package_dir={'ipaclient': ''}, packages=[ "ipaclient", @@ -60,6 +59,11 @@ "qrcode", "six", ], +entry_points={ +'console_scripts': [ +'ipa = ipaclient.__main__:main' +] +}, extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["yubico", "usb"] -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation
URL: https://github.com/freeipa/freeipa/pull/697 Title: #697: Create system users for FreeIPA services during package installation tiran commented: """ Originally I used a similar approach for the kdcproxy user based on the snippet https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation . You changed it in ticket https://pagure.io/freeipa/issue/5314 because the approach violates packaging guidelines. """ See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292464389 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 9c9b0f2891c021aadac38824d3bea2862830f85a Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 54 7 files changed, 218 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 6f90b92ac55f32a1a028ffe0faffde21faab8544 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 5 +-- pypi/test_placeholder.py | 47 tox.ini | 54 7 files changed, 218 insertions(+), 7 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle
[Freeipa-devel] [freeipa PR#671][edited] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: edited Changed field: body Original value: """ * Remove unused install requires * Correct dependencies for yubico otptoken * Properly report optional dependency for yubico otptoken * Make jinja2 an optional dependency and csrgen an optional plugin Signed-off-by: Christian Heimes <chei...@redhat.com> """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][synchronized] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From b12cb1e72769d43cbe09a77ec79b9b1267e5004c Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 29 Mar 2017 11:20:21 +0200 Subject: [PATCH] Slim down dependencies * Remove unused install requires * Correct dependencies for yubico otptoken * Properly report optional dependency for yubico otptoken * Make jinja2 an optional dependency and csrgen an optional plugin * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/plugins/csrgen.py | 10 -- ipaclient/plugins/otptoken_yubikey.py | 11 --- ipaclient/setup.py| 6 ++ ipapython/setup.py| 6 ++ ipaserver/setup.py| 3 ++- ipasetup.py.in| 15 +++ ipatests/setup.py | 3 ++- 7 files changed, 35 insertions(+), 19 deletions(-) diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py index 568a79f..d18a90c 100644 --- a/ipaclient/plugins/csrgen.py +++ b/ipaclient/plugins/csrgen.py @@ -6,8 +6,6 @@ import six -from ipaclient import csrgen -from ipaclient import csrgen_ffi from ipalib import api from ipalib import errors from ipalib import output @@ -18,6 +16,14 @@ from ipalib.text import _ from ipapython import dogtag +try: +import jinja2 # pylint: disable=unused-import +except ImportError: +raise errors.SkipPluginModule(reason=_("jinja2 is not installed.")) +else: +from ipaclient import csrgen +from ipaclient import csrgen_ffi + if six.PY3: unicode = str diff --git a/ipaclient/plugins/otptoken_yubikey.py b/ipaclient/plugins/otptoken_yubikey.py index 759b722..9993ec8 100644 --- a/ipaclient/plugins/otptoken_yubikey.py +++ b/ipaclient/plugins/otptoken_yubikey.py @@ -20,15 +20,20 @@ import os import six -import usb.core -import yubico from ipalib import _, api, IntEnum -from ipalib.errors import NotFound +from ipalib.errors import NotFound, SkipPluginModule from ipalib.frontend import Command, Method, Object from ipalib.plugable import Registry from ipalib.util import classproperty +try: +import usb.core +import yubico +except ImportError: +# python-yubico depends on pyusb +raise SkipPluginModule(reason=_("python-yubico is not installed.")) + if six.PY3: unicode = str diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..43e1164 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -54,15 +54,13 @@ "cryptography", "ipalib", "ipapython", -"jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], +"csrgen": ["cffi", "jinja2"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index f4bc3f8..4f71530 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,16 +41,14 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency -"pyldap", "netaddr", "netifaces", -"requests", "six", ], extras_require={ -":python_version<'3'": ["enum34"], +":python_version<'3'": ["enum34", "python-ldap"], +":python_version>='3'": ["pyldap"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 097508f..307e7a8 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -58,7 +58,6 @@ "lxml", "netaddr", "pyasn1", -"pyldap", "six", ], entry_points={ @@ -70,6 +69,8 @@ ], }, extras_require={ +":python_version<'3'": ["python-ldap"], +":python_version>='3'": ["pyldap"
[Freeipa-devel] [freeipa PR#671][edited] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: edited Changed field: title Original value: """ [WIP] Slim down dependencies """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#686][synchronized] Stabilize make pypi_packages
URL: https://github.com/freeipa/freeipa/pull/686 Author: tiran Title: #686: Stabilize make pypi_packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/686/head:pr686 git checkout pr686 From b166396212a0e5505e2c10213368ca6cb98878e6 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 3 Apr 2017 13:35:58 +0200 Subject: [PATCH] Stabilize make pypi_packages Parallel make or flags like IPA_OMIT_INSTALL and IPA_SERVER_WHEELS could like to bad packages for PyPI. Only build the packages we want with correct flags. Placeholder packages from 'make pypi_package' conflict with 'make wheel_bundle' packages. Use a separate destination directory for PyPI packages. Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1989b19..ab69f49 100644 --- a/Makefile.am +++ b/Makefile.am @@ -254,6 +254,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels +WHEELPYPIDIR = $(top_builddir)/dist/pypi WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1) @@ -273,6 +274,9 @@ $(WHEELDISTDIR): $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) +$(WHEELPYPIDIR): + mkdir -p $(WHEELPYPIDIR) + bdist_wheel: $(WHEELDISTDIR) rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELDISTDIR)/$(item)-*.whl) export IPA_OMIT_INSTALL=$(IPA_OMIT_INSTALL); \ @@ -291,14 +295,20 @@ wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints --wheel-dir $(WHEELBUNDLEDIR) \ $(IPA_WHEEL_PACKAGES) $(IPA_EXTRA_WHEELS) -wheel_placeholder: $(WHEELDISTDIR) +pypi_packages: $(WHEELPYPIDIR) .wheelconstraints + rm -f $(WHEELPYPIDIR)/* + for dir in $(IPACLIENT_SUBDIRS); do \ + $(MAKE) $(AM_MAKEFLAGS) \ + IPA_OMIT_INSTALL=1 WHEELDISTDIR=$(abspath $(WHEELPYPIDIR)) \ + -C $${dir} bdist_wheel || exit 1; \ + done for dir in $(IPA_PLACEHOLDERS); do \ - $(MAKE) $(AM_MAKEFLAGS) -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ + $(MAKE) $(AM_MAKEFLAGS) \ + IPA_OMIT_INSTALL=1 WHEELDISTDIR=$(abspath $(WHEELPYPIDIR)) \ + -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ done - -pypi_packages: bdist_wheel wheel_placeholder @echo -e "\n\nTo upload packages to PyPI, run:\n" - @echo -e "twine upload $(WHEELDISTDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" + @echo -e "twine upload $(WHEELPYPIDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" .PHONY: strip-po: -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From a65d13d3640d5dd6500244208de81f18fc779b84 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 5 +-- pypi/test_placeholder.py | 47 tox.ini | 54 7 files changed, 218 insertions(+), 7 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 372e263ea0082367ddb3251b183275850e277317 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH 1/2] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 5 +-- pypi/test_placeholder.py | 47 tox.ini | 54 7 files changed, 218 insertions(+), 7 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..4c825cc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle
[Freeipa-devel] [freeipa PR#618][edited] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: edited Changed field: body Original value: """ Depends on PR #613 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#686][synchronized] Stabilize make pypi_packages
URL: https://github.com/freeipa/freeipa/pull/686 Author: tiran Title: #686: Stabilize make pypi_packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/686/head:pr686 git checkout pr686 From f65a36954f261c4c02a2de2232e7f83a72b6e86a Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 3 Apr 2017 13:35:58 +0200 Subject: [PATCH] Stabilize make pypi_packages Parallel make or flags like IPA_OMIT_INSTALL and IPA_SERVER_WHEELS could like to bad packages for PyPI. Only build the packages we want with correct flags. Placeholder packages from 'make pypi_package' conflict with 'make wheel_bundle' packages. Use a separate destination directory for PyPI packages. Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1989b19..e93ceac 100644 --- a/Makefile.am +++ b/Makefile.am @@ -254,6 +254,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels +WHEELPYPIDIR = $(top_builddir)/dist/pypi WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1) @@ -273,6 +274,9 @@ $(WHEELDISTDIR): $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) +$(WHEELPYPIDIR): + mkdir -p $(WHEELPYPIDIR) + bdist_wheel: $(WHEELDISTDIR) rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELDISTDIR)/$(item)-*.whl) export IPA_OMIT_INSTALL=$(IPA_OMIT_INSTALL); \ @@ -291,14 +295,20 @@ wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints --wheel-dir $(WHEELBUNDLEDIR) \ $(IPA_WHEEL_PACKAGES) $(IPA_EXTRA_WHEELS) -wheel_placeholder: $(WHEELDISTDIR) +pypi_packages: $(WHEELPYPIDIR) .wheelconstraints + rm -f $(WHEELPYPIDIR)/* + for dir in $(IPACLIENT_SUBDIRS); do \ + $(MAKE) $(AM_MAKEFLAGS) \ + IPA_OMIT_INSTALL=1 WHEELDISTDIR=$(abspath $(WHEELPYPIDIR)) \ + -C $${dir} bdist_wheel || exit 1; \ + done for dir in $(IPA_PLACEHOLDERS); do \ - $(MAKE) $(AM_MAKEFLAGS) -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ + $(MAKE) $(AM_MAKEFLAGS) \ + IPA_OMIT_INSTALL=1 WHEELDISTDIR=$(abspath $(WHEELPYPIDIR)) \ + -C $${dir} bdist_wheel || exit 1; \ done - -pypi_packages: bdist_wheel wheel_placeholder @echo -e "\n\nTo upload packages to PyPI, run:\n" - @echo -e "twine upload $(WHEELDISTDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" + @echo -e "twine upload $(WHEELPYPIDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" .PHONY: strip-po: -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#686][synchronized] Stablize make pypi_packages
URL: https://github.com/freeipa/freeipa/pull/686 Author: tiran Title: #686: Stablize make pypi_packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/686/head:pr686 git checkout pr686 From cbd52465cace7e50d0da1073490e6eb1a127306c Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 3 Apr 2017 13:35:58 +0200 Subject: [PATCH] Stabilize make pypi_packages Parallel make or flags like IPA_OMIT_INSTALL and IPA_SERVER_WHEELS could like to bad packages for PyPI. Only build the packages we want with correct flags. Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1989b19..e201663 100644 --- a/Makefile.am +++ b/Makefile.am @@ -252,7 +252,7 @@ jslint-html: jsl -nologo -nosummary -nofilelisting -conf jsl.conf endif # WITH_JSLINT -.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages +.PHONY: bdist_wheel wheel_bundle pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @@ -291,12 +291,15 @@ wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints --wheel-dir $(WHEELBUNDLEDIR) \ $(IPA_WHEEL_PACKAGES) $(IPA_EXTRA_WHEELS) -wheel_placeholder: $(WHEELDISTDIR) +pypi_packages: $(WHEELDISTDIR) + rm -f $(WHEELBUNDLEDIR)/* + export IPA_OMIT_INSTALL=1; \ + for dir in $(IPACLIENT_SUBDIRS); do \ + $(MAKE) $(AM_MAKEFLAGS) -C $${dir} bdist_wheel || exit 1; \ + done; \ for dir in $(IPA_PLACEHOLDERS); do \ $(MAKE) $(AM_MAKEFLAGS) -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ done - -pypi_packages: bdist_wheel wheel_placeholder @echo -e "\n\nTo upload packages to PyPI, run:\n" @echo -e "twine upload $(WHEELDISTDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#686][edited] Stablize make pypi_packages
URL: https://github.com/freeipa/freeipa/pull/686 Author: tiran Title: #686: Stablize make pypi_packages Action: edited Changed field: title Original value: """ Stablize make pypi_packages """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][edited] [WIP] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: [WIP] Tox testing support for client wheel packages Action: edited Changed field: title Original value: """ [WIP] Tox testing support for client wheel packages """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#686][opened] Stablize make pypi_packages
URL: https://github.com/freeipa/freeipa/pull/686 Author: tiran Title: #686: Stablize make pypi_packages Action: opened PR body: """ Parallel make or flags like IPA_OMIT_INSTALL and IPA_SERVER_WHEELS could like to bad packages for PyPI. Only build the packages we want with correct flags. Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/686/head:pr686 git checkout pr686 From c74930e6aa97604b9fcd08456b41b5be73310b15 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 3 Apr 2017 13:35:58 +0200 Subject: [PATCH] Stablize make pypi_packages Parallel make or flags like IPA_OMIT_INSTALL and IPA_SERVER_WHEELS could like to bad packages for PyPI. Only build the packages we want with correct flags. Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1989b19..e201663 100644 --- a/Makefile.am +++ b/Makefile.am @@ -252,7 +252,7 @@ jslint-html: jsl -nologo -nosummary -nofilelisting -conf jsl.conf endif # WITH_JSLINT -.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages +.PHONY: bdist_wheel wheel_bundle pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @@ -291,12 +291,15 @@ wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints --wheel-dir $(WHEELBUNDLEDIR) \ $(IPA_WHEEL_PACKAGES) $(IPA_EXTRA_WHEELS) -wheel_placeholder: $(WHEELDISTDIR) +pypi_packages: $(WHEELDISTDIR) + rm -f $(WHEELBUNDLEDIR)/* + export IPA_OMIT_INSTALL=1; \ + for dir in $(IPACLIENT_SUBDIRS); do \ + $(MAKE) $(AM_MAKEFLAGS) -C $${dir} bdist_wheel || exit 1; \ + done; \ for dir in $(IPA_PLACEHOLDERS); do \ $(MAKE) $(AM_MAKEFLAGS) -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ done - -pypi_packages: bdist_wheel wheel_placeholder @echo -e "\n\nTo upload packages to PyPI, run:\n" @echo -e "twine upload $(WHEELDISTDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] [WIP] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: [WIP] Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 5a5c840bc994a3e217e22f4ff01eee7f3fe300ab Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 64 Makefile.am | 2 ++ configure.ac | 1 + ipatests/conftest.py | 5 ++-- tox.ini | 38 +++ 6 files changed, 110 insertions(+), 2 deletions(-) create mode 100755 .tox-install.sh create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..9747d14 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,64 @@ +#!/bin/bash +set -ex + +ENVPYTHON="$1" +ENVSITEPACKAGESDIR="$2" +# 3...end are package requirements +shift 2 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd diff --git a/Makefile.am b/Makefile.am index 1989b19..ff3ce2a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ diff --git a/configure.ac b/configure.ac index 8f8751a..68601de 100644 --- a/configure.ac +++ b/configure.ac @@ -276,6 +276,7 @@ AC_CONFIG_COMMANDS([po/POTFILES.in], -path "./${PACKAGE}-*" -prune -o dnl dist directories -path '*/build' -prune -o dnl Python builds -path '*/dist' -prune -o dnl Python dists + -path './.tox' -prune -o dnl Python tox test -path './conf*' -prune -o dnl generated by configure -name '*.py' -print -o dnl -name '*.c' -print -o dnl diff --git a/ipatests/conftest.py b/ipatests/conftest.py index 61e889d..ab17575 100644 --- a/ipatests/conftest.py +++ b/ipatests/conftest.py @@ -52,7 +52,9 @@ 'ipaserver/build', 'ipatests/build', # install/share/wsgi.py -'install/share' +'install/share', +# integration plugin imports from ipaplatform +'ipatests/pytest_plugins', ] @@ -100,7 +102,6 @@ def pytest_cmdline_main(config): ) for klass in cli_plugins: api.add_plugin(klass) - # XXX workaround until https://fedorahosted.org/freeipa/ticket/6408 has # been resolved. if ipaserver is not None: diff --git a/tox.ini b/tox.ini new file mode 100644 index 000..18331af --- /dev/null +++ b/tox.ini @@ -0,0 +1,38 @@ +[tox] +minversion=2.3.1 +envlist=py27,py35,
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/397/head:pr397 git checkout pr397 From 5420e9cfbe7803808b6e26d2dae64f2a6a50149a Mon Sep 17 00:00:00 2001 From: Ben Lipton <blip...@redhat.com> Date: Tue, 21 Mar 2017 12:21:30 -0400 Subject: [PATCH 1/8] csrgen: Remove helper abstraction All requests now use the OpenSSL formatter. However, we keep Formatter a separate class so that it can be changed out for tests. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jchol...@redhat.com> --- ipaclient/csrgen.py| 71 ++-- ipaclient/csrgen/rules/dataDNS.json| 13 +-- ipaclient/csrgen/rules/dataEmail.json | 13 +-- ipaclient/csrgen/rules/dataHostCN.json | 13 +-- ipaclient/csrgen/rules/dataSubjectBase.json| 13 +-- ipaclient/csrgen/rules/dataUsernameCN.json | 13 +-- ipaclient/csrgen/rules/syntaxSAN.json | 19 ++--- ipaclient/csrgen/rules/syntaxSubject.json | 13 +-- ipaclient/csrgen/templates/certutil_base.tmpl | 11 --- ipaclient/plugins/csrgen.py| 2 +- .../data/test_csrgen/configs/caIPAserviceCert.conf | 34 .../data/test_csrgen/configs/userCert.conf | 34 .../data/test_csrgen/rules/basic.json | 13 +-- .../data/test_csrgen/rules/options.json| 18 +--- .../scripts/caIPAserviceCert_certutil.sh | 11 --- .../scripts/caIPAserviceCert_openssl.sh| 34 .../data/test_csrgen/scripts/userCert_certutil.sh | 11 --- .../data/test_csrgen/scripts/userCert_openssl.sh | 34 ipatests/test_ipaclient/test_csrgen.py | 98 +- 19 files changed, 145 insertions(+), 323 deletions(-) delete mode 100644 ipaclient/csrgen/templates/certutil_base.tmpl create mode 100644 ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf create mode 100644 ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_certutil.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_openssl.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_certutil.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_openssl.sh diff --git a/ipaclient/csrgen.py b/ipaclient/csrgen.py index 8fb0b32..8ca0722 100644 --- a/ipaclient/csrgen.py +++ b/ipaclient/csrgen.py @@ -244,13 +244,6 @@ def _prepare_syntax_rule( return self.SyntaxRule(prepared_template, is_extension) -class CertutilFormatter(Formatter): -base_template_name = 'certutil_base.tmpl' - -def _get_template_params(self, syntax_rules): -return {'options': syntax_rules} - - class FieldMapping(object): """Representation of the rules needed to construct a complete cert field. @@ -279,13 +272,11 @@ def __init__(self, name, template, options): class RuleProvider(object): -def rules_for_profile(self, profile_id, helper): +def rules_for_profile(self, profile_id): """ Return the rules needed to build a CSR using the given profile. :param profile_id: str, name of the CSR generation profile to use -:param helper: str, name of tool (e.g. openssl, certutil) that will be -used to create CSR :returns: list of FieldMapping, filled out with the appropriate rules """ @@ -321,40 +312,31 @@ def _open(self, subdir, filename): ) ) -def _rule(self, rule_name, helper): -if (rule_name, helper) not in self.rules: +def _rule(self, rule_name): +if rule_name not in self.rules: try: with self._open('rules', '%s.json' % rule_name) as f: -ruleset = json.load(f) +ruleconf = json.load(f) except IOError: raise errors.NotFound( -reason=_('Ruleset %(ruleset)s does not exist.') % -{'ruleset': rule_name}) +reason=_('No generation rule %(rulename)s found.') % +{'rulename': rule_name}) -matching_rules = [r for r in ruleset['rules'] - if r['helper'] == helper] -if len(matching_rules) == 0: +try: +rule = ruleconf['rule'] +except KeyError: raise errors.EmptyResult( -reason=_('No transformation in "%(ruleset)s" rule supports' - ' helper "%(helper)s"') % -
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ Sigh, I got it. """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-291091639 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/397/head:pr397 git checkout pr397 From 5420e9cfbe7803808b6e26d2dae64f2a6a50149a Mon Sep 17 00:00:00 2001 From: Ben Lipton <blip...@redhat.com> Date: Tue, 21 Mar 2017 12:21:30 -0400 Subject: [PATCH 1/8] csrgen: Remove helper abstraction All requests now use the OpenSSL formatter. However, we keep Formatter a separate class so that it can be changed out for tests. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jchol...@redhat.com> --- ipaclient/csrgen.py| 71 ++-- ipaclient/csrgen/rules/dataDNS.json| 13 +-- ipaclient/csrgen/rules/dataEmail.json | 13 +-- ipaclient/csrgen/rules/dataHostCN.json | 13 +-- ipaclient/csrgen/rules/dataSubjectBase.json| 13 +-- ipaclient/csrgen/rules/dataUsernameCN.json | 13 +-- ipaclient/csrgen/rules/syntaxSAN.json | 19 ++--- ipaclient/csrgen/rules/syntaxSubject.json | 13 +-- ipaclient/csrgen/templates/certutil_base.tmpl | 11 --- ipaclient/plugins/csrgen.py| 2 +- .../data/test_csrgen/configs/caIPAserviceCert.conf | 34 .../data/test_csrgen/configs/userCert.conf | 34 .../data/test_csrgen/rules/basic.json | 13 +-- .../data/test_csrgen/rules/options.json| 18 +--- .../scripts/caIPAserviceCert_certutil.sh | 11 --- .../scripts/caIPAserviceCert_openssl.sh| 34 .../data/test_csrgen/scripts/userCert_certutil.sh | 11 --- .../data/test_csrgen/scripts/userCert_openssl.sh | 34 ipatests/test_ipaclient/test_csrgen.py | 98 +- 19 files changed, 145 insertions(+), 323 deletions(-) delete mode 100644 ipaclient/csrgen/templates/certutil_base.tmpl create mode 100644 ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf create mode 100644 ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_certutil.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_openssl.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_certutil.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_openssl.sh diff --git a/ipaclient/csrgen.py b/ipaclient/csrgen.py index 8fb0b32..8ca0722 100644 --- a/ipaclient/csrgen.py +++ b/ipaclient/csrgen.py @@ -244,13 +244,6 @@ def _prepare_syntax_rule( return self.SyntaxRule(prepared_template, is_extension) -class CertutilFormatter(Formatter): -base_template_name = 'certutil_base.tmpl' - -def _get_template_params(self, syntax_rules): -return {'options': syntax_rules} - - class FieldMapping(object): """Representation of the rules needed to construct a complete cert field. @@ -279,13 +272,11 @@ def __init__(self, name, template, options): class RuleProvider(object): -def rules_for_profile(self, profile_id, helper): +def rules_for_profile(self, profile_id): """ Return the rules needed to build a CSR using the given profile. :param profile_id: str, name of the CSR generation profile to use -:param helper: str, name of tool (e.g. openssl, certutil) that will be -used to create CSR :returns: list of FieldMapping, filled out with the appropriate rules """ @@ -321,40 +312,31 @@ def _open(self, subdir, filename): ) ) -def _rule(self, rule_name, helper): -if (rule_name, helper) not in self.rules: +def _rule(self, rule_name): +if rule_name not in self.rules: try: with self._open('rules', '%s.json' % rule_name) as f: -ruleset = json.load(f) +ruleconf = json.load(f) except IOError: raise errors.NotFound( -reason=_('Ruleset %(ruleset)s does not exist.') % -{'ruleset': rule_name}) +reason=_('No generation rule %(rulename)s found.') % +{'rulename': rule_name}) -matching_rules = [r for r in ruleset['rules'] - if r['helper'] == helper] -if len(matching_rules) == 0: +try: +rule = ruleconf['rule'] +except KeyError: raise errors.EmptyResult( -reason=_('No transformation in "%(ruleset)s" rule supports' - ' helper "%(helper)s"') % -
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/397/head:pr397 git checkout pr397 From 5420e9cfbe7803808b6e26d2dae64f2a6a50149a Mon Sep 17 00:00:00 2001 From: Ben Lipton <blip...@redhat.com> Date: Tue, 21 Mar 2017 12:21:30 -0400 Subject: [PATCH 1/8] csrgen: Remove helper abstraction All requests now use the OpenSSL formatter. However, we keep Formatter a separate class so that it can be changed out for tests. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jchol...@redhat.com> --- ipaclient/csrgen.py| 71 ++-- ipaclient/csrgen/rules/dataDNS.json| 13 +-- ipaclient/csrgen/rules/dataEmail.json | 13 +-- ipaclient/csrgen/rules/dataHostCN.json | 13 +-- ipaclient/csrgen/rules/dataSubjectBase.json| 13 +-- ipaclient/csrgen/rules/dataUsernameCN.json | 13 +-- ipaclient/csrgen/rules/syntaxSAN.json | 19 ++--- ipaclient/csrgen/rules/syntaxSubject.json | 13 +-- ipaclient/csrgen/templates/certutil_base.tmpl | 11 --- ipaclient/plugins/csrgen.py| 2 +- .../data/test_csrgen/configs/caIPAserviceCert.conf | 34 .../data/test_csrgen/configs/userCert.conf | 34 .../data/test_csrgen/rules/basic.json | 13 +-- .../data/test_csrgen/rules/options.json| 18 +--- .../scripts/caIPAserviceCert_certutil.sh | 11 --- .../scripts/caIPAserviceCert_openssl.sh| 34 .../data/test_csrgen/scripts/userCert_certutil.sh | 11 --- .../data/test_csrgen/scripts/userCert_openssl.sh | 34 ipatests/test_ipaclient/test_csrgen.py | 98 +- 19 files changed, 145 insertions(+), 323 deletions(-) delete mode 100644 ipaclient/csrgen/templates/certutil_base.tmpl create mode 100644 ipatests/test_ipaclient/data/test_csrgen/configs/caIPAserviceCert.conf create mode 100644 ipatests/test_ipaclient/data/test_csrgen/configs/userCert.conf delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_certutil.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_openssl.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_certutil.sh delete mode 100644 ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_openssl.sh diff --git a/ipaclient/csrgen.py b/ipaclient/csrgen.py index 8fb0b32..8ca0722 100644 --- a/ipaclient/csrgen.py +++ b/ipaclient/csrgen.py @@ -244,13 +244,6 @@ def _prepare_syntax_rule( return self.SyntaxRule(prepared_template, is_extension) -class CertutilFormatter(Formatter): -base_template_name = 'certutil_base.tmpl' - -def _get_template_params(self, syntax_rules): -return {'options': syntax_rules} - - class FieldMapping(object): """Representation of the rules needed to construct a complete cert field. @@ -279,13 +272,11 @@ def __init__(self, name, template, options): class RuleProvider(object): -def rules_for_profile(self, profile_id, helper): +def rules_for_profile(self, profile_id): """ Return the rules needed to build a CSR using the given profile. :param profile_id: str, name of the CSR generation profile to use -:param helper: str, name of tool (e.g. openssl, certutil) that will be -used to create CSR :returns: list of FieldMapping, filled out with the appropriate rules """ @@ -321,40 +312,31 @@ def _open(self, subdir, filename): ) ) -def _rule(self, rule_name, helper): -if (rule_name, helper) not in self.rules: +def _rule(self, rule_name): +if rule_name not in self.rules: try: with self._open('rules', '%s.json' % rule_name) as f: -ruleset = json.load(f) +ruleconf = json.load(f) except IOError: raise errors.NotFound( -reason=_('Ruleset %(ruleset)s does not exist.') % -{'ruleset': rule_name}) +reason=_('No generation rule %(rulename)s found.') % +{'rulename': rule_name}) -matching_rules = [r for r in ruleset['rules'] - if r['helper'] == helper] -if len(matching_rules) == 0: +try: +rule = ruleconf['rule'] +except KeyError: raise errors.EmptyResult( -reason=_('No transformation in "%(ruleset)s" rule supports' - ' helper "%(helper)s"') % -
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/397/head:pr397 git checkout pr397 From 6419040e0bcf726232f30c4020fbea9bb9e10376 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 17 Jan 2017 08:49:54 +0100 Subject: [PATCH 1/3] Conditionally import pyhbac The pyhbac module is part of SSSD. It's not available as stand-alone PyPI package. It would take a lot of effort to package it because the code is deeply tight into SSSD. Let's follow the example of other SSSD Python packages and make the import of pyhbac conditionally. It's only necessary for caacl and hbactest plugins. I renamed convert_to_ipa_rule() to _convert_to_ipa_rule() because it does not check for presence of pyhbac package itself. The check is performed earlier in execute(). The prefix indicates that it is an internal function and developers have to think twice before using it in another place. This makes it much easier to install ipaserver with instrumented build of Python with a different ABI or in isolated virtual envs to profile and debug the server. Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaserver/plugins/caacl.py| 86 - ipaserver/plugins/cert.py | 90 ++- ipaserver/plugins/hbactest.py | 19 +++-- 3 files changed, 105 insertions(+), 90 deletions(-) diff --git a/ipaserver/plugins/caacl.py b/ipaserver/plugins/caacl.py index ff1178a..43a397d 100644 --- a/ipaserver/plugins/caacl.py +++ b/ipaserver/plugins/caacl.py @@ -2,12 +2,10 @@ # Copyright (C) 2015 FreeIPA Contributors see COPYING for license # -import pyhbac import six from ipalib import api, errors, output from ipalib import Bool, Str, StrEnum -from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry from .baseldap import ( LDAPObject, LDAPSearch, LDAPCreate, LDAPDelete, LDAPQuery, @@ -80,90 +78,6 @@ register = Registry() -def _acl_make_request(principal_type, principal, ca_id, profile_id): -"""Construct HBAC request for the given principal, CA and profile""" - -req = pyhbac.HbacRequest() -req.targethost.name = ca_id -req.service.name = profile_id -if principal_type == 'user': -req.user.name = principal.username -elif principal_type == 'host': -req.user.name = principal.hostname -elif principal_type == 'service': -req.user.name = unicode(principal) -groups = [] -if principal_type == 'user': -user_obj = api.Command.user_show(principal.username)['result'] -groups = user_obj.get('memberof_group', []) -groups += user_obj.get('memberofindirect_group', []) -elif principal_type == 'host': -host_obj = api.Command.host_show(principal.hostname)['result'] -groups = host_obj.get('memberof_hostgroup', []) -groups += host_obj.get('memberofindirect_hostgroup', []) -req.user.groups = sorted(set(groups)) -return req - - -def _acl_make_rule(principal_type, obj): -"""Turn CA ACL object into HBAC rule. - -``principal_type`` -String in {'user', 'host', 'service'} -""" -rule = pyhbac.HbacRule(obj['cn'][0]) -rule.enabled = obj['ipaenabledflag'][0] -rule.srchosts.category = {pyhbac.HBAC_CATEGORY_ALL} - -# add CA(s) -if 'ipacacategory' in obj and obj['ipacacategory'][0].lower() == 'all': -rule.targethosts.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -# For compatibility with pre-lightweight-CAs CA ACLs, -# no CA members implies the host authority (only) -rule.targethosts.names = obj.get('ipamemberca_ca', [IPA_CA_CN]) - -# add profiles -if ('ipacertprofilecategory' in obj -and obj['ipacertprofilecategory'][0].lower() == 'all'): -rule.services.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -attr = 'ipamembercertprofile_certprofile' -rule.services.names = obj.get(attr, []) - -# add principals and principal's groups -category_attr = '{}category'.format(principal_type) -if category_attr in obj and obj[category_attr][0].lower() == 'all': -rule.users.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -if principal_type == 'user': -rule.users.names = obj.get('memberuser_user', []) -rule.users.groups = obj.get('memberuser_group', []) -elif principal_type == 'host': -rule.users.names = obj.get('memberhost_host', []) -rule.users.groups = obj.get('memberhost_hostgroup', []) -elif principal_type == 'service': -rule.users.names = [ -unicode(principal) -for principal i
[Freeipa-devel] [freeipa PR#671][synchronized] [WIP] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: [WIP] Slim down dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From d9906d9e3fd5023ecd577bcac8b55ea9966028ab Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 29 Mar 2017 11:20:21 +0200 Subject: [PATCH] Slim down dependencies * Remove unused install requires * Correct dependencies for yubico otptoken * Properly report optional dependency for yubico otptoken * Make jinja2 an optional dependency and csrgen an optional plugin Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/plugins/csrgen.py | 8 +++- ipaclient/plugins/otptoken_yubikey.py | 11 --- ipaclient/setup.py| 6 ++ ipapython/setup.py| 2 -- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py index a0d99ef..0a9ede1 100644 --- a/ipaclient/plugins/csrgen.py +++ b/ipaclient/plugins/csrgen.py @@ -4,7 +4,6 @@ import six -from ipaclient.csrgen import CSRGenerator, FileRuleProvider from ipalib import api from ipalib import errors from ipalib import output @@ -15,6 +14,13 @@ from ipalib.text import _ from ipapython import dogtag +try: +import jinja2 # pylint: disable=unused-import +except ImportError: +raise errors.SkipPluginModule(reason=_("jinja2 is not installed.")) +else: +from ipaclient.csrgen import CSRGenerator, FileRuleProvider + if six.PY3: unicode = str diff --git a/ipaclient/plugins/otptoken_yubikey.py b/ipaclient/plugins/otptoken_yubikey.py index 759b722..9993ec8 100644 --- a/ipaclient/plugins/otptoken_yubikey.py +++ b/ipaclient/plugins/otptoken_yubikey.py @@ -20,15 +20,20 @@ import os import six -import usb.core -import yubico from ipalib import _, api, IntEnum -from ipalib.errors import NotFound +from ipalib.errors import NotFound, SkipPluginModule from ipalib.frontend import Command, Method, Object from ipalib.plugable import Registry from ipalib.util import classproperty +try: +import usb.core +import yubico +except ImportError: +# python-yubico depends on pyusb +raise SkipPluginModule(reason=_("python-yubico is not installed.")) + if six.PY3: unicode = str diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..5b02341 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -54,15 +54,13 @@ "cryptography", "ipalib", "ipapython", -"jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], +"csrgen": ["jinja2"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index f4bc3f8..650528e 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,12 +41,10 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency "pyldap", "netaddr", "netifaces", -"requests", "six", ], extras_require={ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#681][comment] Fix ipadiscovery
URL: https://github.com/freeipa/freeipa/pull/681 Title: #681: Fix ipadiscovery tiran commented: """ You can simplify your code a lot with the operator module and sorted(key) trick: https://docs.python.org/3/library/operator.html#operator.attrgetter https://docs.python.org/3/library/functions.html#sorted ``` import operator ``` ``` answers = resolver.query(qname, rdatatype.SRV) answers = sorted(answer, key=operator.attrgetter('priority')) ``` Please squash your changes into one commit. """ See the full comment at https://github.com/freeipa/freeipa/pull/681#issuecomment-291045102 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] [WIP] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: [WIP] Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 3b4c9f34c7c5617e2f6dcaac9501072a9fc2880c Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 72 Makefile.am | 14 +++--- configure.ac | 1 + ipatests/conftest.py | 5 ++-- tox.ini | 38 +++ 6 files changed, 126 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..ab4a4c5 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,72 @@ +#!/bin/bash +set -x + +PYTHON="$1" +ENVSITEPACKAGESDIR="$2" +# 3...end are package requirements +shift 2 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${PYTHON}" ]; then +echo "${PYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +PYTHON="${PYTHON}" \ +IPA_EXTRA_SUBDIRS="ipatests" \ +wheel_bundle + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# build additional wheels, e.g. pylint +$PYTHON -m pip wheel \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +--wheel-dir "${DISTBUNDLE}" \ +$@ + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$PYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd diff --git a/Makefile.am b/Makefile.am index efa8b73..d1bb12c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -252,7 +254,10 @@ jslint-html: jsl -nologo -nosummary -nofilelisting -conf jsl.conf endif # WITH_JSLINT -.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages +# Python wheels +# IPA_EXTRA_SUBDIRS: extra subdirs to build wheels (e.g. ipatests) + +.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @@ -263,19 +268,20 @@ $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) bdist_wheel: $(WHEELDISTDIR) - for dir in $(IPACLIENT_SUBDIRS); do \ + rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELDISTDIR)/$(item)-*.whl) + for dir in $(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS); do \ $(MAKE) $(AM_MAKEFLAGS) -C $${dir} $@ || exit 1; \ done wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints - rm -f $(foreach item,$(IPACLIENT_SUBDIRS),$(WHEELBUNDLEDIR)/$(item)-*.whl) + rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELBUNDLEDIR)/$(i
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ @MartinBasti ```dbus-devel``` is in the ```with_wheels``` section. Documentation is part of https://pagure.io/freeipa/issue/6842 . """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290727605 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/397/head:pr397 git checkout pr397 From 6419040e0bcf726232f30c4020fbea9bb9e10376 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 17 Jan 2017 08:49:54 +0100 Subject: [PATCH 1/3] Conditionally import pyhbac The pyhbac module is part of SSSD. It's not available as stand-alone PyPI package. It would take a lot of effort to package it because the code is deeply tight into SSSD. Let's follow the example of other SSSD Python packages and make the import of pyhbac conditionally. It's only necessary for caacl and hbactest plugins. I renamed convert_to_ipa_rule() to _convert_to_ipa_rule() because it does not check for presence of pyhbac package itself. The check is performed earlier in execute(). The prefix indicates that it is an internal function and developers have to think twice before using it in another place. This makes it much easier to install ipaserver with instrumented build of Python with a different ABI or in isolated virtual envs to profile and debug the server. Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaserver/plugins/caacl.py| 86 - ipaserver/plugins/cert.py | 90 ++- ipaserver/plugins/hbactest.py | 19 +++-- 3 files changed, 105 insertions(+), 90 deletions(-) diff --git a/ipaserver/plugins/caacl.py b/ipaserver/plugins/caacl.py index ff1178a..43a397d 100644 --- a/ipaserver/plugins/caacl.py +++ b/ipaserver/plugins/caacl.py @@ -2,12 +2,10 @@ # Copyright (C) 2015 FreeIPA Contributors see COPYING for license # -import pyhbac import six from ipalib import api, errors, output from ipalib import Bool, Str, StrEnum -from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry from .baseldap import ( LDAPObject, LDAPSearch, LDAPCreate, LDAPDelete, LDAPQuery, @@ -80,90 +78,6 @@ register = Registry() -def _acl_make_request(principal_type, principal, ca_id, profile_id): -"""Construct HBAC request for the given principal, CA and profile""" - -req = pyhbac.HbacRequest() -req.targethost.name = ca_id -req.service.name = profile_id -if principal_type == 'user': -req.user.name = principal.username -elif principal_type == 'host': -req.user.name = principal.hostname -elif principal_type == 'service': -req.user.name = unicode(principal) -groups = [] -if principal_type == 'user': -user_obj = api.Command.user_show(principal.username)['result'] -groups = user_obj.get('memberof_group', []) -groups += user_obj.get('memberofindirect_group', []) -elif principal_type == 'host': -host_obj = api.Command.host_show(principal.hostname)['result'] -groups = host_obj.get('memberof_hostgroup', []) -groups += host_obj.get('memberofindirect_hostgroup', []) -req.user.groups = sorted(set(groups)) -return req - - -def _acl_make_rule(principal_type, obj): -"""Turn CA ACL object into HBAC rule. - -``principal_type`` -String in {'user', 'host', 'service'} -""" -rule = pyhbac.HbacRule(obj['cn'][0]) -rule.enabled = obj['ipaenabledflag'][0] -rule.srchosts.category = {pyhbac.HBAC_CATEGORY_ALL} - -# add CA(s) -if 'ipacacategory' in obj and obj['ipacacategory'][0].lower() == 'all': -rule.targethosts.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -# For compatibility with pre-lightweight-CAs CA ACLs, -# no CA members implies the host authority (only) -rule.targethosts.names = obj.get('ipamemberca_ca', [IPA_CA_CN]) - -# add profiles -if ('ipacertprofilecategory' in obj -and obj['ipacertprofilecategory'][0].lower() == 'all'): -rule.services.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -attr = 'ipamembercertprofile_certprofile' -rule.services.names = obj.get(attr, []) - -# add principals and principal's groups -category_attr = '{}category'.format(principal_type) -if category_attr in obj and obj[category_attr][0].lower() == 'all': -rule.users.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -if principal_type == 'user': -rule.users.names = obj.get('memberuser_user', []) -rule.users.groups = obj.get('memberuser_group', []) -elif principal_type == 'host': -rule.users.names = obj.get('memberhost_host', []) -rule.users.groups = obj.get('memberhost_hostgroup', []) -elif principal_type == 'service': -rule.users.names = [ -unicode(principal) -for principal i
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ You need dbus-devel package. I opened https://pagure.io/freeipa/issue/6842 to track lack of documentation. """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290689299 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 0e12da497bed19bf28151a284f097bc0f230cdd6 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH 1/2] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 31 - configure.ac| 12 ++ ipatests/test_ipapython/test_session_storage.py | 1 - 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..b006ccc 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for devcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..e050869 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,7 +5,6 @@ """ Test the `session_storage.py` module. """ - from ipapython import session_storage From 9ab173e5428bb0e0c6a6d536a1e178a10ff34997 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Fri, 31 Mar 2017 10:53:59 +0200 Subject: [PATCH 2/2] Skip test_session_storage in ipaclient unittest mode The test class depends on a working Kerberos configuration and session. Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipatests/test_ipapython/test_session_storage.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/te
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers tiran commented: """ I split the changes to session storage tests into a separate commit. The other commit is in #670 """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-29066 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 3d0cfecdece338b6aa711ef9716d8cb92b645a80 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH 1/2] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 31 - configure.ac| 12 ++ ipapython/session_storage.py| 4 ++-- ipatests/test_ipapython/test_session_storage.py | 1 - 4 files changed, 44 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..b006ccc 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for devcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 6af064c..1443413 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments): krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, ) krb5_free_unparsed_name.restype = None -CONF_REALM = "X-CACHECONF:" -CONF_NAME = "krb5_ccache_conf_data" +CONF_REALM = b"X-CACHECONF:" +CONF_NAME = b"krb5_ccache_conf_data" def store_data(princ_name, key, value): diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..e050869 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,7 +5,6 @@ """ Test the `session_storage.
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers tiran commented: """ ```test_session_storage``` is not a unit test or functional test. It is an integration test that depends on a valid Kerberos configuration and session. Do you prefer a separate PR? """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290654739 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][+ack] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ Thanks @MartinBasti I rebased the PR and added a small workaround for ```dbus-python```. The package uses make to compile some of its internal dependencies. It looks like there is a bug in ```dbus-python```'s makefile. It sometimes fails to compile with my ```MAKEFLAGS=-j4``` env var. ```Makefile.am``` line 253 sets MAKEFLAGS to empty value for ```pip wheel```. """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290632826 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 5ef4045c094d4cfbff216cb0282196273dc06d59 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 31 - configure.ac| 12 ++ ipapython/session_storage.py| 4 ++-- ipatests/test_ipapython/test_session_storage.py | 2 ++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..0174320 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for patchcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 6af064c..1443413 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments): krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, ) krb5_free_unparsed_name.restype = None -CONF_REALM = "X-CACHECONF:" -CONF_NAME = "krb5_ccache_conf_data" +CONF_REALM = b"X-CACHECONF:" +CONF_NAME = b"krb5_ccache_conf_data" def store_data(princ_name, key, value): diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..1ae9f9c 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,10 +5,12 @@ """ Test the `session_storage.p
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From f41cdacbdf15808a66651761640847514a7f9027 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 31 - configure.ac| 12 ++ ipapython/session_storage.py| 4 ++-- ipatests/test_ipapython/test_session_storage.py | 2 ++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..b006ccc 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for devcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 6af064c..1443413 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments): krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, ) krb5_free_unparsed_name.restype = None -CONF_REALM = "X-CACHECONF:" -CONF_NAME = "krb5_ccache_conf_data" +CONF_REALM = b"X-CACHECONF:" +CONF_NAME = b"krb5_ccache_conf_data" def store_data(princ_name, key, value): diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..1ae9f9c 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,10 +5,12 @@ """ Test the `session_storage.p
[Freeipa-devel] [freeipa PR#593][edited] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: edited Changed field: body Original value: """ Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make patchcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Depends on - [X] #475 - [X] #587 - [X] #594 - [ ] #636 - [ ] #670 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/397/head:pr397 git checkout pr397 From 6419040e0bcf726232f30c4020fbea9bb9e10376 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 17 Jan 2017 08:49:54 +0100 Subject: [PATCH 1/3] Conditionally import pyhbac The pyhbac module is part of SSSD. It's not available as stand-alone PyPI package. It would take a lot of effort to package it because the code is deeply tight into SSSD. Let's follow the example of other SSSD Python packages and make the import of pyhbac conditionally. It's only necessary for caacl and hbactest plugins. I renamed convert_to_ipa_rule() to _convert_to_ipa_rule() because it does not check for presence of pyhbac package itself. The check is performed earlier in execute(). The prefix indicates that it is an internal function and developers have to think twice before using it in another place. This makes it much easier to install ipaserver with instrumented build of Python with a different ABI or in isolated virtual envs to profile and debug the server. Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaserver/plugins/caacl.py| 86 - ipaserver/plugins/cert.py | 90 ++- ipaserver/plugins/hbactest.py | 19 +++-- 3 files changed, 105 insertions(+), 90 deletions(-) diff --git a/ipaserver/plugins/caacl.py b/ipaserver/plugins/caacl.py index ff1178a..43a397d 100644 --- a/ipaserver/plugins/caacl.py +++ b/ipaserver/plugins/caacl.py @@ -2,12 +2,10 @@ # Copyright (C) 2015 FreeIPA Contributors see COPYING for license # -import pyhbac import six from ipalib import api, errors, output from ipalib import Bool, Str, StrEnum -from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry from .baseldap import ( LDAPObject, LDAPSearch, LDAPCreate, LDAPDelete, LDAPQuery, @@ -80,90 +78,6 @@ register = Registry() -def _acl_make_request(principal_type, principal, ca_id, profile_id): -"""Construct HBAC request for the given principal, CA and profile""" - -req = pyhbac.HbacRequest() -req.targethost.name = ca_id -req.service.name = profile_id -if principal_type == 'user': -req.user.name = principal.username -elif principal_type == 'host': -req.user.name = principal.hostname -elif principal_type == 'service': -req.user.name = unicode(principal) -groups = [] -if principal_type == 'user': -user_obj = api.Command.user_show(principal.username)['result'] -groups = user_obj.get('memberof_group', []) -groups += user_obj.get('memberofindirect_group', []) -elif principal_type == 'host': -host_obj = api.Command.host_show(principal.hostname)['result'] -groups = host_obj.get('memberof_hostgroup', []) -groups += host_obj.get('memberofindirect_hostgroup', []) -req.user.groups = sorted(set(groups)) -return req - - -def _acl_make_rule(principal_type, obj): -"""Turn CA ACL object into HBAC rule. - -``principal_type`` -String in {'user', 'host', 'service'} -""" -rule = pyhbac.HbacRule(obj['cn'][0]) -rule.enabled = obj['ipaenabledflag'][0] -rule.srchosts.category = {pyhbac.HBAC_CATEGORY_ALL} - -# add CA(s) -if 'ipacacategory' in obj and obj['ipacacategory'][0].lower() == 'all': -rule.targethosts.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -# For compatibility with pre-lightweight-CAs CA ACLs, -# no CA members implies the host authority (only) -rule.targethosts.names = obj.get('ipamemberca_ca', [IPA_CA_CN]) - -# add profiles -if ('ipacertprofilecategory' in obj -and obj['ipacertprofilecategory'][0].lower() == 'all'): -rule.services.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -attr = 'ipamembercertprofile_certprofile' -rule.services.names = obj.get(attr, []) - -# add principals and principal's groups -category_attr = '{}category'.format(principal_type) -if category_attr in obj and obj[category_attr][0].lower() == 'all': -rule.users.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -if principal_type == 'user': -rule.users.names = obj.get('memberuser_user', []) -rule.users.groups = obj.get('memberuser_group', []) -elif principal_type == 'host': -rule.users.names = obj.get('memberhost_host', []) -rule.users.groups = obj.get('memberhost_hostgroup', []) -elif principal_type == 'service': -rule.users.names = [ -unicode(principal) -for principal i
[Freeipa-devel] [freeipa PR#618][synchronized] [WIP] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: [WIP] Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From e5c90a2ceae2e2e44047f67ca05ad9ff9c272abe Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH 1/3] tox testing support for client wheel packages Signed-off-by: Christian Heimes <chei...@redhat.com> --- .gitignore | 2 ++ .tox-install.sh | 72 Makefile.am | 14 +++--- configure.ac | 1 + ipatests/conftest.py | 1 - tox.ini | 38 +++ 6 files changed, 123 insertions(+), 5 deletions(-) create mode 100755 .tox-install.sh create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..ab4a4c5 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,72 @@ +#!/bin/bash +set -x + +PYTHON="$1" +ENVSITEPACKAGESDIR="$2" +# 3...end are package requirements +shift 2 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${PYTHON}" ]; then +echo "${PYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +PYTHON="${PYTHON}" \ +IPA_EXTRA_SUBDIRS="ipatests" \ +wheel_bundle + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# build additional wheels, e.g. pylint +$PYTHON -m pip wheel \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +--wheel-dir "${DISTBUNDLE}" \ +$@ + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$PYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd diff --git a/Makefile.am b/Makefile.am index af22315..ba81c55 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -183,6 +184,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -223,7 +225,10 @@ jslint-html: jsl -nologo -nosummary -nofilelisting -conf jsl.conf endif # WITH_JSLINT -.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages +# Python wheels +# IPA_EXTRA_SUBDIRS: extra subdirs to build wheels (e.g. ipatests) + +.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @@ -234,19 +239,20 @@ $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) bdist_wheel: $(WHEELDISTDIR) - for dir in $(IPACLIENT_SUBDIRS); do \ + rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELDISTDIR)/$(item)-*.whl) + for dir in $(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS); do \ $(MAKE) $(AM_MAKEFLAGS) -C $${dir} $@ || exit 1; \ done wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints - rm -f $(foreach item,$(IPACLIENT_SUBDIRS),$(WHEELBUNDLEDIR)/$(item)-*.whl) + rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELBUNDLEDIR)/$(i
[Freeipa-devel] [freeipa PR#593][edited] Add make patchcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make patchcheck for developers Action: edited Changed field: title Original value: """ Add make patchcheck for developers """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make patchcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make patchcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 0e369bd02d973660e798469efd3aae846fe54997 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 31 - configure.ac| 12 ++ ipapython/session_storage.py| 4 ++-- ipatests/test_ipapython/test_session_storage.py | 2 ++ ipatests/util.py| 28 +++--- 5 files changed, 60 insertions(+), 17 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..0174320 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for patchcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 6af064c..1443413 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments): krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, ) krb5_free_unparsed_name.restype = None -CONF_REALM = "X-CACHECONF:" -CONF_NAME = "krb5_ccache_conf_data" +CONF_REALM = b"X-CACHECONF:" +CONF_NAME = b"krb5_ccache_conf_data" def store_data(princ_name, key, value): diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..1ae9f9c 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapy
[Freeipa-devel] [freeipa PR#672][comment] IPA-KDB: use relative path in ipa-certmap config snippet
URL: https://github.com/freeipa/freeipa/pull/672 Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet tiran commented: """ LGTM For the recording: according to https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#plugins the plugin directive uses ```plugin_base_dir``` as base dir: > module > This tag may have multiple values. Each value is a string of the form > modulename:pathname, which causes the shared object located at pathname to be > registered as a dynamic module named modulename for the pluggable interface. > If pathname is not an absolute path, it will be treated as relative to the > plugin_base_dir value from [libdefaults]. > plugin_base_dir > If set, determines the base directory where krb5 plugins are located. The > default value is the krb5/plugins subdirectory of the krb5 library directory. @sumit-bose What happens when the shared library is missing? Does 32bit kinit fail or work on a X86_64 system when 32bit ipadb.so is missing? """ See the full comment at https://github.com/freeipa/freeipa/pull/672#issuecomment-290312805 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][comment] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification tiran commented: """ Your PR is going to remove the last import from python-nss. Awesome! Please remove the requirement from ```ipapython/setup.py``` and ```freeipa.spec.in```, too. """ See the full comment at https://github.com/freeipa/freeipa/pull/490#issuecomment-290204064 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#674][opened] Replace hard-coded kdcproxy path with WSGI script
URL: https://github.com/freeipa/freeipa/pull/674 Author: tiran Title: #674: Replace hard-coded kdcproxy path with WSGI script Action: opened PR body: """ mod_wsgi has no way to import a WSGI module by dotted module name. A new kdcproxy.wsgi script is used to import kdcproxy from whatever Python version mod_wsgi is compiled against. This will simplify moving FreeIPA to Python 3 and solves an import problem on Debian. Resolves: https://pagure.io/freeipa/issue/6834 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/674/head:pr674 git checkout pr674 From c10b628ecc6ef9759300ad96d065566c5e3ca94d Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 29 Mar 2017 17:58:47 +0200 Subject: [PATCH] Replace hard-coded kdcproxy path with WSGI script mod_wsgi has no way to import a WSGI module by dotted module name. A new kdcproxy.wsgi script is used to import kdcproxy from whatever Python version mod_wsgi is compiled against. This will simplify moving FreeIPA to Python 3 and solves an import problem on Debian. Resolves: https://pagure.io/freeipa/issue/6834 Signed-off-by: Christian Heimes <chei...@redhat.com> --- freeipa.spec.in | 1 + install/conf/ipa-kdc-proxy.conf.template | 4 ++-- install/share/Makefile.am| 1 + install/share/kdcproxy.wsgi | 5 + 4 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 install/share/kdcproxy.wsgi diff --git a/freeipa.spec.in b/freeipa.spec.in index 829c3f0..d606996 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1256,6 +1256,7 @@ fi # END %dir %{_usr}/share/ipa %{_usr}/share/ipa/wsgi.py* +%{_usr}/share/ipa/kdcproxy.wsgi %{_usr}/share/ipa/*.ldif %{_usr}/share/ipa/*.uldif %{_usr}/share/ipa/*.template diff --git a/install/conf/ipa-kdc-proxy.conf.template b/install/conf/ipa-kdc-proxy.conf.template index 9290ceb..6721219 100644 --- a/install/conf/ipa-kdc-proxy.conf.template +++ b/install/conf/ipa-kdc-proxy.conf.template @@ -16,9 +16,9 @@ WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \ user=kdcproxy group=kdcproxy display-name=%{GROUP} -WSGIImportScript /usr/lib/python2.7/site-packages/kdcproxy/__init__.py \ +WSGIImportScript /usr/share/ipa/kdcproxy.wsgi \ process-group=kdcproxy application-group=kdcproxy -WSGIScriptAlias /KdcProxy /usr/lib/python2.7/site-packages/kdcproxy/__init__.py +WSGIScriptAlias /KdcProxy /usr/share/ipa/kdcproxy.wsgi WSGIScriptReloading Off diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 9e539a3..3a34f6e 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -90,6 +90,7 @@ dist_app_DATA =\ gssapi.login \ ipa.conf.tmpfiles \ gssproxy.conf.template \ + kdcproxy.wsgi \ $(NULL) kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy diff --git a/install/share/kdcproxy.wsgi b/install/share/kdcproxy.wsgi new file mode 100644 index 000..be1693c --- /dev/null +++ b/install/share/kdcproxy.wsgi @@ -0,0 +1,5 @@ +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +"""WSGI entry point for kdcproxy +""" +from kdcproxy import application + -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#625][comment] [RFC] remote plugins: add option to force compat plugins
URL: https://github.com/freeipa/freeipa/pull/625 Title: #625: [RFC] remote plugins: add option to force compat plugins tiran commented: """ I don't understand the implications of this change and the new flag: * What are the benefits and drawbacks of ```force_client_compat=False```? * What are the benefits and drawbacks of ```force_client_compat=True```? * Why does FreeIPA have schema download and compat plugins at all? * Why is this feature implemented as *either/or* option instead of *optimistic try/fallback*? New feature is missing unit and integration tests. """ See the full comment at https://github.com/freeipa/freeipa/pull/625#issuecomment-290051095 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make patchcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make patchcheck for developers tiran commented: """ Depends on PRs #475, #587, #594 """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-286665946 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][opened] [WIP] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: [WIP] Slim down dependencies Action: opened PR body: """ * Remove unused install requires * Correct dependencies for yubico otptoken * Properly report optional dependency for yubico otptoken * Make jinja2 an optional dependency and csrgen an optional plugin Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From 230b7936c479d29416a580428db9f3448d65a125 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 29 Mar 2017 11:20:21 +0200 Subject: [PATCH] Slim down dependencies * Remove unused install requires * Correct dependencies for yubico otptoken * Properly report optional dependency for yubico otptoken * Make jinja2 an optional dependency and csrgen an optional plugin Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaclient/plugins/csrgen.py | 8 +++- ipaclient/plugins/otptoken_yubikey.py | 11 --- ipaclient/setup.py| 6 ++ ipapython/setup.py| 2 -- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py index a0d99ef..0a9ede1 100644 --- a/ipaclient/plugins/csrgen.py +++ b/ipaclient/plugins/csrgen.py @@ -4,7 +4,6 @@ import six -from ipaclient.csrgen import CSRGenerator, FileRuleProvider from ipalib import api from ipalib import errors from ipalib import output @@ -15,6 +14,13 @@ from ipalib.text import _ from ipapython import dogtag +try: +import jinja2 # pylint: disable=unused-import +except ImportError: +raise errors.SkipPluginModule(reason=_("jinja2 is not installed.")) +else: +from ipaclient.csrgen import CSRGenerator, FileRuleProvider + if six.PY3: unicode = str diff --git a/ipaclient/plugins/otptoken_yubikey.py b/ipaclient/plugins/otptoken_yubikey.py index 759b722..9993ec8 100644 --- a/ipaclient/plugins/otptoken_yubikey.py +++ b/ipaclient/plugins/otptoken_yubikey.py @@ -20,15 +20,20 @@ import os import six -import usb.core -import yubico from ipalib import _, api, IntEnum -from ipalib.errors import NotFound +from ipalib.errors import NotFound, SkipPluginModule from ipalib.frontend import Command, Method, Object from ipalib.plugable import Registry from ipalib.util import classproperty +try: +import usb.core +import yubico +except ImportError: +# python-yubico depends on pyusb +raise SkipPluginModule(reason=_("python-yubico is not installed.")) + if six.PY3: unicode = str diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..5b02341 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -54,15 +54,13 @@ "cryptography", "ipalib", "ipapython", -"jinja2", -"python-yubico", -"pyusb", "qrcode", "six", ], extras_require={ "install": ["ipaplatform"], -"otptoken_yubikey": ["yubico", "usb"] +"otptoken_yubikey": ["python-yubico", "pyusb"], +"csrgen": ["jinja2"], }, zip_safe=False, ) diff --git a/ipapython/setup.py b/ipapython/setup.py index 2fc039f..491a5ed 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -41,13 +41,11 @@ "cryptography", "dnspython", "gssapi", -"jwcrypto", # "ipalib", # circular dependency "pyldap", "netaddr", "netifaces", "python-nss", -"requests", "six", ], extras_require={ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][edited] Add make patchcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make patchcheck for developers Action: edited Changed field: body Original value: """ Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make patchcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make patchcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make patchcheck for developers tiran commented: """ All dependencies have been merged. PR is ready for review. """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-287372325 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make patchcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make patchcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 7c1f30c54efdee5ec687659c0ff7426fd1eabc8e Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH 1/2] Add make patchcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make patchcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes <chei...@redhat.com> --- Makefile.am | 31 ++- configure.ac | 12 ipatests/util.py | 28 ++-- 3 files changed, 56 insertions(+), 15 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..2097030 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: patchcheck +patchcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..0174320 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for patchcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipatests/util.py b/ipatests/util.py index d877dcc..575d5cc 100644 --- a/ipatests/util.py +++ b/ipatests/util.py @@ -194,9 +194,9 @@ class Fuzzy(object): Use of a regular expression by default implies the ``unicode`` type, so comparing with an ``str`` instance will evaluate to ``False``: ->>> phone.type - ->>> '123-456-7890' == phone +>>> phone.type is six.text_type +True +>>> b'123-456-7890' == phone False The *type* kwarg allows you to specify a type constraint, so you can force @@ -236,15 +236,15 @@ class Fuzzy(object): >>> fuzzy = Fuzzy('.+', type=str, test=lambda other: True) >>> fuzzy.regex '.+' ->>> fuzzy.type - +>>> fuzzy.type is str +True >>> fuzzy.test # doctest:+ELLIPSIS at 0x...> To aid debugging, `Fuzzy.__repr__()` reveals these kwargs as well: >>