[sts-sponsor] The debdiff add a new build-depends for python-openssl[0].
It seems like you made a patch of yours[1] (UBUNTU SAUCE ?? I can't find in the upstream project[2]) since your patch requires crypto in OpenSSL module[3]. Could you elaborate and provide rationale for this patch ? And why this is needed here ? Ideally, I would prefer not having build-depends in stable release. - Eric [0] "+ python3-openssl," [1] >From 4db59e0620c3696ad654145e33a0ea5e6529b817 Mon Sep 17 00:00:00 2001 From: Heather Lemon <[email protected]> Date: Thu, 25 Feb 2021 16:50:40 -0700 Subject: create new unit test for https etcd server [2] https://opendev.org/openstack/etcd3gw/commit/4db59e0620c3696ad654145e33a0ea5e6529b817 [3] - ++from OpenSSL import crypto ** Changed in: python-etcd3gw (Ubuntu Groovy) Assignee: Heather Lemon (hypothetical-lemon) => (unassigned) -- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1820083 Title: TLS params not set for session Status in python-etcd3gw package in Ubuntu: Fix Released Status in python-etcd3gw source package in Bionic: In Progress Status in python-etcd3gw source package in Cosmic: Won't Fix Status in python-etcd3gw source package in Disco: Won't Fix Status in python-etcd3gw source package in Eoan: Won't Fix Status in python-etcd3gw source package in Focal: In Progress Status in python-etcd3gw source package in Groovy: Won't Fix Status in python-etcd3gw source package in Hirsute: Fix Released Bug description: [Impact] A connection session is opened, but the TLS parameters (timeout, ca, cert and key) are not actually set for the session. This prevents use of TLS for the etcd3gw package. [Test Plan] # Create self signed certs, using the default for all prompts $ openssl req -addext "subjectAltName = DNS:localhost" -x509 -keyout localhost.key -newkey rsa:4096 -nodes -sha256 -out localhost.crt # install 'etcd' package, stop the default server, and spin up ectd server $ sudo apt install etcd $ sudo systemctl stop etcd $ etcd --name test --data-dir test --cert-file=localhost.crt --key- file=localhost.key --advertise-client-urls=https://localhost:2379 --listen-client-urls=https://localhost:2379 # run test script $ cat test.py #!/usr/bin/python3 from etcd3gw import Etcd3Client c = Etcd3Client(host="localhost", protocol="https", cert_key="localhost.key", cert_cert="localhost.crt", ca_cert="localhost.crt", timeout=10) c.put('test', 'success!') resp = c.get('test') print(b''.join(resp).decode()) $ ./test.py success! [Where Problems Could Occur] This adds TLS parameters (if provided) to the session, so regressions would involve failed connections, possibly those without TLS that had TLS params incorrectly provided before. [Other] the upstream bug is https://github.com/dims/etcd3-gateway/issues/20 fixed upstream with pull request https://github.com/dims/etcd3-gateway/pull/21 via commit 90b7a19cdc4daa1230d7f15c10b113abdefdc8c0 that commit is contained in version 0.2.2 which is already in h, so this is needed in b/f/g. This package was not included in Xenial. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-etcd3gw/+bug/1820083/+subscriptions -- Mailing list: https://launchpad.net/~sts-sponsors Post to : [email protected] Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
