From 0d5116507b79bdb44b356d23e68711c87e2e1ba8 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 30 Oct 2019 13:27:58 -0400 Subject: [PATCH] Use python 3 in tests, drop DSA tests disabled by policy - Change python2-dbus build dependency to python3 - Convert tests to pass under python 3 - Skip DSA tests because it is disabled by default crypto policy --- 0001-Convert-tests-to-use-python3.patch | 910 ++++++++++++++++++ ...s-because-it-is-disabled-in-default-.patch | 34 + certmonger.spec | 13 +- 3 files changed, 955 insertions(+), 2 deletions(-) create mode 100644 0001-Convert-tests-to-use-python3.patch create mode 100644 0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch diff --git a/0001-Convert-tests-to-use-python3.patch b/0001-Convert-tests-to-use-python3.patch new file mode 100644 index 0000000..8044ce3 --- /dev/null +++ b/0001-Convert-tests-to-use-python3.patch @@ -0,0 +1,910 @@ +From d7297186e533bfc8e6169e81d4d47140967a4735 Mon Sep 17 00:00:00 2001 +From: Rob Crittenden +Date: Tue, 29 Oct 2019 15:08:31 -0400 +Subject: [PATCH 1/2] Convert tests to use python3 + +Python 2 is deprecated in Fedora, switch to Python 3. +--- + certmonger.spec | 2 +- + tests/028-dbus/expected.out | 67 ++-- + tests/028-dbus/expected.out.nodsa | 22 +- + tests/028-dbus/prequal.sh | 8 +- + tests/028-dbus/run.sh | 7 +- + tests/028-dbus/runsub.sh | 2 +- + tests/028-dbus/simpleprop.py | 14 +- + tests/028-dbus/walk.py | 392 ++++++++++---------- + tests/038-ms-v2-template/extract-extdata.py | 5 +- + 9 files changed, 261 insertions(+), 258 deletions(-) + +diff --git a/certmonger.spec b/certmonger.spec +index deb8c55..9e80952 100644 +--- a/certmonger.spec ++++ b/certmonger.spec +@@ -72,7 +72,7 @@ BuildRequires: /usr/bin/unix2dos + # for which + BuildRequires: /usr/bin/which + # for dbus tests +-BuildRequires: dbus-python ++BuildRequires: python3-dbus + # for popt or popt-devel, depending on the build environment + BuildRequires: /usr/include/popt.h + +diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out +index ca3179e..adfea51 100644 +--- a/tests/028-dbus/expected.out ++++ b/tests/028-dbus/expected.out +@@ -1,5 +1,4 @@ + Certificate in file "${tmpdir}/test.crt" issued by CA and saved. +-Certificate in file "${tmpdir}/test.crt" issued by CA and saved. + [[ getcert ]] + State MONITORING, stuck: no. + Number of certificates and requests being tracked: 1. +@@ -47,7 +46,7 @@ CA 'dogtag-ipa-renew-agent': + /org/fedorahosted/certmonger/cas/CA6 + /org/fedorahosted/certmonger/cas/CA6 + : -> : -k admin@localhost -> : +-0 -> 1 -> 0 ++dbus.Boolean(False, variant_level=1) -> dbus.Boolean(True, variant_level=1) -> dbus.Boolean(False, variant_level=1) + [ walk.py ] + [ /: org.freedesktop.DBus.Introspectable.Introspect ] + + + [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_config_file_path ] +-$tmpdir/cas/20180327134236 ++$tmpdir/cas/date + + [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_nickname ] + SelfSign + + [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_is_default ] +-0 ++dbus.Boolean(False) + + [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_type ] + INTERNAL:SELF +@@ -735,7 +734,7 @@ INTERNAL:SELF + dbus.Array([], signature=dbus.Signature('s')) + + [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.refresh ] +-1 ++dbus.Boolean(True) + + /org/fedorahosted/certmonger/cas/CA2: property org.fedorahosted.certmonger.ca.scep-cipher not set: (, x) + [ /org/fedorahosted/certmonger/cas/CA3: org.freedesktop.DBus.Introspectable.Introspect ] +@@ -828,13 +827,13 @@ dbus.Array([], signature=dbus.Signature('s')) + + + [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_config_file_path ] +-$tmpdir/cas/20180327134236-1 ++$tmpdir/cas/date-1 + + [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_nickname ] + IPA + + [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_is_default ] +-0 ++dbus.Boolean(False) + + [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_type ] + EXTERNAL +@@ -849,7 +848,7 @@ $libexecdir/ipa-submit + dbus.Array([], signature=dbus.Signature('s')) + + [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.refresh ] +-1 ++dbus.Boolean(True) + + [ /org/fedorahosted/certmonger/cas/CA4: org.freedesktop.DBus.Introspectable.Introspect ] + + + [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ] +-$tmpdir/cas/20180327134236-2 ++$tmpdir/cas/date-2 + + [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ] + certmaster + + [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ] +-0 ++dbus.Boolean(False) + + [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_type ] + EXTERNAL +@@ -962,7 +961,7 @@ $libexecdir/certmaster-submit + dbus.Array([], signature=dbus.Signature('s')) + + [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ] +-1 ++dbus.Boolean(True) + + [ /org/fedorahosted/certmonger/cas/CA5: org.freedesktop.DBus.Introspectable.Introspect ] + + + [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ] +-$tmpdir/cas/20180327134236-3 ++$tmpdir/cas/date-3 + + [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ] + dogtag-ipa-renew-agent + + [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_is_default ] +-0 ++dbus.Boolean(False) + + [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_type ] + EXTERNAL +@@ -1075,5 +1074,5 @@ $libexecdir/dogtag-ipa-renew-agent-submit + dbus.Array([], signature=dbus.Signature('s')) + + [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.refresh ] +-1 ++dbus.Boolean(True) + +diff --git a/tests/028-dbus/expected.out.nodsa b/tests/028-dbus/expected.out.nodsa +index a23af40..5082ee0 100644 +--- a/tests/028-dbus/expected.out.nodsa ++++ b/tests/028-dbus/expected.out.nodsa +@@ -187,13 +187,13 @@ dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.Object + dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o')) + + [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ] +-dbus.Array([dbus.String(u'RSA'), dbus.String(u'EC')], signature=dbus.Signature('s')) ++dbus.Array([dbus.String('RSA'), dbus.String('EC')], signature=dbus.Signature('s')) + + [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ] +-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s')) ++dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) + + [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ] +-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s')) ++dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) + + [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ] + OK +@@ -432,19 +432,19 @@ Buddy + + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ] +-(dbus.String(u'CN=$UUID,CN=Local Signing Authority'), dbus.String(u'$UUID'), dbus.String(u'CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s'))) ++(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s'))) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ] + recently + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ] +-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.crt')) ++(dbus.String('FILE'), dbus.String('$tmpdir/test.crt')) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ] + + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ] +-(dbus.String(u'CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'id-kp-serverAuth')], signature=dbus.Signature('s'))) ++(dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s'))) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ] + +@@ -453,19 +453,19 @@ recently + + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ] +-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.key')) ++(dbus.String('FILE'), dbus.String('$tmpdir/test.key')) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ] +-(dbus.String(u'RSA'), dbus.Int64(512L)) ++(dbus.String('RSA'), dbus.Int64(512)) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ] + 1 + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ] +-(dbus.String(u'stdout'), dbus.String(u'daemon.notice')) ++(dbus.String('stdout'), dbus.String('daemon.notice')) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ] +-(dbus.String(u'MONITORING'), dbus.Boolean(False)) ++(dbus.String('MONITORING'), dbus.Boolean(False)) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ] + /org/fedorahosted/certmonger/cas/CA1 +@@ -481,7 +481,7 @@ recently + + [ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ] + 1 on /org/fedorahosted/certmonger/requests/Request2 +-After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String(u'1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1) ++After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1) + + [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ] + 1 +diff --git a/tests/028-dbus/prequal.sh b/tests/028-dbus/prequal.sh +index e645c19..4fe79c8 100755 +--- a/tests/028-dbus/prequal.sh ++++ b/tests/028-dbus/prequal.sh +@@ -9,19 +9,19 @@ if test -z "$DBUSDAEMON" ; then + echo dbus-daemon not found + exit 1 + fi +-if ! python -c 'import os' 2> /dev/null ; then ++if ! python3 -c 'import os' 2> /dev/null ; then + echo python not found + exit 1 + fi +-if ! python -c 'import dbus' 2> /dev/null ; then ++if ! python3 -c 'import dbus' 2> /dev/null ; then + echo python-dbus not found + exit 1 + fi +-if ! python -c 'import xml' 2> /dev/null ; then ++if ! python3 -c 'import xml' 2> /dev/null ; then + echo python-xml not found + exit 1 + fi +-if ! python -c 'import xml.etree.ElementTree' 2> /dev/null ; then ++if ! python3 -c 'import xml.etree.ElementTree' 2> /dev/null ; then + echo python-xml does not include etree.ElementTree + exit 1 + fi +diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh +index c468d51..a8831ca 100755 +--- a/tests/028-dbus/run.sh ++++ b/tests/028-dbus/run.sh +@@ -33,8 +33,8 @@ now=`date +%s` + for i in `seq 240` ; do + recently=$(($now-$i)) + tomorrow=$(($now-$i+24*60*60)) +- sed -i -e s/^$recently'$/recently/g' -e s/"("$recently"L)"/'(recently)'/g \ +- -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow"L)"/'(tomorrow)'/g $tmpdir/runsub.out ++ sed -i -e s/^$recently'$/recently/g' -e s/"("$recently")"/'(recently)'/g \ ++ -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow")"/'(tomorrow)'/g $tmpdir/runsub.out + done + + cat $tmpdir/runsub.out | \ +@@ -43,4 +43,5 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \ + -e "s|$libexecdir|\$libexecdir|g" \ + -e "s|$tmpdir|\$tmpdir|g" \ + -e "s|expires:.*|expires: sometime|g" \ +- -e "s|u'(00)?[0-9a-fA-F]{32}|u'"'$UUID|g' ++ -e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \ ++ -e "s|cas\/[0-9]{14}|cas\/date|g" +diff --git a/tests/028-dbus/runsub.sh b/tests/028-dbus/runsub.sh +index 3510d79..fe6766c 100755 +--- a/tests/028-dbus/runsub.sh ++++ b/tests/028-dbus/runsub.sh +@@ -22,5 +22,5 @@ echo "" + echo "[[ API ]]" + for i in ./*.py ; do + echo "[" `basename "$i"` "]" +- python $i ++ python3 $i + done +diff --git a/tests/028-dbus/simpleprop.py b/tests/028-dbus/simpleprop.py +index e4f937e..35d9591 100644 +--- a/tests/028-dbus/simpleprop.py ++++ b/tests/028-dbus/simpleprop.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + import dbus + + # Get a handle for the main certmonger interface. +@@ -19,7 +19,7 @@ ca = dbus.Interface(o, 'org.freedesktop.DBus.Properties') + + # Toggle the helper a couple of times. + ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') +-print ca_ext_h, "->", ++print(ca_ext_h, "-> ", end='') + + if ca_ext_h.split()[0] == ca_ext_h: + ca_ext_h += ' -k admin@localhost' +@@ -28,7 +28,7 @@ else: + ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h) + + ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') +-print ca_ext_h, "->", ++print(ca_ext_h, "-> ", end='') + + if ca_ext_h.split()[0] == ca_ext_h: + ca_ext_h += ' -k admin@localhost' +@@ -37,20 +37,20 @@ else: + ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h) + + ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') +-print ca_ext_h ++print(ca_ext_h) + + # Toggle the "is-default" value a couple of times. + isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') +-print isdef, "->", ++print(isdef, "-> ", end='') + + ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef) + + isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') +-print isdef, "->", ++print(isdef, "-> ", end='') + + ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef) + + isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') +-print isdef ++print(isdef) + + cm.remove_known_ca(path) +diff --git a/tests/028-dbus/walk.py b/tests/028-dbus/walk.py +index f60ca93..683d94e 100644 +--- a/tests/028-dbus/walk.py ++++ b/tests/028-dbus/walk.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + import dbus + import xml.etree.ElementTree + import os +@@ -9,217 +9,219 @@ bus = dbus.SessionBus() + + # Check that reading a property directly produces the same value as reading it via GetAll(). + def check_props(objpath, interface): +- o = bus.get_object('org.fedorahosted.certmonger', objpath) +- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') +- props = i.GetAll(interface) +- for prop in props.keys(): +- value = props[prop] +- if value != i.Get(interface, prop): +- print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop))) +- return False +- return True ++ o = bus.get_object('org.fedorahosted.certmonger', objpath) ++ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') ++ props = i.GetAll(interface) ++ for prop in props.keys(): ++ value = props[prop] ++ if value != i.Get(interface, prop): ++ print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop))) ++ return False ++ return True + + # Try to call the method. + def examine_method(objpath, interface, method, idata): +- in_args = 0 +- out_args = 0 +- o = bus.get_object('org.fedorahosted.certmonger', objpath) +- i = dbus.Interface(o, interface) +- for child in idata.getchildren(): +- if child.tag == 'arg': +- if child.get('direction') != 'out': +- in_args = in_args + 1 +- else: +- out_args = out_args + 1 +- if in_args == 0: +- # Takes no inputs, so just call it. +- m = i.get_dbus_method(method) +- if out_args == 0: +- m() +- print("[ %s: %s.%s ]\n" % (objpath, interface, method)) +- elif out_args == 1: +- result = m() +- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) +- else: +- result = m() +- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) +- elif method == 'Get' or method == 'Set' or method == 'GetAll': +- # We check on properties elsewhere. +- return True +- # Per-method exercise. +- elif method == 'add_known_ca' or method == 'remove_known_ca': +- (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', []) +- if not result: +- print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method)) +- return False +- result = i.remove_known_ca(path) +- if not result: +- print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method)) +- return False +- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) +- elif method == 'add_request' or method == 'remove_request': +- tmpdir = os.getenv('TMPDIR') +- if not tmpdir or tmpdir == '': +- tmpdir = '/tmp' +- properties = { +- 'nickname': 'foo', +- 'cert-storage': 'file', +- 'cert-file': tmpdir + "/028-certfile", +- 'key-storage': 'file', +- 'key-file': tmpdir + "/028-keyfile", +- 'template-email': ['root@localhost', 'toor@localhost'], +- } +- (result, path) = i.add_request(properties) +- if not result: +- print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method)) +- return False +- result = i.remove_request(path) +- if not result: +- print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method)) +- return False +- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) +- elif method == 'find_ca_by_nickname': +- capath = i.find_ca_by_nickname('local') +- o = bus.get_object('org.fedorahosted.certmonger', capath) +- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') +- if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local': +- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname'))) +- return False +- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) +- elif method == 'find_request_by_nickname': +- reqpath = i.find_request_by_nickname('Buddy') +- o = bus.get_object('org.fedorahosted.certmonger', reqpath) +- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') +- if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy': +- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname'))) +- return False +- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) +- elif method == 'modify': +- mods = {} +- propname = "template-eku" +- propval = '1.2.3.4.5.6.7.8.9.10' +- mods[propname] = [propval,] +- status, path = i.modify(mods) +- if not status: +- print("[ %s : %s.%s ] error\n" % (objpath, interface, method)) +- return False +- print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path)) +- props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') +- prop = props.Get(interface, 'template-eku') +- print("After setting %s to %s, we got %s\n" % (propname, propval, prop)) +- else: +- # We're in FIXME territory. +- print('FIXME: need support for "%s"' % method) +- return False +- # If we caused things to start churning, wait for them to settle. ++ in_args = 0 ++ out_args = 0 ++ o = bus.get_object('org.fedorahosted.certmonger', objpath) ++ i = dbus.Interface(o, interface) ++ for child in idata.getchildren(): ++ if child.tag == 'arg': ++ if child.get('direction') != 'out': ++ in_args = in_args + 1 ++ else: ++ out_args = out_args + 1 ++ if in_args == 0: ++ # Takes no inputs, so just call it. ++ m = i.get_dbus_method(method) ++ if out_args == 0: ++ m() ++ print("[ %s: %s.%s ]\n" % (objpath, interface, method)) ++ elif out_args == 1: ++ result = m() ++ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) ++ else: ++ result = m() ++ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) ++ elif method == 'Get' or method == 'Set' or method == 'GetAll': ++ # We check on properties elsewhere. ++ return True ++ # Per-method exercise. ++ elif method == 'add_known_ca' or method == 'remove_known_ca': ++ (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', []) ++ if not result: ++ print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method)) ++ return False ++ result = i.remove_known_ca(path) ++ if not result: ++ print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method)) ++ return False ++ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) ++ elif method == 'add_request' or method == 'remove_request': ++ tmpdir = os.getenv('TMPDIR') ++ if not tmpdir or tmpdir == '': ++ tmpdir = '/tmp' ++ properties = { ++ 'nickname': 'foo', ++ 'cert-storage': 'file', ++ 'cert-file': tmpdir + "/028-certfile", ++ 'key-storage': 'file', ++ 'key-file': tmpdir + "/028-keyfile", ++ 'template-email': ['root@localhost', 'toor@localhost'], ++ } ++ (result, path) = i.add_request(properties) ++ if not result: ++ print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method)) ++ return False ++ result = i.remove_request(path) ++ if not result: ++ print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method)) ++ return False ++ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) ++ elif method == 'find_ca_by_nickname': ++ capath = i.find_ca_by_nickname('local') ++ o = bus.get_object('org.fedorahosted.certmonger', capath) ++ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') ++ if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local': ++ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname'))) ++ return False ++ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) ++ elif method == 'find_request_by_nickname': ++ reqpath = i.find_request_by_nickname('Buddy') ++ if not reqpath: ++ return False ++ o = bus.get_object('org.fedorahosted.certmonger', reqpath) ++ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') ++ if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy': ++ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname'))) ++ return False ++ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) ++ elif method == 'modify': ++ mods = {} ++ propname = "template-eku" ++ propval = '1.2.3.4.5.6.7.8.9.10' ++ mods[propname] = [propval,] ++ status, path = i.modify(mods) ++ if not status: ++ print("[ %s : %s.%s ] error\n" % (objpath, interface, method)) ++ return False ++ print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path)) ++ props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') ++ prop = props.Get(interface, 'template-eku') ++ print("After setting %s to %s, we got %s\n" % (propname, propval, prop)) ++ else: ++ # We're in FIXME territory. ++ print('FIXME: need support for "%s"' % method) ++ return False ++ # If we caused things to start churning, wait for them to settle. + if method == 'resubmit': + props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') + prop = props.Get(interface, 'status') + while prop != 'MONITORING': + time.sleep(1) + prop = props.Get(interface, 'status') +- return True ++ return True + + def iget(child, proxy, interface, prop): +- value = proxy.Get(interface, prop) +- if not value: +- if child.get('type') == 'b': +- value = False +- elif child.get('type') == 'n' or child.get('type') == 'x': +- value = 0 +- elif child.get('type') == 's': +- value = '' +- elif child.get('type') == 'as': +- value = [''] +- else: +- print("%s.%s: %s" % (interface, prop, child.get('type'))) +- return False +- return value ++ value = proxy.Get(interface, prop) ++ if not value: ++ if child.get('type') == 'b': ++ value = False ++ elif child.get('type') == 'n' or child.get('type') == 'x': ++ value = 0 ++ elif child.get('type') == 's': ++ value = '' ++ elif child.get('type') == 'as': ++ value = [''] ++ else: ++ print("%s.%s: %s" % (interface, prop, child.get('type'))) ++ return False ++ return value + + def examine_interface(objpath, interface, idata): +- o = bus.get_object('org.fedorahosted.certmonger', objpath) +- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') +- for child in idata.getchildren(): +- if child.tag == 'property': +- prop = child.get('name') +- if child.get('access') == 'read': +- # Check that we can read it. +- value = i.Get(interface, prop) +- elif child.get('access') == 'readwrite': +- if prop == 'external-helper' or prop == 'scep-ca-identifier': +- cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca') +- if cai.get_type() != 'EXTERNAL': +- print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop)) +- continue +- # Check that we can read it, tweak it, and then reset it. +- value = iget(child, i, interface, prop) +- i.Set(interface, prop, value) +- newvalue = None +- if child.get('type') == 'b': +- newvalue = not value +- elif child.get('type') == 'n' or child.get('type') == 'x': +- newvalue = value + 1 +- elif child.get('type') == 's': +- newvalue = 'x' + value +- elif child.get('type') == 'as': +- newvalue = ['x'] + value +- else: +- print("%s.%s: %s" % (interface, prop, child.get('type'))) +- return False +- if newvalue: +- if newvalue == value: +- print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value)) +- return False +- i.Set(interface, prop, newvalue) +- if newvalue != iget(child, i, interface, prop): +- print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue)) +- return False +- i.Set(interface, prop, value) +- if value != iget(child, i, interface, prop): +- print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value)) +- return False +- elif child.tag == 'method': +- method = child.get('name') +- if not examine_method(objpath, interface, method, child): +- return False +- elif child.tag == 'signal': +- continue +- else: +- print "FIXME: handle child tag %s" % child.tag +- return False +- return True ++ o = bus.get_object('org.fedorahosted.certmonger', objpath) ++ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') ++ for child in idata.getchildren(): ++ if child.tag == 'property': ++ prop = child.get('name') ++ if child.get('access') == 'read': ++ # Check that we can read it. ++ value = i.Get(interface, prop) ++ elif child.get('access') == 'readwrite': ++ if prop == 'external-helper' or prop == 'scep-ca-identifier': ++ cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca') ++ if cai.get_type() != 'EXTERNAL': ++ print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop)) ++ continue ++ # Check that we can read it, tweak it, and then reset it. ++ value = iget(child, i, interface, prop) ++ i.Set(interface, prop, value) ++ newvalue = None ++ if child.get('type') == 'b': ++ newvalue = not value ++ elif child.get('type') == 'n' or child.get('type') == 'x': ++ newvalue = value + 1 ++ elif child.get('type') == 's': ++ newvalue = 'x' + value ++ elif child.get('type') == 'as': ++ newvalue = ['x'] + value ++ else: ++ print("%s.%s: %s" % (interface, prop, child.get('type'))) ++ return False ++ if newvalue: ++ if newvalue == value: ++ print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value)) ++ return False ++ i.Set(interface, prop, newvalue) ++ if newvalue != iget(child, i, interface, prop): ++ print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue)) ++ return False ++ i.Set(interface, prop, value) ++ if value != iget(child, i, interface, prop): ++ print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value)) ++ return False ++ elif child.tag == 'method': ++ method = child.get('name') ++ if not examine_method(objpath, interface, method, child): ++ return False ++ elif child.tag == 'signal': ++ continue ++ else: ++ print("FIXME: handle child tag %s" % child.tag) ++ return False ++ return True + + def examine_object(objpath): +- o = bus.get_object('org.fedorahosted.certmonger', objpath) +- i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable') +- idata = i.Introspect() +- x = xml.etree.ElementTree.XML(idata) ++ o = bus.get_object('org.fedorahosted.certmonger', objpath) ++ i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable') ++ idata = i.Introspect() ++ x = xml.etree.ElementTree.XML(idata) + +- # Check if the object supports properties interfaces. +- props = False +- for child in x.getchildren(): +- if child.tag == 'interface': +- if child.get('name') == 'org.freedesktop.DBus.Properties': +- props = True ++ # Check if the object supports properties interfaces. ++ props = False ++ for child in x.getchildren(): ++ if child.tag == 'interface': ++ if child.get('name') == 'org.freedesktop.DBus.Properties': ++ props = True + +- # Look at the interfaces and child nodes. +- for child in x.getchildren(): +- if child.tag == 'interface': +- if props and not check_props(objpath, child.get('name')): +- return False +- if not examine_interface(objpath, child.get('name'), child): +- return False +- elif child.tag == 'node': +- if objpath == '/': +- childpath = '/' + child.get('name') +- else: +- childpath = objpath + '/' + child.get('name') +- examine_object(childpath) +- else: +- print "FIXME: handle child tag %s" % child.tag +- return False +- return True ++ # Look at the interfaces and child nodes. ++ for child in x.getchildren(): ++ if child.tag == 'interface': ++ if props and not check_props(objpath, child.get('name')): ++ return False ++ if not examine_interface(objpath, child.get('name'), child): ++ return False ++ elif child.tag == 'node': ++ if objpath == '/': ++ childpath = '/' + child.get('name') ++ else: ++ childpath = objpath + '/' + child.get('name') ++ examine_object(childpath) ++ else: ++ print("FIXME: handle child tag %s" % child.tag) ++ return False ++ return True + + if not examine_object('/'): +- sys.exit(1) ++ sys.exit(1) + sys.exit(0) +diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py +index 1a845fd..9f9d910 100755 +--- a/tests/038-ms-v2-template/extract-extdata.py ++++ b/tests/038-ms-v2-template/extract-extdata.py +@@ -1,10 +1,11 @@ +-#!/usr/bin/python2 ++#!/usr/bin/python3 + + # Given `openssl asn1parse` output of a CSR, look for the V2 Template + # extension and output its data if found. Nonzero exit status if + # not found. + + import binascii ++import os + import re + import sys + +@@ -21,7 +22,7 @@ for line in sys.stdin: + # + if state == STATE_FOUND and 'OCTET STRING' in line: + result = re.search(r'\[HEX DUMP\]:(\w*)', line) +- sys.stdout.write(binascii.unhexlify(result.group(1))) ++ os.write(1, binascii.unhexlify(result.group(1))) + state = STATE_DONE + break + +-- +2.24.0.rc1 + diff --git a/0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch b/0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch new file mode 100644 index 0000000..c73427d --- /dev/null +++ b/0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch @@ -0,0 +1,34 @@ +From 0b1ad4df8d7eefc35061d9f82b102c6f06f31acd Mon Sep 17 00:00:00 2001 +From: Rob Crittenden +Date: Tue, 29 Oct 2019 17:15:54 -0400 +Subject: [PATCH 2/2] Disable DSA tests because it is disabled in default + crypto policy + +certutil will fail to generate DSA keys with a cryptic hash +error. +--- + tests/Makefile.am | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index fe368dc..4c2b0d3 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -416,14 +416,6 @@ subdirs += \ + 034-perms-sql + endif + +-if HAVE_DSA +-subdirs += \ +- 001-keyiread-dsa \ +- 002-keygen-dsa \ +- 003-csrgen-dsa \ +- 004-selfsign-dsa +-endif +- + if HAVE_EC + subdirs += \ + 001-keyiread-ec \ +-- +2.24.0.rc1 + diff --git a/certmonger.spec b/certmonger.spec index 31ab47f..af508a4 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -26,13 +26,15 @@ Name: certmonger Version: 0.79.8 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Certificate status monitor and PKI enrollment client License: GPLv3+ URL: http://pagure.io/certmonger/ Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz #Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig +Patch0001: 0001-Convert-tests-to-use-python3.patch +Patch0002: 0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch BuildRequires: autoconf @@ -76,7 +78,7 @@ BuildRequires: /usr/bin/unix2dos # for which BuildRequires: /usr/bin/which # for dbus tests -BuildRequires: python2-dbus +BuildRequires: python3-dbus BuildRequires: popt-devel # we need a running system bus @@ -117,6 +119,8 @@ system enrolled with a certificate authority (CA) and keeping it enrolled. %prep %setup -q +%patch1 -p1 +%patch2 -p1 %if 0%{?rhel} > 0 # Enabled by default for RHEL for bug #765600, still disabled by default for @@ -244,6 +248,11 @@ exit 0 %endif %changelog +* Wed Oct 30 2019 Rob Crittenden - 0.79.8-3 +- Change python2-dbus build dependency to python3 +- Convert tests to pass under python 3 +- Skip DSA tests because it is disabled by default crypto policy + * Wed Jul 24 2019 Fedora Release Engineering - 0.79.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild