From 664643626c6534b2d0e0e08ad61ad558c26112b6 Mon Sep 17 00:00:00 2001 From: Will <115461530+Will-Cross1@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:50:00 +0100 Subject: [PATCH 01/42] Change the unexpected logging to use log.exception (#314) changed the unexpected logging to use log.exception this traces back the error to the line in the code --- ssm/agents.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ssm/agents.py b/ssm/agents.py index 07ebeed7..54e57324 100644 --- a/ssm/agents.py +++ b/ssm/agents.py @@ -248,8 +248,7 @@ def run_sender(protocol, brokers, project, token, cp, log): log.error('SSM failed to complete successfully: %s', e) except Exception as e: print('SSM failed to complete successfully. See log file for details.') - log.error('Unexpected exception in SSM: %s', e) - log.error('Exception type: %s', e.__class__) + log.exception('Unexpected exception in SSM. See traceback below.') sender_failed = True else: sender_failed = False @@ -351,8 +350,7 @@ def run_receiver(protocol, brokers, project, token, cp, log, dn_file): dc.close() receiver_failed = True except Exception as e: - log.error('Unexpected exception: %s', e) - log.error('Exception type: %s', e.__class__) + log.exception('Unexpected exception in SSM. See traceback below.') log.error('The SSM will exit.') ssm.shutdown() dc.close() From 5206edc992ac76bde62268f19c69f514d1f95dd8 Mon Sep 17 00:00:00 2001 From: william cross Date: Tue, 9 Apr 2024 10:54:17 +0100 Subject: [PATCH 02/42] Resolved issue 313 replaced the Popen commands in check_cert_key to use OpenSSL --- ssm/crypto.py | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index cef91ae4..1cdb76fb 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -64,23 +64,37 @@ def check_cert_key(certpath, keypath): if cert == key: return False - p1 = Popen(['openssl', 'x509', '-pubkey', '-noout'], - stdin=PIPE, stdout=PIPE, stderr=PIPE, universal_newlines=True) - pubkey1, error = p1.communicate(cert) + try: + certificate = OpenSSL.crypto.load_certificate( + OpenSSL.crypto.FILETYPE_PEM, cert + ) + crypto_public_key = certificate.get_pubkey() + public_key_bytes = OpenSSL.crypto.dump_publickey( + OpenSSL.crypto.FILETYPE_PEM, crypto_public_key + ) + + certificate_public_key = public_key_bytes.decode("utf-8") - if error != '': + except Exception as error: log.error(error) return False + + try: + private_key = OpenSSL.crypto.load_privatekey( + OpenSSL.crypto.FILETYPE_PEM, key + ) + public_key_bytes = OpenSSL.crypto.dump_publickey( + OpenSSL.crypto.FILETYPE_PEM, private_key + ) + + private_public_key = public_key_bytes.decode("utf-8") - p2 = Popen(['openssl', 'pkey', '-pubout'], - stdin=PIPE, stdout=PIPE, stderr=PIPE, universal_newlines=True) - pubkey2, error = p2.communicate(key) - - if error != '': + except Exception as error: log.error(error) return False - - return pubkey1.strip() == pubkey2.strip() + + + return certificate_public_key.strip() == private_public_key.strip() def sign(text, certpath, keypath): """Sign the message using the certificate and key in the files specified. From cf638e795e4345a194d174ba76ec801d1062b037 Mon Sep 17 00:00:00 2001 From: william cross Date: Tue, 9 Apr 2024 11:06:01 +0100 Subject: [PATCH 03/42] Fixed codeclimate whitespace and blanklines issues --- ssm/crypto.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index 1cdb76fb..17c281ea 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -72,13 +72,13 @@ def check_cert_key(certpath, keypath): public_key_bytes = OpenSSL.crypto.dump_publickey( OpenSSL.crypto.FILETYPE_PEM, crypto_public_key ) - + certificate_public_key = public_key_bytes.decode("utf-8") except Exception as error: log.error(error) return False - + try: private_key = OpenSSL.crypto.load_privatekey( OpenSSL.crypto.FILETYPE_PEM, key @@ -86,14 +86,13 @@ def check_cert_key(certpath, keypath): public_key_bytes = OpenSSL.crypto.dump_publickey( OpenSSL.crypto.FILETYPE_PEM, private_key ) - + private_public_key = public_key_bytes.decode("utf-8") except Exception as error: log.error(error) return False - - + return certificate_public_key.strip() == private_public_key.strip() def sign(text, certpath, keypath): From 7fe9cee8c959fef14e6285bf5ef211dd587f5b5d Mon Sep 17 00:00:00 2001 From: william cross Date: Wed, 10 Apr 2024 10:43:30 +0100 Subject: [PATCH 04/42] Resolved suggested changes --- ssm/crypto.py | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index 17c281ea..2527d763 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -69,28 +69,24 @@ def check_cert_key(certpath, keypath): OpenSSL.crypto.FILETYPE_PEM, cert ) crypto_public_key = certificate.get_pubkey() - public_key_bytes = OpenSSL.crypto.dump_publickey( + certificate_public_key = OpenSSL.crypto.dump_publickey( OpenSSL.crypto.FILETYPE_PEM, crypto_public_key ) - certificate_public_key = public_key_bytes.decode("utf-8") - - except Exception as error: - log.error(error) + except OpenSSL.crypto.Error as error: + log.exception(error) return False try: private_key = OpenSSL.crypto.load_privatekey( OpenSSL.crypto.FILETYPE_PEM, key ) - public_key_bytes = OpenSSL.crypto.dump_publickey( + private_public_key = OpenSSL.crypto.dump_publickey( OpenSSL.crypto.FILETYPE_PEM, private_key ) - private_public_key = public_key_bytes.decode("utf-8") - - except Exception as error: - log.error(error) + except OpenSSL.crypto.Error as error: + log.exception(error) return False return certificate_public_key.strip() == private_public_key.strip() From 4017164bdf302595cded22e4a0ee3b229139e64a Mon Sep 17 00:00:00 2001 From: william cross Date: Wed, 10 Apr 2024 10:58:04 +0100 Subject: [PATCH 05/42] replaced log.exception with log.error --- ssm/crypto.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index 2527d763..69066b91 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -49,10 +49,7 @@ def _from_file(filename): def check_cert_key(certpath, keypath): - """Check that a certificate and a key match. - - Uses openssl directly to fetch the modulus of each, which must be the same. - """ + """Check that a certificate and a key match.""" try: cert = _from_file(certpath) key = _from_file(keypath) @@ -74,7 +71,7 @@ def check_cert_key(certpath, keypath): ) except OpenSSL.crypto.Error as error: - log.exception(error) + log.error(error) return False try: @@ -86,7 +83,7 @@ def check_cert_key(certpath, keypath): ) except OpenSSL.crypto.Error as error: - log.exception(error) + log.error(error) return False return certificate_public_key.strip() == private_public_key.strip() From d728ab52b2ce0b9dbd8a44b34695c0af4879677f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Apr 2024 13:04:09 +0000 Subject: [PATCH 06/42] Bump docker/build-push-action from 5.1.0 to 5.3.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 5.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5.1.0...v5.3.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c975d066..522a4e5f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -48,7 +48,7 @@ jobs: # Build and push Docker image # https://github.com/docker/build-push-action name: Build and push Docker image - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v5.3.0 with: # Only push containers to the registry on GitHub pushes, # not pull requests. GitHub won't let a rogue PR create a container From 6440602679b188c71a93dfd4ae311c16d9dc6a67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Apr 2024 13:08:04 +0000 Subject: [PATCH 07/42] Bump codecov/codecov-action from 3.1.4 to 4.3.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 4.3.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3.1.4...v4.3.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/unit-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 5be689e1..c60b724f 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -31,4 +31,4 @@ jobs: - name: Run unit tests run: coverage run --branch --source=ssm,bin -m unittest discover --buffer - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3.1.4 + uses: codecov/codecov-action@v4.3.0 From 34e16d47c54cb913fa94610d7d2780acddf7c836 Mon Sep 17 00:00:00 2001 From: william cross Date: Wed, 10 Apr 2024 14:24:13 +0100 Subject: [PATCH 08/42] Resolved #160 now checks wether the host cert is the same as server cert for sender if it is then an error message is given added sender_failed = True to an exception to properly show it failed --- ssm/agents.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ssm/agents.py b/ssm/agents.py index 54e57324..4726cbb2 100644 --- a/ssm/agents.py +++ b/ssm/agents.py @@ -222,6 +222,12 @@ def run_sender(protocol, brokers, project, token, cp, log): host_dn = get_certificate_subject(_from_file(host_cert)) log.info('Messages will be signed using %s', host_dn) + if server_cert == host_cert: + raise Ssm2Exception( + "server certificate is the same as host certificate in config file. " + "Do you really mean to encrypt messages with this certificate?" + ) + sender = Ssm2(brokers, cp.get('messaging', 'path'), path_type=path_type, @@ -246,6 +252,7 @@ def run_sender(protocol, brokers, project, token, cp, log): except (Ssm2Exception, CryptoException) as e: print('SSM failed to complete successfully. See log file for details.') log.error('SSM failed to complete successfully: %s', e) + sender_failed = True except Exception as e: print('SSM failed to complete successfully. See log file for details.') log.exception('Unexpected exception in SSM. See traceback below.') From 310ec198f14e3cfcb1ac87afe819940a63f87ace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Wed, 10 Apr 2024 09:20:54 +0000 Subject: [PATCH 09/42] Update code to generate OS specific rpms --- scripts/ssm-build.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index d2eb8248..7b13ac77 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -107,6 +107,7 @@ rm -f "$TAR_FILE" # Get supplied Python version PY_VERSION="$(basename "$PYTHON_ROOT_DIR")" PY_NUM=${PY_VERSION#python} +OS_EXTENSION="$(uname -r | grep -o 'el[7-9]' || echo '_all')" # Universal FPM Call FPM_CORE="fpm -s python \ @@ -134,8 +135,6 @@ if [[ ${PY_NUM:0:1} == "3" ]]; then --depends libsasl2-dev \ --depends openssl " - OS_EXTENSION="_all" - # Currently builds for el8 elif [[ "$PACK_TYPE" = "rpm" ]]; then FPM_PYTHON="--depends python3 \ @@ -144,8 +143,6 @@ if [[ ${PY_NUM:0:1} == "3" ]]; then --depends python3-ldap \ --depends openssl \ --depends openssl-devel " - - OS_EXTENSION="el8" fi elif [[ ${PY_NUM:0:1} == "2" ]]; then @@ -160,8 +157,6 @@ elif [[ ${PY_NUM:0:1} == "2" ]]; then --depends libsasl2-dev \ --depends openssl " - OS_EXTENSION="_all" - # el7 and below, due to yum package versions elif [[ "$PACK_TYPE" = "rpm" ]]; then FPM_PYTHON="--depends python2 \ @@ -170,8 +165,6 @@ elif [[ ${PY_NUM:0:1} == "2" ]]; then --depends python-ldap \ --depends openssl \ --depends openssl-devel " - - OS_EXTENSION="el7" fi fi From 914cf48de619475514f86598d5645598c3499eb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Wed, 10 Apr 2024 09:22:48 +0000 Subject: [PATCH 10/42] Update code to say where python scripts should be installed --- scripts/ssm-build.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index 7b13ac77..eb51ee2b 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -172,6 +172,7 @@ fi PACKAGE_VERSION="--$PACK_TYPE-changelog $SOURCE_DIR/ssm-$VERSION-$ITERATION/CHANGELOG \ --$PACK_TYPE-dist $OS_EXTENSION \ --python-bin /usr/bin/$PY_VERSION \ + --python-install-bin /usr/bin \ --python-install-lib $PYTHON_ROOT_DIR$LIB_EXTENSION \ --exclude *.pyc \ --package $BUILD_DIR \ From 18fdce8b2d28ad51e8e8eaf2b6e614d8bca0e0e8 Mon Sep 17 00:00:00 2001 From: william cross Date: Wed, 17 Apr 2024 10:13:33 +0100 Subject: [PATCH 11/42] Add linting to new shell build script Resolves #303 --- scripts/ssm-build.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index eb51ee2b..5b7bce32 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -5,10 +5,13 @@ # @Author: Nicholas Whyatt (RedProkofiev@github.com) # Script runs well with FPM 1.14.2 on ruby 2.7.1, setuptools 51.3.3 on RHEL and Deb platforms + # Download ruby (if you're locked to 2.5, use RVM) and then run: # sudo gem install fpm -v 1.14.2 +# (may need to be ran without the 'sudo') + # for RPM builds, you will also need: -# sudo yum install rpm-build | sudo apt-get install rpm +# sudo yum install rpm-build rpmlint | sudo apt-get install rpm lintian # ./ssm-build.sh (deb | rpm) # e.g. # ./ssm-build.sh deb 3.4.0 1 /usr/lib/python3.6 @@ -197,3 +200,16 @@ fpm -s pleaserun -t "$PACK_TYPE" \ --depends apel-ssm \ --package "$BUILD_DIR" \ /usr/bin/ssmreceive + +if [ "$OS_EXTENSION" == "_all" ] +then + # Check the resultant debs for 'lint' + echo "Possible Issues to Fix:" + TAG="$VERSION-$ITERATION" + lintian $BUILD_DIR/apel-ssm_${TAG}_all.deb + lintian $BUILD_DIR/apel-ssm-service_${TAG}_all.deb +else + # Check for errors in SPEC and built packages + echo "Possible Issues to Fix:" + rpmlint ~/rpmbuild +fi From d9158783fbc547847f97a22d2de2f6f40639eccb Mon Sep 17 00:00:00 2001 From: william cross Date: Wed, 17 Apr 2024 11:25:01 +0100 Subject: [PATCH 12/42] Correct spelling and refactor duplicate echos --- scripts/ssm-build.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index 5b7bce32..bec82907 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -8,7 +8,7 @@ # Download ruby (if you're locked to 2.5, use RVM) and then run: # sudo gem install fpm -v 1.14.2 -# (may need to be ran without the 'sudo') +# (may need to be run without the 'sudo') # for RPM builds, you will also need: # sudo yum install rpm-build rpmlint | sudo apt-get install rpm lintian @@ -201,15 +201,14 @@ fpm -s pleaserun -t "$PACK_TYPE" \ --package "$BUILD_DIR" \ /usr/bin/ssmreceive +echo "Possible Issues to Fix:" if [ "$OS_EXTENSION" == "_all" ] then # Check the resultant debs for 'lint' - echo "Possible Issues to Fix:" TAG="$VERSION-$ITERATION" lintian $BUILD_DIR/apel-ssm_${TAG}_all.deb lintian $BUILD_DIR/apel-ssm-service_${TAG}_all.deb else # Check for errors in SPEC and built packages - echo "Possible Issues to Fix:" rpmlint ~/rpmbuild fi From d5e8811d1b497eb11ab87892a6fdbedf745125fc Mon Sep 17 00:00:00 2001 From: Will <115461530+Will-Cross1@users.noreply.github.com> Date: Wed, 17 Apr 2024 13:15:05 +0100 Subject: [PATCH 13/42] Add double quotes to prevent word splitting --- scripts/ssm-build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index bec82907..36055e07 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -206,8 +206,8 @@ if [ "$OS_EXTENSION" == "_all" ] then # Check the resultant debs for 'lint' TAG="$VERSION-$ITERATION" - lintian $BUILD_DIR/apel-ssm_${TAG}_all.deb - lintian $BUILD_DIR/apel-ssm-service_${TAG}_all.deb + lintian "$BUILD_DIR"/apel-ssm_"${TAG}"_all.deb + lintian "$BUILD_DIR"/apel-ssm-service_"${TAG}"_all.deb else # Check for errors in SPEC and built packages rpmlint ~/rpmbuild From 7fc50f287ec70dfef3fe6838ea054cd6ca6c1435 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Apr 2024 06:04:55 +0000 Subject: [PATCH 14/42] Bump actions/upload-artifact from 4.3.1 to 4.3.2 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-pkgs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-pkgs.yml b/.github/workflows/build-pkgs.yml index cba54534..f02ee278 100644 --- a/.github/workflows/build-pkgs.yml +++ b/.github/workflows/build-pkgs.yml @@ -51,7 +51,7 @@ jobs: run: rpmlint ${{ steps.rpm.outputs.rpm_dir_path }} - name: Upload artifact - uses: actions/upload-artifact@v4.3.1 + uses: actions/upload-artifact@v4.3.2 with: name: Binary and Source RPMs path: | From b58cc362311369afcc021ca590685159826cdae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Thu, 18 Apr 2024 09:09:34 +0000 Subject: [PATCH 15/42] Update code to fix deb packages for python3 - Changed python-pip3 because issue with availability to python3-pip which depends on python3 (>= 3.4~) - Changed python-stomp because this lib has a restriction python(<< 2.8) to python3-stomp which depends on python3 (>= 3.3.2-2~) - Changed python-ldap because this lib has a restriction python(<< 2.8) to python3-ldap which depends on python3 (>= 3.3.2-2~) --- scripts/ssm-build.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index 36055e07..e46bfbef 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -131,9 +131,9 @@ if [[ ${PY_NUM:0:1} == "3" ]]; then if [[ "$PACK_TYPE" = "deb" ]]; then FPM_PYTHON="--depends python3 \ - --depends python-pip3 \ - --depends 'python-stomp' \ - --depends python-ldap \ + --depends python3-pip \ + --depends 'python3-stomp' \ + --depends python3-ldap \ --depends libssl-dev \ --depends libsasl2-dev \ --depends openssl " From 606904b4906db6182c1fb1461e06392a137687a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Fri, 19 Apr 2024 09:13:45 +0000 Subject: [PATCH 16/42] Update to fix rpmlint to perform rpm checks in given location - This will allow to run the file in home directory and perform rpmlint checks in an given pwd location(Say, when running the FPM script with -s and -b). --- scripts/ssm-build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index e46bfbef..b484bcab 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -210,5 +210,6 @@ then lintian "$BUILD_DIR"/apel-ssm-service_"${TAG}"_all.deb else # Check for errors in SPEC and built packages - rpmlint ~/rpmbuild + # For instance; Given $(dirname /root/rpmb/rpmbuild/source) will output "/root/rpmb/rpmbuild". + rpmlint $(dirname $SOURCE_DIR) fi From c4de9ff2fc01dd4b30f3d2294a30ca5046cf2ad2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Tue, 23 Apr 2024 10:58:47 +0000 Subject: [PATCH 17/42] Add quotes to the variable to prevent word splitting --- scripts/ssm-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index b484bcab..c7016451 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -211,5 +211,5 @@ then else # Check for errors in SPEC and built packages # For instance; Given $(dirname /root/rpmb/rpmbuild/source) will output "/root/rpmb/rpmbuild". - rpmlint $(dirname $SOURCE_DIR) + rpmlint "$(dirname "$SOURCE_DIR")" fi From 6dc3224d806ae7c2653120654271e12622033789 Mon Sep 17 00:00:00 2001 From: william cross Date: Thu, 18 Apr 2024 11:15:57 +0100 Subject: [PATCH 18/42] Update files for docker build on rocky 9 removed version constraints on dependencies as we don't need them for python 3 added separate requirements file for docker to keep python 3 dependencies separate --- Dockerfile | 6 +++--- requirements-docker.txt | 12 ++++++++++++ setup.py | 12 ++++++------ 3 files changed, 21 insertions(+), 9 deletions(-) create mode 100644 requirements-docker.txt diff --git a/Dockerfile b/Dockerfile index aacd05f4..696c3e49 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM centos:7 +FROM rockylinux:9 MAINTAINER APEL Administrators # Copy the SSM Git repository to /tmp/ssm @@ -21,9 +21,9 @@ RUN yum -y install libffi-devel && yum clean all RUN yum -y install openssl && yum clean all # Install the python requirements of SSM -RUN pip install -r requirements.txt +RUN pip install -r requirements-docker.txt # Then install the SSM -RUN python setup.py install +RUN python3 setup.py install # Set the working directory back to / WORKDIR / diff --git a/requirements-docker.txt b/requirements-docker.txt new file mode 100644 index 00000000..4765b7c5 --- /dev/null +++ b/requirements-docker.txt @@ -0,0 +1,12 @@ +# Base requirements for ssm + +argo-ams-library +pyopenssl +cryptography +stomp.py +python-daemon +python-ldap +setuptools # Required for pkg_resources (also happens to be a dependency of python-ldap) + +# Dependencies for optional dirq based sending +dirq diff --git a/setup.py b/setup.py index c33e93c9..950dd33e 100644 --- a/setup.py +++ b/setup.py @@ -51,15 +51,15 @@ def main(): download_url='https://github.com/apel/ssm/releases', license='Apache License, Version 2.0', install_requires=[ - 'cryptography==3.3.2', - 'stomp.py<5.0.0', - 'python-ldap<3.4.0', + 'cryptography', + 'stomp.py', + 'python-ldap', 'setuptools', - 'pyopenssl >=19.1.0, <=21.0.0', + 'pyopenssl', ], extras_require={ - 'AMS': ['argo-ams-library', 'certifi<2020.4.5.2', ], - 'daemon': ['python-daemon<=2.3.0', ], + 'AMS': ['argo-ams-library', ], + 'daemon': ['python-daemon', ], 'dirq': ['dirq'], }, packages=find_packages(exclude=['bin', 'test']), From 8a49424e3c920b833e6a58f483ecd5538713dd84 Mon Sep 17 00:00:00 2001 From: william cross Date: Tue, 23 Apr 2024 13:02:31 +0100 Subject: [PATCH 19/42] Changed "python" to "python3" in dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 696c3e49..21507e07 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,10 +9,10 @@ WORKDIR /tmp/ssm # Add the EPEL repo so we can get pip RUN yum -y install epel-release && yum clean all # Then get pip -RUN yum -y install python-pip && yum clean all +RUN yum -y install python3-pip && yum clean all # Install the system requirements of python-ldap -RUN yum -y install gcc python-devel openldap-devel && yum clean all +RUN yum -y install gcc python3-devel openldap-devel && yum clean all # Install libffi, a requirement of openssl RUN yum -y install libffi-devel && yum clean all From cb9968e2af2bc3390a31c71da70ca4acb06c201a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Apr 2024 06:24:11 +0000 Subject: [PATCH 20/42] Bump actions/upload-artifact from 4.3.2 to 4.3.3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-pkgs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-pkgs.yml b/.github/workflows/build-pkgs.yml index f02ee278..eb70d8d7 100644 --- a/.github/workflows/build-pkgs.yml +++ b/.github/workflows/build-pkgs.yml @@ -51,7 +51,7 @@ jobs: run: rpmlint ${{ steps.rpm.outputs.rpm_dir_path }} - name: Upload artifact - uses: actions/upload-artifact@v4.3.2 + uses: actions/upload-artifact@v4.3.3 with: name: Binary and Source RPMs path: | From 045b667e891f896b3a86d60f78957fa8d5f950f3 Mon Sep 17 00:00:00 2001 From: william cross Date: Tue, 30 Apr 2024 14:04:44 +0100 Subject: [PATCH 21/42] Replaced deprecated Maintainer tag to use Label added other information in the label tag --- Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 21507e07..50029fe0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,9 @@ FROM rockylinux:9 -MAINTAINER APEL Administrators +LABEL org.opencontainers.image.authors="apel-admins@stfc.ac.uk" \ + org.opencontainers.image.title="APEL SSM" \ + org.opencontainers.image.description="Secure Stomp Messenger (SSM) is designed to simply send messages using the STOMP protocol." \ + org.opencontainers.image.source="https://github.com/apel/ssm" \ + org.opencontainers.image.licenses="Apache License, Version 2.0" # Copy the SSM Git repository to /tmp/ssm COPY . /tmp/ssm From c10cba2c7448fb1d51d2b410bd46527f56990529 Mon Sep 17 00:00:00 2001 From: Will <115461530+Will-Cross1@users.noreply.github.com> Date: Thu, 2 May 2024 09:46:46 +0100 Subject: [PATCH 22/42] Made description more like the README file Co-authored-by: gregcorbett --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 50029fe0..e5627554 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM rockylinux:9 LABEL org.opencontainers.image.authors="apel-admins@stfc.ac.uk" \ org.opencontainers.image.title="APEL SSM" \ - org.opencontainers.image.description="Secure Stomp Messenger (SSM) is designed to simply send messages using the STOMP protocol." \ + org.opencontainers.image.description="Secure STOMP Messenger (SSM) is designed to simply send messages using the STOMP protocol or via the ARGO Messaging Service (AMS)." \ org.opencontainers.image.source="https://github.com/apel/ssm" \ org.opencontainers.image.licenses="Apache License, Version 2.0" From 14b6504cd2630b40cdfaefad3331bcf7cdfcd381 Mon Sep 17 00:00:00 2001 From: william cross Date: Thu, 2 May 2024 15:52:36 +0100 Subject: [PATCH 23/42] Split label across multiple lines Docker no-longer has the issue that prevented this. --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index e5627554..8c6b5e8b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ FROM rockylinux:9 -LABEL org.opencontainers.image.authors="apel-admins@stfc.ac.uk" \ - org.opencontainers.image.title="APEL SSM" \ - org.opencontainers.image.description="Secure STOMP Messenger (SSM) is designed to simply send messages using the STOMP protocol or via the ARGO Messaging Service (AMS)." \ - org.opencontainers.image.source="https://github.com/apel/ssm" \ - org.opencontainers.image.licenses="Apache License, Version 2.0" +LABEL org.opencontainers.image.authors="apel-admins@stfc.ac.uk" +LABEL org.opencontainers.image.title="APEL SSM" +LABEL org.opencontainers.image.description="Secure STOMP Messenger (SSM) is designed to simply send messages using the STOMP protocol or via the ARGO Messaging Service (AMS)." +LABEL org.opencontainers.image.source="https://github.com/apel/ssm" +LABEL org.opencontainers.image.licenses="Apache License, Version 2.0" # Copy the SSM Git repository to /tmp/ssm COPY . /tmp/ssm From 51cab9fc4062585982e90be229d4528b6cc1f0b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 06:31:27 +0000 Subject: [PATCH 24/42] Bump codecov/codecov-action from 4.3.0 to 4.3.1 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4.3.0...v4.3.1) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/unit-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index c60b724f..2c9cdc98 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -31,4 +31,4 @@ jobs: - name: Run unit tests run: coverage run --branch --source=ssm,bin -m unittest discover --buffer - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4.3.0 + uses: codecov/codecov-action@v4.3.1 From 3db33248ab2fbdd383a26ec9c7f6d5d25e3900f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Wed, 1 May 2024 14:14:12 +0000 Subject: [PATCH 25/42] Add supporting packages in RPM section for py3 to run in EL(8|9) --- scripts/ssm-build.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index c7016451..e9402636 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -143,6 +143,9 @@ if [[ ${PY_NUM:0:1} == "3" ]]; then FPM_PYTHON="--depends python3 \ --depends python3-stomppy \ --depends python3-pip \ + --depends python3-cryptography \ + --depends python3-pyOpenSSL \ + --depends python3-daemon \ --depends python3-ldap \ --depends openssl \ --depends openssl-devel " From 3ba8c9df624aeabebf31e12578956c5ca4582e5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Wed, 1 May 2024 14:15:16 +0000 Subject: [PATCH 26/42] Add supporting packages in DEB section for py3 --- scripts/ssm-build.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index e9402636..22420423 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -132,6 +132,9 @@ if [[ ${PY_NUM:0:1} == "3" ]]; then if [[ "$PACK_TYPE" = "deb" ]]; then FPM_PYTHON="--depends python3 \ --depends python3-pip \ + --depends python3-cryptography \ + --depends python3-openssl \ + --depends python3-daemon \ --depends 'python3-stomp' \ --depends python3-ldap \ --depends libssl-dev \ From 819a1778be64c082f9fd949d898306357502946e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Wed, 1 May 2024 15:16:12 +0000 Subject: [PATCH 27/42] Add missing packages in DEB and RPM section for py2 support --- scripts/ssm-build.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index 22420423..0d46dc19 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -162,6 +162,9 @@ elif [[ ${PY_NUM:0:1} == "2" ]]; then --depends python-pip \ --depends 'python-stomp < 5.0.0' \ --depends python-ldap \ + --depends python-cryptography \ + --depends python-openssl \ + --depends python-daemon \ --depends libssl-dev \ --depends libsasl2-dev \ --depends openssl " @@ -170,6 +173,9 @@ elif [[ ${PY_NUM:0:1} == "2" ]]; then elif [[ "$PACK_TYPE" = "rpm" ]]; then FPM_PYTHON="--depends python2 \ --depends python2-pip \ + --depends python2-cryptography \ + --depends python2-pyOpenSSL \ + --depends python2-daemon \ --depends stomppy \ --depends python-ldap \ --depends openssl \ From d2a49a9b3b411c26d531217bd52a66f35b0ec95c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Thu, 2 May 2024 08:59:17 +0000 Subject: [PATCH 28/42] Update lintian to perform deb checks in given location --- scripts/ssm-build.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index 0d46dc19..94cd7418 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -218,8 +218,10 @@ if [ "$OS_EXTENSION" == "_all" ] then # Check the resultant debs for 'lint' TAG="$VERSION-$ITERATION" - lintian "$BUILD_DIR"/apel-ssm_"${TAG}"_all.deb - lintian "$BUILD_DIR"/apel-ssm-service_"${TAG}"_all.deb + DEBDIR="$(dirname "$BUILD_DIR")" + + lintian "$DEBDIR"/apel-ssm_"${TAG}"_all.deb + lintian "$DEBDIR"/apel-ssm-service_"${TAG}"_all.deb else # Check for errors in SPEC and built packages # For instance; Given $(dirname /root/rpmb/rpmbuild/source) will output "/root/rpmb/rpmbuild". From acc897f6056ac7494e6f8054260b657a9bd81dd1 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Tue, 7 May 2024 16:31:52 +0100 Subject: [PATCH 29/42] Add reference to RVM installation guide --- scripts/ssm-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ssm-build.sh b/scripts/ssm-build.sh index 94cd7418..9301006c 100755 --- a/scripts/ssm-build.sh +++ b/scripts/ssm-build.sh @@ -6,7 +6,7 @@ # Script runs well with FPM 1.14.2 on ruby 2.7.1, setuptools 51.3.3 on RHEL and Deb platforms -# Download ruby (if you're locked to 2.5, use RVM) and then run: +# Download ruby (if you're locked to 2.5, use RVM, https://www.tecmint.com/install-ruby-on-centos-rhel-8/#installrubyrvm) and then run: # sudo gem install fpm -v 1.14.2 # (may need to be run without the 'sudo') From 74df7a7d4687e112ea149d0c7613ce27524722f2 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Fri, 10 May 2024 13:32:50 +0100 Subject: [PATCH 30/42] Improvements to GH Action unit tests - Specify Python versions we're interested in. - Add Python version to run name. - Add caching. - Simplify codecov-action version to major tag. - Space out sections. - Add comments. --- .github/workflows/unit-test.yml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 2c9cdc98..63c500e5 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -4,31 +4,40 @@ on: [push, pull_request] jobs: unit-test: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 # 20.04 to allow for Py 3.6 strategy: fail-fast: false matrix: - python-version: ['3.x'] + # Python versions on Rocky 8, Ubuntu 20.04, Rocky 9 + python-version: ['3.6', '3.8', '3.9'] name: Python ${{ matrix.python-version }} test steps: - uses: actions/checkout@v4 - - name: Set up Python + + - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} + cache: 'pip' + - name: Set up dependencies for python-ldap run: sudo apt-get install libsasl2-dev libldap2-dev libssl-dev + - name: Base requirements for SSM run: pip install -r requirements.txt + - name: Additional requirements for the unit and coverage tests run: pip install -r requirements-test.txt + - name: Pre-test set up run: | export TMPDIR=$PWD/tmp mkdir $TMPDIR export PYTHONPATH=$PYTHONPATH:`pwd -P` cd test + - name: Run unit tests run: coverage run --branch --source=ssm,bin -m unittest discover --buffer + - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4.3.1 + uses: codecov/codecov-action@v4 From de304cd8def3607364626a8d0c31a9d27113f200 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Fri, 10 May 2024 13:34:44 +0100 Subject: [PATCH 31/42] Remove redundant Python 3 test from Travis Redundant as we have working Python 3 tests in GitHub Actions. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 70e2d56c..40af6510 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,6 @@ os: linux language: python python: - "2.7" - - "3.8" # Cache the dependencies installed by pip cache: pip From 0e8592b73a912fee72019400d946dc2281ffdd92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CSae126V=E2=80=9D?= <“saitejav2021@gmail.com”> Date: Fri, 10 May 2024 14:29:06 +0000 Subject: [PATCH 32/42] Update setup.py flow to perform basic setup standard commands Now, `setup.py` will make use of the build step to install the package. Enabling separate flows for the build and install phases if specified. We are currently NOT supporting a few standard commands that are out of scope or NOT being asked, listed below: - `register`, `bdist_rpm`, `bdist_wininst`, `upload`. Also, We do NOT support extra commands with the setup.py except a few commands like `develop`, `egg_info`, and `bdist_egg`. --- setup.py | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/setup.py b/setup.py index 950dd33e..6ca3c7fb 100644 --- a/setup.py +++ b/setup.py @@ -22,14 +22,30 @@ from ssm import __version__ +def setup_temp_files(): + """Create temporary files with deployment names. """ + copyfile('bin/receiver.py', 'bin/ssmreceive') + copyfile('bin/sender.py', 'bin/ssmsend') + copyfile('scripts/apel-ssm.logrotate', 'conf/apel-ssm') + copyfile('README.md', 'apel-ssm') + + def main(): """Called when run as script, e.g. 'python setup.py install'.""" - # Create temporary files with deployment names - if 'install' in sys.argv: - copyfile('bin/receiver.py', 'bin/ssmreceive') - copyfile('bin/sender.py', 'bin/ssmsend') - copyfile('scripts/apel-ssm.logrotate', 'conf/apel-ssm') - copyfile('README.md', 'apel-ssm') + supported_commands = { + "install", + "build", + "bdist", + "develop", + "build_scripts", + "install_scripts", + "install_data", + "bdist_dumb", + "bdist_egg", + } + + if supported_commands.intersection(sys.argv): + setup_temp_files() # conf_files will later be copied to conf_dir conf_dir = '/etc/apel/' @@ -79,7 +95,7 @@ def main(): ) # Remove temporary files with deployment names - if 'install' in sys.argv: + if supported_commands.intersection(sys.argv): remove('bin/ssmreceive') remove('bin/ssmsend') remove('conf/apel-ssm') From 6f008a2ec1f6d31842a77e3aeeac9c0ed97a4230 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Tue, 21 May 2024 10:51:11 +0100 Subject: [PATCH 33/42] Change exit() to sys.exit() The "exit()" function is from site.py which may not be present depending on command line options. "sys.exit" on the other hand, will be there as it is imported. --- bin/receiver.py | 2 +- bin/sender.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bin/receiver.py b/bin/receiver.py index dac81f3b..82674495 100644 --- a/bin/receiver.py +++ b/bin/receiver.py @@ -66,7 +66,7 @@ def main(): cp.read(options.config) else: print("Config file not found at", options.config) - exit(1) + sys.exit(1) # Check for pidfile pidfile = cp.get('daemon', 'pidfile') diff --git a/bin/sender.py b/bin/sender.py index f6d08e98..a058bbc4 100644 --- a/bin/sender.py +++ b/bin/sender.py @@ -24,6 +24,7 @@ import logging from optparse import OptionParser import os +import sys try: import ConfigParser @@ -57,7 +58,7 @@ def main(): cp.read(options.config) else: print("Config file not found at", options.config) - exit(1) + sys.exit(1) ssm.agents.logging_helper(cp) From a4a5c68552ffe36f433544fd4786387d2e525a7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 06:42:55 +0000 Subject: [PATCH 34/42] Bump docker/build-push-action from 5.3.0 to 6.1.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.3.0 to 6.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5.3.0...v6.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 522a4e5f..6b468f2f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -48,7 +48,7 @@ jobs: # Build and push Docker image # https://github.com/docker/build-push-action name: Build and push Docker image - uses: docker/build-push-action@v5.3.0 + uses: docker/build-push-action@v6.1.0 with: # Only push containers to the registry on GitHub pushes, # not pull requests. GitHub won't let a rogue PR create a container From acec2184dee402d486f46e16205b20248271fdf4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 06:17:06 +0000 Subject: [PATCH 35/42] Bump docker/build-push-action from 6.1.0 to 6.2.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.1.0...v6.2.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6b468f2f..dab6b5ac 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -48,7 +48,7 @@ jobs: # Build and push Docker image # https://github.com/docker/build-push-action name: Build and push Docker image - uses: docker/build-push-action@v6.1.0 + uses: docker/build-push-action@v6.2.0 with: # Only push containers to the registry on GitHub pushes, # not pull requests. GitHub won't let a rogue PR create a container From 55e14007c8df8f3cc4722b881c81e2db4f72a50a Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Wed, 3 Jul 2024 09:38:53 +0100 Subject: [PATCH 36/42] Update pre-commit hooks Set pre-commit-hooks to last Py 3.6 compatible version and add a couple of extra checks. --- .pre-commit-config.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 86c0ad80..de1e3c08 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ # See https://pre-commit.com for more information repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.5.0 + rev: v4.1.0 # Python 3.6 compatible hooks: # Python related checks - id: check-ast @@ -13,9 +13,13 @@ repos: files: 'test/.*' # Other checks - id: check-added-large-files + - id: check-case-conflict - id: check-merge-conflict - id: check-yaml - id: debug-statements + - id: detect-private-key + # This file has a test cert and key + exclude: 'test_ssm.py' - id: end-of-file-fixer - id: mixed-line-ending name: Force line endings to LF From dd46970d11dec1c3c3d1b02e2717a0c768189b27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 06:40:14 +0000 Subject: [PATCH 37/42] Bump actions/upload-artifact from 4.3.3 to 4.3.4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-pkgs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-pkgs.yml b/.github/workflows/build-pkgs.yml index eb70d8d7..4194f1b9 100644 --- a/.github/workflows/build-pkgs.yml +++ b/.github/workflows/build-pkgs.yml @@ -51,7 +51,7 @@ jobs: run: rpmlint ${{ steps.rpm.outputs.rpm_dir_path }} - name: Upload artifact - uses: actions/upload-artifact@v4.3.3 + uses: actions/upload-artifact@v4.3.4 with: name: Binary and Source RPMs path: | From 7eb1ccd0d1e371e42bedc0610f5c42008061fc0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 10:19:19 +0000 Subject: [PATCH 38/42] Bump docker/build-push-action from 6.2.0 to 6.3.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.2.0...v6.3.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index dab6b5ac..fa3c3627 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -48,7 +48,7 @@ jobs: # Build and push Docker image # https://github.com/docker/build-push-action name: Build and push Docker image - uses: docker/build-push-action@v6.2.0 + uses: docker/build-push-action@v6.3.0 with: # Only push containers to the registry on GitHub pushes, # not pull requests. GitHub won't let a rogue PR create a container From a8daf6fa8c7b556f56fbe3f00dbcbb5c6f8f71d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 06:30:55 +0000 Subject: [PATCH 39/42] Bump docker/build-push-action from 6.3.0 to 6.7.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.3.0 to 6.7.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.3.0...v6.7.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fa3c3627..b67559c0 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -48,7 +48,7 @@ jobs: # Build and push Docker image # https://github.com/docker/build-push-action name: Build and push Docker image - uses: docker/build-push-action@v6.3.0 + uses: docker/build-push-action@v6.7.0 with: # Only push containers to the registry on GitHub pushes, # not pull requests. GitHub won't let a rogue PR create a container From 600cc6d80dfad5a6e5a48bb313155cd514277aa1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 13:40:17 +0000 Subject: [PATCH 40/42] Bump actions/upload-artifact from 4.3.4 to 4.3.6 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.4 to 4.3.6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-pkgs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-pkgs.yml b/.github/workflows/build-pkgs.yml index 4194f1b9..0420cb6a 100644 --- a/.github/workflows/build-pkgs.yml +++ b/.github/workflows/build-pkgs.yml @@ -51,7 +51,7 @@ jobs: run: rpmlint ${{ steps.rpm.outputs.rpm_dir_path }} - name: Upload artifact - uses: actions/upload-artifact@v4.3.4 + uses: actions/upload-artifact@v4.3.6 with: name: Binary and Source RPMs path: | From df59c2ce81cb1c7f22696c28bb676e63954bfda9 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Wed, 28 Aug 2024 16:39:19 +0100 Subject: [PATCH 41/42] Update version numbers for 3.4.1 --- apel-ssm.spec | 2 +- scripts/ssm-build-deb.sh | 2 +- scripts/ssm-build-rpm.sh | 2 +- ssm/__init__.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apel-ssm.spec b/apel-ssm.spec index 82628a78..07f0d766 100644 --- a/apel-ssm.spec +++ b/apel-ssm.spec @@ -4,7 +4,7 @@ %endif Name: apel-ssm -Version: 3.4.0 +Version: 3.4.1 %define releasenumber 1 Release: %{releasenumber}%{?dist} Summary: Secure stomp messenger diff --git a/scripts/ssm-build-deb.sh b/scripts/ssm-build-deb.sh index 707cc048..cc5df4f8 100755 --- a/scripts/ssm-build-deb.sh +++ b/scripts/ssm-build-deb.sh @@ -16,7 +16,7 @@ set -eu -TAG=3.4.0-1 +TAG=3.4.1-1 SOURCE_DIR=~/debbuild/source BUILD_DIR=~/debbuild/build diff --git a/scripts/ssm-build-rpm.sh b/scripts/ssm-build-rpm.sh index e6d1502d..f0c37a5b 100644 --- a/scripts/ssm-build-rpm.sh +++ b/scripts/ssm-build-rpm.sh @@ -10,7 +10,7 @@ rpmdev-setuptree RPMDIR=/home/rpmb/rpmbuild -VERSION=3.4.0-1 +VERSION=3.4.1-1 SSMDIR=apel-ssm-$VERSION # Remove old sources and RPMS diff --git a/ssm/__init__.py b/ssm/__init__.py index 904c0c7d..79ecfe73 100644 --- a/ssm/__init__.py +++ b/ssm/__init__.py @@ -19,7 +19,7 @@ import logging import sys -__version__ = (3, 4, 0) +__version__ = (3, 4, 1) LOG_BREAK = '========================================' From c26599860d4bd44e3d46be02398ccb35f7bc25c7 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Fri, 30 Aug 2024 10:23:40 +0100 Subject: [PATCH 42/42] Update changelogs for 3.4.1 --- CHANGELOG | 7 +++++++ apel-ssm.spec | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index c35d5537..b4145013 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +* Fri Aug 30 2024 Adrian Coveney - 3.4.1-1 + - Improved error logging to store full traceback on unexpected exceptions. + - Changed more code to use pyOpenSSL to improve compatibility with newer OpenSSL versions. + - Added a check to prevent a host certificate being to used for target server encryption. + - Changed which version of exit function is used to avoid edge case. + - Various changes and improvements to build scripts and processes. + * Wed Feb 21 2024 Adrian Coveney - 3.4.0-1 - Fixed compatability with newer versions of OpenSSL that only provide comma separated DNs. - Fixed Python 3 compatability (indirectly fixing EL8+ compatability) by performing explicit diff --git a/apel-ssm.spec b/apel-ssm.spec index 07f0d766..a23cc74d 100644 --- a/apel-ssm.spec +++ b/apel-ssm.spec @@ -100,6 +100,13 @@ rm -rf $RPM_BUILD_ROOT %doc %_defaultdocdir/%{name} %changelog +* Fri Aug 30 2024 Adrian Coveney - 3.4.1-1 + - Improved error logging to store full traceback on unexpected exceptions. + - Changed more code to use pyOpenSSL to improve compatibility with newer OpenSSL versions. + - Added a check to prevent a host certificate being to used for target server encryption. + - Changed which version of exit function is used to avoid edge case. + - Various changes and improvements to build scripts and processes. + * Wed Feb 21 2024 Adrian Coveney - 3.4.0-1 - Fixed compatability with newer versions of OpenSSL that only provide comma separated DNs. - Fixed Python 3 compatability (indirectly fixing EL8+ compatability) by performing explicit