caucase:712e80f8f8621d5e1e1f86808faac0305616ba72 commitshttps://lab.nexedi.com/nexedi/caucase/-/commits/712e80f8f8621d5e1e1f86808faac0305616ba722022-07-07T18:48:27+09:00https://lab.nexedi.com/nexedi/caucase/-/commit/712e80f8f8621d5e1e1f86808faac0305616ba72CHANGES.txt: Add line about the several previous changes.2022-07-07T18:48:27+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/d594e0bb2e8a86ec5d2607772b33be9a80bd098bcaucase.{client,http}: Trivial coverage improvement.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/a44aed3d7eb676c9b2d77d9aa2c0152c984fcafdshell/caucase.sh,.shellcheckrc: Make shellcheck happy.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.com
Silence the warning about "local" not being POSIX, as many shells implement
it.
Resolve the other watnings, related to now-useless "x" prefixes in [
arguments.https://lab.nexedi.com/nexedi/caucase/-/commit/dc8636da2da56d550c5334ce364c9c8e7246f5ebshell/caucase.sh: Tolerate openssl not emitting a "keyid:" prefix.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.com
This whole business of parsing openssl command output is so brittle...https://lab.nexedi.com/nexedi/caucase/-/commit/ff8eafca4b4d8536aee691e7b019b107d546a2b6caucase.http: Fix server_version encoding for py2.7 .2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.com
Work around what should be a test-only issue, where versioneer produces
a unicode object for the module's version (by decoding a json object,
whose strings become unicode objects). Python 2.7's BaseHttpServer does
not encode the response in such case, causing a test failure when writing
to wfile, set to be a BytesIO object.
I guess some magic encoding happens on a real socket, likely to ascii.https://lab.nexedi.com/nexedi/caucase/-/commit/35919046f2b790cec4484062d02683be89892005caucase.{wsgi,test}: Declare functions instead of lambda-in-local2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.com
Silences pylint warnings.https://lab.nexedi.com/nexedi/caucase/-/commit/1c2e95f7a2f8973db30ed1238dfcb3032ebb6a2ecaucase.http_wsgibase: Use less surprising attribute access pattern.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.com
Silences a pylint warning.https://lab.nexedi.com/nexedi/caucase/-/commit/37e6a4f742e27789f6c185c463e2fc89aecf5d37caucase.http: Silence ssl.OP_NO_{SSL,TLS}* deprecation warning.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/5af60b32a7f65465dc1512af4a522600a34d5103caucase.test: Drop dependency on deprecated distutils module.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/4966706d3b7fb6da785706a9dd05fa19e2f5bc8ccaucase.cli: Silence pylint warning.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/fe081b78b837f1380ef1ffd28a8dbf9248975604setup.py: Add mising dependency.2022-07-07T18:47:37+09:00Vincent Pelletiervincent@nexedi.com
This was indirectly satisfied by cryptography depending on ipaddress, so
no functional change is expected. This is just to be pedantic.https://lab.nexedi.com/nexedi/caucase/-/commit/5a4d8be4c981b57be21280cb6363c25a7b0ee3b8caucase.test: Fix test execution outside of a git working copy.2021-12-22T16:54:29+09:00Vincent Pelletiervincent@nexedi.com
Traversal to the root makes is unreasonable.
Rely on "shell" directory being a sibling of test.py's container.https://lab.nexedi.com/nexedi/caucase/-/commit/6f63dd2b6ac4342302adecd70bc77d6a96576876CHANGES.txt: Release 0.9.13 .2021-12-22T16:09:08+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/dbde7a3fe10cf5abf6460b70cc1728ae8cdaf572caucase.utils: Fix support for host computer suspension in "until".2021-12-22T16:01:28+09:00Vincent Pelletiervincent@nexedi.com
Break requested sleep period into smaller chunks, to try to compensate for
extended suspension periods.
The chosen values seem to be a reasonable trade-off between accuracy and
number of wake-ups.https://lab.nexedi.com/nexedi/caucase/-/commit/3750b5c2c15aa6367d0f71006d7762ea59a63e7aall: Use named arguments of datetime.timedelta .2021-12-22T15:57:59+09:00Vincent Pelletiervincent@nexedi.com
Positional arguments are comparatively a lot harder to understand.https://lab.nexedi.com/nexedi/caucase/-/commit/3b5e0085a2be84c00fa019c7c026419a4e2bfee0caucase.test: Increase the caucased start timeout for...2021-12-15T18:35:36+09:00Vincent Pelletiervincent@nexedi.comcaucase.test: Increase the caucased start timeout for test_databaseUpgradeFrom_0_9_8_{with,no}_revoked
This step needs to generate certificates, so it may reach the shorter,
default timeout.
https://lab.nexedi.com/nexedi/caucase/-/commit/ede954fb1ae7e68bbfed9c104cae0745d796e837shell/caucase.sh: Enable some optional shellcheck checkers.2021-11-09T15:47:30+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/34585419263d389f5cfd8225366964cccfec879dshell/caucase.sh: Give precedence to CAUCASE_PYTHON.2021-11-09T15:47:28+09:00Vincent Pelletiervincent@nexedi.com
If environment points us at a specific python interpreter, use it to run
caucased, even if caucased is present reachable from PATH.https://lab.nexedi.com/nexedi/caucase/-/commit/ad4af0ae503358220394a075209c3cc59d8766b6shell/caucase.sh: Allow CAUCASE_PYTHON to not be set.2021-11-09T15:46:47+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/56c2d11a86295735880f5af9e6723c17132ec834caucase.test: Add space after comma.2021-11-09T13:55:51+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/83583e8ba56630ca42be495fc33b50a6c2ec34b7caucase.tests: Work around cryptography breakage on >28bits OIDs.2021-11-09T13:52:36+09:00Vincent Pelletiervincent@nexedi.com
As seen at least on cryptography 35.0.0 .
Ideally this should be on a 63 or 64bits cutoff, but somehow the breakage
is a lot lower.
Bug reported upstream:
<a href="https://github.com/pyca/cryptography/issues/6573" rel="nofollow noreferrer noopener" target="_blank">https://github.com/pyca/cryptography/issues/6573</a>https://lab.nexedi.com/nexedi/caucase/-/commit/13684357c49f3294d87d9387bdcf3b71823e8934cauacase.{test,ca}: Silence pylint consider-using-with .2021-11-09T10:52:16+09:00Vincent Pelletiervincent@nexedi.com
Because:
- Non-blocking lock acquisition does not work with a context manager.
- subprocess is not a context manager in python 2.7 .https://lab.nexedi.com/nexedi/caucase/-/commit/9e673d8e634ca2c2fd4a981f15c7f300a4a457a6caucase.test: get IP address from CAUCASE_LOC instead of hardcode IP2021-11-09T10:41:06+09:00Boxiang Sunboxiang.sun@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/aa090b762fb7235862f3c8e732d58ca35feedd3acaucase.test: CAUCASE_NETLOC should not contain literal IP addresses2021-11-09T10:41:06+09:00Boxiang Sunboxiang.sun@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/4e2c2fe9f16730d610c5ea2a993e036a9158dc05caucase.test: Propagate our environment to caucase.sh .2021-11-09T10:38:23+09:00Vincent Pelletiervincent@nexedi.com
The test should not need to sanitise the environment of this test in
particular (if we do not trust the environment then there would be a lot
more to sanitise for the python part of the test as well), and the intent
was just to add the CAUCASE_PYTHON variable so caucase.sh runs the expected
python executable and not one possibly picked from PATH.
So copy environment, edit the copy and pass this to the caucase.sh
subprocess.https://lab.nexedi.com/nexedi/caucase/-/commit/5932d4fbda0e5be45dadfbc66905dd8d21492e61caucase.http: Do not risk modifying dictionary during iteration.2021-11-08T18:52:00+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/792d49e99857c66b3b7f0eaf7e534a662e4290aa.pylintrc: Silence some pylint warnings.2021-11-08T18:51:04+09:00Vincent Pelletiervincent@nexedi.com
This codebase must remain py2 compatible for some more, so do not complain
about backward-compatible code.https://lab.nexedi.com/nexedi/caucase/-/commit/67671d615d9534ebc963afe33752a3e967170087all: Bump copyright year.2021-10-20T17:28:43+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/e07425329eee5b3f3986872fcc079e86fb42f337{cli,client}: Ignore CA certificates which fail loading.2021-10-20T17:28:25+09:00Vincent Pelletiervincent@nexedi.com
Fixes cli.updater crashing when one of the locally-stored CA is expired.
Also, explicitly raise when there are CAs in the local trust store but all
fail loading.https://lab.nexedi.com/nexedi/caucase/-/commit/f907890c936e57d1cce6765ee07a1d8af08d1dc9cli.updater: Ignore unverifiable CRLs for next deadline computation.2021-10-20T17:19:04+09:00Vincent Pelletiervincent@nexedi.com
If an unverifiable CRL is present (ex: its CA expired), then it can be
ignored in the computation of the next wake-up time.
Also, factorise with similar code in client.CaucaseClient.updateCRLFile .https://lab.nexedi.com/nexedi/caucase/-/commit/2d14723917d2842e68f32a336be4c5a7d4c7be1eCHANGES.txt: Catch up with 0.9.11 release .2021-10-07T18:01:08+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/cb4ea281269c4b64fa344162e14796ba30c3bd24all: Drop the need for install-time 2to3.2021-10-07T17:35:03+09:00Vincent Pelletiervincent@nexedi.com
Preserve py2.7 compatibility.
Also, make pylint happier with the result.https://lab.nexedi.com/nexedi/caucase/-/commit/9466242bc51713643ebf295987a44d34fe4dc5bfcaucase.ca: Coding style.2021-10-07T16:17:19+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/810e7ec21daf1c3c3d13cc1afefc42f0efd09faacaucase.storage: Fix docstring typo.2021-10-07T16:17:05+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/5d8b9602b423ac4831f36a693ffa5cec0af906dbsetup.py: Fix twine warning.2021-04-07T15:32:04+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/21f38e4beb9145c9acfa4451d271e00c16a3d2a9client: Fix CA and CRL update when a CA is expired.2021-04-07T15:29:53+09:00Vincent Pelletiervincent@nexedi.com
Otherwise, the expired CA causes an error when it is being loaded, before
the time comparison.
Also, CRL signed by that CA also causes an error (as its signature cannot
be checked).
Catch these errors so the corresponding unusable PEMs are discarded.https://lab.nexedi.com/nexedi/caucase/-/commit/f7d8281da7f4d0be3dcc7deefb9286b9c56a0b13client: Close http connection after each request.2021-04-07T15:29:53+09:00Vincent Pelletiervincent@nexedi.com
Make python3 resource leak detector happy.https://lab.nexedi.com/nexedi/caucase/-/commit/bd633a1e3938194c724ff428acd93098bfe169d7CHANGES.txt: Release 0.9.9 .2021-03-02T10:11:55+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/a9c801e0bd5118178c49eb2bab334d6847dcf1a0CHANGES.txt: Catch up.2021-03-02T10:11:34+09:00Vincent Pelletiervincent@nexedi.comhttps://lab.nexedi.com/nexedi/caucase/-/commit/d2f4fc9b0df0371c5320bc654107076c3f725516wsgi: Raise TooLarge even when Content-Length is not provided.2021-02-22T14:05:19+09:00Vincent Pelletiervincent@nexedi.com
Prevent the (very unlikely at a 10MB given the manipulated data structures)
risk of a partial read accidentally containing producing a well-formed
result.
Also, only accept base-10 content lengths.