From a170c390c32519e0f1cdb63d8498b41e9608f3da Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 31 Jan 2020 14:27:20 -0500 Subject: [PATCH] Update to upstream 0.79.9 --- .gitignore | 1 + ...us-python-output-more-for-python-3.8.patch | 169 ++++ 0001-Convert-tests-to-use-python3.patch | 910 ------------------ ...s-because-it-is-disabled-in-default-.patch | 34 - certmonger.spec | 11 +- sources | 2 +- 6 files changed, 177 insertions(+), 950 deletions(-) create mode 100644 0001-Adjust-dbus-python-output-more-for-python-3.8.patch delete mode 100644 0001-Convert-tests-to-use-python3.patch delete mode 100644 0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch diff --git a/.gitignore b/.gitignore index 5f86d0a..2e3f99b 100644 --- a/.gitignore +++ b/.gitignore @@ -125,3 +125,4 @@ certmonger-0.28.tar.gz /certmonger-0.79.6.tar.gz /certmonger-0.79.7.tar.gz /certmonger-0.79.8.tar.gz +/certmonger-0.79.9.tar.gz diff --git a/0001-Adjust-dbus-python-output-more-for-python-3.8.patch b/0001-Adjust-dbus-python-output-more-for-python-3.8.patch new file mode 100644 index 0000000..d393b3e --- /dev/null +++ b/0001-Adjust-dbus-python-output-more-for-python-3.8.patch @@ -0,0 +1,169 @@ +From 7e4820c6e99d4f696f083e3e5ee78bb868985bbb Mon Sep 17 00:00:00 2001 +From: Rob Crittenden +Date: Fri, 31 Jan 2020 18:49:33 +0000 +Subject: [PATCH] Adjust dbus-python output more for python 3.8 + +The dbus output changed in due to an upstream bug. It seems that +the behavior changed with the last respin of python3-dbus. + +https://gitlab.freedesktop.org/dbus/dbus-python/issues/31 +--- + tests/028-dbus/expected.out | 36 ++++++++++++++++++------------------ + 1 file changed, 18 insertions(+), 18 deletions(-) + +diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out +index 9f05e0e..82e5b7d 100644 +--- a/tests/028-dbus/expected.out ++++ b/tests/028-dbus/expected.out +@@ -47,7 +47,7 @@ CA 'dogtag-ipa-renew-agent': + /org/fedorahosted/certmonger/cas/CA6 + /org/fedorahosted/certmonger/cas/CA6 + : -> : -k admin@localhost -> : +-0 -> 1 -> 0 ++dbus.Boolean(False, variant_level=1) -> dbus.Boolean(True, variant_level=1) -> dbus.Boolean(False, variant_level=1) + [ walk.py ] + [ /: org.freedesktop.DBus.Introspectable.Introspect ] + -Date: Tue, 29 Oct 2019 15:08:31 -0400 -Subject: [PATCH 1/2] Convert tests to use python3 - -Python 2 is deprecated in Fedora, switch to Python 3. ---- - certmonger.spec | 2 +- - tests/028-dbus/expected.out | 67 ++-- - tests/028-dbus/expected.out.nodsa | 22 +- - tests/028-dbus/prequal.sh | 8 +- - tests/028-dbus/run.sh | 7 +- - tests/028-dbus/runsub.sh | 2 +- - tests/028-dbus/simpleprop.py | 14 +- - tests/028-dbus/walk.py | 392 ++++++++++---------- - tests/038-ms-v2-template/extract-extdata.py | 5 +- - 9 files changed, 261 insertions(+), 258 deletions(-) - -diff --git a/certmonger.spec b/certmonger.spec -index deb8c55..9e80952 100644 ---- a/certmonger.spec -+++ b/certmonger.spec -@@ -72,7 +72,7 @@ BuildRequires: /usr/bin/unix2dos - # for which - BuildRequires: /usr/bin/which - # for dbus tests --BuildRequires: dbus-python -+BuildRequires: python3-dbus - # for popt or popt-devel, depending on the build environment - BuildRequires: /usr/include/popt.h - -diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out -index ca3179e..adfea51 100644 ---- a/tests/028-dbus/expected.out -+++ b/tests/028-dbus/expected.out -@@ -1,5 +1,4 @@ - Certificate in file "${tmpdir}/test.crt" issued by CA and saved. --Certificate in file "${tmpdir}/test.crt" issued by CA and saved. - [[ getcert ]] - State MONITORING, stuck: no. - Number of certificates and requests being tracked: 1. -@@ -47,7 +46,7 @@ CA 'dogtag-ipa-renew-agent': - /org/fedorahosted/certmonger/cas/CA6 - /org/fedorahosted/certmonger/cas/CA6 - : -> : -k admin@localhost -> : --0 -> 1 -> 0 -+dbus.Boolean(False, variant_level=1) -> dbus.Boolean(True, variant_level=1) -> dbus.Boolean(False, variant_level=1) - [ walk.py ] - [ /: org.freedesktop.DBus.Introspectable.Introspect ] - - - [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_config_file_path ] --$tmpdir/cas/20180327134236 -+$tmpdir/cas/date - - [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_nickname ] - SelfSign - - [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_is_default ] --0 -+dbus.Boolean(False) - - [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_type ] - INTERNAL:SELF -@@ -735,7 +734,7 @@ INTERNAL:SELF - dbus.Array([], signature=dbus.Signature('s')) - - [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.refresh ] --1 -+dbus.Boolean(True) - - /org/fedorahosted/certmonger/cas/CA2: property org.fedorahosted.certmonger.ca.scep-cipher not set: (, x) - [ /org/fedorahosted/certmonger/cas/CA3: org.freedesktop.DBus.Introspectable.Introspect ] -@@ -828,13 +827,13 @@ dbus.Array([], signature=dbus.Signature('s')) - - - [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_config_file_path ] --$tmpdir/cas/20180327134236-1 -+$tmpdir/cas/date-1 - - [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_nickname ] - IPA - - [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_is_default ] --0 -+dbus.Boolean(False) - - [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_type ] - EXTERNAL -@@ -849,7 +848,7 @@ $libexecdir/ipa-submit - dbus.Array([], signature=dbus.Signature('s')) - - [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.refresh ] --1 -+dbus.Boolean(True) - - [ /org/fedorahosted/certmonger/cas/CA4: org.freedesktop.DBus.Introspectable.Introspect ] - - - [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ] --$tmpdir/cas/20180327134236-2 -+$tmpdir/cas/date-2 - - [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ] - certmaster - - [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ] --0 -+dbus.Boolean(False) - - [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_type ] - EXTERNAL -@@ -962,7 +961,7 @@ $libexecdir/certmaster-submit - dbus.Array([], signature=dbus.Signature('s')) - - [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ] --1 -+dbus.Boolean(True) - - [ /org/fedorahosted/certmonger/cas/CA5: org.freedesktop.DBus.Introspectable.Introspect ] - - - [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ] --$tmpdir/cas/20180327134236-3 -+$tmpdir/cas/date-3 - - [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ] - dogtag-ipa-renew-agent - - [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_is_default ] --0 -+dbus.Boolean(False) - - [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_type ] - EXTERNAL -@@ -1075,5 +1074,5 @@ $libexecdir/dogtag-ipa-renew-agent-submit - dbus.Array([], signature=dbus.Signature('s')) - - [ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.refresh ] --1 -+dbus.Boolean(True) - -diff --git a/tests/028-dbus/expected.out.nodsa b/tests/028-dbus/expected.out.nodsa -index a23af40..5082ee0 100644 ---- a/tests/028-dbus/expected.out.nodsa -+++ b/tests/028-dbus/expected.out.nodsa -@@ -187,13 +187,13 @@ dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.Object - dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o')) - - [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ] --dbus.Array([dbus.String(u'RSA'), dbus.String(u'EC')], signature=dbus.Signature('s')) -+dbus.Array([dbus.String('RSA'), dbus.String('EC')], signature=dbus.Signature('s')) - - [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ] --dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s')) -+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) - - [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ] --dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s')) -+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) - - [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ] - OK -@@ -432,19 +432,19 @@ Buddy - - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ] --(dbus.String(u'CN=$UUID,CN=Local Signing Authority'), dbus.String(u'$UUID'), dbus.String(u'CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s'))) -+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s'))) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ] - recently - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ] --(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.crt')) -+(dbus.String('FILE'), dbus.String('$tmpdir/test.crt')) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ] - - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ] --(dbus.String(u'CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'id-kp-serverAuth')], signature=dbus.Signature('s'))) -+(dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s'))) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ] - -@@ -453,19 +453,19 @@ recently - - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ] --(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.key')) -+(dbus.String('FILE'), dbus.String('$tmpdir/test.key')) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ] --(dbus.String(u'RSA'), dbus.Int64(512L)) -+(dbus.String('RSA'), dbus.Int64(512)) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ] - 1 - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ] --(dbus.String(u'stdout'), dbus.String(u'daemon.notice')) -+(dbus.String('stdout'), dbus.String('daemon.notice')) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ] --(dbus.String(u'MONITORING'), dbus.Boolean(False)) -+(dbus.String('MONITORING'), dbus.Boolean(False)) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ] - /org/fedorahosted/certmonger/cas/CA1 -@@ -481,7 +481,7 @@ recently - - [ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ] - 1 on /org/fedorahosted/certmonger/requests/Request2 --After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String(u'1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1) -+After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1) - - [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ] - 1 -diff --git a/tests/028-dbus/prequal.sh b/tests/028-dbus/prequal.sh -index e645c19..4fe79c8 100755 ---- a/tests/028-dbus/prequal.sh -+++ b/tests/028-dbus/prequal.sh -@@ -9,19 +9,19 @@ if test -z "$DBUSDAEMON" ; then - echo dbus-daemon not found - exit 1 - fi --if ! python -c 'import os' 2> /dev/null ; then -+if ! python3 -c 'import os' 2> /dev/null ; then - echo python not found - exit 1 - fi --if ! python -c 'import dbus' 2> /dev/null ; then -+if ! python3 -c 'import dbus' 2> /dev/null ; then - echo python-dbus not found - exit 1 - fi --if ! python -c 'import xml' 2> /dev/null ; then -+if ! python3 -c 'import xml' 2> /dev/null ; then - echo python-xml not found - exit 1 - fi --if ! python -c 'import xml.etree.ElementTree' 2> /dev/null ; then -+if ! python3 -c 'import xml.etree.ElementTree' 2> /dev/null ; then - echo python-xml does not include etree.ElementTree - exit 1 - fi -diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh -index c468d51..a8831ca 100755 ---- a/tests/028-dbus/run.sh -+++ b/tests/028-dbus/run.sh -@@ -33,8 +33,8 @@ now=`date +%s` - for i in `seq 240` ; do - recently=$(($now-$i)) - tomorrow=$(($now-$i+24*60*60)) -- sed -i -e s/^$recently'$/recently/g' -e s/"("$recently"L)"/'(recently)'/g \ -- -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow"L)"/'(tomorrow)'/g $tmpdir/runsub.out -+ sed -i -e s/^$recently'$/recently/g' -e s/"("$recently")"/'(recently)'/g \ -+ -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow")"/'(tomorrow)'/g $tmpdir/runsub.out - done - - cat $tmpdir/runsub.out | \ -@@ -43,4 +43,5 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \ - -e "s|$libexecdir|\$libexecdir|g" \ - -e "s|$tmpdir|\$tmpdir|g" \ - -e "s|expires:.*|expires: sometime|g" \ -- -e "s|u'(00)?[0-9a-fA-F]{32}|u'"'$UUID|g' -+ -e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \ -+ -e "s|cas\/[0-9]{14}|cas\/date|g" -diff --git a/tests/028-dbus/runsub.sh b/tests/028-dbus/runsub.sh -index 3510d79..fe6766c 100755 ---- a/tests/028-dbus/runsub.sh -+++ b/tests/028-dbus/runsub.sh -@@ -22,5 +22,5 @@ echo "" - echo "[[ API ]]" - for i in ./*.py ; do - echo "[" `basename "$i"` "]" -- python $i -+ python3 $i - done -diff --git a/tests/028-dbus/simpleprop.py b/tests/028-dbus/simpleprop.py -index e4f937e..35d9591 100644 ---- a/tests/028-dbus/simpleprop.py -+++ b/tests/028-dbus/simpleprop.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python3 - import dbus - - # Get a handle for the main certmonger interface. -@@ -19,7 +19,7 @@ ca = dbus.Interface(o, 'org.freedesktop.DBus.Properties') - - # Toggle the helper a couple of times. - ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') --print ca_ext_h, "->", -+print(ca_ext_h, "-> ", end='') - - if ca_ext_h.split()[0] == ca_ext_h: - ca_ext_h += ' -k admin@localhost' -@@ -28,7 +28,7 @@ else: - ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h) - - ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') --print ca_ext_h, "->", -+print(ca_ext_h, "-> ", end='') - - if ca_ext_h.split()[0] == ca_ext_h: - ca_ext_h += ' -k admin@localhost' -@@ -37,20 +37,20 @@ else: - ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h) - - ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') --print ca_ext_h -+print(ca_ext_h) - - # Toggle the "is-default" value a couple of times. - isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') --print isdef, "->", -+print(isdef, "-> ", end='') - - ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef) - - isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') --print isdef, "->", -+print(isdef, "-> ", end='') - - ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef) - - isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') --print isdef -+print(isdef) - - cm.remove_known_ca(path) -diff --git a/tests/028-dbus/walk.py b/tests/028-dbus/walk.py -index f60ca93..683d94e 100644 ---- a/tests/028-dbus/walk.py -+++ b/tests/028-dbus/walk.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python3 - import dbus - import xml.etree.ElementTree - import os -@@ -9,217 +9,219 @@ bus = dbus.SessionBus() - - # Check that reading a property directly produces the same value as reading it via GetAll(). - def check_props(objpath, interface): -- o = bus.get_object('org.fedorahosted.certmonger', objpath) -- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -- props = i.GetAll(interface) -- for prop in props.keys(): -- value = props[prop] -- if value != i.Get(interface, prop): -- print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop))) -- return False -- return True -+ o = bus.get_object('org.fedorahosted.certmonger', objpath) -+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -+ props = i.GetAll(interface) -+ for prop in props.keys(): -+ value = props[prop] -+ if value != i.Get(interface, prop): -+ print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop))) -+ return False -+ return True - - # Try to call the method. - def examine_method(objpath, interface, method, idata): -- in_args = 0 -- out_args = 0 -- o = bus.get_object('org.fedorahosted.certmonger', objpath) -- i = dbus.Interface(o, interface) -- for child in idata.getchildren(): -- if child.tag == 'arg': -- if child.get('direction') != 'out': -- in_args = in_args + 1 -- else: -- out_args = out_args + 1 -- if in_args == 0: -- # Takes no inputs, so just call it. -- m = i.get_dbus_method(method) -- if out_args == 0: -- m() -- print("[ %s: %s.%s ]\n" % (objpath, interface, method)) -- elif out_args == 1: -- result = m() -- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) -- else: -- result = m() -- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) -- elif method == 'Get' or method == 'Set' or method == 'GetAll': -- # We check on properties elsewhere. -- return True -- # Per-method exercise. -- elif method == 'add_known_ca' or method == 'remove_known_ca': -- (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', []) -- if not result: -- print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method)) -- return False -- result = i.remove_known_ca(path) -- if not result: -- print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method)) -- return False -- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -- elif method == 'add_request' or method == 'remove_request': -- tmpdir = os.getenv('TMPDIR') -- if not tmpdir or tmpdir == '': -- tmpdir = '/tmp' -- properties = { -- 'nickname': 'foo', -- 'cert-storage': 'file', -- 'cert-file': tmpdir + "/028-certfile", -- 'key-storage': 'file', -- 'key-file': tmpdir + "/028-keyfile", -- 'template-email': ['root@localhost', 'toor@localhost'], -- } -- (result, path) = i.add_request(properties) -- if not result: -- print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method)) -- return False -- result = i.remove_request(path) -- if not result: -- print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method)) -- return False -- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -- elif method == 'find_ca_by_nickname': -- capath = i.find_ca_by_nickname('local') -- o = bus.get_object('org.fedorahosted.certmonger', capath) -- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -- if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local': -- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname'))) -- return False -- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -- elif method == 'find_request_by_nickname': -- reqpath = i.find_request_by_nickname('Buddy') -- o = bus.get_object('org.fedorahosted.certmonger', reqpath) -- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -- if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy': -- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname'))) -- return False -- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -- elif method == 'modify': -- mods = {} -- propname = "template-eku" -- propval = '1.2.3.4.5.6.7.8.9.10' -- mods[propname] = [propval,] -- status, path = i.modify(mods) -- if not status: -- print("[ %s : %s.%s ] error\n" % (objpath, interface, method)) -- return False -- print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path)) -- props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -- prop = props.Get(interface, 'template-eku') -- print("After setting %s to %s, we got %s\n" % (propname, propval, prop)) -- else: -- # We're in FIXME territory. -- print('FIXME: need support for "%s"' % method) -- return False -- # If we caused things to start churning, wait for them to settle. -+ in_args = 0 -+ out_args = 0 -+ o = bus.get_object('org.fedorahosted.certmonger', objpath) -+ i = dbus.Interface(o, interface) -+ for child in idata.getchildren(): -+ if child.tag == 'arg': -+ if child.get('direction') != 'out': -+ in_args = in_args + 1 -+ else: -+ out_args = out_args + 1 -+ if in_args == 0: -+ # Takes no inputs, so just call it. -+ m = i.get_dbus_method(method) -+ if out_args == 0: -+ m() -+ print("[ %s: %s.%s ]\n" % (objpath, interface, method)) -+ elif out_args == 1: -+ result = m() -+ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) -+ else: -+ result = m() -+ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) -+ elif method == 'Get' or method == 'Set' or method == 'GetAll': -+ # We check on properties elsewhere. -+ return True -+ # Per-method exercise. -+ elif method == 'add_known_ca' or method == 'remove_known_ca': -+ (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', []) -+ if not result: -+ print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method)) -+ return False -+ result = i.remove_known_ca(path) -+ if not result: -+ print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method)) -+ return False -+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -+ elif method == 'add_request' or method == 'remove_request': -+ tmpdir = os.getenv('TMPDIR') -+ if not tmpdir or tmpdir == '': -+ tmpdir = '/tmp' -+ properties = { -+ 'nickname': 'foo', -+ 'cert-storage': 'file', -+ 'cert-file': tmpdir + "/028-certfile", -+ 'key-storage': 'file', -+ 'key-file': tmpdir + "/028-keyfile", -+ 'template-email': ['root@localhost', 'toor@localhost'], -+ } -+ (result, path) = i.add_request(properties) -+ if not result: -+ print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method)) -+ return False -+ result = i.remove_request(path) -+ if not result: -+ print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method)) -+ return False -+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -+ elif method == 'find_ca_by_nickname': -+ capath = i.find_ca_by_nickname('local') -+ o = bus.get_object('org.fedorahosted.certmonger', capath) -+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -+ if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local': -+ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname'))) -+ return False -+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -+ elif method == 'find_request_by_nickname': -+ reqpath = i.find_request_by_nickname('Buddy') -+ if not reqpath: -+ return False -+ o = bus.get_object('org.fedorahosted.certmonger', reqpath) -+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -+ if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy': -+ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname'))) -+ return False -+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) -+ elif method == 'modify': -+ mods = {} -+ propname = "template-eku" -+ propval = '1.2.3.4.5.6.7.8.9.10' -+ mods[propname] = [propval,] -+ status, path = i.modify(mods) -+ if not status: -+ print("[ %s : %s.%s ] error\n" % (objpath, interface, method)) -+ return False -+ print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path)) -+ props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -+ prop = props.Get(interface, 'template-eku') -+ print("After setting %s to %s, we got %s\n" % (propname, propval, prop)) -+ else: -+ # We're in FIXME territory. -+ print('FIXME: need support for "%s"' % method) -+ return False -+ # If we caused things to start churning, wait for them to settle. - if method == 'resubmit': - props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') - prop = props.Get(interface, 'status') - while prop != 'MONITORING': - time.sleep(1) - prop = props.Get(interface, 'status') -- return True -+ return True - - def iget(child, proxy, interface, prop): -- value = proxy.Get(interface, prop) -- if not value: -- if child.get('type') == 'b': -- value = False -- elif child.get('type') == 'n' or child.get('type') == 'x': -- value = 0 -- elif child.get('type') == 's': -- value = '' -- elif child.get('type') == 'as': -- value = [''] -- else: -- print("%s.%s: %s" % (interface, prop, child.get('type'))) -- return False -- return value -+ value = proxy.Get(interface, prop) -+ if not value: -+ if child.get('type') == 'b': -+ value = False -+ elif child.get('type') == 'n' or child.get('type') == 'x': -+ value = 0 -+ elif child.get('type') == 's': -+ value = '' -+ elif child.get('type') == 'as': -+ value = [''] -+ else: -+ print("%s.%s: %s" % (interface, prop, child.get('type'))) -+ return False -+ return value - - def examine_interface(objpath, interface, idata): -- o = bus.get_object('org.fedorahosted.certmonger', objpath) -- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -- for child in idata.getchildren(): -- if child.tag == 'property': -- prop = child.get('name') -- if child.get('access') == 'read': -- # Check that we can read it. -- value = i.Get(interface, prop) -- elif child.get('access') == 'readwrite': -- if prop == 'external-helper' or prop == 'scep-ca-identifier': -- cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca') -- if cai.get_type() != 'EXTERNAL': -- print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop)) -- continue -- # Check that we can read it, tweak it, and then reset it. -- value = iget(child, i, interface, prop) -- i.Set(interface, prop, value) -- newvalue = None -- if child.get('type') == 'b': -- newvalue = not value -- elif child.get('type') == 'n' or child.get('type') == 'x': -- newvalue = value + 1 -- elif child.get('type') == 's': -- newvalue = 'x' + value -- elif child.get('type') == 'as': -- newvalue = ['x'] + value -- else: -- print("%s.%s: %s" % (interface, prop, child.get('type'))) -- return False -- if newvalue: -- if newvalue == value: -- print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value)) -- return False -- i.Set(interface, prop, newvalue) -- if newvalue != iget(child, i, interface, prop): -- print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue)) -- return False -- i.Set(interface, prop, value) -- if value != iget(child, i, interface, prop): -- print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value)) -- return False -- elif child.tag == 'method': -- method = child.get('name') -- if not examine_method(objpath, interface, method, child): -- return False -- elif child.tag == 'signal': -- continue -- else: -- print "FIXME: handle child tag %s" % child.tag -- return False -- return True -+ o = bus.get_object('org.fedorahosted.certmonger', objpath) -+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') -+ for child in idata.getchildren(): -+ if child.tag == 'property': -+ prop = child.get('name') -+ if child.get('access') == 'read': -+ # Check that we can read it. -+ value = i.Get(interface, prop) -+ elif child.get('access') == 'readwrite': -+ if prop == 'external-helper' or prop == 'scep-ca-identifier': -+ cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca') -+ if cai.get_type() != 'EXTERNAL': -+ print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop)) -+ continue -+ # Check that we can read it, tweak it, and then reset it. -+ value = iget(child, i, interface, prop) -+ i.Set(interface, prop, value) -+ newvalue = None -+ if child.get('type') == 'b': -+ newvalue = not value -+ elif child.get('type') == 'n' or child.get('type') == 'x': -+ newvalue = value + 1 -+ elif child.get('type') == 's': -+ newvalue = 'x' + value -+ elif child.get('type') == 'as': -+ newvalue = ['x'] + value -+ else: -+ print("%s.%s: %s" % (interface, prop, child.get('type'))) -+ return False -+ if newvalue: -+ if newvalue == value: -+ print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value)) -+ return False -+ i.Set(interface, prop, newvalue) -+ if newvalue != iget(child, i, interface, prop): -+ print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue)) -+ return False -+ i.Set(interface, prop, value) -+ if value != iget(child, i, interface, prop): -+ print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value)) -+ return False -+ elif child.tag == 'method': -+ method = child.get('name') -+ if not examine_method(objpath, interface, method, child): -+ return False -+ elif child.tag == 'signal': -+ continue -+ else: -+ print("FIXME: handle child tag %s" % child.tag) -+ return False -+ return True - - def examine_object(objpath): -- o = bus.get_object('org.fedorahosted.certmonger', objpath) -- i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable') -- idata = i.Introspect() -- x = xml.etree.ElementTree.XML(idata) -+ o = bus.get_object('org.fedorahosted.certmonger', objpath) -+ i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable') -+ idata = i.Introspect() -+ x = xml.etree.ElementTree.XML(idata) - -- # Check if the object supports properties interfaces. -- props = False -- for child in x.getchildren(): -- if child.tag == 'interface': -- if child.get('name') == 'org.freedesktop.DBus.Properties': -- props = True -+ # Check if the object supports properties interfaces. -+ props = False -+ for child in x.getchildren(): -+ if child.tag == 'interface': -+ if child.get('name') == 'org.freedesktop.DBus.Properties': -+ props = True - -- # Look at the interfaces and child nodes. -- for child in x.getchildren(): -- if child.tag == 'interface': -- if props and not check_props(objpath, child.get('name')): -- return False -- if not examine_interface(objpath, child.get('name'), child): -- return False -- elif child.tag == 'node': -- if objpath == '/': -- childpath = '/' + child.get('name') -- else: -- childpath = objpath + '/' + child.get('name') -- examine_object(childpath) -- else: -- print "FIXME: handle child tag %s" % child.tag -- return False -- return True -+ # Look at the interfaces and child nodes. -+ for child in x.getchildren(): -+ if child.tag == 'interface': -+ if props and not check_props(objpath, child.get('name')): -+ return False -+ if not examine_interface(objpath, child.get('name'), child): -+ return False -+ elif child.tag == 'node': -+ if objpath == '/': -+ childpath = '/' + child.get('name') -+ else: -+ childpath = objpath + '/' + child.get('name') -+ examine_object(childpath) -+ else: -+ print("FIXME: handle child tag %s" % child.tag) -+ return False -+ return True - - if not examine_object('/'): -- sys.exit(1) -+ sys.exit(1) - sys.exit(0) -diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py -index 1a845fd..9f9d910 100755 ---- a/tests/038-ms-v2-template/extract-extdata.py -+++ b/tests/038-ms-v2-template/extract-extdata.py -@@ -1,10 +1,11 @@ --#!/usr/bin/python2 -+#!/usr/bin/python3 - - # Given `openssl asn1parse` output of a CSR, look for the V2 Template - # extension and output its data if found. Nonzero exit status if - # not found. - - import binascii -+import os - import re - import sys - -@@ -21,7 +22,7 @@ for line in sys.stdin: - # - if state == STATE_FOUND and 'OCTET STRING' in line: - result = re.search(r'\[HEX DUMP\]:(\w*)', line) -- sys.stdout.write(binascii.unhexlify(result.group(1))) -+ os.write(1, binascii.unhexlify(result.group(1))) - state = STATE_DONE - break - --- -2.24.0.rc1 - diff --git a/0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch b/0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch deleted file mode 100644 index c73427d..0000000 --- a/0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0b1ad4df8d7eefc35061d9f82b102c6f06f31acd Mon Sep 17 00:00:00 2001 -From: Rob Crittenden -Date: Tue, 29 Oct 2019 17:15:54 -0400 -Subject: [PATCH 2/2] Disable DSA tests because it is disabled in default - crypto policy - -certutil will fail to generate DSA keys with a cryptic hash -error. ---- - tests/Makefile.am | 8 -------- - 1 file changed, 8 deletions(-) - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index fe368dc..4c2b0d3 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -416,14 +416,6 @@ subdirs += \ - 034-perms-sql - endif - --if HAVE_DSA --subdirs += \ -- 001-keyiread-dsa \ -- 002-keygen-dsa \ -- 003-csrgen-dsa \ -- 004-selfsign-dsa --endif -- - if HAVE_EC - subdirs += \ - 001-keyiread-ec \ --- -2.24.0.rc1 - diff --git a/certmonger.spec b/certmonger.spec index 59405ef..d491659 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -25,16 +25,15 @@ %endif Name: certmonger -Version: 0.79.8 -Release: 4%{?dist} +Version: 0.79.9 +Release: 1%{?dist} Summary: Certificate status monitor and PKI enrollment client License: GPLv3+ URL: http://pagure.io/certmonger/ Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz #Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig -Patch0001: 0001-Convert-tests-to-use-python3.patch -Patch0002: 0002-Disable-DSA-tests-because-it-is-disabled-in-default-.patch +Patch0001: 0001-Adjust-dbus-python-output-more-for-python-3.8.patch BuildRequires: autoconf @@ -120,7 +119,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled. %prep %setup -q %patch1 -p1 -%patch2 -p1 %if 0%{?rhel} > 0 # Enabled by default for RHEL for bug #765600, still disabled by default for @@ -248,6 +246,9 @@ exit 0 %endif %changelog +* Thu Jan 30 2020 Rob Crittenden - 0.79.9-1 +- Update to upstream 0.79.9 + * Tue Jan 28 2020 Fedora Release Engineering - 0.79.8-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index 73c22cc..4ed6c8f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (certmonger-0.79.8.tar.gz) = 5e6f9c6a0b9c4a7c68a5f894b9ff3ba20fa42aa4d490c7e5e57c97dab2e152ca6ef7aee64f17a92fce7ca971077011f8f391218098612011be2b4961203db6bc +SHA512 (certmonger-0.79.9.tar.gz) = d7a783087cdb73426d01255a1da4429c9664267e557373120057fdcbda08e0c2e994a36d525a0a634b62115f76eeab9181ef012d5f38f2fd8711ae6443a8b461