From d3fad04d9e942d858b8b348fee586f171370627f Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 10 Jan 2024 10:55:59 +0000 Subject: [PATCH 01/21] Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7 Signed-off-by: Pedro Algarvio --- changelog/65830.security.md | 3 +++ requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin-crypto.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/docs.txt | 2 +- requirements/static/ci/py3.10/freebsd-crypto.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux-crypto.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/windows-crypto.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.11/cloud.txt | 2 +- requirements/static/ci/py3.11/darwin-crypto.txt | 2 +- requirements/static/ci/py3.11/darwin.txt | 2 +- requirements/static/ci/py3.11/docs.txt | 2 +- requirements/static/ci/py3.11/freebsd-crypto.txt | 2 +- requirements/static/ci/py3.11/freebsd.txt | 2 +- requirements/static/ci/py3.11/lint.txt | 2 +- requirements/static/ci/py3.11/linux-crypto.txt | 2 +- requirements/static/ci/py3.11/linux.txt | 2 +- requirements/static/ci/py3.11/windows-crypto.txt | 2 +- requirements/static/ci/py3.11/windows.txt | 2 +- requirements/static/ci/py3.12/cloud.txt | 2 +- requirements/static/ci/py3.12/darwin-crypto.txt | 2 +- requirements/static/ci/py3.12/darwin.txt | 2 +- requirements/static/ci/py3.12/docs.txt | 2 +- requirements/static/ci/py3.12/freebsd-crypto.txt | 2 +- requirements/static/ci/py3.12/freebsd.txt | 2 +- requirements/static/ci/py3.12/lint.txt | 2 +- requirements/static/ci/py3.12/linux-crypto.txt | 2 +- requirements/static/ci/py3.12/linux.txt | 2 +- requirements/static/ci/py3.12/windows-crypto.txt | 2 +- requirements/static/ci/py3.12/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/docs.txt | 2 +- requirements/static/ci/py3.7/freebsd-crypto.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux-crypto.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows-crypto.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/docs.txt | 2 +- requirements/static/ci/py3.8/freebsd-crypto.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux-crypto.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows-crypto.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin-crypto.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/docs.txt | 2 +- requirements/static/ci/py3.9/freebsd-crypto.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux-crypto.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows-crypto.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/freebsd.txt | 2 +- requirements/static/pkg/py3.10/linux.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.11/darwin.txt | 2 +- requirements/static/pkg/py3.11/freebsd.txt | 2 +- requirements/static/pkg/py3.11/linux.txt | 2 +- requirements/static/pkg/py3.11/windows.txt | 2 +- requirements/static/pkg/py3.12/darwin.txt | 2 +- requirements/static/pkg/py3.12/freebsd.txt | 2 +- requirements/static/pkg/py3.12/linux.txt | 2 +- requirements/static/pkg/py3.12/windows.txt | 2 +- requirements/static/pkg/py3.7/freebsd.txt | 2 +- requirements/static/pkg/py3.7/linux.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/freebsd.txt | 2 +- requirements/static/pkg/py3.8/linux.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/freebsd.txt | 2 +- requirements/static/pkg/py3.9/linux.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 85 files changed, 87 insertions(+), 84 deletions(-) create mode 100644 changelog/65830.security.md diff --git a/changelog/65830.security.md b/changelog/65830.security.md new file mode 100644 index 00000000000..2fa6928bb63 --- /dev/null +++ b/changelog/65830.security.md @@ -0,0 +1,3 @@ +Update some requirements which had some security issues: + +* Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7 diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index ead86ebfed8..3821fa1e155 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -413,7 +413,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.10/darwin-crypto.txt b/requirements/static/ci/py3.10/darwin-crypto.txt index 6b855b4848e..80d29c13252 100644 --- a/requirements/static/ci/py3.10/darwin-crypto.txt +++ b/requirements/static/ci/py3.10/darwin-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 16753a6d8ec..2bb16ae0c3f 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -297,7 +297,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/darwin.txt # -r requirements/static/ci/common.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index 75bd763edc0..2601631ebd5 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -117,7 +117,7 @@ psutil==5.8.0 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.10/freebsd-crypto.txt b/requirements/static/ci/py3.10/freebsd-crypto.txt index da243ac9caf..206f5bc4860 100644 --- a/requirements/static/ci/py3.10/freebsd-crypto.txt +++ b/requirements/static/ci/py3.10/freebsd-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 652da67d804..23dad59d1fa 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -288,7 +288,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.10/freebsd.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index ab2d132518c..ff29f8aa8d3 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -414,7 +414,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.10/linux-crypto.txt b/requirements/static/ci/py3.10/linux-crypto.txt index f824107616f..703c164212b 100644 --- a/requirements/static/ci/py3.10/linux-crypto.txt +++ b/requirements/static/ci/py3.10/linux-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 11c7d86fe4a..d8fd2d106bf 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -299,7 +299,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.10/windows-crypto.txt b/requirements/static/ci/py3.10/windows-crypto.txt index 18248fac6f1..6854783a95e 100644 --- a/requirements/static/ci/py3.10/windows-crypto.txt +++ b/requirements/static/ci/py3.10/windows-crypto.txt @@ -8,5 +8,5 @@ m2crypto==0.37.1 # via -r requirements/static/ci/crypto.in parameterized==0.8.1 # via m2crypto -pycryptodome==3.10.1 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 18fb61e7cfc..0407e5d7949 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -273,7 +273,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.11/cloud.txt b/requirements/static/ci/py3.11/cloud.txt index 08cf932132e..d13909497ec 100644 --- a/requirements/static/ci/py3.11/cloud.txt +++ b/requirements/static/ci/py3.11/cloud.txt @@ -385,7 +385,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.11/linux.txt # -c requirements/static/ci/py3.11/linux.txt diff --git a/requirements/static/ci/py3.11/darwin-crypto.txt b/requirements/static/ci/py3.11/darwin-crypto.txt index c0aacf41077..7d9ccc789ff 100644 --- a/requirements/static/ci/py3.11/darwin-crypto.txt +++ b/requirements/static/ci/py3.11/darwin-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.11/darwin.txt b/requirements/static/ci/py3.11/darwin.txt index 782eb706c9a..e2429dfab2b 100644 --- a/requirements/static/ci/py3.11/darwin.txt +++ b/requirements/static/ci/py3.11/darwin.txt @@ -274,7 +274,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/darwin.txt # -r requirements/static/ci/common.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.11/darwin.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.11/docs.txt b/requirements/static/ci/py3.11/docs.txt index 1a2bac96dca..8349e865ddb 100644 --- a/requirements/static/ci/py3.11/docs.txt +++ b/requirements/static/ci/py3.11/docs.txt @@ -117,7 +117,7 @@ psutil==5.8.0 # via # -c requirements/static/ci/py3.11/linux.txt # -r requirements/base.txt -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/py3.11/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.11/freebsd-crypto.txt b/requirements/static/ci/py3.11/freebsd-crypto.txt index 33399b9ff51..1a4bd53502c 100644 --- a/requirements/static/ci/py3.11/freebsd-crypto.txt +++ b/requirements/static/ci/py3.11/freebsd-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.11/freebsd.txt b/requirements/static/ci/py3.11/freebsd.txt index c43b1ad5905..ebee8acdfb6 100644 --- a/requirements/static/ci/py3.11/freebsd.txt +++ b/requirements/static/ci/py3.11/freebsd.txt @@ -269,7 +269,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.11/freebsd.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.11/lint.txt b/requirements/static/ci/py3.11/lint.txt index 77cf1719f3b..ec234995ee7 100644 --- a/requirements/static/ci/py3.11/lint.txt +++ b/requirements/static/ci/py3.11/lint.txt @@ -389,7 +389,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.11/linux.txt # -c requirements/static/ci/py3.11/linux.txt diff --git a/requirements/static/ci/py3.11/linux-crypto.txt b/requirements/static/ci/py3.11/linux-crypto.txt index 89873b20c9e..24eef0fbe79 100644 --- a/requirements/static/ci/py3.11/linux-crypto.txt +++ b/requirements/static/ci/py3.11/linux-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.11/linux.txt b/requirements/static/ci/py3.11/linux.txt index ebc412a971c..5d68832ed5a 100644 --- a/requirements/static/ci/py3.11/linux.txt +++ b/requirements/static/ci/py3.11/linux.txt @@ -280,7 +280,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.11/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.11/windows-crypto.txt b/requirements/static/ci/py3.11/windows-crypto.txt index 25f318a71ba..ace610e9e3c 100644 --- a/requirements/static/ci/py3.11/windows-crypto.txt +++ b/requirements/static/ci/py3.11/windows-crypto.txt @@ -8,5 +8,5 @@ m2crypto==0.37.1 # via -r requirements/static/ci/crypto.in parameterized==0.8.1 # via m2crypto -pycryptodome==3.10.1 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.11/windows.txt b/requirements/static/ci/py3.11/windows.txt index 5b49ddbefe9..b8a982fdfb0 100644 --- a/requirements/static/ci/py3.11/windows.txt +++ b/requirements/static/ci/py3.11/windows.txt @@ -269,7 +269,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.11/windows.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.12/cloud.txt b/requirements/static/ci/py3.12/cloud.txt index 88e09b3c09e..6f377ff2074 100644 --- a/requirements/static/ci/py3.12/cloud.txt +++ b/requirements/static/ci/py3.12/cloud.txt @@ -385,7 +385,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.12/linux.txt # -c requirements/static/ci/py3.12/linux.txt diff --git a/requirements/static/ci/py3.12/darwin-crypto.txt b/requirements/static/ci/py3.12/darwin-crypto.txt index e67841ff8fa..2142f27c61d 100644 --- a/requirements/static/ci/py3.12/darwin-crypto.txt +++ b/requirements/static/ci/py3.12/darwin-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.12/darwin.txt b/requirements/static/ci/py3.12/darwin.txt index 73d0da16da4..98eeb15acbd 100644 --- a/requirements/static/ci/py3.12/darwin.txt +++ b/requirements/static/ci/py3.12/darwin.txt @@ -274,7 +274,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/darwin.txt # -r requirements/static/ci/common.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.12/darwin.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.12/docs.txt b/requirements/static/ci/py3.12/docs.txt index 70ddc3f6eb8..39dd98dd698 100644 --- a/requirements/static/ci/py3.12/docs.txt +++ b/requirements/static/ci/py3.12/docs.txt @@ -117,7 +117,7 @@ psutil==5.8.0 # via # -c requirements/static/ci/py3.12/linux.txt # -r requirements/base.txt -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/py3.12/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.12/freebsd-crypto.txt b/requirements/static/ci/py3.12/freebsd-crypto.txt index 7bdbdbc6cad..cc73418be35 100644 --- a/requirements/static/ci/py3.12/freebsd-crypto.txt +++ b/requirements/static/ci/py3.12/freebsd-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.12/freebsd.txt b/requirements/static/ci/py3.12/freebsd.txt index ba227a016f4..b796f79125f 100644 --- a/requirements/static/ci/py3.12/freebsd.txt +++ b/requirements/static/ci/py3.12/freebsd.txt @@ -269,7 +269,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.12/freebsd.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.12/lint.txt b/requirements/static/ci/py3.12/lint.txt index d9bc8cc01a0..824f6fb7f49 100644 --- a/requirements/static/ci/py3.12/lint.txt +++ b/requirements/static/ci/py3.12/lint.txt @@ -389,7 +389,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.12/linux.txt # -c requirements/static/ci/py3.12/linux.txt diff --git a/requirements/static/ci/py3.12/linux-crypto.txt b/requirements/static/ci/py3.12/linux-crypto.txt index be01a017e8b..075cb24cf14 100644 --- a/requirements/static/ci/py3.12/linux-crypto.txt +++ b/requirements/static/ci/py3.12/linux-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.12/linux.txt b/requirements/static/ci/py3.12/linux.txt index 71f9965b699..7737bedb3f2 100644 --- a/requirements/static/ci/py3.12/linux.txt +++ b/requirements/static/ci/py3.12/linux.txt @@ -280,7 +280,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.12/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.12/windows-crypto.txt b/requirements/static/ci/py3.12/windows-crypto.txt index ec84d96324e..ae8b3471240 100644 --- a/requirements/static/ci/py3.12/windows-crypto.txt +++ b/requirements/static/ci/py3.12/windows-crypto.txt @@ -8,5 +8,5 @@ m2crypto==0.37.1 # via -r requirements/static/ci/crypto.in parameterized==0.8.1 # via m2crypto -pycryptodome==3.10.1 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.12/windows.txt b/requirements/static/ci/py3.12/windows.txt index db8775c0c37..3f57e1b6c9b 100644 --- a/requirements/static/ci/py3.12/windows.txt +++ b/requirements/static/ci/py3.12/windows.txt @@ -269,7 +269,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index ff42754208e..6af7d2a897f 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -459,7 +459,7 @@ pycparser==2.17 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index c7ff9451ad7..96b190fabe9 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -121,7 +121,7 @@ psutil==5.8.0 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.7/freebsd-crypto.txt b/requirements/static/ci/py3.7/freebsd-crypto.txt index d844d2f9716..c9753516b13 100644 --- a/requirements/static/ci/py3.7/freebsd-crypto.txt +++ b/requirements/static/ci/py3.7/freebsd-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 83c0f8a05c5..f40002bb912 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -326,7 +326,7 @@ pycparser==2.17 # via # -c requirements/static/ci/../pkg/py3.7/freebsd.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.7/freebsd.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index ab45fb20336..3fae7ab0328 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -466,7 +466,7 @@ pycparser==2.17 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/linux-crypto.txt b/requirements/static/ci/py3.7/linux-crypto.txt index e3d058b2656..6bf0d412e02 100644 --- a/requirements/static/ci/py3.7/linux-crypto.txt +++ b/requirements/static/ci/py3.7/linux-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 7295d938e7d..58e6d4da321 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -339,7 +339,7 @@ pycparser==2.17 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.7/windows-crypto.txt b/requirements/static/ci/py3.7/windows-crypto.txt index 061b8848bbd..466f383ed04 100644 --- a/requirements/static/ci/py3.7/windows-crypto.txt +++ b/requirements/static/ci/py3.7/windows-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 2f58f7a7fc1..92681a8f8c8 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -287,7 +287,7 @@ pycparser==2.21 # -c requirements/static/ci/../pkg/py3.7/windows.txt # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 0b9ffde4b9a..d6ddfe551d3 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -446,7 +446,7 @@ pycparser==2.17 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index 9e1df27652b..616cdae5f58 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -117,7 +117,7 @@ psutil==5.8.0 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.8/freebsd-crypto.txt b/requirements/static/ci/py3.8/freebsd-crypto.txt index 4312bea1384..ce772a5d00b 100644 --- a/requirements/static/ci/py3.8/freebsd-crypto.txt +++ b/requirements/static/ci/py3.8/freebsd-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 804264dcd95..07801d5433c 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -313,7 +313,7 @@ pycparser==2.17 # via # -c requirements/static/ci/../pkg/py3.8/freebsd.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.8/freebsd.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index dc7137c9cd7..0e1e026934a 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -451,7 +451,7 @@ pycparser==2.17 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/linux-crypto.txt b/requirements/static/ci/py3.8/linux-crypto.txt index 064707bf3c2..9d91dda3caf 100644 --- a/requirements/static/ci/py3.8/linux-crypto.txt +++ b/requirements/static/ci/py3.8/linux-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index a8520267889..9f3ff234529 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -326,7 +326,7 @@ pycparser==2.17 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.8/windows-crypto.txt b/requirements/static/ci/py3.8/windows-crypto.txt index 17fbd42c3d9..6f353e6190a 100644 --- a/requirements/static/ci/py3.8/windows-crypto.txt +++ b/requirements/static/ci/py3.8/windows-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.10.1 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index a1ff9cae996..9617ebabfff 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -274,7 +274,7 @@ pycparser==2.21 # -c requirements/static/ci/../pkg/py3.8/windows.txt # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 03e3fb8a7e6..3716c597aef 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -448,7 +448,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/darwin-crypto.txt b/requirements/static/ci/py3.9/darwin-crypto.txt index 677e1c6cdf3..a4f143000dd 100644 --- a/requirements/static/ci/py3.9/darwin-crypto.txt +++ b/requirements/static/ci/py3.9/darwin-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index e0fdc9a80bc..0c5aea7209f 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -324,7 +324,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/darwin.txt # -r requirements/static/ci/common.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index b479054a4c1..8e76c5973fd 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -121,7 +121,7 @@ psutil==5.8.0 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.9/freebsd-crypto.txt b/requirements/static/ci/py3.9/freebsd-crypto.txt index 01b34b6978d..c0a7a18378f 100644 --- a/requirements/static/ci/py3.9/freebsd-crypto.txt +++ b/requirements/static/ci/py3.9/freebsd-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index bef6e3b8737..234e68a67f0 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -315,7 +315,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.9/freebsd.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index b9ade888dae..92906146244 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -449,7 +449,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/linux-crypto.txt b/requirements/static/ci/py3.9/linux-crypto.txt index 32c40b41ec8..ee8633b39fb 100644 --- a/requirements/static/ci/py3.9/linux-crypto.txt +++ b/requirements/static/ci/py3.9/linux-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.9.7 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index bbabe2b0878..eda62d948c3 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -326,7 +326,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -r requirements/crypto.txt diff --git a/requirements/static/ci/py3.9/windows-crypto.txt b/requirements/static/ci/py3.9/windows-crypto.txt index c0ef4e1ec6c..f86205bbf2e 100644 --- a/requirements/static/ci/py3.9/windows-crypto.txt +++ b/requirements/static/ci/py3.9/windows-crypto.txt @@ -6,5 +6,5 @@ # m2crypto==0.38.0 # via -r requirements/static/ci/crypto.in -pycryptodome==3.10.1 +pycryptodome==3.19.1 # via -r requirements/static/ci/crypto.in diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 264902fc081..3d91f620eeb 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -275,7 +275,7 @@ pycparser==2.21 ; python_version >= "3.9" # -r requirements/static/ci/common.in # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # -r requirements/crypto.txt diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 94d70174953..66f477a3679 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -79,7 +79,7 @@ pycparser==2.21 # via # -r requirements/darwin.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index f1ee26c72c1..999cbfc1e61 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/freebsd.in diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index bb3f6f7406c..446ac3b7fd8 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -67,7 +67,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/linux.in diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 2c614554fac..57bee54a0a2 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -84,7 +84,7 @@ pycparser==2.21 # via # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pymssql==2.2.7 # via -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.11/darwin.txt b/requirements/static/pkg/py3.11/darwin.txt index 5d168e28d84..f58c1b44ca1 100644 --- a/requirements/static/pkg/py3.11/darwin.txt +++ b/requirements/static/pkg/py3.11/darwin.txt @@ -79,7 +79,7 @@ pycparser==2.21 # via # -r requirements/darwin.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.11/freebsd.txt b/requirements/static/pkg/py3.11/freebsd.txt index f1bffd3171d..7f0c55fc20e 100644 --- a/requirements/static/pkg/py3.11/freebsd.txt +++ b/requirements/static/pkg/py3.11/freebsd.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/freebsd.in diff --git a/requirements/static/pkg/py3.11/linux.txt b/requirements/static/pkg/py3.11/linux.txt index 77dcdbad00c..0c91544bdb6 100644 --- a/requirements/static/pkg/py3.11/linux.txt +++ b/requirements/static/pkg/py3.11/linux.txt @@ -67,7 +67,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/linux.in diff --git a/requirements/static/pkg/py3.11/windows.txt b/requirements/static/pkg/py3.11/windows.txt index e1416d0caa2..3fba20fec85 100644 --- a/requirements/static/pkg/py3.11/windows.txt +++ b/requirements/static/pkg/py3.11/windows.txt @@ -84,7 +84,7 @@ pycparser==2.21 # via # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pymssql==2.2.7 # via -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.12/darwin.txt b/requirements/static/pkg/py3.12/darwin.txt index d0461e528bb..25bd463624b 100644 --- a/requirements/static/pkg/py3.12/darwin.txt +++ b/requirements/static/pkg/py3.12/darwin.txt @@ -79,7 +79,7 @@ pycparser==2.21 # via # -r requirements/darwin.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.12/freebsd.txt b/requirements/static/pkg/py3.12/freebsd.txt index 733bfb0984e..b321476ba61 100644 --- a/requirements/static/pkg/py3.12/freebsd.txt +++ b/requirements/static/pkg/py3.12/freebsd.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/freebsd.in diff --git a/requirements/static/pkg/py3.12/linux.txt b/requirements/static/pkg/py3.12/linux.txt index b10d400a8e7..eaf9356ed72 100644 --- a/requirements/static/pkg/py3.12/linux.txt +++ b/requirements/static/pkg/py3.12/linux.txt @@ -67,7 +67,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/linux.in diff --git a/requirements/static/pkg/py3.12/windows.txt b/requirements/static/pkg/py3.12/windows.txt index 50f67f958b7..0b605d4b3b2 100644 --- a/requirements/static/pkg/py3.12/windows.txt +++ b/requirements/static/pkg/py3.12/windows.txt @@ -84,7 +84,7 @@ pycparser==2.21 # via # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pymssql==2.2.7 # via -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index 57ebefb0f2e..1f37ca0cb77 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -67,7 +67,7 @@ psutil==5.8.0 # via -r requirements/base.txt pycparser==2.17 # via cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/freebsd.in diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index 2e83e1b6cb9..10aa08c23fd 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -65,7 +65,7 @@ psutil==5.8.0 # via -r requirements/base.txt pycparser==2.17 # via cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/linux.in diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 4a206c610ef..a7c722f36c7 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -84,7 +84,7 @@ pycparser==2.21 # via # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pymssql==2.2.1 # via -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index 5906646aa08..a6af263a28f 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -67,7 +67,7 @@ psutil==5.8.0 # via -r requirements/base.txt pycparser==2.17 # via cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/freebsd.in diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index e72f036b84a..e291cad63dc 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -65,7 +65,7 @@ psutil==5.8.0 # via -r requirements/base.txt pycparser==2.17 # via cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/linux.in diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index f174826068a..f7b838bca8c 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -84,7 +84,7 @@ pycparser==2.21 # via # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pymssql==2.2.1 # via -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 97affcd929c..832976429bc 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -79,7 +79,7 @@ pycparser==2.21 # via # -r requirements/darwin.txt # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 7f65b8ce4b5..57a4c492aa5 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/freebsd.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/freebsd.in diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index 0c934fd6bc6..b46dadd157c 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -67,7 +67,7 @@ pycparser==2.21 ; python_version >= "3.9" # via # -r requirements/static/pkg/linux.in # cffi -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pyopenssl==23.2.0 # via -r requirements/static/pkg/linux.in diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 9d6759d0a3f..32ec5dd7db9 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -84,7 +84,7 @@ pycparser==2.21 # via # -r requirements/windows.txt # cffi -pycryptodomex==3.10.1 +pycryptodomex==3.19.1 # via -r requirements/crypto.txt pymssql==2.2.1 # via -r requirements/windows.txt From f96791baeeee7dc018a898021e1cc9ad324fa25e Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 10 Jan 2024 11:05:12 +0000 Subject: [PATCH 02/21] Bump to `ansible==9.1.0` and `ansible-core==2.16.2` Due to https://github.com/advisories/GHSA-jpvw-p8pr-9g2x and https://github.com/advisories/GHSA-7j69-qfc3-2fq9 Signed-off-by: Pedro Algarvio --- requirements/static/ci/linux.in | 3 +-- requirements/static/ci/py3.10/lint.txt | 4 ++-- requirements/static/ci/py3.10/linux.txt | 4 ++-- requirements/static/ci/py3.11/lint.txt | 4 ++-- requirements/static/ci/py3.11/linux.txt | 4 ++-- requirements/static/ci/py3.12/lint.txt | 4 ++-- requirements/static/ci/py3.12/linux.txt | 4 ++-- requirements/static/ci/py3.7/lint.txt | 16 ---------------- requirements/static/ci/py3.7/linux.txt | 10 ---------- requirements/static/ci/py3.8/lint.txt | 16 ---------------- requirements/static/ci/py3.8/linux.txt | 10 ---------- requirements/static/ci/py3.9/lint.txt | 16 ---------------- requirements/static/ci/py3.9/linux.txt | 10 ---------- 13 files changed, 13 insertions(+), 92 deletions(-) diff --git a/requirements/static/ci/linux.in b/requirements/static/ci/linux.in index 203d66ce71f..8d247386d61 100644 --- a/requirements/static/ci/linux.in +++ b/requirements/static/ci/linux.in @@ -4,8 +4,7 @@ pyiface pygit2>=1.10.1 pymysql>=1.0.2 -ansible>=4.4.0; python_version < '3.9' -ansible>=7.0.0; python_version >= '3.9' +ansible>=9.1.0; python_version >= '3.10' twilio python-telegram-bot>=13.7 yamllint diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index ff29f8aa8d3..c44dc136009 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -12,11 +12,11 @@ aiosignal==1.2.0 # via # -c requirements/static/ci/py3.10/linux.txt # aiohttp -ansible-core==2.14.1 +ansible-core==2.16.2 # via # -c requirements/static/ci/py3.10/linux.txt # ansible -ansible==7.1.0 ; python_version >= "3.9" +ansible==9.1.0 ; python_version >= "3.10" # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/static/ci/linux.in diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index d8fd2d106bf..b4985d0482d 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -8,9 +8,9 @@ aiohttp==3.9.0 # via etcd3-py aiosignal==1.2.0 # via aiohttp -ansible-core==2.14.1 +ansible-core==2.16.2 # via ansible -ansible==7.1.0 ; python_version >= "3.9" +ansible==9.1.0 ; python_version >= "3.10" # via -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.11/lint.txt b/requirements/static/ci/py3.11/lint.txt index ec234995ee7..890663e2df7 100644 --- a/requirements/static/ci/py3.11/lint.txt +++ b/requirements/static/ci/py3.11/lint.txt @@ -12,11 +12,11 @@ aiosignal==1.2.0 # via # -c requirements/static/ci/py3.11/linux.txt # aiohttp -ansible-core==2.14.1 +ansible-core==2.16.2 # via # -c requirements/static/ci/py3.11/linux.txt # ansible -ansible==7.1.0 ; python_version >= "3.9" +ansible==9.1.0 ; python_version >= "3.10" # via # -c requirements/static/ci/py3.11/linux.txt # -r requirements/static/ci/linux.in diff --git a/requirements/static/ci/py3.11/linux.txt b/requirements/static/ci/py3.11/linux.txt index 5d68832ed5a..06a5018dc1d 100644 --- a/requirements/static/ci/py3.11/linux.txt +++ b/requirements/static/ci/py3.11/linux.txt @@ -8,9 +8,9 @@ aiohttp==3.9.0 # via etcd3-py aiosignal==1.2.0 # via aiohttp -ansible-core==2.14.1 +ansible-core==2.16.2 # via ansible -ansible==7.1.0 ; python_version >= "3.9" +ansible==9.1.0 ; python_version >= "3.10" # via -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.12/lint.txt b/requirements/static/ci/py3.12/lint.txt index 824f6fb7f49..dedd31aa1fa 100644 --- a/requirements/static/ci/py3.12/lint.txt +++ b/requirements/static/ci/py3.12/lint.txt @@ -12,11 +12,11 @@ aiosignal==1.2.0 # via # -c requirements/static/ci/py3.12/linux.txt # aiohttp -ansible-core==2.14.1 +ansible-core==2.16.2 # via # -c requirements/static/ci/py3.12/linux.txt # ansible -ansible==7.1.0 ; python_version >= "3.9" +ansible==9.1.0 ; python_version >= "3.10" # via # -c requirements/static/ci/py3.12/linux.txt # -r requirements/static/ci/linux.in diff --git a/requirements/static/ci/py3.12/linux.txt b/requirements/static/ci/py3.12/linux.txt index 7737bedb3f2..8910d3fba6a 100644 --- a/requirements/static/ci/py3.12/linux.txt +++ b/requirements/static/ci/py3.12/linux.txt @@ -8,9 +8,9 @@ aiohttp==3.9.0 # via etcd3-py aiosignal==1.2.0 # via aiohttp -ansible-core==2.14.1 +ansible-core==2.16.2 # via ansible -ansible==7.1.0 ; python_version >= "3.9" +ansible==9.1.0 ; python_version >= "3.10" # via -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index 3fae7ab0328..1c14eea31ad 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -12,14 +12,6 @@ aiosignal==1.2.0 # via # -c requirements/static/ci/py3.7/linux.txt # aiohttp -ansible-core==2.11.7 - # via - # -c requirements/static/ci/py3.7/linux.txt - # ansible -ansible==4.4.0 ; python_version < "3.9" - # via - # -c requirements/static/ci/py3.7/linux.txt - # -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via # -c requirements/static/ci/py3.7/linux.txt @@ -161,7 +153,6 @@ cryptography==41.0.7 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # -r requirements/static/pkg/linux.in - # ansible-core # etcd3-py # moto # paramiko @@ -284,7 +275,6 @@ jinja2==3.1.2 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt - # ansible-core # junos-eznc # moto # napalm @@ -412,7 +402,6 @@ packaging==22.0 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt - # ansible-core # docker paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -568,7 +557,6 @@ pyyaml==6.0.1 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt - # ansible-core # clustershell # junos-eznc # kubernetes @@ -605,10 +593,6 @@ requests==2.31.0 # responses # twilio # vcert -resolvelib==0.5.4 - # via - # -c requirements/static/ci/py3.7/linux.txt - # ansible-core responses==0.10.6 # via # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 58e6d4da321..f9bc8821e94 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -8,10 +8,6 @@ aiohttp==3.8.6 # via etcd3-py aiosignal==1.2.0 # via aiohttp -ansible-core==2.11.7 - # via ansible -ansible==4.4.0 ; python_version < "3.9" - # via -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in apscheduler==3.6.3 @@ -111,7 +107,6 @@ cryptography==41.0.7 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -r requirements/static/pkg/linux.in - # ansible-core # etcd3-py # moto # paramiko @@ -207,7 +202,6 @@ jinja2==3.1.2 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -r requirements/base.txt - # ansible-core # junos-eznc # moto # napalm @@ -295,7 +289,6 @@ packaging==22.0 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -r requirements/base.txt - # ansible-core # docker # pytest paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin" @@ -442,7 +435,6 @@ pyyaml==6.0.1 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -r requirements/base.txt - # ansible-core # clustershell # junos-eznc # kubernetes @@ -475,8 +467,6 @@ requests==2.31.0 # responses # twilio # vcert -resolvelib==0.5.4 - # via ansible-core responses==0.10.6 # via moto rfc3987==1.3.8 diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 0e1e026934a..1c40e9c1cc6 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -12,14 +12,6 @@ aiosignal==1.2.0 # via # -c requirements/static/ci/py3.8/linux.txt # aiohttp -ansible-core==2.11.7 - # via - # -c requirements/static/ci/py3.8/linux.txt - # ansible -ansible==4.4.0 ; python_version < "3.9" - # via - # -c requirements/static/ci/py3.8/linux.txt - # -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via # -c requirements/static/ci/py3.8/linux.txt @@ -152,7 +144,6 @@ cryptography==41.0.7 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # -r requirements/static/pkg/linux.in - # ansible-core # etcd3-py # moto # paramiko @@ -269,7 +260,6 @@ jinja2==3.1.2 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt - # ansible-core # junos-eznc # moto # napalm @@ -397,7 +387,6 @@ packaging==22.0 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt - # ansible-core # docker paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -553,7 +542,6 @@ pyyaml==6.0.1 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt - # ansible-core # clustershell # junos-eznc # kubernetes @@ -590,10 +578,6 @@ requests==2.31.0 # responses # twilio # vcert -resolvelib==0.5.4 - # via - # -c requirements/static/ci/py3.8/linux.txt - # ansible-core responses==0.10.6 # via # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 9f3ff234529..395244d4a29 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -8,10 +8,6 @@ aiohttp==3.9.0 # via etcd3-py aiosignal==1.2.0 # via aiohttp -ansible-core==2.11.7 - # via ansible -ansible==4.4.0 ; python_version < "3.9" - # via -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in apscheduler==3.6.3 @@ -106,7 +102,6 @@ cryptography==41.0.7 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -r requirements/static/pkg/linux.in - # ansible-core # etcd3-py # moto # paramiko @@ -194,7 +189,6 @@ jinja2==3.1.2 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -r requirements/base.txt - # ansible-core # junos-eznc # moto # napalm @@ -282,7 +276,6 @@ packaging==22.0 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -r requirements/base.txt - # ansible-core # docker # pytest paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin" @@ -429,7 +422,6 @@ pyyaml==6.0.1 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -r requirements/base.txt - # ansible-core # clustershell # junos-eznc # kubernetes @@ -462,8 +454,6 @@ requests==2.31.0 # responses # twilio # vcert -resolvelib==0.5.4 - # via ansible-core responses==0.10.6 # via moto rfc3987==1.3.8 diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 92906146244..8fd0515e74b 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -12,14 +12,6 @@ aiosignal==1.2.0 # via # -c requirements/static/ci/py3.9/linux.txt # aiohttp -ansible-core==2.14.1 - # via - # -c requirements/static/ci/py3.9/linux.txt - # ansible -ansible==7.1.0 ; python_version >= "3.9" - # via - # -c requirements/static/ci/py3.9/linux.txt - # -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via # -c requirements/static/ci/py3.9/linux.txt @@ -148,7 +140,6 @@ cryptography==41.0.7 # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt # -r requirements/static/pkg/linux.in - # ansible-core # etcd3-py # moto # paramiko @@ -265,7 +256,6 @@ jinja2==3.1.2 # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt - # ansible-core # junos-eznc # moto # napalm @@ -393,7 +383,6 @@ packaging==22.0 # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt - # ansible-core # docker paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -551,7 +540,6 @@ pyyaml==6.0.1 # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt - # ansible-core # clustershell # junos-eznc # kubernetes @@ -588,10 +576,6 @@ requests==2.31.0 # responses # twilio # vcert -resolvelib==0.5.4 - # via - # -c requirements/static/ci/py3.9/linux.txt - # ansible-core responses==0.10.6 # via # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index eda62d948c3..dfe479f7cf4 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -8,10 +8,6 @@ aiohttp==3.9.0 # via etcd3-py aiosignal==1.2.0 # via aiohttp -ansible-core==2.14.1 - # via ansible -ansible==7.1.0 ; python_version >= "3.9" - # via -r requirements/static/ci/linux.in apache-libcloud==2.5.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in apscheduler==3.6.3 @@ -104,7 +100,6 @@ cryptography==41.0.7 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -r requirements/static/pkg/linux.in - # ansible-core # etcd3-py # moto # paramiko @@ -192,7 +187,6 @@ jinja2==3.1.2 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -r requirements/base.txt - # ansible-core # junos-eznc # moto # napalm @@ -280,7 +274,6 @@ packaging==22.0 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -r requirements/base.txt - # ansible-core # docker # pytest paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin" @@ -429,7 +422,6 @@ pyyaml==6.0.1 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -r requirements/base.txt - # ansible-core # clustershell # junos-eznc # kubernetes @@ -462,8 +454,6 @@ requests==2.31.0 # responses # twilio # vcert -resolvelib==0.5.4 - # via ansible-core responses==0.10.6 # via moto rfc3987==1.3.8 From dbbe0c3e5ba198b0420aa936ab436cb088dc21a8 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 10 Jan 2024 11:10:34 +0000 Subject: [PATCH 03/21] Update `pip` constraints to `>= 23.3,< 24.0` due to https://github.com/advisories/GHSA-mq26-g339-26xf Signed-off-by: Pedro Algarvio --- requirements/constraints.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 4406e011a33..d38a53d3101 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -1,3 +1,3 @@ setuptools >= 65.6.3,< 69.0 setuptools-scm < 8.0.0 -pip >= 22.3.1,< 23.0 +pip >= 23.3,< 24.0 From 6fb35bf88f9d6ac6f731e0b29e1d0ab8a8f4860a Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Thu, 11 Jan 2024 13:37:12 +0000 Subject: [PATCH 04/21] Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx Signed-off-by: Pedro Algarvio --- changelog/65830.security.md | 1 + requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.11/cloud.txt | 2 +- requirements/static/ci/py3.11/darwin.txt | 2 +- requirements/static/ci/py3.11/freebsd.txt | 2 +- requirements/static/ci/py3.11/lint.txt | 2 +- requirements/static/ci/py3.11/linux.txt | 2 +- requirements/static/ci/py3.11/windows.txt | 2 +- requirements/static/ci/py3.12/cloud.txt | 2 +- requirements/static/ci/py3.12/darwin.txt | 2 +- requirements/static/ci/py3.12/freebsd.txt | 2 +- requirements/static/ci/py3.12/lint.txt | 2 +- requirements/static/ci/py3.12/linux.txt | 2 +- requirements/static/ci/py3.12/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.11/darwin.txt | 2 +- requirements/static/pkg/py3.11/windows.txt | 2 +- requirements/static/pkg/py3.12/darwin.txt | 2 +- requirements/static/pkg/py3.12/windows.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 45 files changed, 45 insertions(+), 44 deletions(-) diff --git a/changelog/65830.security.md b/changelog/65830.security.md index 2fa6928bb63..b6a01212508 100644 --- a/changelog/65830.security.md +++ b/changelog/65830.security.md @@ -1,3 +1,4 @@ Update some requirements which had some security issues: * Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7 +* Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 3821fa1e155..1097c1be986 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -188,7 +188,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.10/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 2bb16ae0c3f..526b9f375ef 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -131,7 +131,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # -r requirements/darwin.txt diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 23dad59d1fa..5c5d558092c 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -127,7 +127,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index c44dc136009..2067433227e 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -188,7 +188,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.10/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index b4985d0482d..acb2da5b67a 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -136,7 +136,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 0407e5d7949..00c0411026a 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -124,7 +124,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.11/cloud.txt b/requirements/static/ci/py3.11/cloud.txt index d13909497ec..3f4b563e1d5 100644 --- a/requirements/static/ci/py3.11/cloud.txt +++ b/requirements/static/ci/py3.11/cloud.txt @@ -180,7 +180,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.11/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.11/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.11/darwin.txt b/requirements/static/ci/py3.11/darwin.txt index e2429dfab2b..0cd6132a32a 100644 --- a/requirements/static/ci/py3.11/darwin.txt +++ b/requirements/static/ci/py3.11/darwin.txt @@ -124,7 +124,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.11/darwin.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.11/darwin.txt # -r requirements/darwin.txt diff --git a/requirements/static/ci/py3.11/freebsd.txt b/requirements/static/ci/py3.11/freebsd.txt index ebee8acdfb6..a34339dfa2b 100644 --- a/requirements/static/ci/py3.11/freebsd.txt +++ b/requirements/static/ci/py3.11/freebsd.txt @@ -123,7 +123,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.11/lint.txt b/requirements/static/ci/py3.11/lint.txt index 890663e2df7..65558916675 100644 --- a/requirements/static/ci/py3.11/lint.txt +++ b/requirements/static/ci/py3.11/lint.txt @@ -184,7 +184,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.11/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.11/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.11/linux.txt b/requirements/static/ci/py3.11/linux.txt index 06a5018dc1d..46da6ec6da3 100644 --- a/requirements/static/ci/py3.11/linux.txt +++ b/requirements/static/ci/py3.11/linux.txt @@ -132,7 +132,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.11/windows.txt b/requirements/static/ci/py3.11/windows.txt index b8a982fdfb0..84710d57dcc 100644 --- a/requirements/static/ci/py3.11/windows.txt +++ b/requirements/static/ci/py3.11/windows.txt @@ -120,7 +120,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.11/windows.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.11/windows.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.12/cloud.txt b/requirements/static/ci/py3.12/cloud.txt index 6f377ff2074..ded322601e5 100644 --- a/requirements/static/ci/py3.12/cloud.txt +++ b/requirements/static/ci/py3.12/cloud.txt @@ -180,7 +180,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.12/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.12/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.12/darwin.txt b/requirements/static/ci/py3.12/darwin.txt index 98eeb15acbd..0c9e45cca02 100644 --- a/requirements/static/ci/py3.12/darwin.txt +++ b/requirements/static/ci/py3.12/darwin.txt @@ -124,7 +124,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.12/darwin.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.12/darwin.txt # -r requirements/darwin.txt diff --git a/requirements/static/ci/py3.12/freebsd.txt b/requirements/static/ci/py3.12/freebsd.txt index b796f79125f..b3b4f84d741 100644 --- a/requirements/static/ci/py3.12/freebsd.txt +++ b/requirements/static/ci/py3.12/freebsd.txt @@ -123,7 +123,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.12/lint.txt b/requirements/static/ci/py3.12/lint.txt index dedd31aa1fa..ead6fb256eb 100644 --- a/requirements/static/ci/py3.12/lint.txt +++ b/requirements/static/ci/py3.12/lint.txt @@ -184,7 +184,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.12/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.12/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.12/linux.txt b/requirements/static/ci/py3.12/linux.txt index 8910d3fba6a..809270bc2e7 100644 --- a/requirements/static/ci/py3.12/linux.txt +++ b/requirements/static/ci/py3.12/linux.txt @@ -132,7 +132,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.12/windows.txt b/requirements/static/ci/py3.12/windows.txt index 3f57e1b6c9b..e27b726e107 100644 --- a/requirements/static/ci/py3.12/windows.txt +++ b/requirements/static/ci/py3.12/windows.txt @@ -120,7 +120,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.12/windows.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 6af7d2a897f..d55696d18d6 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -208,7 +208,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.7/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index f40002bb912..561e58952d9 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -142,7 +142,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index 1c14eea31ad..23ad6c50cba 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -207,7 +207,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.7/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index f9bc8821e94..80b6038b70b 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -148,7 +148,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 92681a8f8c8..f73dd727c93 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -131,7 +131,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index d6ddfe551d3..62d7db38844 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -203,7 +203,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.8/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 07801d5433c..d46c6593a3d 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -137,7 +137,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 1c40e9c1cc6..32e7267d06e 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -198,7 +198,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.8/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 395244d4a29..bffa8eb96ea 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -143,7 +143,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 9617ebabfff..07cd7e4b937 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -126,7 +126,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 3716c597aef..20196ca8f87 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -203,7 +203,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.9/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 0c5aea7209f..f3b3472ab59 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -141,7 +141,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # -r requirements/darwin.txt diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 234e68a67f0..7a850ed53c7 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -137,7 +137,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 8fd0515e74b..0e7ee9f0546 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -194,7 +194,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/py3.9/linux.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index dfe479f7cf4..975af3dc828 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -141,7 +141,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 3d91f620eeb..b001c15a6e9 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -126,7 +126,7 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 66f477a3679..dd640bb81f8 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/darwin.txt idna==3.2 # via diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 57bee54a0a2..1c1fc3b0213 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/windows.txt idna==3.2 # via requests diff --git a/requirements/static/pkg/py3.11/darwin.txt b/requirements/static/pkg/py3.11/darwin.txt index f58c1b44ca1..3ae9fd7999d 100644 --- a/requirements/static/pkg/py3.11/darwin.txt +++ b/requirements/static/pkg/py3.11/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/darwin.txt idna==3.2 # via diff --git a/requirements/static/pkg/py3.11/windows.txt b/requirements/static/pkg/py3.11/windows.txt index 3fba20fec85..b5cd26dce0c 100644 --- a/requirements/static/pkg/py3.11/windows.txt +++ b/requirements/static/pkg/py3.11/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/windows.txt idna==3.2 # via requests diff --git a/requirements/static/pkg/py3.12/darwin.txt b/requirements/static/pkg/py3.12/darwin.txt index 25bd463624b..7bbf467c7ef 100644 --- a/requirements/static/pkg/py3.12/darwin.txt +++ b/requirements/static/pkg/py3.12/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/darwin.txt idna==3.2 # via diff --git a/requirements/static/pkg/py3.12/windows.txt b/requirements/static/pkg/py3.12/windows.txt index 0b605d4b3b2..61b24ec3303 100644 --- a/requirements/static/pkg/py3.12/windows.txt +++ b/requirements/static/pkg/py3.12/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/windows.txt idna==3.2 # via requests diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index a7c722f36c7..e202d18f9e9 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/windows.txt idna==3.2 # via requests diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index f7b838bca8c..5ad09a3ade0 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/windows.txt idna==3.2 # via requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 832976429bc..19ad95b667f 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/darwin.txt idna==3.2 # via diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 32ec5dd7db9..7f4c7f13bd2 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.37 +gitpython==3.1.41 # via -r requirements/windows.txt idna==3.2 # via requests From dffdcd644b90d0c78431b0049ef6ed259d589642 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Fri, 12 Jan 2024 18:34:54 +0000 Subject: [PATCH 05/21] Fix CI nox artifacts download Signed-off-by: Pedro Algarvio --- tools/testsuite/__init__.py | 9 +++++++-- tools/testsuite/download.py | 28 ++++++++++++++++++---------- tools/utils/gh.py | 17 +++++++++++++---- 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/tools/testsuite/__init__.py b/tools/testsuite/__init__.py index d09d29be979..08abf12ddcd 100644 --- a/tools/testsuite/__init__.py +++ b/tools/testsuite/__init__.py @@ -48,7 +48,7 @@ ts = command_group(name="ts", help="Test Suite Related Commands", description=__ }, "platform": { "help": "The onedir platform artifact to download", - "choices": ("linux", "darwin", "windows"), + "choices": ("linux", "macos", "windows"), "required": True, }, "arch": { @@ -146,7 +146,12 @@ def setup_testsuite( if exitcode and exitcode != ExitCode.SOFT_FAIL: ctx.exit(exitcode) exitcode = tools.utils.gh.download_nox_artifact( - ctx, run_id=run_id, slug=slug, nox_env="ci-test-onedir", repository=repository + ctx, + run_id=run_id, + platform=platform, + arch=arch, + nox_env="ci-test-onedir", + repository=repository, ) if exitcode and exitcode != ExitCode.SOFT_FAIL: ctx.exit(exitcode) diff --git a/tools/testsuite/download.py b/tools/testsuite/download.py index edd7652125b..e9800e0a775 100644 --- a/tools/testsuite/download.py +++ b/tools/testsuite/download.py @@ -77,10 +77,15 @@ def download_onedir_artifact( "help": "The workflow run ID from where to download artifacts from", "required": True, }, - "slug": { - "help": "The OS slug", + "platform": { + "help": "The onedir platform artifact to download", + "choices": ("linux", "macos", "windows"), + "required": True, + }, + "arch": { + "help": "The onedir artifact architecture", + "choices": ("x86_64", "aarch64", "amd64", "x86"), "required": True, - "choices": OS_SLUGS, }, "nox_env": { "help": "The nox environment name.", @@ -93,7 +98,8 @@ def download_onedir_artifact( def download_nox_artifact( ctx: Context, run_id: int = None, - slug: str = None, + platform: str = None, + arch: str = None, nox_env: str = "ci-test-onedir", repository: str = "saltstack/salt", ): @@ -102,14 +108,16 @@ def download_nox_artifact( """ if TYPE_CHECKING: assert run_id is not None - assert slug is not None - - if slug.endswith("arm64"): - slug = slug.replace("-arm64", "") - nox_env += "-aarch64" + assert arch is not None + assert platform is not None exitcode = tools.utils.gh.download_nox_artifact( - ctx=ctx, run_id=run_id, slug=slug, nox_env=nox_env, repository=repository + ctx=ctx, + run_id=run_id, + platform=platform, + arch=arch, + nox_env=nox_env, + repository=repository, ) ctx.exit(exitcode) diff --git a/tools/utils/gh.py b/tools/utils/gh.py index 513e2cf2110..c40ff26ee0d 100644 --- a/tools/utils/gh.py +++ b/tools/utils/gh.py @@ -105,8 +105,9 @@ def download_onedir_artifact( def download_nox_artifact( ctx: Context, + platform: str, + arch: str, run_id: int = None, - slug: str = None, nox_env: str = "ci-test-onedir", repository: str = "saltstack/salt", ) -> ExitCode: @@ -115,7 +116,8 @@ def download_nox_artifact( """ if TYPE_CHECKING: assert run_id is not None - assert slug is not None + assert arch is not None + assert platform is not None artifacts_path = tools.utils.REPO_ROOT / ".nox" / nox_env if artifacts_path.exists(): @@ -123,7 +125,7 @@ def download_nox_artifact( f"The '.nox/{nox_env}' directory already exists ... Stopped processing." ) return ExitCode.SOFT_FAIL - artifact_name = f"nox-{slug}-{nox_env}" + artifact_name = f"nox-{platform}-{arch}-{nox_env}" ctx.info( f"Searching for artifact {artifact_name} from run_id {run_id} in repository {repository} ..." ) @@ -139,7 +141,14 @@ def download_nox_artifact( ctx.error("Could not find the 'nox' binary in $PATH") return ExitCode.FAIL ret = ctx.run( - nox, "--force-color", "-e", "decompress-dependencies", "--", slug, check=False + nox, + "--force-color", + "-e", + "decompress-dependencies", + "--", + platform, + arch, + check=False, ) if ret.returncode: ctx.error("Failed to decompress the nox dependencies") From cc263cc440214cf64581cf3f85f3c5a586c5efc8 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Fri, 12 Jan 2024 20:38:06 +0000 Subject: [PATCH 06/21] Migrate some crypt tests to pytest Signed-off-by: Pedro Algarvio --- tests/pytests/unit/crypt/__init__.py | 58 ++++++ tests/pytests/unit/{ => crypt}/test_crypt.py | 0 .../unit/crypt/test_crypt_cryptodome.py | 108 +++++++++++ .../pytests/unit/crypt/test_crypt_m2crypto.py | 98 ++++++++++ tests/unit/test_crypt.py | 182 +----------------- 5 files changed, 266 insertions(+), 180 deletions(-) create mode 100644 tests/pytests/unit/crypt/__init__.py rename tests/pytests/unit/{ => crypt}/test_crypt.py (100%) create mode 100644 tests/pytests/unit/crypt/test_crypt_cryptodome.py create mode 100644 tests/pytests/unit/crypt/test_crypt_m2crypto.py diff --git a/tests/pytests/unit/crypt/__init__.py b/tests/pytests/unit/crypt/__init__.py new file mode 100644 index 00000000000..d8427ce59ac --- /dev/null +++ b/tests/pytests/unit/crypt/__init__.py @@ -0,0 +1,58 @@ +PRIVKEY_DATA = ( + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpAIBAAKCAQEA75GR6ZTv5JOv90Vq8tKhKC7YQnhDIo2hM0HVziTEk5R4UQBW\n" + "a0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD4ZMsYqLzqjWMekLC8bjhxc+EuPo9\n" + "Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R4hOcMMZNZdi0xLtFoTfwU61UPfFX\n" + "14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttLP3sMXJvc3EvM0JiDVj4l1TWFUHHz\n" + "eFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k6ai4tVzwkTmV5PsriP1ju88Lo3MB\n" + "4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWHAQIDAQABAoIBAGOzBzBYZUWRGOgl\n" + "IY8QjTT12dY/ymC05GM6gMobjxuD7FZ5d32HDLu/QrknfS3kKlFPUQGDAbQhbbb0\n" + "zw6VL5NO9mfOPO2W/3FaG1sRgBQcerWonoSSSn8OJwVBHMFLG3a+U1Zh1UvPoiPK\n" + "S734swIM+zFpNYivGPvOm/muF/waFf8tF/47t1cwt/JGXYQnkG/P7z0vp47Irpsb\n" + "Yjw7vPe4BnbY6SppSxscW3KoV7GtJLFKIxAXbxsuJMF/rYe3O3w2VKJ1Sug1VDJl\n" + "/GytwAkSUer84WwP2b07Wn4c5pCnmLslMgXCLkENgi1NnJMhYVOnckxGDZk54hqP\n" + "9RbLnkkCgYEA/yKuWEvgdzYRYkqpzB0l9ka7Y00CV4Dha9Of6GjQi9i4VCJ/UFVr\n" + "UlhTo5y0ZzpcDAPcoZf5CFZsD90a/BpQ3YTtdln2MMCL/Kr3QFmetkmDrt+3wYnX\n" + "sKESfsa2nZdOATRpl1antpwyD4RzsAeOPwBiACj4fkq5iZJBSI0bxrMCgYEA8GFi\n" + "qAjgKh81/Uai6KWTOW2kX02LEMVRrnZLQ9VPPLGid4KZDDk1/dEfxjjkcyOxX1Ux\n" + "Klu4W8ZEdZyzPcJrfk7PdopfGOfrhWzkREK9C40H7ou/1jUecq/STPfSOmxh3Y+D\n" + "ifMNO6z4sQAHx8VaHaxVsJ7SGR/spr0pkZL+NXsCgYEA84rIgBKWB1W+TGRXJzdf\n" + "yHIGaCjXpm2pQMN3LmP3RrcuZWm0vBt94dHcrR5l+u/zc6iwEDTAjJvqdU4rdyEr\n" + "tfkwr7v6TNlQB3WvpWanIPyVzfVSNFX/ZWSsAgZvxYjr9ixw6vzWBXOeOb/Gqu7b\n" + "cvpLkjmJ0wxDhbXtyXKhZA8CgYBZyvcQb+hUs732M4mtQBSD0kohc5TsGdlOQ1AQ\n" + "McFcmbpnzDghkclyW8jzwdLMk9uxEeDAwuxWE/UEvhlSi6qdzxC+Zifp5NBc0fVe\n" + "7lMx2mfJGxj5CnSqQLVdHQHB4zSXkAGB6XHbBd0MOUeuvzDPfs2voVQ4IG3FR0oc\n" + "3/znuwKBgQChZGH3McQcxmLA28aUwOVbWssfXKdDCsiJO+PEXXlL0maO3SbnFn+Q\n" + "Tyf8oHI5cdP7AbwDSx9bUfRPjg9dKKmATBFr2bn216pjGxK0OjYOCntFTVr0psRB\n" + "CrKg52Qrq71/2l4V2NLQZU40Dr1bN9V+Ftd9L0pvpCAEAWpIbLXGDw==\n" + "-----END RSA PRIVATE KEY-----" +) + +PUBKEY_DATA = ( + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75GR6ZTv5JOv90Vq8tKh\n" + "KC7YQnhDIo2hM0HVziTEk5R4UQBWa0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD\n" + "4ZMsYqLzqjWMekLC8bjhxc+EuPo9Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R\n" + "4hOcMMZNZdi0xLtFoTfwU61UPfFX14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttL\n" + "P3sMXJvc3EvM0JiDVj4l1TWFUHHzeFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k\n" + "6ai4tVzwkTmV5PsriP1ju88Lo3MB4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWH\n" + "AQIDAQAB\n" + "-----END PUBLIC KEY-----" +) + +MSG = b"It's me, Mario" + +SIG = ( + b"\x07\xf3\xb1\xe7\xdb\x06\xf4_\xe2\xdc\xcb!F\xfb\xbex{W\x1d\xe4E" + b"\xd3\r\xc5\x90\xca(\x05\x1d\x99\x8b\x1aug\x9f\x95>\x94\x7f\xe3+" + b"\x12\xfa\x9c\xd4\xb8\x02]\x0e\xa5\xa3LL\xc3\xa2\x8f+\x83Z\x1b\x17" + b'\xbfT\xd3\xc7\xfd\x0b\xf4\xd7J\xfe^\x86q"I\xa3x\xbc\xd3$\xe9M<\xe1' + b"\x07\xad\xf2_\x9f\xfa\xf7g(~\xd8\xf5\xe7\xda-\xa3Ko\xfc.\x99\xcf" + b"\x9b\xb9\xc1U\x97\x82'\xcb\xc6\x08\xaa\xa0\xe4\xd0\xc1+\xfc\x86" + b'\r\xe4y\xb1#\xd3\x1dS\x96D28\xc4\xd5\r\xd4\x98\x1a44"\xd7\xc2\xb4' + b"]\xa7\x0f\xa7Db\x85G\x8c\xd6\x94!\x8af1O\xf6g\xd7\x03\xfd\xb3\xbc" + b"\xce\x9f\xe7\x015\xb8\x1d]AHK\xa0\x14m\xda=O\xa7\xde\xf2\xff\x9b" + b"\x8e\x83\xc8j\x11\x1a\x98\x85\xde\xc5\x91\x07\x84!\x12^4\xcb\xa8" + b"\x98\x8a\x8a&#\xb9(#?\x80\x15\x9eW\xb5\x12\xd1\x95S\xf2\xc3A\xed\x86x~\xcfU\xd5Q\xfe~\x10\xd2\x9b" +) diff --git a/tests/pytests/unit/test_crypt.py b/tests/pytests/unit/crypt/test_crypt.py similarity index 100% rename from tests/pytests/unit/test_crypt.py rename to tests/pytests/unit/crypt/test_crypt.py diff --git a/tests/pytests/unit/crypt/test_crypt_cryptodome.py b/tests/pytests/unit/crypt/test_crypt_cryptodome.py new file mode 100644 index 00000000000..357b302e3c6 --- /dev/null +++ b/tests/pytests/unit/crypt/test_crypt_cryptodome.py @@ -0,0 +1,108 @@ +import os + +import pytest + +import salt.crypt +from tests.support.mock import MagicMock, MockCall, mock_open, patch + +from . import MSG, PRIVKEY_DATA, PUBKEY_DATA, SIG + +try: + import M2Crypto # pylint: disable=unused-import + + HAS_M2 = True +except ImportError: + HAS_M2 = False +try: + from Cryptodome.PublicKey import RSA + + HAS_PYCRYPTO_RSA = True +except ImportError: + HAS_PYCRYPTO_RSA = False +if not HAS_PYCRYPTO_RSA: + try: + from Crypto.PublicKey import RSA # nosec + + HAS_PYCRYPTO_RSA = True + except ImportError: + HAS_PYCRYPTO_RSA = False + +pytestmark = [ + pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available"), + pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed"), +] + + +@pytest.mark.slow_test +def test_gen_keys(): + open_priv_wb = MockCall("/keydir{}keyname.pem".format(os.sep), "wb+") + open_pub_wb = MockCall("/keydir{}keyname.pub".format(os.sep), "wb+") + + with patch.multiple( + os, + umask=MagicMock(), + chmod=MagicMock(), + access=MagicMock(return_value=True), + ): + with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( + "os.path.isfile", return_value=True + ): + result = salt.crypt.gen_keys("/keydir", "keyname", 2048) + assert result == "/keydir{}keyname.pem".format(os.sep), result + assert open_priv_wb not in m_open.calls + assert open_pub_wb not in m_open.calls + + with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( + "os.path.isfile", return_value=False + ): + salt.crypt.gen_keys("/keydir", "keyname", 2048) + assert open_priv_wb in m_open.calls + assert open_pub_wb in m_open.calls + + +@patch("os.umask", MagicMock()) +@patch("os.chmod", MagicMock()) +@patch("os.chown", MagicMock(), create=True) +@patch("os.access", MagicMock(return_value=True)) +@pytest.mark.slow_test +def test_gen_keys_with_passphrase(): + key_path = os.path.join(os.sep, "keydir") + open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+") + open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+") + + with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( + "os.path.isfile", return_value=True + ): + assert salt.crypt.gen_keys( + key_path, "keyname", 2048, passphrase="password" + ) == os.path.join(key_path, "keyname.pem") + result = salt.crypt.gen_keys(key_path, "keyname", 2048, passphrase="password") + assert result == os.path.join(key_path, "keyname.pem"), result + assert open_priv_wb not in m_open.calls + assert open_pub_wb not in m_open.calls + + with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( + "os.path.isfile", return_value=False + ): + salt.crypt.gen_keys(key_path, "keyname", 2048) + assert open_priv_wb in m_open.calls + assert open_pub_wb in m_open.calls + + +def test_sign_message(): + key = RSA.importKey(PRIVKEY_DATA) + with patch("salt.crypt.get_rsa_key", return_value=key): + assert SIG == salt.crypt.sign_message("/keydir/keyname.pem", MSG) + + +def test_sign_message_with_passphrase(): + key = RSA.importKey(PRIVKEY_DATA) + with patch("salt.crypt.get_rsa_key", return_value=key): + assert SIG == salt.crypt.sign_message( + "/keydir/keyname.pem", MSG, passphrase="password" + ) + + +def test_verify_signature(): + with patch("salt.utils.files.fopen", mock_open(read_data=PUBKEY_DATA)): + assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG) diff --git a/tests/pytests/unit/crypt/test_crypt_m2crypto.py b/tests/pytests/unit/crypt/test_crypt_m2crypto.py new file mode 100644 index 00000000000..f06bbdbc9cc --- /dev/null +++ b/tests/pytests/unit/crypt/test_crypt_m2crypto.py @@ -0,0 +1,98 @@ +import os + +import pytest + +import salt.crypt +from tests.support.mock import MagicMock, mock_open, patch + +from . import MSG, PRIVKEY_DATA, PUBKEY_DATA, SIG + +M2Crypto = pytest.importorskip("M2Crypto") + + +@pytest.mark.slow_test +def test_gen_keys(): + with patch("os.umask", MagicMock()), patch("os.chmod", MagicMock()), patch( + "os.access", MagicMock(return_value=True) + ): + with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem, patch( + "M2Crypto.RSA.RSA.save_pub_key", MagicMock() + ) as save_pub: + with patch("os.path.isfile", return_value=True): + assert salt.crypt.gen_keys( + "/keydir", "keyname", 2048 + ) == "/keydir{}keyname.pem".format(os.sep) + save_pem.assert_not_called() + save_pub.assert_not_called() + + with patch("os.path.isfile", return_value=False): + assert salt.crypt.gen_keys( + "/keydir", "keyname", 2048 + ) == "/keydir{}keyname.pem".format(os.sep) + save_pem.assert_called_once_with( + "/keydir{}keyname.pem".format(os.sep), cipher=None + ) + save_pub.assert_called_once_with("/keydir{}keyname.pub".format(os.sep)) + + +@pytest.mark.slow_test +def test_gen_keys_with_passphrase(): + with patch("os.umask", MagicMock()), patch("os.chmod", MagicMock()), patch( + "os.chown", MagicMock() + ), patch("os.access", MagicMock(return_value=True)): + with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem, patch( + "M2Crypto.RSA.RSA.save_pub_key", MagicMock() + ) as save_pub: + with patch("os.path.isfile", return_value=True): + assert salt.crypt.gen_keys( + "/keydir", "keyname", 2048, passphrase="password" + ) == "/keydir{}keyname.pem".format(os.sep) + save_pem.assert_not_called() + save_pub.assert_not_called() + + with patch("os.path.isfile", return_value=False): + assert salt.crypt.gen_keys( + "/keydir", "keyname", 2048, passphrase="password" + ) == "/keydir{}keyname.pem".format(os.sep) + callback = save_pem.call_args[1]["callback"] + save_pem.assert_called_once_with( + "/keydir{}keyname.pem".format(os.sep), + cipher="des_ede3_cbc", + callback=callback, + ) + assert callback(None) == b"password" + save_pub.assert_called_once_with("/keydir{}keyname.pub".format(os.sep)) + + +def test_sign_message(): + key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) + with patch("salt.crypt.get_rsa_key", return_value=key): + assert SIG == salt.crypt.sign_message("/keydir/keyname.pem", MSG) + + +def test_sign_message_with_passphrase(): + key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) + with patch("salt.crypt.get_rsa_key", return_value=key): + assert SIG == salt.crypt.sign_message( + "/keydir/keyname.pem", MSG, passphrase="password" + ) + + +def test_verify_signature(): + with patch( + "salt.utils.files.fopen", + mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), + ): + assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG) + + +def test_encrypt_decrypt_bin(): + priv_key = M2Crypto.RSA.load_key_string( + salt.utils.stringutils.to_bytes(PRIVKEY_DATA) + ) + pub_key = M2Crypto.RSA.load_pub_key_bio( + M2Crypto.BIO.MemoryBuffer(salt.utils.stringutils.to_bytes(PUBKEY_DATA)) + ) + encrypted = salt.crypt.private_encrypt(priv_key, b"salt") + decrypted = salt.crypt.public_decrypt(pub_key, encrypted) + assert b"salt" == decrypted diff --git a/tests/unit/test_crypt.py b/tests/unit/test_crypt.py index f0c30a26da3..89ec83294b9 100644 --- a/tests/unit/test_crypt.py +++ b/tests/unit/test_crypt.py @@ -6,8 +6,7 @@ import pytest import salt.utils.files import salt.utils.stringutils -from salt import crypt -from tests.support.mock import MagicMock, MockCall, mock_open, patch +from tests.support.mock import mock_open, patch from tests.support.unit import TestCase try: @@ -17,7 +16,7 @@ try: except ImportError: HAS_M2 = False try: - from Cryptodome.PublicKey import RSA + from Cryptodome.PublicKey import RSA # pylint: disable=unused-import HAS_PYCRYPTO_RSA = True except ImportError: @@ -91,183 +90,6 @@ SIG = ( ) -@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available") -@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed") -class CryptTestCase(TestCase): - @pytest.mark.slow_test - def test_gen_keys(self): - open_priv_wb = MockCall("/keydir{}keyname.pem".format(os.sep), "wb+") - open_pub_wb = MockCall("/keydir{}keyname.pub".format(os.sep), "wb+") - - with patch.multiple( - os, - umask=MagicMock(), - chmod=MagicMock(), - access=MagicMock(return_value=True), - ): - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=True - ): - result = crypt.gen_keys("/keydir", "keyname", 2048) - assert result == "/keydir{}keyname.pem".format(os.sep), result - assert open_priv_wb not in m_open.calls - assert open_pub_wb not in m_open.calls - - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=False - ): - crypt.gen_keys("/keydir", "keyname", 2048) - assert open_priv_wb in m_open.calls - assert open_pub_wb in m_open.calls - - @patch("os.umask", MagicMock()) - @patch("os.chmod", MagicMock()) - @patch("os.chown", MagicMock(), create=True) - @patch("os.access", MagicMock(return_value=True)) - @pytest.mark.slow_test - def test_gen_keys_with_passphrase(self): - key_path = os.path.join(os.sep, "keydir") - open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+") - open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+") - - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=True - ): - self.assertEqual( - crypt.gen_keys(key_path, "keyname", 2048, passphrase="password"), - os.path.join(key_path, "keyname.pem"), - ) - result = crypt.gen_keys(key_path, "keyname", 2048, passphrase="password") - assert result == os.path.join(key_path, "keyname.pem"), result - assert open_priv_wb not in m_open.calls - assert open_pub_wb not in m_open.calls - - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=False - ): - crypt.gen_keys(key_path, "keyname", 2048) - assert open_priv_wb in m_open.calls - assert open_pub_wb in m_open.calls - - def test_sign_message(self): - key = RSA.importKey(PRIVKEY_DATA) - with patch("salt.crypt.get_rsa_key", return_value=key): - self.assertEqual(SIG, salt.crypt.sign_message("/keydir/keyname.pem", MSG)) - - def test_sign_message_with_passphrase(self): - key = RSA.importKey(PRIVKEY_DATA) - with patch("salt.crypt.get_rsa_key", return_value=key): - self.assertEqual( - SIG, - crypt.sign_message("/keydir/keyname.pem", MSG, passphrase="password"), - ) - - def test_verify_signature(self): - with patch("salt.utils.files.fopen", mock_open(read_data=PUBKEY_DATA)): - self.assertTrue(crypt.verify_signature("/keydir/keyname.pub", MSG, SIG)) - - -@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available") -class M2CryptTestCase(TestCase): - @patch("os.umask", MagicMock()) - @patch("os.chmod", MagicMock()) - @patch("os.access", MagicMock(return_value=True)) - @pytest.mark.slow_test - def test_gen_keys(self): - with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem: - with patch("M2Crypto.RSA.RSA.save_pub_key", MagicMock()) as save_pub: - with patch("os.path.isfile", return_value=True): - self.assertEqual( - crypt.gen_keys("/keydir", "keyname", 2048), - "/keydir{}keyname.pem".format(os.sep), - ) - save_pem.assert_not_called() - save_pub.assert_not_called() - - with patch("os.path.isfile", return_value=False): - self.assertEqual( - crypt.gen_keys("/keydir", "keyname", 2048), - "/keydir{}keyname.pem".format(os.sep), - ) - save_pem.assert_called_once_with( - "/keydir{}keyname.pem".format(os.sep), cipher=None - ) - save_pub.assert_called_once_with( - "/keydir{}keyname.pub".format(os.sep) - ) - - @patch("os.umask", MagicMock()) - @patch("os.chmod", MagicMock()) - @patch("os.chown", MagicMock()) - @patch("os.access", MagicMock(return_value=True)) - @pytest.mark.slow_test - def test_gen_keys_with_passphrase(self): - with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem: - with patch("M2Crypto.RSA.RSA.save_pub_key", MagicMock()) as save_pub: - with patch("os.path.isfile", return_value=True): - self.assertEqual( - crypt.gen_keys( - "/keydir", "keyname", 2048, passphrase="password" - ), - "/keydir{}keyname.pem".format(os.sep), - ) - save_pem.assert_not_called() - save_pub.assert_not_called() - - with patch("os.path.isfile", return_value=False): - self.assertEqual( - crypt.gen_keys( - "/keydir", "keyname", 2048, passphrase="password" - ), - "/keydir{}keyname.pem".format(os.sep), - ) - callback = save_pem.call_args[1]["callback"] - save_pem.assert_called_once_with( - "/keydir{}keyname.pem".format(os.sep), - cipher="des_ede3_cbc", - callback=callback, - ) - self.assertEqual(callback(None), b"password") - save_pub.assert_called_once_with( - "/keydir{}keyname.pub".format(os.sep) - ) - - def test_sign_message(self): - key = M2Crypto.RSA.load_key_string( - salt.utils.stringutils.to_bytes(PRIVKEY_DATA) - ) - with patch("salt.crypt.get_rsa_key", return_value=key): - self.assertEqual(SIG, salt.crypt.sign_message("/keydir/keyname.pem", MSG)) - - def test_sign_message_with_passphrase(self): - key = M2Crypto.RSA.load_key_string( - salt.utils.stringutils.to_bytes(PRIVKEY_DATA) - ) - with patch("salt.crypt.get_rsa_key", return_value=key): - self.assertEqual( - SIG, - crypt.sign_message("/keydir/keyname.pem", MSG, passphrase="password"), - ) - - def test_verify_signature(self): - with patch( - "salt.utils.files.fopen", - mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), - ): - self.assertTrue(crypt.verify_signature("/keydir/keyname.pub", MSG, SIG)) - - def test_encrypt_decrypt_bin(self): - priv_key = M2Crypto.RSA.load_key_string( - salt.utils.stringutils.to_bytes(PRIVKEY_DATA) - ) - pub_key = M2Crypto.RSA.load_pub_key_bio( - M2Crypto.BIO.MemoryBuffer(salt.utils.stringutils.to_bytes(PUBKEY_DATA)) - ) - encrypted = salt.crypt.private_encrypt(priv_key, b"salt") - decrypted = salt.crypt.public_decrypt(pub_key, encrypted) - self.assertEqual(b"salt", decrypted) - - class TestBadCryptodomePubKey(TestCase): """ Test that we can load public keys exported by pycrpytodome<=3.4.6 From 50bcb9ebbc91045c291a1351a480eabeb2a15701 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sat, 13 Jan 2024 20:29:52 +0000 Subject: [PATCH 07/21] Allow excluding paths when cleaning up archives Signed-off-by: Pedro Algarvio --- .github/workflows/ci.yml | 2 +- .github/workflows/nightly.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scheduled.yml | 2 +- .github/workflows/staging.yml | 2 +- .github/workflows/templates/layout.yml.jinja | 3 ++- .github/workflows/templates/release.yml.jinja | 2 +- pkg/common/env-cleanup-rules.yml | 15 ++++++++++++ tools/pkg/__init__.py | 24 +++++++++++++++++++ 9 files changed, 47 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 43d80353100..f6f51eec55e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -168,7 +168,7 @@ jobs: - name: Get Hash For Nox Tarball Cache id: nox-archive-hash run: | - echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT" + echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py', 'pkg/common/env-cleanup-rules.yml') }}" | tee -a "$GITHUB_OUTPUT" - name: Write Changed Files To A Local File run: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 2e4ef6250dc..8c5285dc124 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -212,7 +212,7 @@ jobs: - name: Get Hash For Nox Tarball Cache id: nox-archive-hash run: | - echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT" + echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py', 'pkg/common/env-cleanup-rules.yml') }}" | tee -a "$GITHUB_OUTPUT" - name: Write Changed Files To A Local File run: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9c624505c34..b2f738ab900 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -115,7 +115,7 @@ jobs: - name: Get Hash For Nox Tarball Cache id: nox-archive-hash run: | - echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT" + echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py', 'pkg/common/env-cleanup-rules.yml') }}" | tee -a "$GITHUB_OUTPUT" download-onedir-artifact: name: Download Staging Onedir Artifact diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index 2dce4f3e95b..80c78a80e88 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -202,7 +202,7 @@ jobs: - name: Get Hash For Nox Tarball Cache id: nox-archive-hash run: | - echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT" + echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py', 'pkg/common/env-cleanup-rules.yml') }}" | tee -a "$GITHUB_OUTPUT" - name: Write Changed Files To A Local File run: diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index a9576afc810..1f7644f5bc1 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -198,7 +198,7 @@ jobs: - name: Get Hash For Nox Tarball Cache id: nox-archive-hash run: | - echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT" + echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py', 'pkg/common/env-cleanup-rules.yml') }}" | tee -a "$GITHUB_OUTPUT" - name: Check Existing Releases env: diff --git a/.github/workflows/templates/layout.yml.jinja b/.github/workflows/templates/layout.yml.jinja index 96f26a5eb84..dd0d97c427d 100644 --- a/.github/workflows/templates/layout.yml.jinja +++ b/.github/workflows/templates/layout.yml.jinja @@ -9,6 +9,7 @@ <%- set gpg_key_id = "64CBBC8173D76B3F" %> <%- set prepare_actual_release = prepare_actual_release | default(False) %> <%- set gh_actions_workflows_python_version = "3.10" %> +<%- set nox_archive_hashfiles = "${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py', 'pkg/common/env-cleanup-rules.yml') }}" %> --- <%- block name %> name: <{ workflow_name }> @@ -215,7 +216,7 @@ jobs: - name: Get Hash For Nox Tarball Cache id: nox-archive-hash run: | - echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT" + echo "nox-archive-hash=<{ nox_archive_hashfiles }>" | tee -a "$GITHUB_OUTPUT" <%- if prepare_actual_release %> diff --git a/.github/workflows/templates/release.yml.jinja b/.github/workflows/templates/release.yml.jinja index 704e2ec940b..7be119e57c8 100644 --- a/.github/workflows/templates/release.yml.jinja +++ b/.github/workflows/templates/release.yml.jinja @@ -143,7 +143,7 @@ permissions: - name: Get Hash For Nox Tarball Cache id: nox-archive-hash run: | - echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT" + echo "nox-archive-hash=<{ nox_archive_hashfiles }>" | tee -a "$GITHUB_OUTPUT" <%- endblock prepare_workflow_job %> <%- endif %> diff --git a/pkg/common/env-cleanup-rules.yml b/pkg/common/env-cleanup-rules.yml index 09708110473..43b4a628af2 100644 --- a/pkg/common/env-cleanup-rules.yml +++ b/pkg/common/env-cleanup-rules.yml @@ -1,5 +1,8 @@ --- common: + exclude_patterns: &common_exclude_patterns + - "**/site-packages/ansible/plugins/test" + - "**/site-packages/ansible/plugins/test/**" dir_patterns: &common_dir_patterns - "**/__pycache__" - "**/lib/python3.*/test" @@ -24,16 +27,22 @@ common: ci: darwin: + exclude_patterns: &ci_darwin_exclude_patterns + - *common_exclude_patterns dir_patterns: &ci_darwin_dir_patterns - *common_dir_patterns file_patterns: &ci_darwin_file_patterns - *common_file_patterns linux: + exclude_patterns: &ci_linux_exclude_patterns + - *common_exclude_patterns dir_patterns: &ci_linux_dir_patterns - *common_dir_patterns file_patterns: &ci_linux_file_patterns - *common_file_patterns windows: + exclude_patterns: &ci_windows_exclude_patterns + - *common_exclude_patterns dir_patterns: &ci_windows_dir_patterns - *common_dir_patterns - "**/artifacts/salt/configs" @@ -52,6 +61,8 @@ ci: pkg: darwin: + exclude_patterns: + - *ci_darwin_exclude_patterns dir_patterns: - *ci_darwin_dir_patterns - "**/pkgconfig" @@ -62,11 +73,15 @@ pkg: file_patterns: - *ci_darwin_file_patterns linux: + exclude_patterns: + - *ci_linux_exclude_patterns dir_patterns: - *ci_linux_dir_patterns file_patterns: - *ci_linux_file_patterns windows: + exclude_patterns: + - *ci_windows_exclude_patterns dir_patterns: - *ci_windows_dir_patterns - "**/salt/share" diff --git a/tools/pkg/__init__.py b/tools/pkg/__init__.py index 05612996655..2d843893640 100644 --- a/tools/pkg/__init__.py +++ b/tools/pkg/__init__.py @@ -257,6 +257,10 @@ def pre_archive_cleanup(ctx: Context, cleanup_path: str, pkg: bool = False): else: yield patterns + exclude_patterns = set() + for pattern in unnest_lists(patterns["exclude_patterns"]): + exclude_patterns.add(pattern) + dir_patterns = set() for pattern in unnest_lists(patterns["dir_patterns"]): dir_patterns.add(pattern) @@ -271,6 +275,16 @@ def pre_archive_cleanup(ctx: Context, cleanup_path: str, pkg: bool = False): if not path.exists(): continue match_path = path.as_posix() + skip_match = False + for pattern in exclude_patterns: + if fnmatch.fnmatch(str(match_path), pattern): + ctx.info( + f"Excluded file: {match_path}; Matching pattern: {pattern!r}" + ) + skip_match = True + break + if skip_match: + continue for pattern in dir_patterns: if fnmatch.fnmatch(str(match_path), pattern): ctx.info( @@ -283,6 +297,16 @@ def pre_archive_cleanup(ctx: Context, cleanup_path: str, pkg: bool = False): if not path.exists(): continue match_path = path.as_posix() + skip_match = False + for pattern in exclude_patterns: + if fnmatch.fnmatch(str(match_path), pattern): + ctx.info( + f"Excluded file: {match_path}; Matching pattern: {pattern!r}" + ) + skip_match = True + break + if skip_match: + continue for pattern in file_patterns: if fnmatch.fnmatch(str(match_path), pattern): ctx.info( From de334db0470efde97c1db0d41f9cf67d07970253 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 14 Jan 2024 09:58:11 +0000 Subject: [PATCH 08/21] Cleanup aws unit test hang Signed-off-by: Pedro Algarvio --- salt/utils/aws.py | 37 +++++----------------------- tests/pytests/unit/utils/test_aws.py | 15 ++++++++++- 2 files changed, 20 insertions(+), 32 deletions(-) diff --git a/salt/utils/aws.py b/salt/utils/aws.py index c74104c08db..fead9cf7ac6 100644 --- a/salt/utils/aws.py +++ b/salt/utils/aws.py @@ -7,7 +7,7 @@ This is a base library used by a number of AWS services. :depends: requests """ - +import binascii import copy import hashlib import hmac @@ -15,43 +15,18 @@ import logging import random import re import time +import urllib.parse +import xml.etree.ElementTree as ET from datetime import datetime +import requests + import salt.config import salt.utils.hashutils import salt.utils.xmlutil as xml -try: - import requests - - HAS_REQUESTS = True # pylint: disable=W0612 -except ImportError: - HAS_REQUESTS = False # pylint: disable=W0612 - -try: - import binascii - - HAS_BINASCII = True # pylint: disable=W0612 -except ImportError: - HAS_BINASCII = False # pylint: disable=W0612 - -try: - import urllib.parse - - HAS_URLLIB = True # pylint: disable=W0612 -except ImportError: - HAS_URLLIB = False # pylint: disable=W0612 - -try: - import xml.etree.ElementTree as ET - - HAS_ETREE = True # pylint: disable=W0612 -except ImportError: - HAS_ETREE = False # pylint: disable=W0612 - -# pylint: enable=import-error,redefined-builtin,no-name-in-module - log = logging.getLogger(__name__) + DEFAULT_LOCATION = "us-east-1" DEFAULT_AWS_API_VERSION = "2016-11-15" AWS_RETRY_CODES = [ diff --git a/tests/pytests/unit/utils/test_aws.py b/tests/pytests/unit/utils/test_aws.py index bd4dc53cc8b..36b0bd32335 100644 --- a/tests/pytests/unit/utils/test_aws.py +++ b/tests/pytests/unit/utils/test_aws.py @@ -4,17 +4,30 @@ Test the salt aws functions """ - import io +import os import time from datetime import datetime, timedelta +import pytest import requests import salt.utils.aws as aws +from tests.support.helpers import patched_environ from tests.support.mock import MagicMock, patch +@pytest.fixture(autouse=True) +def _cleanup(): + # Make sure this cache is clear before each test + aws.__AssumeCache__.clear() + # Remove any AWS_ prefixed environment variables + with patched_environ( + __cleanup__=[k for k in os.environ if k.startswith("AWS_")], + ): + yield + + def test_get_metadata_imdsv1(): response = requests.Response() response.status_code = 200 From d891eedbd1b8ae379b863d45b6d34b54500484f2 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Mon, 15 Jan 2024 17:33:27 +0000 Subject: [PATCH 09/21] Timeout the tests instead of just hanging indefinitely Signed-off-by: Pedro Algarvio --- pytest.ini | 2 ++ tests/pytests/unit/utils/test_aws.py | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/pytest.ini b/pytest.ini index fca3fdcdbed..0796d4bcf3f 100644 --- a/pytest.ini +++ b/pytest.ini @@ -8,3 +8,5 @@ python_files=test_*.py python_classes=Test* python_functions = test_* junit_family=xunit2 +# Only the tests should count towards timeouts +timeout_func_only = true diff --git a/tests/pytests/unit/utils/test_aws.py b/tests/pytests/unit/utils/test_aws.py index 36b0bd32335..a73c12f537e 100644 --- a/tests/pytests/unit/utils/test_aws.py +++ b/tests/pytests/unit/utils/test_aws.py @@ -16,6 +16,13 @@ import salt.utils.aws as aws from tests.support.helpers import patched_environ from tests.support.mock import MagicMock, patch +pytestmark = [ + # Skip testing on windows since it does not support signals + # which is what the timeout marker is using. + pytest.mark.skip_on_windows, + pytest.mark.timeout(60, method="signal"), +] + @pytest.fixture(autouse=True) def _cleanup(): From 0e3f5ee41a522d473c63f4bfed1890d6e127c39b Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Mon, 15 Jan 2024 18:07:28 +0000 Subject: [PATCH 10/21] If the user passes a path to the package tests, don't auto add them Signed-off-by: Pedro Algarvio --- noxfile.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/noxfile.py b/noxfile.py index e9e5c6fdc73..003afbdbe87 100644 --- a/noxfile.py +++ b/noxfile.py @@ -1886,6 +1886,11 @@ def ci_test_onedir_pkgs(session): chunk = session.posargs.pop(0) cmd_args = chunks[chunk] + for arg in session.posargs: + if arg.startswith("tests/pytests/pkg/"): + # The user is passing test paths + cmd_args.pop() + break if IS_LINUX: # Fetch the toolchain From 71b68d722cc9fde1941cd7a0537ffd745650ce68 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Mon, 15 Jan 2024 18:31:59 +0000 Subject: [PATCH 11/21] Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 Signed-off-by: Pedro Algarvio --- requirements/static/ci/py3.10/changelog.txt | 2 +- requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/docs.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/tools.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.11/changelog.txt | 2 +- requirements/static/ci/py3.11/cloud.txt | 2 +- requirements/static/ci/py3.11/darwin.txt | 2 +- requirements/static/ci/py3.11/docs.txt | 2 +- requirements/static/ci/py3.11/freebsd.txt | 2 +- requirements/static/ci/py3.11/lint.txt | 2 +- requirements/static/ci/py3.11/linux.txt | 2 +- requirements/static/ci/py3.11/tools.txt | 2 +- requirements/static/ci/py3.11/windows.txt | 2 +- requirements/static/ci/py3.12/changelog.txt | 2 +- requirements/static/ci/py3.12/cloud.txt | 2 +- requirements/static/ci/py3.12/darwin.txt | 2 +- requirements/static/ci/py3.12/docs.txt | 2 +- requirements/static/ci/py3.12/freebsd.txt | 2 +- requirements/static/ci/py3.12/lint.txt | 2 +- requirements/static/ci/py3.12/linux.txt | 2 +- requirements/static/ci/py3.12/tools.txt | 2 +- requirements/static/ci/py3.12/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/docs.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/changelog.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/docs.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/changelog.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/docs.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/tools.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/freebsd.txt | 2 +- requirements/static/pkg/py3.10/linux.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.11/darwin.txt | 2 +- requirements/static/pkg/py3.11/freebsd.txt | 2 +- requirements/static/pkg/py3.11/linux.txt | 2 +- requirements/static/pkg/py3.11/windows.txt | 2 +- requirements/static/pkg/py3.12/darwin.txt | 2 +- requirements/static/pkg/py3.12/freebsd.txt | 2 +- requirements/static/pkg/py3.12/linux.txt | 2 +- requirements/static/pkg/py3.12/windows.txt | 2 +- requirements/static/pkg/py3.7/freebsd.txt | 2 +- requirements/static/pkg/py3.7/linux.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/freebsd.txt | 2 +- requirements/static/pkg/py3.8/linux.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/freebsd.txt | 2 +- requirements/static/pkg/py3.9/linux.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 71 files changed, 71 insertions(+), 71 deletions(-) diff --git a/requirements/static/ci/py3.10/changelog.txt b/requirements/static/ci/py3.10/changelog.txt index 00114bce949..901e8a069db 100644 --- a/requirements/static/ci/py3.10/changelog.txt +++ b/requirements/static/ci/py3.10/changelog.txt @@ -13,7 +13,7 @@ click==7.1.1 # towncrier incremental==17.5.0 # via towncrier -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.10/linux.txt # towncrier diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 1097c1be986..3460caf2d22 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -243,7 +243,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 526b9f375ef..a2a7e8fc505 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -177,7 +177,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index 2601631ebd5..7574bc61153 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -62,7 +62,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/py3.10/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 5c5d558092c..8a9235c5beb 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -169,7 +169,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.10/freebsd.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.10/freebsd.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 2067433227e..3ac30d98e70 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -245,7 +245,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index acb2da5b67a..fdafc6c5ac2 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -178,7 +178,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.10/tools.txt b/requirements/static/ci/py3.10/tools.txt index e390aabbffd..d3b6eb23735 100644 --- a/requirements/static/ci/py3.10/tools.txt +++ b/requirements/static/ci/py3.10/tools.txt @@ -20,7 +20,7 @@ charset-normalizer==3.2.0 # via requests idna==3.2 # via requests -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/static/ci/tools.in jmespath==1.0.1 # via diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 00c0411026a..a9138960e18 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -171,7 +171,7 @@ jaraco.text==3.5.0 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.11/changelog.txt b/requirements/static/ci/py3.11/changelog.txt index 2aa97aa5da2..e6589faff9a 100644 --- a/requirements/static/ci/py3.11/changelog.txt +++ b/requirements/static/ci/py3.11/changelog.txt @@ -13,7 +13,7 @@ click==7.1.1 # towncrier incremental==17.5.0 # via towncrier -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.11/linux.txt # towncrier diff --git a/requirements/static/ci/py3.11/cloud.txt b/requirements/static/ci/py3.11/cloud.txt index 3f4b563e1d5..441d621bccf 100644 --- a/requirements/static/ci/py3.11/cloud.txt +++ b/requirements/static/ci/py3.11/cloud.txt @@ -235,7 +235,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.11/linux.txt # -c requirements/static/ci/py3.11/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.11/linux.txt # -c requirements/static/ci/py3.11/linux.txt diff --git a/requirements/static/ci/py3.11/darwin.txt b/requirements/static/ci/py3.11/darwin.txt index 0cd6132a32a..6b3a176d31a 100644 --- a/requirements/static/ci/py3.11/darwin.txt +++ b/requirements/static/ci/py3.11/darwin.txt @@ -170,7 +170,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.11/darwin.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.11/darwin.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.11/docs.txt b/requirements/static/ci/py3.11/docs.txt index 8349e865ddb..bdaf9afb140 100644 --- a/requirements/static/ci/py3.11/docs.txt +++ b/requirements/static/ci/py3.11/docs.txt @@ -62,7 +62,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/py3.11/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.11/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.11/freebsd.txt b/requirements/static/ci/py3.11/freebsd.txt index a34339dfa2b..5ebd4c09d73 100644 --- a/requirements/static/ci/py3.11/freebsd.txt +++ b/requirements/static/ci/py3.11/freebsd.txt @@ -165,7 +165,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.11/freebsd.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.11/freebsd.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.11/lint.txt b/requirements/static/ci/py3.11/lint.txt index 65558916675..6a9e5b58469 100644 --- a/requirements/static/ci/py3.11/lint.txt +++ b/requirements/static/ci/py3.11/lint.txt @@ -241,7 +241,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.11/linux.txt # -c requirements/static/ci/py3.11/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.11/linux.txt # -c requirements/static/ci/py3.11/linux.txt diff --git a/requirements/static/ci/py3.11/linux.txt b/requirements/static/ci/py3.11/linux.txt index 46da6ec6da3..37dc2c11968 100644 --- a/requirements/static/ci/py3.11/linux.txt +++ b/requirements/static/ci/py3.11/linux.txt @@ -174,7 +174,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.11/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.11/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.11/tools.txt b/requirements/static/ci/py3.11/tools.txt index acc8dbef504..adcf0b938b8 100644 --- a/requirements/static/ci/py3.11/tools.txt +++ b/requirements/static/ci/py3.11/tools.txt @@ -22,7 +22,7 @@ commonmark==0.9.1 # via rich idna==3.2 # via requests -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/static/ci/tools.in jmespath==1.0.1 # via diff --git a/requirements/static/ci/py3.11/windows.txt b/requirements/static/ci/py3.11/windows.txt index 84710d57dcc..4b2a5d363d7 100644 --- a/requirements/static/ci/py3.11/windows.txt +++ b/requirements/static/ci/py3.11/windows.txt @@ -167,7 +167,7 @@ jaraco.text==3.5.0 # via # -c requirements/static/ci/../pkg/py3.11/windows.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.11/windows.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.12/changelog.txt b/requirements/static/ci/py3.12/changelog.txt index 6a252d0cd70..af7f4286875 100644 --- a/requirements/static/ci/py3.12/changelog.txt +++ b/requirements/static/ci/py3.12/changelog.txt @@ -13,7 +13,7 @@ click==7.1.1 # towncrier incremental==17.5.0 # via towncrier -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.12/linux.txt # towncrier diff --git a/requirements/static/ci/py3.12/cloud.txt b/requirements/static/ci/py3.12/cloud.txt index ded322601e5..787b2855ed5 100644 --- a/requirements/static/ci/py3.12/cloud.txt +++ b/requirements/static/ci/py3.12/cloud.txt @@ -235,7 +235,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.12/linux.txt # -c requirements/static/ci/py3.12/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.12/linux.txt # -c requirements/static/ci/py3.12/linux.txt diff --git a/requirements/static/ci/py3.12/darwin.txt b/requirements/static/ci/py3.12/darwin.txt index 0c9e45cca02..13902e31d8c 100644 --- a/requirements/static/ci/py3.12/darwin.txt +++ b/requirements/static/ci/py3.12/darwin.txt @@ -170,7 +170,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.12/darwin.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.12/darwin.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.12/docs.txt b/requirements/static/ci/py3.12/docs.txt index 39dd98dd698..80b51652bd9 100644 --- a/requirements/static/ci/py3.12/docs.txt +++ b/requirements/static/ci/py3.12/docs.txt @@ -62,7 +62,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/py3.12/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.12/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.12/freebsd.txt b/requirements/static/ci/py3.12/freebsd.txt index b3b4f84d741..88260a34989 100644 --- a/requirements/static/ci/py3.12/freebsd.txt +++ b/requirements/static/ci/py3.12/freebsd.txt @@ -165,7 +165,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.12/freebsd.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.12/freebsd.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.12/lint.txt b/requirements/static/ci/py3.12/lint.txt index ead6fb256eb..0052be08a93 100644 --- a/requirements/static/ci/py3.12/lint.txt +++ b/requirements/static/ci/py3.12/lint.txt @@ -241,7 +241,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.12/linux.txt # -c requirements/static/ci/py3.12/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.12/linux.txt # -c requirements/static/ci/py3.12/linux.txt diff --git a/requirements/static/ci/py3.12/linux.txt b/requirements/static/ci/py3.12/linux.txt index 809270bc2e7..1d7d02b82b7 100644 --- a/requirements/static/ci/py3.12/linux.txt +++ b/requirements/static/ci/py3.12/linux.txt @@ -174,7 +174,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.12/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.12/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.12/tools.txt b/requirements/static/ci/py3.12/tools.txt index 7531a07f5be..f6e9cfcccb0 100644 --- a/requirements/static/ci/py3.12/tools.txt +++ b/requirements/static/ci/py3.12/tools.txt @@ -22,7 +22,7 @@ commonmark==0.9.1 # via rich idna==3.2 # via requests -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/static/ci/tools.in jmespath==1.0.1 # via diff --git a/requirements/static/ci/py3.12/windows.txt b/requirements/static/ci/py3.12/windows.txt index e27b726e107..f0109605d12 100644 --- a/requirements/static/ci/py3.12/windows.txt +++ b/requirements/static/ci/py3.12/windows.txt @@ -167,7 +167,7 @@ jaraco.text==3.5.0 # via # -c requirements/static/ci/../pkg/py3.12/windows.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index d55696d18d6..36af32798f6 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -271,7 +271,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index 96b190fabe9..528de0370f3 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -66,7 +66,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/py3.7/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 561e58952d9..f54e45169ee 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -192,7 +192,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.7/freebsd.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.7/freebsd.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index 23ad6c50cba..fae5c3788a4 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -270,7 +270,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 80b6038b70b..2dd4e146ee1 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -198,7 +198,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index f73dd727c93..18670294d1d 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -186,7 +186,7 @@ jaraco.text==3.5.0 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.8/changelog.txt b/requirements/static/ci/py3.8/changelog.txt index 6b6f20b0654..a55d84719b3 100644 --- a/requirements/static/ci/py3.8/changelog.txt +++ b/requirements/static/ci/py3.8/changelog.txt @@ -13,7 +13,7 @@ click==7.1.1 # towncrier incremental==17.5.0 # via towncrier -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.8/linux.txt # towncrier diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 62d7db38844..e6262cb5178 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -258,7 +258,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index 616cdae5f58..660f0e9cbe6 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -62,7 +62,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/py3.8/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index d46c6593a3d..6dff1b25d49 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -179,7 +179,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.8/freebsd.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.8/freebsd.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 32e7267d06e..5b10cbe8a36 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -255,7 +255,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index bffa8eb96ea..7d0212b6958 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -185,7 +185,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 07cd7e4b937..b9960dc20f7 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -173,7 +173,7 @@ jaraco.text==3.5.0 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.9/changelog.txt b/requirements/static/ci/py3.9/changelog.txt index 92c670f312e..540b3c88fcc 100644 --- a/requirements/static/ci/py3.9/changelog.txt +++ b/requirements/static/ci/py3.9/changelog.txt @@ -13,7 +13,7 @@ click==7.1.1 # towncrier incremental==17.5.0 # via towncrier -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.9/linux.txt # towncrier diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 20196ca8f87..ffdd686693e 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -258,7 +258,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index f3b3472ab59..c1a96550047 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -187,7 +187,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index 8e76c5973fd..1add3de6b29 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -66,7 +66,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/py3.9/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 7a850ed53c7..7133c4d45ed 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -179,7 +179,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.9/freebsd.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.9/freebsd.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 0e7ee9f0546..189b5f0d2e9 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -251,7 +251,7 @@ jaraco.text==3.5.1 # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 975af3dc828..d2b25cec1be 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -183,7 +183,7 @@ jaraco.text==3.5.1 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -r requirements/base.txt diff --git a/requirements/static/ci/py3.9/tools.txt b/requirements/static/ci/py3.9/tools.txt index 49375c5e736..1f3d04a05e1 100644 --- a/requirements/static/ci/py3.9/tools.txt +++ b/requirements/static/ci/py3.9/tools.txt @@ -20,7 +20,7 @@ charset-normalizer==3.2.0 # via requests idna==3.2 # via requests -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/static/ci/tools.in jmespath==1.0.1 # via diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index b001c15a6e9..2bd40253c82 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -173,7 +173,7 @@ jaraco.text==3.5.0 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # -r requirements/base.txt diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index dd640bb81f8..dd0388e4b9d 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -47,7 +47,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index 999cbfc1e61..3a7ec7bb9e6 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -41,7 +41,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index 446ac3b7fd8..d7d35c34cca 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -39,7 +39,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 1c1fc3b0213..a231b0bdb08 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -52,7 +52,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.0 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.11/darwin.txt b/requirements/static/pkg/py3.11/darwin.txt index 3ae9fd7999d..10080a8dd20 100644 --- a/requirements/static/pkg/py3.11/darwin.txt +++ b/requirements/static/pkg/py3.11/darwin.txt @@ -47,7 +47,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.11/freebsd.txt b/requirements/static/pkg/py3.11/freebsd.txt index 7f0c55fc20e..7ba6d12b104 100644 --- a/requirements/static/pkg/py3.11/freebsd.txt +++ b/requirements/static/pkg/py3.11/freebsd.txt @@ -41,7 +41,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.11/linux.txt b/requirements/static/pkg/py3.11/linux.txt index 0c91544bdb6..6ea847aafec 100644 --- a/requirements/static/pkg/py3.11/linux.txt +++ b/requirements/static/pkg/py3.11/linux.txt @@ -39,7 +39,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.11/windows.txt b/requirements/static/pkg/py3.11/windows.txt index b5cd26dce0c..be0822d71e5 100644 --- a/requirements/static/pkg/py3.11/windows.txt +++ b/requirements/static/pkg/py3.11/windows.txt @@ -52,7 +52,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.0 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.12/darwin.txt b/requirements/static/pkg/py3.12/darwin.txt index 7bbf467c7ef..31c67ce1d6f 100644 --- a/requirements/static/pkg/py3.12/darwin.txt +++ b/requirements/static/pkg/py3.12/darwin.txt @@ -47,7 +47,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.12/freebsd.txt b/requirements/static/pkg/py3.12/freebsd.txt index b321476ba61..eb43935ca47 100644 --- a/requirements/static/pkg/py3.12/freebsd.txt +++ b/requirements/static/pkg/py3.12/freebsd.txt @@ -41,7 +41,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.12/linux.txt b/requirements/static/pkg/py3.12/linux.txt index eaf9356ed72..85dd5bbc90e 100644 --- a/requirements/static/pkg/py3.12/linux.txt +++ b/requirements/static/pkg/py3.12/linux.txt @@ -39,7 +39,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.12/windows.txt b/requirements/static/pkg/py3.12/windows.txt index 61b24ec3303..15fff737182 100644 --- a/requirements/static/pkg/py3.12/windows.txt +++ b/requirements/static/pkg/py3.12/windows.txt @@ -52,7 +52,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.0 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index 1f37ca0cb77..d26272a0970 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -41,7 +41,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index 10aa08c23fd..93a2bd79ef8 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -39,7 +39,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index e202d18f9e9..334db47befb 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -52,7 +52,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.0 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index a6af263a28f..22b6d3049b3 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -41,7 +41,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index e291cad63dc..a0a72abb801 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -39,7 +39,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 5ad09a3ade0..f304db73f73 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -52,7 +52,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.0 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 19ad95b667f..1d4911b6e01 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -47,7 +47,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 57a4c492aa5..800bb76edac 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -41,7 +41,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index b46dadd157c..c0e0ef4e791 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -39,7 +39,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.1 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 7f4c7f13bd2..3ebb43358ef 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -52,7 +52,7 @@ jaraco.functools==2.0 # tempora jaraco.text==3.5.0 # via jaraco.collections -jinja2==3.1.2 +jinja2==3.1.3 # via -r requirements/base.txt jmespath==1.0.1 # via -r requirements/base.txt From 96d60f3a1141af2bb128f2de7cc7c96a9acd5dbc Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 16 Jan 2024 09:24:08 +0000 Subject: [PATCH 12/21] Update changelog to include the Jinja security update Signed-off-by: Pedro Algarvio --- changelog/65830.security.md | 1 + 1 file changed, 1 insertion(+) diff --git a/changelog/65830.security.md b/changelog/65830.security.md index b6a01212508..509b279126d 100644 --- a/changelog/65830.security.md +++ b/changelog/65830.security.md @@ -2,3 +2,4 @@ Update some requirements which had some security issues: * Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7 * Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx +* Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 From b9e5f513dd68fd47dda1e152c5e971af6e1355d7 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 16 Jan 2024 11:54:54 +0000 Subject: [PATCH 13/21] Run `pyupgrade` against the files modified in the merge-forward --- .../unit/crypt/test_crypt_cryptodome.py | 6 +-- .../pytests/unit/crypt/test_crypt_m2crypto.py | 42 +++++++++++-------- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/tests/pytests/unit/crypt/test_crypt_cryptodome.py b/tests/pytests/unit/crypt/test_crypt_cryptodome.py index 357b302e3c6..dd9f891aa49 100644 --- a/tests/pytests/unit/crypt/test_crypt_cryptodome.py +++ b/tests/pytests/unit/crypt/test_crypt_cryptodome.py @@ -35,8 +35,8 @@ pytestmark = [ @pytest.mark.slow_test def test_gen_keys(): - open_priv_wb = MockCall("/keydir{}keyname.pem".format(os.sep), "wb+") - open_pub_wb = MockCall("/keydir{}keyname.pub".format(os.sep), "wb+") + open_priv_wb = MockCall(f"/keydir{os.sep}keyname.pem", "wb+") + open_pub_wb = MockCall(f"/keydir{os.sep}keyname.pub", "wb+") with patch.multiple( os, @@ -48,7 +48,7 @@ def test_gen_keys(): "os.path.isfile", return_value=True ): result = salt.crypt.gen_keys("/keydir", "keyname", 2048) - assert result == "/keydir{}keyname.pem".format(os.sep), result + assert result == f"/keydir{os.sep}keyname.pem", result assert open_priv_wb not in m_open.calls assert open_pub_wb not in m_open.calls diff --git a/tests/pytests/unit/crypt/test_crypt_m2crypto.py b/tests/pytests/unit/crypt/test_crypt_m2crypto.py index f06bbdbc9cc..2be141e77fd 100644 --- a/tests/pytests/unit/crypt/test_crypt_m2crypto.py +++ b/tests/pytests/unit/crypt/test_crypt_m2crypto.py @@ -19,20 +19,22 @@ def test_gen_keys(): "M2Crypto.RSA.RSA.save_pub_key", MagicMock() ) as save_pub: with patch("os.path.isfile", return_value=True): - assert salt.crypt.gen_keys( - "/keydir", "keyname", 2048 - ) == "/keydir{}keyname.pem".format(os.sep) + assert ( + salt.crypt.gen_keys("/keydir", "keyname", 2048) + == f"/keydir{os.sep}keyname.pem" + ) save_pem.assert_not_called() save_pub.assert_not_called() with patch("os.path.isfile", return_value=False): - assert salt.crypt.gen_keys( - "/keydir", "keyname", 2048 - ) == "/keydir{}keyname.pem".format(os.sep) - save_pem.assert_called_once_with( - "/keydir{}keyname.pem".format(os.sep), cipher=None + assert ( + salt.crypt.gen_keys("/keydir", "keyname", 2048) + == f"/keydir{os.sep}keyname.pem" ) - save_pub.assert_called_once_with("/keydir{}keyname.pub".format(os.sep)) + save_pem.assert_called_once_with( + f"/keydir{os.sep}keyname.pem", cipher=None + ) + save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub") @pytest.mark.slow_test @@ -44,24 +46,30 @@ def test_gen_keys_with_passphrase(): "M2Crypto.RSA.RSA.save_pub_key", MagicMock() ) as save_pub: with patch("os.path.isfile", return_value=True): - assert salt.crypt.gen_keys( - "/keydir", "keyname", 2048, passphrase="password" - ) == "/keydir{}keyname.pem".format(os.sep) + assert ( + salt.crypt.gen_keys( + "/keydir", "keyname", 2048, passphrase="password" + ) + == f"/keydir{os.sep}keyname.pem" + ) save_pem.assert_not_called() save_pub.assert_not_called() with patch("os.path.isfile", return_value=False): - assert salt.crypt.gen_keys( - "/keydir", "keyname", 2048, passphrase="password" - ) == "/keydir{}keyname.pem".format(os.sep) + assert ( + salt.crypt.gen_keys( + "/keydir", "keyname", 2048, passphrase="password" + ) + == f"/keydir{os.sep}keyname.pem" + ) callback = save_pem.call_args[1]["callback"] save_pem.assert_called_once_with( - "/keydir{}keyname.pem".format(os.sep), + f"/keydir{os.sep}keyname.pem", cipher="des_ede3_cbc", callback=callback, ) assert callback(None) == b"password" - save_pub.assert_called_once_with("/keydir{}keyname.pub".format(os.sep)) + save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub") def test_sign_message(): From c7300429d7c70834d2397632b734299f11a193e1 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 16 Jan 2024 12:11:09 +0000 Subject: [PATCH 14/21] Fix pre-commit config and some requirements which got downgraded Signed-off-by: Pedro Algarvio --- .pre-commit-config.yaml | 7 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.11/windows.txt | 2 +- requirements/static/ci/py3.12/darwin.txt | 28 +-- requirements/static/ci/py3.12/windows.txt | 196 +++++++++------------ requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.11/windows.txt | 2 +- requirements/static/pkg/py3.12/darwin.txt | 50 ++---- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 14 files changed, 131 insertions(+), 170 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b27341bbc73..b5d0a8ffaa6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -352,6 +352,7 @@ repos: - --no-emit-index-url - requirements/static/pkg/darwin.in + - id: pip-tools-compile alias: compile-pkg-windows-3.8-zmq-requirements name: Windows Packaging Py3.8 ZeroMQ Requirements files: ^requirements/((base|zeromq|crypto|windows)\.txt|static/pkg/(windows\.in|py3\.8/windows\.txt))$ @@ -559,7 +560,6 @@ repos: - id: pip-tools-compile alias: compile-ci-linux-crypto-3.11-requirements name: Linux CI Py3.11 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$ files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.11/linux-crypto\.txt))$ pass_filenames: false args: @@ -574,7 +574,6 @@ repos: - id: pip-tools-compile alias: compile-ci-linux-crypto-3.12-requirements name: Linux CI Py3.12 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$ files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/linux-crypto\.txt))$ pass_filenames: false args: @@ -709,7 +708,6 @@ repos: - id: pip-tools-compile alias: compile-ci-freebsd-crypto-3.10-requirements name: FreeBSD CI Py3.10 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$ files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.10/freebsd-crypto\.txt))$ pass_filenames: false args: @@ -724,7 +722,6 @@ repos: - id: pip-tools-compile alias: compile-ci-freebsd-crypto-3.11-requirements name: FreeBSD CI Py3.11 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$ files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.11/freebsd-crypto\.txt))$ pass_filenames: false args: @@ -739,7 +736,6 @@ repos: - id: pip-tools-compile alias: compile-ci-freebsd-crypto-3.12-requirements name: FreeBSD CI Py3.12 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$ files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/freebsd-crypto\.txt))$ pass_filenames: false args: @@ -960,6 +956,7 @@ repos: - --no-emit-index-url - requirements/static/ci/windows.in + - id: pip-tools-compile alias: compile-ci-windows-crypto-3.8-requirements name: Windows CI Py3.8 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.8/windows-crypto\.txt))$ diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index ca2632743a5..8e4d95ec3e8 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -79,7 +79,7 @@ cherrypy==18.8.0 # -r requirements/static/ci/common.in click==8.1.3 # via geomet -clr-loader==0.2.4 +clr-loader==0.2.6 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # pythonnet diff --git a/requirements/static/ci/py3.11/windows.txt b/requirements/static/ci/py3.11/windows.txt index 1b187910157..66d0a0b533a 100644 --- a/requirements/static/ci/py3.11/windows.txt +++ b/requirements/static/ci/py3.11/windows.txt @@ -79,7 +79,7 @@ cherrypy==18.8.0 # -r requirements/static/ci/common.in click==8.1.3 # via geomet -clr-loader==0.2.4 +clr-loader==0.2.6 # via # -c requirements/static/ci/../pkg/py3.11/windows.txt # pythonnet diff --git a/requirements/static/ci/py3.12/darwin.txt b/requirements/static/ci/py3.12/darwin.txt index 000fc8564fc..0179b23e592 100644 --- a/requirements/static/ci/py3.12/darwin.txt +++ b/requirements/static/ci/py3.12/darwin.txt @@ -6,10 +6,13 @@ # aiohttp==3.9.1 # via + # -c requirements/static/ci/../pkg/py3.12/darwin.txt # -r requirements/base.txt # etcd3-py aiosignal==1.3.1 - # via aiohttp + # via + # -c requirements/static/ci/../pkg/py3.12/darwin.txt + # aiohttp annotated-types==0.6.0 # via # -c requirements/static/ci/../pkg/py3.12/darwin.txt @@ -20,8 +23,9 @@ asn1crypto==1.5.1 # via # certvalidator # oscrypto -attrs==23.1.0 +attrs==23.2.0 # via + # -c requirements/static/ci/../pkg/py3.12/darwin.txt # aiohttp # jsonschema # pytest @@ -121,8 +125,9 @@ filelock==3.13.1 # via virtualenv flaky==3.7.0 # via -r requirements/pytest.txt -frozenlist==1.4.0 +frozenlist==1.4.1 # via + # -c requirements/static/ci/../pkg/py3.12/darwin.txt # aiohttp # aiosignal future==0.18.3 @@ -134,13 +139,9 @@ genshi==0.7.7 geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.10 - # via - # -c requirements/static/ci/../pkg/py3.12/darwin.txt - # gitpython + # via gitpython gitpython==3.1.41 - # via - # -c requirements/static/ci/../pkg/py3.12/darwin.txt - # -r requirements/static/ci/common.in + # via -r requirements/static/ci/common.in google-auth==2.19.1 # via kubernetes hglib==2.6.2 @@ -251,8 +252,9 @@ msgpack==1.0.7 # -c requirements/static/ci/../pkg/py3.12/darwin.txt # -r requirements/base.txt # pytest-salt-factories -multidict==6.0.2 +multidict==6.0.4 # via + # -c requirements/static/ci/../pkg/py3.12/darwin.txt # aiohttp # yarl napalm==4.1.0 ; sys_platform != "win32" @@ -556,8 +558,10 @@ yamllint==1.32.0 # via -r requirements/static/ci/darwin.in yamlordereddictloader==0.4.0 # via junos-eznc -yarl==1.9.2 - # via aiohttp +yarl==1.9.4 + # via + # -c requirements/static/ci/../pkg/py3.12/darwin.txt + # aiohttp zc.lockfile==3.0.post1 # via # -c requirements/static/ci/../pkg/py3.12/darwin.txt diff --git a/requirements/static/ci/py3.12/windows.txt b/requirements/static/ci/py3.12/windows.txt index 46b58f4e67c..e143d18ffec 100644 --- a/requirements/static/ci/py3.12/windows.txt +++ b/requirements/static/ci/py3.12/windows.txt @@ -2,24 +2,24 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --no-emit-index-url --output-file=requirements/static/ci/py3.11/windows.txt requirements/pytest.txt requirements/static/ci/common.in requirements/static/ci/windows.in requirements/static/pkg/windows.in requirements/windows.txt +# pip-compile --no-emit-index-url --output-file=requirements/static/ci/py3.12/windows.txt requirements/pytest.txt requirements/static/ci/common.in requirements/static/ci/windows.in requirements/static/pkg/windows.in requirements/windows.txt # aiohttp==3.9.1 - # via etcd3-py + # via + # -c requirements/static/ci/../pkg/py3.12/windows.txt + # -r requirements/base.txt + # etcd3-py aiosignal==1.3.1 - # via aiohttp - + # via + # -c requirements/static/ci/../pkg/py3.12/windows.txt + # aiohttp annotated-types==0.6.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # pydantic - -async-timeout==4.0.2 - # via aiohttp - - attrs==23.1.0 # via + # -c requirements/static/ci/../pkg/py3.12/windows.txt # aiohttp # jsonschema # pytest @@ -29,7 +29,7 @@ attrs==23.1.0 # pytest-system-statistics autocommand==2.2.2 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # jaraco.text bcrypt==4.0.1 # via -r requirements/static/ci/common.in @@ -50,13 +50,13 @@ cassandra-driver==3.28.0 # via -r requirements/static/ci/common.in certifi==2023.07.22 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/static/ci/common.in # kubernetes # requests cffi==1.16.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/static/ci/common.in # clr-loader # cryptography @@ -64,53 +64,49 @@ cffi==1.16.0 # pynacl charset-normalizer==3.2.0 # via - - # -c requirements/static/ci/../pkg/py3.11/windows.txt - # -c requirements/static/ci/../pkg/py3.12/windows.txt - # aiohttp - - # -c requirements/static/ci/../pkg/py3.12/windows.txt - # requests cheetah3==3.2.6.post1 # via -r requirements/static/ci/common.in cheroot==10.0.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # cherrypy cherrypy==18.8.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # -r requirements/static/ci/common.in click==8.1.3 # via geomet -clr-loader==0.2.4 +clr-loader==0.2.6 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # pythonnet clustershell==1.9.1 # via -r requirements/static/ci/common.in colorama==0.4.6 - # via pytest + # via + # click + # pytest contextvars==2.4 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt cryptography==41.0.7 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # etcd3-py # moto # pyopenssl + # pyspnego # requests-ntlm distlib==0.3.7 # via virtualenv distro==1.8.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # pytest-skip-markers dmidecode==0.9.0 @@ -129,59 +125,36 @@ flaky==3.7.0 # via -r requirements/pytest.txt frozenlist==1.4.0 # via + # -c requirements/static/ci/../pkg/py3.12/windows.txt # aiohttp # aiosignal genshi==0.7.7 # via -r requirements/static/ci/common.in geomet==0.2.1.post1 # via cassandra-driver - gitdb==4.0.10 # via gitpython gitpython==3.1.41 # via -r requirements/static/ci/common.in google-auth==2.19.1 - -gitdb==4.0.10 - # via - # -c requirements/static/ci/../pkg/py3.12/windows.txt - # gitpython -gitpython==3.1.41 - # via - # -c requirements/static/ci/../pkg/py3.12/windows.txt - # -r requirements/static/ci/common.in - # -r requirements/windows.txt -google-auth==2.19.1 - -gitdb==4.0.10 - # via - # -c requirements/static/ci/../pkg/py3.12/windows.txt - # gitpython -gitpython==3.1.41 - # via - # -c requirements/static/ci/../pkg/py3.12/windows.txt - # -r requirements/static/ci/common.in - # -r requirements/windows.txt -google-auth==2.19.1 - # via kubernetes idna==3.4 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # etcd3-py # requests # yarl immutables==0.15 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # contextvars importlib-metadata==6.6.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt inflect==7.0.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # jaraco.text iniconfig==2.0.0 # via pytest @@ -189,30 +162,30 @@ ipaddress==1.0.23 # via kubernetes jaraco.collections==4.1.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # cherrypy jaraco.context==4.3.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # jaraco.text jaraco.functools==3.7.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # cheroot # jaraco.text # tempora jaraco.text==3.11.1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # jaraco.collections jinja2==3.1.3 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # moto jmespath==1.0.1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # -r requirements/static/ci/common.in # boto3 @@ -227,28 +200,27 @@ kubernetes==3.0.0 # via -r requirements/static/ci/common.in looseversion==1.3.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt lxml==4.9.1 ; sys_platform == "win32" # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # xmldiff mako==1.2.4 # via -r requirements/static/ci/common.in markupsafe==2.1.3 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # jinja2 # mako - # moto # werkzeug mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.2.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/pytest.txt # cheroot # cherrypy @@ -258,18 +230,17 @@ moto==4.1.11 # via -r requirements/static/ci/common.in msgpack==1.0.7 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # pytest-salt-factories -multidict==6.0.2 +multidict==6.0.4 # via + # -c requirements/static/ci/../pkg/py3.12/windows.txt # aiohttp # yarl -ntlm-auth==1.5.0 - # via requests-ntlm packaging==23.1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # docker # pytest @@ -279,19 +250,17 @@ patch==1.16 # via -r requirements/static/ci/windows.in pathspec==0.11.1 # via yamllint -pathtools==0.1.2 - # via watchdog platformdirs==4.0.0 # via virtualenv pluggy==1.0.0 # via pytest portend==3.1.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # cherrypy psutil==5.9.6 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # pytest-salt-factories # pytest-shell-utilities @@ -304,45 +273,43 @@ pyasn1==0.4.8 # rsa pycparser==2.21 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # cffi pycryptodomex==3.19.1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/crypto.txt - pydantic-core==2.14.5 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # pydantic pydantic==2.5.2 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # inflect - - pyfakefs==5.3.1 # via -r requirements/pytest.txt - pygit2==1.13.1 # via -r requirements/static/ci/windows.in pymssql==2.2.7 ; sys_platform == "win32" # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt -pymysql==1.1.0 +pymysql==1.1.0 ; sys_platform == "win32" # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt pynacl==1.5.0 # via -r requirements/static/ci/common.in pyopenssl==23.2.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # etcd3-py pyrsistent==0.19.3 # via jsonschema +pyspnego==0.9.0 + # via requests-ntlm pytest-custom-exit-code==0.3.0 # via -r requirements/pytest.txt pytest-helpers-namespace==2021.12.29 @@ -380,7 +347,7 @@ pytest==7.2.0 # pytest-timeout python-dateutil==2.8.2 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # botocore # kubernetes @@ -389,22 +356,21 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.5.1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt pythonnet==3.0.3 ; sys_platform == "win32" # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt pytz==2023.3.post1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt - # moto + # -c requirements/static/ci/../pkg/py3.12/windows.txt # tempora pyvmomi==8.0.1.0.1 # via -r requirements/static/ci/common.in pywin32==306 ; sys_platform == "win32" # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # docker # pytest-skip-markers @@ -413,29 +379,29 @@ pywinrm==0.4.3 # via -r requirements/static/ci/windows.in pyyaml==6.0.1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # clustershell # kubernetes # pytest-salt-factories + # responses # yamllint pyzmq==25.1.1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/zeromq.txt # pytest-salt-factories requests-ntlm==1.2.0 # via pywinrm requests==2.31.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt # -r requirements/static/ci/common.in # docker # etcd3-py # kubernetes # moto - # pyvmomi # pywinrm # requests-ntlm # responses @@ -453,46 +419,50 @@ semantic-version==2.10.0 # via etcd3-py setproctitle==1.3.2 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt six==1.15.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # cassandra-driver # etcd3-py # genshi # geomet + # google-auth # jsonschema # junit-xml # kubernetes # python-dateutil # pyvmomi # pywinrm - # responses # websocket-client smmap==5.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in +sspilib==0.1.0 + # via pyspnego strict-rfc3339==0.7 # via -r requirements/static/ci/common.in tempora==5.3.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # portend timelib==0.3.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt toml==0.10.2 # via -r requirements/static/ci/common.in tornado==6.3.3 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt +types-pyyaml==6.0.12.12 + # via responses typing-extensions==4.8.0 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # inflect # pydantic # pydantic-core @@ -500,12 +470,14 @@ typing-extensions==4.8.0 # pytest-system-statistics urllib3==1.26.18 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # botocore # docker + # google-auth # kubernetes # python-etcd # requests + # responses virtualenv==20.24.7 # via # -r requirements/static/ci/common.in @@ -524,7 +496,7 @@ werkzeug==3.0.1 # pytest-httpserver wmi==1.5.1 ; sys_platform == "win32" # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # -r requirements/base.txt xmldiff==2.6.3 # via -r requirements/static/ci/common.in @@ -534,15 +506,17 @@ xmltodict==0.13.0 # pywinrm yamllint==1.32.0 # via -r requirements/static/ci/windows.in -yarl==1.9.2 - # via aiohttp +yarl==1.9.4 + # via + # -c requirements/static/ci/../pkg/py3.12/windows.txt + # aiohttp zc.lockfile==3.0.post1 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # cherrypy zipp==3.16.2 # via - # -c requirements/static/ci/../pkg/py3.11/windows.txt + # -c requirements/static/ci/../pkg/py3.12/windows.txt # importlib-metadata # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index e881a257749..0b75ee9a840 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -14,7 +14,7 @@ mccabe==0.6.1 # via pylint modernize==0.5 # via saltpylint -pycodestyle==2.5.0 +pycodestyle==2.10.0 # via saltpylint pylint==2.4.4 # via diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 50159ecb720..dc65533d3a4 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -79,7 +79,7 @@ cherrypy==18.8.0 # -r requirements/static/ci/common.in click==8.1.3 # via geomet -clr-loader==0.2.4 +clr-loader==0.2.6 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # pythonnet diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 22e06193850..13375d3d20e 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -14,7 +14,7 @@ mccabe==0.6.1 # via pylint modernize==0.5 # via saltpylint -pycodestyle==2.5.0 +pycodestyle==2.10.0 # via saltpylint pylint==2.4.4 # via diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 47dddeb890c..fb8f1a1f500 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -79,7 +79,7 @@ cherrypy==18.8.0 # -r requirements/static/ci/common.in click==8.1.3 # via geomet -clr-loader==0.2.4 +clr-loader==0.2.6 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # pythonnet diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 7f521b906e6..308a473306d 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -26,7 +26,7 @@ cheroot==10.0.0 # via cherrypy cherrypy==18.8.0 # via -r requirements/base.txt -clr-loader==0.2.4 +clr-loader==0.2.6 # via pythonnet contextvars==2.4 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.11/windows.txt b/requirements/static/pkg/py3.11/windows.txt index db1c9c3f048..2a7503be004 100644 --- a/requirements/static/pkg/py3.11/windows.txt +++ b/requirements/static/pkg/py3.11/windows.txt @@ -26,7 +26,7 @@ cheroot==10.0.0 # via cherrypy cherrypy==18.8.0 # via -r requirements/base.txt -clr-loader==0.2.4 +clr-loader==0.2.6 # via pythonnet contextvars==2.4 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.12/darwin.txt b/requirements/static/pkg/py3.12/darwin.txt index c37f7896beb..44a4c3a1b3c 100644 --- a/requirements/static/pkg/py3.12/darwin.txt +++ b/requirements/static/pkg/py3.12/darwin.txt @@ -2,10 +2,16 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --no-emit-index-url --output-file=requirements/static/pkg/py3.11/darwin.txt requirements/darwin.txt requirements/static/pkg/darwin.in +# pip-compile --no-emit-index-url --output-file=requirements/static/pkg/py3.12/darwin.txt requirements/darwin.txt requirements/static/pkg/darwin.in # +aiohttp==3.9.1 + # via -r requirements/base.txt +aiosignal==1.3.1 + # via aiohttp annotated-types==0.6.0 # via pydantic +attrs==23.2.0 + # via aiohttp autocommand==2.2.2 # via jaraco.text certifi==2023.07.22 @@ -26,28 +32,14 @@ cryptography==41.0.7 # pyopenssl distro==1.8.0 # via -r requirements/base.txt - -idna==3.4 - # via requests - -gitdb==4.0.10 - # via gitpython -gitpython==3.1.41 - # via -r requirements/darwin.txt +frozenlist==1.4.1 + # via + # aiohttp + # aiosignal idna==3.4 # via - # -r requirements/darwin.txt # requests - -gitdb==4.0.10 - # via gitpython -gitpython==3.1.41 - # via -r requirements/darwin.txt -idna==3.4 - # via - # -r requirements/darwin.txt - # requests - + # yarl immutables==0.15 # via contextvars importlib-metadata==6.6.0 @@ -83,6 +75,10 @@ more-itertools==8.2.0 # jaraco.text msgpack==1.0.7 # via -r requirements/base.txt +multidict==6.0.4 + # via + # aiohttp + # yarl packaging==23.1 # via -r requirements/base.txt portend==3.1.0 @@ -90,20 +86,8 @@ portend==3.1.0 psutil==5.9.6 # via -r requirements/base.txt pycparser==2.21 - # via cffi pycryptodomex==3.19.1 - - # via - # -r requirements/darwin.txt - # cffi -pycryptodomex==3.19.1 - - # via - # -r requirements/darwin.txt - # cffi -pycryptodomex==3.19.1 - # via -r requirements/crypto.txt pydantic-core==2.14.5 # via pydantic @@ -140,6 +124,8 @@ typing-extensions==4.8.0 # pydantic-core urllib3==1.26.18 # via requests +yarl==1.9.4 + # via aiohttp zc.lockfile==3.0.post1 # via cherrypy zipp==3.16.2 diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 0c95a946b50..6c0e56657bf 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -26,7 +26,7 @@ cheroot==10.0.0 # via cherrypy cherrypy==18.8.0 # via -r requirements/base.txt -clr-loader==0.2.4 +clr-loader==0.2.6 # via pythonnet contextvars==2.4 # via -r requirements/base.txt diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index e2439c2ceb7..02cedc205a2 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -26,7 +26,7 @@ cheroot==10.0.0 # via cherrypy cherrypy==18.8.0 # via -r requirements/base.txt -clr-loader==0.2.4 +clr-loader==0.2.6 # via pythonnet contextvars==2.4 # via -r requirements/base.txt From 2316440b3206f7eceb8a6b9880796e3df687eb6a Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 16 Jan 2024 17:41:00 +0000 Subject: [PATCH 15/21] Missed change in 5ea3bf3a9dbd7e128cf8a899b6c06958cdfcbf36 Signed-off-by: Pedro Algarvio --- tools/pkg/build.py | 10 ++++++++-- tools/pkg/repo/create.py | 2 +- tools/release.py | 6 +++--- tools/testsuite/download.py | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/tools/pkg/build.py b/tools/pkg/build.py index 37210e8fa52..e63823551bc 100644 --- a/tools/pkg/build.py +++ b/tools/pkg/build.py @@ -486,7 +486,10 @@ def onedir_dependencies( assert package_name is not None assert platform is not None - if platform not in ("macos", "darwin") and arch == "arm64": + if platform == "darwin": + platform = "macos" + + if platform != "macos" and arch == "arm64": arch = "aarch64" shared_constants = _get_shared_constants() @@ -625,6 +628,9 @@ def salt_onedir( assert platform is not None assert package_name is not None + if platform == "darwin": + platform = "macos" + shared_constants = _get_shared_constants() if not relenv_version: relenv_version = shared_constants["relenv_version"] @@ -706,7 +712,7 @@ def salt_onedir( str(salt_archive), env=env, ) - if platform == "darwin": + if platform == "macos": def errfn(fn, path, err): ctx.info(f"Removing {path} failed: {err}") diff --git a/tools/pkg/repo/create.py b/tools/pkg/repo/create.py index 382ffdd0998..bc36463bbf6 100644 --- a/tools/pkg/repo/create.py +++ b/tools/pkg/repo/create.py @@ -904,7 +904,7 @@ def _create_onedir_based_repo( if distro == "onedir": if "-onedir-linux-" in dpath.name.lower(): release_os = "linux" - elif "-onedir-darwin-" in dpath.name.lower(): + elif "-onedir-macos-" in dpath.name.lower(): release_os = "macos" elif "-onedir-windows-" in dpath.name.lower(): release_os = "windows" diff --git a/tools/release.py b/tools/release.py index cc17938d453..b338721f8bc 100644 --- a/tools/release.py +++ b/tools/release.py @@ -131,13 +131,13 @@ def download_onedir_artifact( Download onedir artifact from staging bucket. """ s3 = boto3.client("s3") - if platform == "macos": - platform = "darwin" + if platform == "darwin": + platform = "macos" if arch == "arm64": arch = "aarch64" arch = arch.lower() platform = platform.lower() - if platform in ("linux", "darwin") and arch not in ("x86_64", "aarch64"): + if platform in ("linux", "macos") and arch not in ("x86_64", "aarch64"): ctx.error( f"The 'arch' value for {platform} must be one of: 'x86_64', 'aarch64', 'arm64'" ) diff --git a/tools/testsuite/download.py b/tools/testsuite/download.py index e9800e0a775..453cbef299f 100644 --- a/tools/testsuite/download.py +++ b/tools/testsuite/download.py @@ -38,7 +38,7 @@ download = command_group( }, "platform": { "help": "The onedir platform artifact to download", - "choices": ("linux", "darwin", "windows"), + "choices": ("linux", "macos", "windows"), "required": True, }, "arch": { From 15d885952ad3ead510009087956199b237eeb913 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 16 Jan 2024 18:24:40 +0000 Subject: [PATCH 16/21] Fix build RPM repository Signed-off-by: Pedro Algarvio --- .github/workflows/build-packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 6e1ec435da0..d174c054b39 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -335,7 +335,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: ${{ steps.set-artifact-name.outputs.artifact-name }} - path: ~/rpmbuild/RPMS/*/*.rpm + path: ~/rpmbuild/RPMS/${{ matrix.arch }}/*.rpm retention-days: 7 if-no-files-found: error From 874a0726e415c04c48ab01c84a1f909fd32e18b8 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 16 Jan 2024 21:54:00 +0000 Subject: [PATCH 17/21] Fix build RPM repository. Signed-off-by: Pedro Algarvio --- .github/workflows/build-packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index d174c054b39..5cd7d949e6e 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -335,7 +335,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: ${{ steps.set-artifact-name.outputs.artifact-name }} - path: ~/rpmbuild/RPMS/${{ matrix.arch }}/*.rpm + path: ~/rpmbuild/RPMS/${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}/*.rpm retention-days: 7 if-no-files-found: error From 519755d4e7eefd6fff1c26e2a9d40e61af3421f4 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 17 Jan 2024 06:04:09 +0000 Subject: [PATCH 18/21] Fix RPM build repository for aarch64 Signed-off-by: Pedro Algarvio --- .github/workflows/nightly.yml | 2 +- .github/workflows/staging.yml | 2 +- .../templates/build-rpm-repo.yml.jinja | 38 +------------------ tools/precommit/workflows.py | 12 ++++++ 4 files changed, 16 insertions(+), 38 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 8c5285dc124..5a7d03ca1fa 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -2545,7 +2545,7 @@ jobs: - name: Download RPM Packages uses: actions/download-artifact@v3 with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}-rpm path: artifacts/pkgs/incoming - name: Setup GnuPG diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 1f7644f5bc1..28afc26a243 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -2390,7 +2390,7 @@ jobs: - name: Download RPM Packages uses: actions/download-artifact@v3 with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}-rpm path: artifacts/pkgs/incoming - name: Setup GnuPG diff --git a/.github/workflows/templates/build-rpm-repo.yml.jinja b/.github/workflows/templates/build-rpm-repo.yml.jinja index 4c785c82b1d..9f8ca8668be 100644 --- a/.github/workflows/templates/build-rpm-repo.yml.jinja +++ b/.github/workflows/templates/build-rpm-repo.yml.jinja @@ -3,41 +3,7 @@ fail-fast: false matrix: include: - <%- for distro, version, arch in ( - ("amazon", "2", "x86_64"), - ("amazon", "2", "arm64"), - ("amazon", "2", "aarch64"), - ("amazon", "2023", "x86_64"), - ("amazon", "2023", "arm64"), - ("amazon", "2023", "aarch64"), - ("redhat", "7", "x86_64"), - ("redhat", "7", "arm64"), - ("redhat", "7", "aarch64"), - ("redhat", "8", "x86_64"), - ("redhat", "8", "arm64"), - ("redhat", "8", "aarch64"), - ("redhat", "9", "x86_64"), - ("redhat", "9", "arm64"), - ("redhat", "9", "aarch64"), - ("fedora", "36", "x86_64"), - ("fedora", "36", "arm64"), - ("fedora", "36", "aarch64"), - ("fedora", "37", "x86_64"), - ("fedora", "37", "arm64"), - ("fedora", "37", "aarch64"), - ("fedora", "38", "x86_64"), - ("fedora", "38", "arm64"), - ("fedora", "38", "aarch64"), - ("photon", "3", "x86_64"), - ("photon", "3", "arm64"), - ("photon", "3", "aarch64"), - ("photon", "4", "x86_64"), - ("photon", "4", "arm64"), - ("photon", "4", "aarch64"), - ("photon", "5", "x86_64"), - ("photon", "5", "arm64"), - ("photon", "5", "aarch64"), - ) %> + <%- for distro, version, arch in build_rpms_listing %> - pkg-type: rpm distro: <{ distro }> version: "<{ version }>" @@ -66,7 +32,7 @@ - name: Download RPM Packages uses: actions/download-artifact@v3 with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}-rpm path: artifacts/pkgs/incoming - name: Setup GnuPG diff --git a/tools/precommit/workflows.py b/tools/precommit/workflows.py index f75c40df120..3dd1746d400 100644 --- a/tools/precommit/workflows.py +++ b/tools/precommit/workflows.py @@ -252,6 +252,17 @@ def generate_workflows(ctx: Context): for _, arch, _ in test_salt_pkg_downloads_listing[platform]: test_salt_pkg_downloads_needs_slugs.add("build-ci-deps") + build_rpms_listing = [] + for distro, releases in ( + ("amazon", ("2", "2023")), + ("redhat", ("7", "8", "9")), + ("fedora", ("36", "37", "38")), + ("photon", ("3", "4", "5")), + ): + for release in releases: + for arch in ("x86_64", "arm64", "aarch64"): + build_rpms_listing.append((distro, release, arch)) + env = Environment( block_start_string="<%", block_end_string="%>", @@ -293,6 +304,7 @@ def generate_workflows(ctx: Context): "test_salt_pkg_downloads_needs_slugs": sorted( test_salt_pkg_downloads_needs_slugs ), + "build_rpms_listing": build_rpms_listing, } shared_context_file = ( tools.utils.REPO_ROOT / "cicd" / "shared-gh-workflows-context.yml" From 51f2b0b0c1a5f67acb9fdf0d50df63305c8523d2 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 17 Jan 2024 06:10:32 +0000 Subject: [PATCH 19/21] Define the DEBs listing outside of the template Signed-off-by: Pedro Algarvio --- .../workflows/templates/build-deb-repo.yml.jinja | 13 +------------ tools/precommit/workflows.py | 10 ++++++++++ 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/templates/build-deb-repo.yml.jinja b/.github/workflows/templates/build-deb-repo.yml.jinja index ac0bc159da4..4b8edb516b2 100644 --- a/.github/workflows/templates/build-deb-repo.yml.jinja +++ b/.github/workflows/templates/build-deb-repo.yml.jinja @@ -3,18 +3,7 @@ fail-fast: false matrix: include: - <%- for distro, version, arch in ( - ("debian", "10", "x86_64"), - ("debian", "10", "arm64"), - ("debian", "11", "x86_64"), - ("debian", "11", "arm64"), - ("debian", "12", "x86_64"), - ("debian", "12", "arm64"), - ("ubuntu", "20.04", "x86_64"), - ("ubuntu", "20.04", "arm64"), - ("ubuntu", "22.04", "x86_64"), - ("ubuntu", "22.04", "arm64"), - ) %> + <%- for distro, version, arch in build_debs_listing %> - pkg-type: deb distro: <{ distro }> version: "<{ version }>" diff --git a/tools/precommit/workflows.py b/tools/precommit/workflows.py index 3dd1746d400..e76b77564b3 100644 --- a/tools/precommit/workflows.py +++ b/tools/precommit/workflows.py @@ -263,6 +263,15 @@ def generate_workflows(ctx: Context): for arch in ("x86_64", "arm64", "aarch64"): build_rpms_listing.append((distro, release, arch)) + build_debs_listing = [] + for distro, releases in ( + ("debian", ("10", "11", "12")), + ("ubuntu", ("20.04", "22.04")), + ): + for release in releases: + for arch in ("x86_64", "arm64"): + build_debs_listing.append((distro, release, arch)) + env = Environment( block_start_string="<%", block_end_string="%>", @@ -305,6 +314,7 @@ def generate_workflows(ctx: Context): test_salt_pkg_downloads_needs_slugs ), "build_rpms_listing": build_rpms_listing, + "build_debs_listing": build_debs_listing, } shared_context_file = ( tools.utils.REPO_ROOT / "cicd" / "shared-gh-workflows-context.yml" From 91718dd8c94b1d25386443979423eaf45b83bd5f Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 17 Jan 2024 06:25:34 +0000 Subject: [PATCH 20/21] Set `PIP_DISABLE_PIP_VERSION_CHECK=1` on CI workflows Signed-off-by: Pedro Algarvio --- .github/workflows/build-deps-ci-action.yml | 1 + .github/workflows/build-deps-onedir.yml | 1 + .github/workflows/build-docs.yml | 1 + .github/workflows/build-packages.yml | 1 + .github/workflows/build-salt-onedir.yml | 1 + .github/workflows/ci.yml | 1 + .github/workflows/lint-action.yml | 1 + .github/workflows/nightly.yml | 1 + .github/workflows/release.yml | 1 + .github/workflows/scheduled.yml | 1 + .github/workflows/staging.yml | 1 + .github/workflows/templates/build-deps-ci-action.yml.jinja | 1 + .github/workflows/templates/layout.yml.jinja | 1 + .../workflows/templates/test-package-downloads-action.yml.jinja | 1 + .github/workflows/test-action-linux.yml | 1 + .github/workflows/test-action-macos.yml | 1 + .github/workflows/test-action-windows.yml | 1 + .github/workflows/test-package-downloads-action.yml | 1 + .github/workflows/test-packages-action-linux.yml | 1 + .github/workflows/test-packages-action-macos.yml | 1 + .github/workflows/test-packages-action-windows.yml | 1 + 21 files changed, 21 insertions(+) diff --git a/.github/workflows/build-deps-ci-action.yml b/.github/workflows/build-deps-ci-action.yml index fcdd9f37714..672a7a9a799 100644 --- a/.github/workflows/build-deps-ci-action.yml +++ b/.github/workflows/build-deps-ci-action.yml @@ -42,6 +42,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/build-deps-onedir.yml b/.github/workflows/build-deps-onedir.yml index d99fc0e2461..41d6f0260fe 100644 --- a/.github/workflows/build-deps-onedir.yml +++ b/.github/workflows/build-deps-onedir.yml @@ -34,6 +34,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index a2692d7ac1f..20894f35b45 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -19,6 +19,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: build: diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5cd7d949e6e..945ed07064e 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -41,6 +41,7 @@ env: COLUMNS: 190 PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/build-salt-onedir.yml b/.github/workflows/build-salt-onedir.yml index eb807bd7fed..7e3a6dc2807 100644 --- a/.github/workflows/build-salt-onedir.yml +++ b/.github/workflows/build-salt-onedir.yml @@ -34,6 +34,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f6f51eec55e..92a2e8caa34 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,7 @@ env: COLUMNS: 190 CACHE_SEED: SEED-7 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" + PIP_DISABLE_PIP_VERSION_CHECK: "1" permissions: contents: read # for dorny/paths-filter to fetch a list of changed files diff --git a/.github/workflows/lint-action.yml b/.github/workflows/lint-action.yml index fb414dd9610..6f177667129 100644 --- a/.github/workflows/lint-action.yml +++ b/.github/workflows/lint-action.yml @@ -13,6 +13,7 @@ on: env: PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5a7d03ca1fa..9aa9a2a22bc 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -24,6 +24,7 @@ env: COLUMNS: 190 CACHE_SEED: SEED-7 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" + PIP_DISABLE_PIP_VERSION_CHECK: "1" permissions: contents: read # for dorny/paths-filter to fetch a list of changed files diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b2f738ab900..74fa46c6888 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,7 @@ env: COLUMNS: 190 CACHE_SEED: SEED-7 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" + PIP_DISABLE_PIP_VERSION_CHECK: "1" permissions: contents: write # To be able to publish the release diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index 80c78a80e88..7d9bb9f8e6d 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -14,6 +14,7 @@ env: COLUMNS: 190 CACHE_SEED: SEED-7 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" + PIP_DISABLE_PIP_VERSION_CHECK: "1" permissions: contents: read # for dorny/paths-filter to fetch a list of changed files diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 28afc26a243..228644d822f 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -39,6 +39,7 @@ env: COLUMNS: 190 CACHE_SEED: SEED-7 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" + PIP_DISABLE_PIP_VERSION_CHECK: "1" permissions: contents: read # for dorny/paths-filter to fetch a list of changed files diff --git a/.github/workflows/templates/build-deps-ci-action.yml.jinja b/.github/workflows/templates/build-deps-ci-action.yml.jinja index 100edcab7c4..2d72b1a5e91 100644 --- a/.github/workflows/templates/build-deps-ci-action.yml.jinja +++ b/.github/workflows/templates/build-deps-ci-action.yml.jinja @@ -42,6 +42,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/templates/layout.yml.jinja b/.github/workflows/templates/layout.yml.jinja index dd0d97c427d..a005668d7e5 100644 --- a/.github/workflows/templates/layout.yml.jinja +++ b/.github/workflows/templates/layout.yml.jinja @@ -36,6 +36,7 @@ env: COLUMNS: 190 CACHE_SEED: SEED-7 # Bump the number to invalidate all caches RELENV_DATA: "${{ github.workspace }}/.relenv" + PIP_DISABLE_PIP_VERSION_CHECK: "1" <%- endblock env %> diff --git a/.github/workflows/templates/test-package-downloads-action.yml.jinja b/.github/workflows/templates/test-package-downloads-action.yml.jinja index 5fe5d927d20..30aa6561009 100644 --- a/.github/workflows/templates/test-package-downloads-action.yml.jinja +++ b/.github/workflows/templates/test-package-downloads-action.yml.jinja @@ -54,6 +54,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/test-action-linux.yml b/.github/workflows/test-action-linux.yml index c1399e56fbf..bc1c0d7f218 100644 --- a/.github/workflows/test-action-linux.yml +++ b/.github/workflows/test-action-linux.yml @@ -77,6 +77,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/test-action-macos.yml b/.github/workflows/test-action-macos.yml index 9c731f2bd27..a6d6bbf9ca2 100644 --- a/.github/workflows/test-action-macos.yml +++ b/.github/workflows/test-action-macos.yml @@ -70,6 +70,7 @@ env: COLUMNS: 190 PIP_INDEX_URL: "https://pypi-proxy.saltstack.net/root/local/+simple/" PIP_EXTRA_INDEX_URL: "https://pypi.org/simple" + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/test-action-windows.yml b/.github/workflows/test-action-windows.yml index d430baab46a..bdf11a29abd 100644 --- a/.github/workflows/test-action-windows.yml +++ b/.github/workflows/test-action-windows.yml @@ -77,6 +77,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/test-package-downloads-action.yml b/.github/workflows/test-package-downloads-action.yml index 21093ca3a51..0146881e54f 100644 --- a/.github/workflows/test-package-downloads-action.yml +++ b/.github/workflows/test-package-downloads-action.yml @@ -54,6 +54,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/test-packages-action-linux.yml b/.github/workflows/test-packages-action-linux.yml index 042f790c072..daca46c243d 100644 --- a/.github/workflows/test-packages-action-linux.yml +++ b/.github/workflows/test-packages-action-linux.yml @@ -71,6 +71,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/test-packages-action-macos.yml b/.github/workflows/test-packages-action-macos.yml index 95da028d3e3..1e46737cc8f 100644 --- a/.github/workflows/test-packages-action-macos.yml +++ b/.github/workflows/test-packages-action-macos.yml @@ -64,6 +64,7 @@ env: COLUMNS: 190 PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: diff --git a/.github/workflows/test-packages-action-windows.yml b/.github/workflows/test-packages-action-windows.yml index dc8c290c9fb..62203dfd8d5 100644 --- a/.github/workflows/test-packages-action-windows.yml +++ b/.github/workflows/test-packages-action-windows.yml @@ -71,6 +71,7 @@ env: AWS_RETRY_MODE: "adaptive" PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ PIP_EXTRA_INDEX_URL: https://pypi.org/simple + PIP_DISABLE_PIP_VERSION_CHECK: "1" jobs: From 20422ec3d1981111ac5442d860d5b2824efa17e8 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 16 Jan 2024 12:41:10 +0000 Subject: [PATCH 21/21] Dedupe & fix tests from merge-forward Signed-off-by: Pedro Algarvio --- tests/pytests/unit/crypt/__init__.py | 113 +++++ tests/pytests/unit/crypt/conftest.py | 13 + tests/pytests/unit/crypt/test_crypt.py | 442 +----------------- .../unit/crypt/test_crypt_cryptodome.py | 98 ++-- .../pytests/unit/crypt/test_crypt_m2crypto.py | 104 ++++- tests/unit/test_crypt.py | 241 ---------- 6 files changed, 288 insertions(+), 723 deletions(-) create mode 100644 tests/pytests/unit/crypt/conftest.py delete mode 100644 tests/unit/test_crypt.py diff --git a/tests/pytests/unit/crypt/__init__.py b/tests/pytests/unit/crypt/__init__.py index d8427ce59ac..7e3944aea08 100644 --- a/tests/pytests/unit/crypt/__init__.py +++ b/tests/pytests/unit/crypt/__init__.py @@ -56,3 +56,116 @@ SIG = ( b"\x98\x8a\x8a&#\xb9(#?\x80\x15\x9eW\xb5\x12\xd1\x95S\xf2\xc3A\xed\x86x~\xcfU\xd5Q\xfe~\x10\xd2\x9b" ) + +SIGNATURE = ( + b"w\xac\xfe18o\xeb\xfb\x14+\x9e\xd1\xb7\x7fe}\xec\xd6\xe1P\x9e\xab" + b"\xb5\x07\xe0\xc1\xfd\xda#\x04Z\x8d\x7f\x0b\x1f}:~\xb2s\x860u\x02N" + b'\xd4q"\xb7\x86*\x8f\x1f\xd0\x9d\x11\x92\xc5~\xa68\xac>\x12H\xc2%y,' + b"\xe6\xceU\x1e\xa3?\x0c,\xf0u\xbb\xd0[g_\xdd\x8b\xb0\x95:Y\x18\xa5*" + b"\x99\xfd\xf3K\x92\x92 ({\xd1\xff\xd9F\xc8\xd6K\x86e\xf9\xa8\xad\xb0z" + b"\xe3\x9dD\xf5k\x8b_<\xe7\xe7\xec\xf3\"'\xd5\xd2M\xb4\xce\x1a\xe3$" + b"\x9c\x81\xad\xf9\x11\xf6\xf5>)\xc7\xdd\x03&\xf7\x86@ks\xa6\x05\xc2" + b"\xd0\xbd\x1a7\xfc\xde\xe6\xb0\xad!\x12#\xc86Y\xea\xc5\xe3\xe2\xb3" + b"\xc9\xaf\xfa\x0c\xf2?\xbf\x93w\x18\x9e\x0b\xa2a\x10:M\x05\x89\xe2W.Q" + b"\xe8;yGT\xb1\xf2\xc6A\xd2\xc4\xbeN\xb3\xcfS\xaf\x03f\xe2\xb4)\xe7\xf6" + b'\xdbs\xd0Z}8\xa4\xd2\x1fW*\xe6\x1c"\x8b\xd0\x18w\xb9\x7f\x9e\x96\xa3' + b"\xd9v\xf7\x833\x8e\x01" +) + +TEST_KEY = ( + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtFhsvfbFDFaUgulSEX\n" + "Gl12XriL1DT78Ef2/u8HHaSMmPie37BLWas/zaHwI6066bIyYQJ/nUCahTaoHM7L\n" + "GlWc0wOU6zyfpihCRQHil05Y6F+olFBoZuYbFPvtp7/hJx/D7I/0n2o/c7M5i3Y2\n" + "3sBxAYNooIQHXHUmPQW6C9iu95ylZDW8JQzYy/EI4vCC8yQMdTK8jK1FQV0Sbwny\n" + "qcMxSyAWDoFbnhh2P2TnO8HOWuUOaXR8ZHOJzVcDl+a6ew+medW090x3K5O1f80D\n" + "+WjgnG6b2HG7VQpOCfM2GALD/FrxicPilvZ38X1aLhJuwjmVE4LAAv8DVNJXohaO\n" + "WQIDAQAB\n" + "-----END RSA PUBLIC KEY-----\n" +) + +PRIV_KEY = """ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAoAsMPt+4kuIG6vKyw9r3+OuZrVBee/2vDdVetW+Js5dTlgrJ +aghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLnyHNJ/HpVhMG0M07MF6FMfILtDrrt8 +ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+fu6HYwu96HggmG2pqkOrn3iGfqBvV +YVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpef8vRUrNicRLc7dAcvfhtgt2DXEZ2 +d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvTIIPQIjR8htFxGTz02STVXfnhnJ0Z +k8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cYOwIDAQABAoIBABZUJEO7Y91+UnfC +H6XKrZEZkcnH7j6/UIaOD9YhdyVKxhsnax1zh1S9vceNIgv5NltzIsfV6vrb6v2K +Dx/F7Z0O0zR5o+MlO8ZncjoNKskex10gBEWG00Uqz/WPlddiQ/TSMJTv3uCBAzp+ +S2Zjdb4wYPUlgzSgb2ygxrhsRahMcSMG9PoX6klxMXFKMD1JxiY8QfAHahPzQXy9 +F7COZ0fCVo6BE+MqNuQ8tZeIxu8mOULQCCkLFwXmkz1FpfK/kNRmhIyhxwvCS+z4 +JuErW3uXfE64RLERiLp1bSxlDdpvRO2R41HAoNELTsKXJOEt4JANRHm/CeyA5wsh +NpscufUCgYEAxhgPfcMDy2v3nL6KtkgYjdcOyRvsAF50QRbEa8ldO+87IoMDD/Oe +osFERJ5hhyyEO78QnaLVegnykiw5DWEF02RKMhD/4XU+1UYVhY0wJjKQIBadsufB +2dnaKjvwzUhPh5BrBqNHl/FXwNCRDiYqXa79eWCPC9OFbZcUWWq70s8CgYEAztOI +61zRfmXJ7f70GgYbHg+GA7IrsAcsGRITsFR82Ho0lqdFFCxz7oK8QfL6bwMCGKyk +nzk+twh6hhj5UNp18KN8wktlo02zTgzgemHwaLa2cd6xKgmAyuPiTgcgnzt5LVNG +FOjIWkLwSlpkDTl7ZzY2QSy7t+mq5d750fpIrtUCgYBWXZUbcpPL88WgDB7z/Bjg +dlvW6JqLSqMK4b8/cyp4AARbNp12LfQC55o5BIhm48y/M70tzRmfvIiKnEc/gwaE +NJx4mZrGFFURrR2i/Xx5mt/lbZbRsmN89JM+iKWjCpzJ8PgIi9Wh9DIbOZOUhKVB +9RJEAgo70LvCnPTdS0CaVwKBgDJW3BllAvw/rBFIH4OB/vGnF5gosmdqp3oGo1Ik +jipmPAx6895AH4tquIVYrUl9svHsezjhxvjnkGK5C115foEuWXw0u60uiTiy+6Pt +2IS0C93VNMulenpnUrppE7CN2iWFAiaura0CY9fE/lsVpYpucHAWgi32Kok+ZxGL +WEttAoGAN9Ehsz4LeQxEj3x8wVeEMHF6OsznpwYsI2oVh6VxpS4AjgKYqeLVcnNi +TlZFsuQcqgod8OgzA91tdB+Rp86NygmWD5WzeKXpCOg9uA+y/YL+0sgZZHsuvbK6 +PllUgXdYxqClk/hdBFB7v9AQoaj7K9Ga22v32msftYDQRJ94xOI= +-----END RSA PRIVATE KEY----- +""" + + +PUB_KEY = """ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAsMPt+4kuIG6vKyw9r3 ++OuZrVBee/2vDdVetW+Js5dTlgrJaghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLny +HNJ/HpVhMG0M07MF6FMfILtDrrt8ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+f +u6HYwu96HggmG2pqkOrn3iGfqBvVYVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpe +f8vRUrNicRLc7dAcvfhtgt2DXEZ2d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvT +IIPQIjR8htFxGTz02STVXfnhnJ0Zk8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cY +OwIDAQAB +-----END PUBLIC KEY----- +""" + +PRIV_KEY2 = """ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAp+8cTxguO6Vg+YO92VfHgNld3Zy8aM3JbZvpJcjTnis+YFJ7 +Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvTsMBZWvmUoEVUj1Xg8XXQkBvb9Ozy +Gqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc2cKeCVvWFqDi0GRFGzyaXLaX3PPm +M7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbuT1OqDfufXWQl/82JXeiwU2cOpqWq +7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww3oJSwvMbAmgzvOhqqhlqv+K7u0u7 +FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQbQIDAQABAoIBAADrqWDQnd5DVZEA +lR+WINiWuHJAy/KaIC7K4kAMBgbxrz2ZbiY9Ok/zBk5fcnxIZDVtXd1sZicmPlro +GuWodIxdPZAnWpZ3UtOXUayZK/vCP1YsH1agmEqXuKsCu6Fc+K8VzReOHxLUkmXn +FYM+tixGahXcjEOi/aNNTWitEB6OemRM1UeLJFzRcfyXiqzHpHCIZwBpTUAsmzcG +QiVDkMTKubwo/m+PVXburX2CGibUydctgbrYIc7EJvyx/cpRiPZXo1PhHQWdu4Y1 +SOaC66WLsP/wqvtHo58JQ6EN/gjSsbAgGGVkZ1xMo66nR+pLpR27coS7o03xCks6 +DY/0mukCgYEAuLIGgBnqoh7YsOBLd/Bc1UTfDMxJhNseo+hZemtkSXz2Jn51322F +Zw/FVN4ArXgluH+XsOhvG/MFFpojwZSrb0Qq5b1MRdo9qycq8lGqNtlN1WHqosDQ +zW29kpL0tlRrSDpww3wRESsN9rH5XIrJ1b3ZXuO7asR+KBVQMy/+NcUCgYEA6MSC +c+fywltKPgmPl5j0DPoDe5SXE/6JQy7w/vVGrGfWGf/zEJmhzS2R+CcfTTEqaT0T +Yw8+XbFgKAqsxwtE9MUXLTVLI3sSUyE4g7blCYscOqhZ8ItCUKDXWkSpt++rG0Um +1+cEJP/0oCazG6MWqvBC4NpQ1nzh46QpjWqMwokCgYAKDLXJ1p8rvx3vUeUJW6zR +dfPlEGCXuAyMwqHLxXgpf4EtSwhC5gSyPOtx2LqUtcrnpRmt6JfTH4ARYMW9TMef +QEhNQ+WYj213mKP/l235mg1gJPnNbUxvQR9lkFV8bk+AGJ32JRQQqRUTbU+yN2MQ +HEptnVqfTp3GtJIultfwOQKBgG+RyYmu8wBP650izg33BXu21raEeYne5oIqXN+I +R5DZ0JjzwtkBGroTDrVoYyuH1nFNEh7YLqeQHqvyufBKKYo9cid8NQDTu+vWr5UK +tGvHnwdKrJmM1oN5JOAiq0r7+QMAOWchVy449VNSWWV03aeftB685iR5BXkstbIQ +EVopAoGAfcGBTAhmceK/4Q83H/FXBWy0PAa1kZGg/q8+Z0KY76AqyxOVl0/CU/rB +3tO3sKhaMTHPME/MiQjQQGoaK1JgPY6JHYvly2KomrJ8QTugqNGyMzdVJkXAK2AM +GAwC8ivAkHf8CHrHa1W7l8t2IqBjW1aRt7mOW92nfG88Hck0Mbo= +-----END RSA PRIVATE KEY----- +""" + + +PUB_KEY2 = """ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+8cTxguO6Vg+YO92VfH +gNld3Zy8aM3JbZvpJcjTnis+YFJ7Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvT +sMBZWvmUoEVUj1Xg8XXQkBvb9OzyGqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc +2cKeCVvWFqDi0GRFGzyaXLaX3PPmM7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbu +T1OqDfufXWQl/82JXeiwU2cOpqWq7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww +3oJSwvMbAmgzvOhqqhlqv+K7u0u7FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQ +bQIDAQAB +-----END PUBLIC KEY----- +""" diff --git a/tests/pytests/unit/crypt/conftest.py b/tests/pytests/unit/crypt/conftest.py new file mode 100644 index 00000000000..4fcc470f32e --- /dev/null +++ b/tests/pytests/unit/crypt/conftest.py @@ -0,0 +1,13 @@ +import pytest + +import salt.utils.files + +from . import TEST_KEY + + +@pytest.fixture +def key_to_test(tmp_path): + key_path = tmp_path / "cryptodom-3.4.6.pub" + with salt.utils.files.fopen(key_path, "wb") as fd: + fd.write(TEST_KEY.encode()) + return key_path diff --git a/tests/pytests/unit/crypt/test_crypt.py b/tests/pytests/unit/crypt/test_crypt.py index 72f68161885..098c42d0dd9 100644 --- a/tests/pytests/unit/crypt/test_crypt.py +++ b/tests/pytests/unit/crypt/test_crypt.py @@ -4,209 +4,17 @@ tests.pytests.unit.test_crypt Unit tests for salt's crypt module """ - -import os import uuid import pytest import salt.crypt import salt.master +import salt.payload import salt.utils.files from tests.support.helpers import dedent -from tests.support.mock import MagicMock, MockCall, mock_open, patch -try: - import M2Crypto - - HAS_M2 = True -except ImportError: - HAS_M2 = False -try: - from Cryptodome.PublicKey import RSA - - HAS_PYCRYPTO_RSA = True -except ImportError: - HAS_PYCRYPTO_RSA = False -if not HAS_PYCRYPTO_RSA: - try: - from Crypto.PublicKey import RSA # nosec - - HAS_PYCRYPTO_RSA = True - except ImportError: - HAS_PYCRYPTO_RSA = False - -PRIV_KEY = """ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAoAsMPt+4kuIG6vKyw9r3+OuZrVBee/2vDdVetW+Js5dTlgrJ -aghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLnyHNJ/HpVhMG0M07MF6FMfILtDrrt8 -ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+fu6HYwu96HggmG2pqkOrn3iGfqBvV -YVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpef8vRUrNicRLc7dAcvfhtgt2DXEZ2 -d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvTIIPQIjR8htFxGTz02STVXfnhnJ0Z -k8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cYOwIDAQABAoIBABZUJEO7Y91+UnfC -H6XKrZEZkcnH7j6/UIaOD9YhdyVKxhsnax1zh1S9vceNIgv5NltzIsfV6vrb6v2K -Dx/F7Z0O0zR5o+MlO8ZncjoNKskex10gBEWG00Uqz/WPlddiQ/TSMJTv3uCBAzp+ -S2Zjdb4wYPUlgzSgb2ygxrhsRahMcSMG9PoX6klxMXFKMD1JxiY8QfAHahPzQXy9 -F7COZ0fCVo6BE+MqNuQ8tZeIxu8mOULQCCkLFwXmkz1FpfK/kNRmhIyhxwvCS+z4 -JuErW3uXfE64RLERiLp1bSxlDdpvRO2R41HAoNELTsKXJOEt4JANRHm/CeyA5wsh -NpscufUCgYEAxhgPfcMDy2v3nL6KtkgYjdcOyRvsAF50QRbEa8ldO+87IoMDD/Oe -osFERJ5hhyyEO78QnaLVegnykiw5DWEF02RKMhD/4XU+1UYVhY0wJjKQIBadsufB -2dnaKjvwzUhPh5BrBqNHl/FXwNCRDiYqXa79eWCPC9OFbZcUWWq70s8CgYEAztOI -61zRfmXJ7f70GgYbHg+GA7IrsAcsGRITsFR82Ho0lqdFFCxz7oK8QfL6bwMCGKyk -nzk+twh6hhj5UNp18KN8wktlo02zTgzgemHwaLa2cd6xKgmAyuPiTgcgnzt5LVNG -FOjIWkLwSlpkDTl7ZzY2QSy7t+mq5d750fpIrtUCgYBWXZUbcpPL88WgDB7z/Bjg -dlvW6JqLSqMK4b8/cyp4AARbNp12LfQC55o5BIhm48y/M70tzRmfvIiKnEc/gwaE -NJx4mZrGFFURrR2i/Xx5mt/lbZbRsmN89JM+iKWjCpzJ8PgIi9Wh9DIbOZOUhKVB -9RJEAgo70LvCnPTdS0CaVwKBgDJW3BllAvw/rBFIH4OB/vGnF5gosmdqp3oGo1Ik -jipmPAx6895AH4tquIVYrUl9svHsezjhxvjnkGK5C115foEuWXw0u60uiTiy+6Pt -2IS0C93VNMulenpnUrppE7CN2iWFAiaura0CY9fE/lsVpYpucHAWgi32Kok+ZxGL -WEttAoGAN9Ehsz4LeQxEj3x8wVeEMHF6OsznpwYsI2oVh6VxpS4AjgKYqeLVcnNi -TlZFsuQcqgod8OgzA91tdB+Rp86NygmWD5WzeKXpCOg9uA+y/YL+0sgZZHsuvbK6 -PllUgXdYxqClk/hdBFB7v9AQoaj7K9Ga22v32msftYDQRJ94xOI= ------END RSA PRIVATE KEY----- -""" - - -PUB_KEY = """ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAsMPt+4kuIG6vKyw9r3 -+OuZrVBee/2vDdVetW+Js5dTlgrJaghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLny -HNJ/HpVhMG0M07MF6FMfILtDrrt8ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+f -u6HYwu96HggmG2pqkOrn3iGfqBvVYVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpe -f8vRUrNicRLc7dAcvfhtgt2DXEZ2d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvT -IIPQIjR8htFxGTz02STVXfnhnJ0Zk8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cY -OwIDAQAB ------END PUBLIC KEY----- -""" - -PRIV_KEY2 = """ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAp+8cTxguO6Vg+YO92VfHgNld3Zy8aM3JbZvpJcjTnis+YFJ7 -Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvTsMBZWvmUoEVUj1Xg8XXQkBvb9Ozy -Gqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc2cKeCVvWFqDi0GRFGzyaXLaX3PPm -M7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbuT1OqDfufXWQl/82JXeiwU2cOpqWq -7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww3oJSwvMbAmgzvOhqqhlqv+K7u0u7 -FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQbQIDAQABAoIBAADrqWDQnd5DVZEA -lR+WINiWuHJAy/KaIC7K4kAMBgbxrz2ZbiY9Ok/zBk5fcnxIZDVtXd1sZicmPlro -GuWodIxdPZAnWpZ3UtOXUayZK/vCP1YsH1agmEqXuKsCu6Fc+K8VzReOHxLUkmXn -FYM+tixGahXcjEOi/aNNTWitEB6OemRM1UeLJFzRcfyXiqzHpHCIZwBpTUAsmzcG -QiVDkMTKubwo/m+PVXburX2CGibUydctgbrYIc7EJvyx/cpRiPZXo1PhHQWdu4Y1 -SOaC66WLsP/wqvtHo58JQ6EN/gjSsbAgGGVkZ1xMo66nR+pLpR27coS7o03xCks6 -DY/0mukCgYEAuLIGgBnqoh7YsOBLd/Bc1UTfDMxJhNseo+hZemtkSXz2Jn51322F -Zw/FVN4ArXgluH+XsOhvG/MFFpojwZSrb0Qq5b1MRdo9qycq8lGqNtlN1WHqosDQ -zW29kpL0tlRrSDpww3wRESsN9rH5XIrJ1b3ZXuO7asR+KBVQMy/+NcUCgYEA6MSC -c+fywltKPgmPl5j0DPoDe5SXE/6JQy7w/vVGrGfWGf/zEJmhzS2R+CcfTTEqaT0T -Yw8+XbFgKAqsxwtE9MUXLTVLI3sSUyE4g7blCYscOqhZ8ItCUKDXWkSpt++rG0Um -1+cEJP/0oCazG6MWqvBC4NpQ1nzh46QpjWqMwokCgYAKDLXJ1p8rvx3vUeUJW6zR -dfPlEGCXuAyMwqHLxXgpf4EtSwhC5gSyPOtx2LqUtcrnpRmt6JfTH4ARYMW9TMef -QEhNQ+WYj213mKP/l235mg1gJPnNbUxvQR9lkFV8bk+AGJ32JRQQqRUTbU+yN2MQ -HEptnVqfTp3GtJIultfwOQKBgG+RyYmu8wBP650izg33BXu21raEeYne5oIqXN+I -R5DZ0JjzwtkBGroTDrVoYyuH1nFNEh7YLqeQHqvyufBKKYo9cid8NQDTu+vWr5UK -tGvHnwdKrJmM1oN5JOAiq0r7+QMAOWchVy449VNSWWV03aeftB685iR5BXkstbIQ -EVopAoGAfcGBTAhmceK/4Q83H/FXBWy0PAa1kZGg/q8+Z0KY76AqyxOVl0/CU/rB -3tO3sKhaMTHPME/MiQjQQGoaK1JgPY6JHYvly2KomrJ8QTugqNGyMzdVJkXAK2AM -GAwC8ivAkHf8CHrHa1W7l8t2IqBjW1aRt7mOW92nfG88Hck0Mbo= ------END RSA PRIVATE KEY----- -""" - - -PUB_KEY2 = """ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+8cTxguO6Vg+YO92VfH -gNld3Zy8aM3JbZvpJcjTnis+YFJ7Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvT -sMBZWvmUoEVUj1Xg8XXQkBvb9OzyGqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc -2cKeCVvWFqDi0GRFGzyaXLaX3PPmM7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbu -T1OqDfufXWQl/82JXeiwU2cOpqWq7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww -3oJSwvMbAmgzvOhqqhlqv+K7u0u7FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQ -bQIDAQAB ------END PUBLIC KEY----- -""" - -PRIVKEY_DATA = ( - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIIEpAIBAAKCAQEA75GR6ZTv5JOv90Vq8tKhKC7YQnhDIo2hM0HVziTEk5R4UQBW\n" - "a0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD4ZMsYqLzqjWMekLC8bjhxc+EuPo9\n" - "Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R4hOcMMZNZdi0xLtFoTfwU61UPfFX\n" - "14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttLP3sMXJvc3EvM0JiDVj4l1TWFUHHz\n" - "eFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k6ai4tVzwkTmV5PsriP1ju88Lo3MB\n" - "4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWHAQIDAQABAoIBAGOzBzBYZUWRGOgl\n" - "IY8QjTT12dY/ymC05GM6gMobjxuD7FZ5d32HDLu/QrknfS3kKlFPUQGDAbQhbbb0\n" - "zw6VL5NO9mfOPO2W/3FaG1sRgBQcerWonoSSSn8OJwVBHMFLG3a+U1Zh1UvPoiPK\n" - "S734swIM+zFpNYivGPvOm/muF/waFf8tF/47t1cwt/JGXYQnkG/P7z0vp47Irpsb\n" - "Yjw7vPe4BnbY6SppSxscW3KoV7GtJLFKIxAXbxsuJMF/rYe3O3w2VKJ1Sug1VDJl\n" - "/GytwAkSUer84WwP2b07Wn4c5pCnmLslMgXCLkENgi1NnJMhYVOnckxGDZk54hqP\n" - "9RbLnkkCgYEA/yKuWEvgdzYRYkqpzB0l9ka7Y00CV4Dha9Of6GjQi9i4VCJ/UFVr\n" - "UlhTo5y0ZzpcDAPcoZf5CFZsD90a/BpQ3YTtdln2MMCL/Kr3QFmetkmDrt+3wYnX\n" - "sKESfsa2nZdOATRpl1antpwyD4RzsAeOPwBiACj4fkq5iZJBSI0bxrMCgYEA8GFi\n" - "qAjgKh81/Uai6KWTOW2kX02LEMVRrnZLQ9VPPLGid4KZDDk1/dEfxjjkcyOxX1Ux\n" - "Klu4W8ZEdZyzPcJrfk7PdopfGOfrhWzkREK9C40H7ou/1jUecq/STPfSOmxh3Y+D\n" - "ifMNO6z4sQAHx8VaHaxVsJ7SGR/spr0pkZL+NXsCgYEA84rIgBKWB1W+TGRXJzdf\n" - "yHIGaCjXpm2pQMN3LmP3RrcuZWm0vBt94dHcrR5l+u/zc6iwEDTAjJvqdU4rdyEr\n" - "tfkwr7v6TNlQB3WvpWanIPyVzfVSNFX/ZWSsAgZvxYjr9ixw6vzWBXOeOb/Gqu7b\n" - "cvpLkjmJ0wxDhbXtyXKhZA8CgYBZyvcQb+hUs732M4mtQBSD0kohc5TsGdlOQ1AQ\n" - "McFcmbpnzDghkclyW8jzwdLMk9uxEeDAwuxWE/UEvhlSi6qdzxC+Zifp5NBc0fVe\n" - "7lMx2mfJGxj5CnSqQLVdHQHB4zSXkAGB6XHbBd0MOUeuvzDPfs2voVQ4IG3FR0oc\n" - "3/znuwKBgQChZGH3McQcxmLA28aUwOVbWssfXKdDCsiJO+PEXXlL0maO3SbnFn+Q\n" - "Tyf8oHI5cdP7AbwDSx9bUfRPjg9dKKmATBFr2bn216pjGxK0OjYOCntFTVr0psRB\n" - "CrKg52Qrq71/2l4V2NLQZU40Dr1bN9V+Ftd9L0pvpCAEAWpIbLXGDw==\n" - "-----END RSA PRIVATE KEY-----" -) - -PUBKEY_DATA = ( - "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75GR6ZTv5JOv90Vq8tKh\n" - "KC7YQnhDIo2hM0HVziTEk5R4UQBWa0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD\n" - "4ZMsYqLzqjWMekLC8bjhxc+EuPo9Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R\n" - "4hOcMMZNZdi0xLtFoTfwU61UPfFX14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttL\n" - "P3sMXJvc3EvM0JiDVj4l1TWFUHHzeFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k\n" - "6ai4tVzwkTmV5PsriP1ju88Lo3MB4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWH\n" - "AQIDAQAB\n" - "-----END PUBLIC KEY-----" -) - -MSG = b"It's me, Mario" - -SIG = ( - b"\x07\xf3\xb1\xe7\xdb\x06\xf4_\xe2\xdc\xcb!F\xfb\xbex{W\x1d\xe4E" - b"\xd3\r\xc5\x90\xca(\x05\x1d\x99\x8b\x1aug\x9f\x95>\x94\x7f\xe3+" - b"\x12\xfa\x9c\xd4\xb8\x02]\x0e\xa5\xa3LL\xc3\xa2\x8f+\x83Z\x1b\x17" - b'\xbfT\xd3\xc7\xfd\x0b\xf4\xd7J\xfe^\x86q"I\xa3x\xbc\xd3$\xe9M<\xe1' - b"\x07\xad\xf2_\x9f\xfa\xf7g(~\xd8\xf5\xe7\xda-\xa3Ko\xfc.\x99\xcf" - b"\x9b\xb9\xc1U\x97\x82'\xcb\xc6\x08\xaa\xa0\xe4\xd0\xc1+\xfc\x86" - b'\r\xe4y\xb1#\xd3\x1dS\x96D28\xc4\xd5\r\xd4\x98\x1a44"\xd7\xc2\xb4' - b"]\xa7\x0f\xa7Db\x85G\x8c\xd6\x94!\x8af1O\xf6g\xd7\x03\xfd\xb3\xbc" - b"\xce\x9f\xe7\x015\xb8\x1d]AHK\xa0\x14m\xda=O\xa7\xde\xf2\xff\x9b" - b"\x8e\x83\xc8j\x11\x1a\x98\x85\xde\xc5\x91\x07\x84!\x12^4\xcb\xa8" - b"\x98\x8a\x8a&#\xb9(#?\x80\x15\x9eW\xb5\x12\xd1\x95S\xf2\xc3A\xed\x86x~\xcfU\xd5Q\xfe~\x10\xd2\x9b" -) - -TEST_KEY = ( - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtFhsvfbFDFaUgulSEX\n" - "Gl12XriL1DT78Ef2/u8HHaSMmPie37BLWas/zaHwI6066bIyYQJ/nUCahTaoHM7L\n" - "GlWc0wOU6zyfpihCRQHil05Y6F+olFBoZuYbFPvtp7/hJx/D7I/0n2o/c7M5i3Y2\n" - "3sBxAYNooIQHXHUmPQW6C9iu95ylZDW8JQzYy/EI4vCC8yQMdTK8jK1FQV0Sbwny\n" - "qcMxSyAWDoFbnhh2P2TnO8HOWuUOaXR8ZHOJzVcDl+a6ew+medW090x3K5O1f80D\n" - "+WjgnG6b2HG7VQpOCfM2GALD/FrxicPilvZ38X1aLhJuwjmVE4LAAv8DVNJXohaO\n" - "WQIDAQAB\n" - "-----END RSA PUBLIC KEY-----\n" -) - -SIGNATURE = ( - b"w\xac\xfe18o\xeb\xfb\x14+\x9e\xd1\xb7\x7fe}\xec\xd6\xe1P\x9e\xab" - b"\xb5\x07\xe0\xc1\xfd\xda#\x04Z\x8d\x7f\x0b\x1f}:~\xb2s\x860u\x02N" - b'\xd4q"\xb7\x86*\x8f\x1f\xd0\x9d\x11\x92\xc5~\xa68\xac>\x12H\xc2%y,' - b"\xe6\xceU\x1e\xa3?\x0c,\xf0u\xbb\xd0[g_\xdd\x8b\xb0\x95:Y\x18\xa5*" - b"\x99\xfd\xf3K\x92\x92 ({\xd1\xff\xd9F\xc8\xd6K\x86e\xf9\xa8\xad\xb0z" - b"\xe3\x9dD\xf5k\x8b_<\xe7\xe7\xec\xf3\"'\xd5\xd2M\xb4\xce\x1a\xe3$" - b"\x9c\x81\xad\xf9\x11\xf6\xf5>)\xc7\xdd\x03&\xf7\x86@ks\xa6\x05\xc2" - b"\xd0\xbd\x1a7\xfc\xde\xe6\xb0\xad!\x12#\xc86Y\xea\xc5\xe3\xe2\xb3" - b"\xc9\xaf\xfa\x0c\xf2?\xbf\x93w\x18\x9e\x0b\xa2a\x10:M\x05\x89\xe2W.Q" - b"\xe8;yGT\xb1\xf2\xc6A\xd2\xc4\xbeN\xb3\xcfS\xaf\x03f\xe2\xb4)\xe7\xf6" - b'\xdbs\xd0Z}8\xa4\xd2\x1fW*\xe6\x1c"\x8b\xd0\x18w\xb9\x7f\x9e\x96\xa3' - b"\xd9v\xf7\x833\x8e\x01" -) +from . import PRIV_KEY, PRIV_KEY2, PUB_KEY, PUB_KEY2 def test_get_rsa_pub_key_bad_key(tmp_path): @@ -341,252 +149,6 @@ def test_master_keys_with_cluster_id(tmp_path, master_opts): assert mkeys.key == mkeys.cluster_key -@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available") -@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed") -def test_pycrypto_gen_keys(): - open_priv_wb = MockCall(f"/keydir{os.sep}keyname.pem", "wb+") - open_pub_wb = MockCall(f"/keydir{os.sep}keyname.pub", "wb+") - - with patch.multiple( - os, - umask=MagicMock(), - chmod=MagicMock(), - access=MagicMock(return_value=True), - ): - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=True - ): - result = salt.crypt.gen_keys("/keydir", "keyname", 2048) - assert result == f"/keydir{os.sep}keyname.pem", result - assert open_priv_wb not in m_open.calls - assert open_pub_wb not in m_open.calls - - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=False - ): - salt.crypt.gen_keys("/keydir", "keyname", 2048) - assert open_priv_wb in m_open.calls - assert open_pub_wb in m_open.calls - - -@patch("os.umask", MagicMock()) -@patch("os.chmod", MagicMock()) -@patch("os.chown", MagicMock(), create=True) -@patch("os.access", MagicMock(return_value=True)) -@pytest.mark.slow_test -@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available") -@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed") -def test_pycrypto_gen_keys_with_passphrase(): - key_path = os.path.join(os.sep, "keydir") - open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+") - open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+") - - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=True - ): - assert salt.crypt.gen_keys( - key_path, "keyname", 2048, passphrase="password" - ) == os.path.join(key_path, "keyname.pem") - result = salt.crypt.gen_keys(key_path, "keyname", 2048, passphrase="password") - assert result == os.path.join(key_path, "keyname.pem"), result - assert open_priv_wb not in m_open.calls - assert open_pub_wb not in m_open.calls - - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=False - ): - salt.crypt.gen_keys(key_path, "keyname", 2048) - assert open_priv_wb in m_open.calls - assert open_pub_wb in m_open.calls - - -@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available") -@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed") -def test_pycrypto_sign_message(): - key = RSA.importKey(PRIVKEY_DATA) - with patch("salt.crypt.get_rsa_key", return_value=key): - assert SIG == salt.crypt.sign_message("/keydir/keyname.pem", MSG) - - -@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available") -@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed") -def test_pycrypto_sign_message_with_passphrase(): - key = RSA.importKey(PRIVKEY_DATA) - with patch("salt.crypt.get_rsa_key", return_value=key): - assert SIG == salt.crypt.sign_message( - "/keydir/keyname.pem", MSG, passphrase="password" - ) - - -@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available") -@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed") -def test_pycrypto_verify_signature(): - with patch("salt.utils.files.fopen", mock_open(read_data=PUBKEY_DATA)): - assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG) - - -@patch("os.umask", MagicMock()) -@patch("os.chmod", MagicMock()) -@patch("os.access", MagicMock(return_value=True)) -@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available") -@pytest.mark.slow_test -def test_m2_gen_keys(): - with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem: - with patch("M2Crypto.RSA.RSA.save_pub_key", MagicMock()) as save_pub: - with patch("os.path.isfile", return_value=True): - assert ( - salt.crypt.gen_keys("/keydir", "keyname", 2048) - == f"/keydir{os.sep}keyname.pem" - ) - save_pem.assert_not_called() - save_pub.assert_not_called() - - with patch("os.path.isfile", return_value=False): - assert ( - salt.crypt.gen_keys("/keydir", "keyname", 2048) - == f"/keydir{os.sep}keyname.pem" - ) - save_pem.assert_called_once_with( - f"/keydir{os.sep}keyname.pem", cipher=None - ) - save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub") - - -@patch("os.umask", MagicMock()) -@patch("os.chmod", MagicMock()) -@patch("os.chown", MagicMock()) -@patch("os.access", MagicMock(return_value=True)) -@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available") -@pytest.mark.slow_test -def test_gen_keys_with_passphrase(): - with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem: - with patch("M2Crypto.RSA.RSA.save_pub_key", MagicMock()) as save_pub: - with patch("os.path.isfile", return_value=True): - assert ( - salt.crypt.gen_keys( - "/keydir", "keyname", 2048, passphrase="password" - ) - == f"/keydir{os.sep}keyname.pem" - ) - save_pem.assert_not_called() - save_pub.assert_not_called() - - with patch("os.path.isfile", return_value=False): - assert ( - salt.crypt.gen_keys( - "/keydir", "keyname", 2048, passphrase="password" - ) - == f"/keydir{os.sep}keyname.pem" - ) - callback = save_pem.call_args[1]["callback"] - save_pem.assert_called_once_with( - f"/keydir{os.sep}keyname.pem", - cipher="des_ede3_cbc", - callback=callback, - ) - assert callback(None) == b"password" - save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub") - - -@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available") -def test_m2_sign_message_with_passphrase(): - key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) - with patch("salt.crypt.get_rsa_key", return_value=key): - assert SIG == salt.crypt.sign_message( - "/keydir/keyname.pem", MSG, passphrase="password" - ) - - -@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available") -def test_m2_verify_signature(): - with patch( - "salt.utils.files.fopen", - mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), - ): - assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG) - - -@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available") -def test_m2_encrypt_decrypt_bin(): - priv_key = M2Crypto.RSA.load_key_string( - salt.utils.stringutils.to_bytes(PRIVKEY_DATA) - ) - pub_key = M2Crypto.RSA.load_pub_key_bio( - M2Crypto.BIO.MemoryBuffer(salt.utils.stringutils.to_bytes(PUBKEY_DATA)) - ) - encrypted = salt.crypt.private_encrypt(priv_key, b"salt") - decrypted = salt.crypt.public_decrypt(pub_key, encrypted) - assert b"salt" == decrypted - - -@pytest.fixture -def key_to_test(tmp_path): - key_path = tmp_path / "cryptodom-3.4.6.pub" - with salt.utils.files.fopen(key_path, "wb") as fd: - fd.write(TEST_KEY.encode()) - return key_path - - -@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") -def test_m2_bad_key(key_to_test): - """ - Load public key with an invalid header using m2crypto and validate it - """ - key = salt.crypt.get_rsa_pub_key(key_to_test) - assert key.check_key() == 1 - - -@pytest.mark.skipif(HAS_M2, reason="Skip when m2crypto is installed") -def test_pycrypto_bad_key(key_to_test): - """ - Load public key with an invalid header and validate it without m2crypto - """ - key = salt.crypt.get_rsa_pub_key(key_to_test) - assert key.can_encrypt() - - -@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") -def test_m2crypto_verify_bytes_47124(): - message = salt.utils.stringutils.to_unicode("meh") - with patch( - "salt.utils.files.fopen", - mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), - ): - salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE) - - -@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") -def test_m2crypto_verify_unicode_47124(): - message = salt.utils.stringutils.to_bytes("meh") - with patch( - "salt.utils.files.fopen", - mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), - ): - salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE) - - -@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") -def test_m2crypto_sign_bytes_47124(): - message = salt.utils.stringutils.to_unicode("meh") - key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) - with patch("salt.crypt.get_rsa_key", return_value=key): - signature = salt.crypt.sign_message( - "/keydir/keyname.pem", message, passphrase="password" - ) - assert SIGNATURE == signature - - -@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") -def test_m2crypto_sign_unicode_47124(): - message = salt.utils.stringutils.to_bytes("meh") - key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) - with patch("salt.crypt.get_rsa_key", return_value=key): - signature = salt.crypt.sign_message( - "/keydir/keyname.pem", message, passphrase="password" - ) - assert SIGNATURE == signature - - def test_pwdata_decrypt(): key_string = dedent( """-----BEGIN RSA PRIVATE KEY----- diff --git a/tests/pytests/unit/crypt/test_crypt_cryptodome.py b/tests/pytests/unit/crypt/test_crypt_cryptodome.py index dd9f891aa49..0944b87777c 100644 --- a/tests/pytests/unit/crypt/test_crypt_cryptodome.py +++ b/tests/pytests/unit/crypt/test_crypt_cryptodome.py @@ -1,3 +1,4 @@ +import logging import os import pytest @@ -7,36 +8,34 @@ from tests.support.mock import MagicMock, MockCall, mock_open, patch from . import MSG, PRIVKEY_DATA, PUBKEY_DATA, SIG +RSA = pytest.importorskip("Cryptodome.PublicKey.RSA") + try: import M2Crypto # pylint: disable=unused-import HAS_M2 = True except ImportError: HAS_M2 = False -try: - from Cryptodome.PublicKey import RSA - HAS_PYCRYPTO_RSA = True -except ImportError: - HAS_PYCRYPTO_RSA = False -if not HAS_PYCRYPTO_RSA: - try: - from Crypto.PublicKey import RSA # nosec - - HAS_PYCRYPTO_RSA = True - except ImportError: - HAS_PYCRYPTO_RSA = False +log = logging.getLogger(__name__) pytestmark = [ - pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available"), pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed"), ] @pytest.mark.slow_test -def test_gen_keys(): - open_priv_wb = MockCall(f"/keydir{os.sep}keyname.pem", "wb+") - open_pub_wb = MockCall(f"/keydir{os.sep}keyname.pub", "wb+") +def test_gen_keys(tmp_path): + key_path = str(tmp_path / "keydir") + open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+") + open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+") + + real_is_file = os.path.isfile + + def is_file(path): + if path.startswith(str(tmp_path)): + return False + return real_is_file(path) with patch.multiple( os, @@ -47,46 +46,55 @@ def test_gen_keys(): with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( "os.path.isfile", return_value=True ): - result = salt.crypt.gen_keys("/keydir", "keyname", 2048) - assert result == f"/keydir{os.sep}keyname.pem", result + result = salt.crypt.gen_keys(key_path, "keyname", 2048) + assert result == os.path.join(key_path, "keyname.pem") assert open_priv_wb not in m_open.calls assert open_pub_wb not in m_open.calls with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=False + "os.path.isfile", is_file ): - salt.crypt.gen_keys("/keydir", "keyname", 2048) + salt.crypt.gen_keys(key_path, "keyname", 2048) assert open_priv_wb in m_open.calls assert open_pub_wb in m_open.calls -@patch("os.umask", MagicMock()) -@patch("os.chmod", MagicMock()) -@patch("os.chown", MagicMock(), create=True) -@patch("os.access", MagicMock(return_value=True)) @pytest.mark.slow_test -def test_gen_keys_with_passphrase(): - key_path = os.path.join(os.sep, "keydir") +def test_gen_keys_with_passphrase(tmp_path): + + key_path = str(tmp_path / "keydir") open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+") open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+") - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=True - ): - assert salt.crypt.gen_keys( - key_path, "keyname", 2048, passphrase="password" - ) == os.path.join(key_path, "keyname.pem") - result = salt.crypt.gen_keys(key_path, "keyname", 2048, passphrase="password") - assert result == os.path.join(key_path, "keyname.pem"), result - assert open_priv_wb not in m_open.calls - assert open_pub_wb not in m_open.calls + real_is_file = os.path.isfile - with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( - "os.path.isfile", return_value=False + def is_file(path): + if path.startswith(str(tmp_path)): + return False + return real_is_file(path) + + with patch.multiple( + os, + umask=MagicMock(), + chmod=MagicMock(), + access=MagicMock(return_value=True), ): - salt.crypt.gen_keys(key_path, "keyname", 2048) - assert open_priv_wb in m_open.calls - assert open_pub_wb in m_open.calls + with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( + "os.path.isfile", return_value=True + ): + result = salt.crypt.gen_keys( + key_path, "keyname", 2048, passphrase="password" + ) + assert result == os.path.join(key_path, "keyname.pem") + assert open_priv_wb not in m_open.calls + assert open_pub_wb not in m_open.calls + + with patch("salt.utils.files.fopen", mock_open()) as m_open, patch( + "salt.crypt.os.path.isfile", is_file + ): + salt.crypt.gen_keys(key_path, "keyname", 2048) + assert open_priv_wb in m_open.calls + assert open_pub_wb in m_open.calls def test_sign_message(): @@ -106,3 +114,11 @@ def test_sign_message_with_passphrase(): def test_verify_signature(): with patch("salt.utils.files.fopen", mock_open(read_data=PUBKEY_DATA)): assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG) + + +def test_bad_key(key_to_test): + """ + Load public key with an invalid header and validate it without m2crypto + """ + key = salt.crypt.get_rsa_pub_key(key_to_test) + assert key.can_encrypt() diff --git a/tests/pytests/unit/crypt/test_crypt_m2crypto.py b/tests/pytests/unit/crypt/test_crypt_m2crypto.py index 2be141e77fd..4ee895ca43a 100644 --- a/tests/pytests/unit/crypt/test_crypt_m2crypto.py +++ b/tests/pytests/unit/crypt/test_crypt_m2crypto.py @@ -3,9 +3,10 @@ import os import pytest import salt.crypt +import salt.utils.stringutils from tests.support.mock import MagicMock, mock_open, patch -from . import MSG, PRIVKEY_DATA, PUBKEY_DATA, SIG +from . import MSG, PRIVKEY_DATA, PUBKEY_DATA, SIG, SIGNATURE M2Crypto = pytest.importorskip("M2Crypto") @@ -104,3 +105,104 @@ def test_encrypt_decrypt_bin(): encrypted = salt.crypt.private_encrypt(priv_key, b"salt") decrypted = salt.crypt.public_decrypt(pub_key, encrypted) assert b"salt" == decrypted + + +def test_m2crypto_verify_bytes_47124(): + message = salt.utils.stringutils.to_unicode("meh") + with patch( + "salt.utils.files.fopen", + mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), + ): + salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE) + + +def test_m2_bad_key(key_to_test): + """ + Load public key with an invalid header using m2crypto and validate it + """ + key = salt.crypt.get_rsa_pub_key(key_to_test) + assert key.check_key() == 1 + + +@pytest.mark.slow_test +def test_m2_gen_keys(): + with patch("os.umask", MagicMock()), patch("os.chmod", MagicMock()), patch( + "os.access", MagicMock(return_value=True) + ): + with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem, patch( + "M2Crypto.RSA.RSA.save_pub_key", MagicMock() + ) as save_pub: + with patch("os.path.isfile", return_value=True): + assert ( + salt.crypt.gen_keys("/keydir", "keyname", 2048) + == f"/keydir{os.sep}keyname.pem" + ) + save_pem.assert_not_called() + save_pub.assert_not_called() + + with patch("os.path.isfile", return_value=False): + assert ( + salt.crypt.gen_keys("/keydir", "keyname", 2048) + == f"/keydir{os.sep}keyname.pem" + ) + save_pem.assert_called_once_with( + f"/keydir{os.sep}keyname.pem", cipher=None + ) + save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub") + + +def test_m2_sign_message_with_passphrase(): + key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) + with patch("salt.crypt.get_rsa_key", return_value=key): + assert SIG == salt.crypt.sign_message( + "/keydir/keyname.pem", MSG, passphrase="password" + ) + + +def test_m2_verify_signature(): + with patch( + "salt.utils.files.fopen", + mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), + ): + assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG) + + +def test_m2_encrypt_decrypt_bin(): + priv_key = M2Crypto.RSA.load_key_string( + salt.utils.stringutils.to_bytes(PRIVKEY_DATA) + ) + pub_key = M2Crypto.RSA.load_pub_key_bio( + M2Crypto.BIO.MemoryBuffer(salt.utils.stringutils.to_bytes(PUBKEY_DATA)) + ) + encrypted = salt.crypt.private_encrypt(priv_key, b"salt") + decrypted = salt.crypt.public_decrypt(pub_key, encrypted) + assert b"salt" == decrypted + + +def test_m2crypto_verify_unicode_47124(): + message = salt.utils.stringutils.to_bytes("meh") + with patch( + "salt.utils.files.fopen", + mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), + ): + salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE) + + +def test_m2crypto_sign_bytes_47124(): + message = salt.utils.stringutils.to_unicode("meh") + key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) + with patch("salt.crypt.get_rsa_key", return_value=key): + signature = salt.crypt.sign_message( + "/keydir/keyname.pem", message, passphrase="password" + ) + assert SIGNATURE == signature + + +def test_m2crypto_sign_unicode_47124(): + message = salt.utils.stringutils.to_bytes("meh") + key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA)) + with patch("salt.crypt.get_rsa_key", return_value=key): + signature = salt.crypt.sign_message( + "/keydir/keyname.pem", message, passphrase="password" + ) + assert SIGNATURE == signature diff --git a/tests/unit/test_crypt.py b/tests/unit/test_crypt.py deleted file mode 100644 index 89ec83294b9..00000000000 --- a/tests/unit/test_crypt.py +++ /dev/null @@ -1,241 +0,0 @@ -import os -import shutil -import tempfile - -import pytest - -import salt.utils.files -import salt.utils.stringutils -from tests.support.mock import mock_open, patch -from tests.support.unit import TestCase - -try: - import M2Crypto - - HAS_M2 = True -except ImportError: - HAS_M2 = False -try: - from Cryptodome.PublicKey import RSA # pylint: disable=unused-import - - HAS_PYCRYPTO_RSA = True -except ImportError: - HAS_PYCRYPTO_RSA = False -if not HAS_PYCRYPTO_RSA: - try: - from Crypto.PublicKey import RSA # nosec - - HAS_PYCRYPTO_RSA = True - except ImportError: - HAS_PYCRYPTO_RSA = False - - -PRIVKEY_DATA = ( - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIIEpAIBAAKCAQEA75GR6ZTv5JOv90Vq8tKhKC7YQnhDIo2hM0HVziTEk5R4UQBW\n" - "a0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD4ZMsYqLzqjWMekLC8bjhxc+EuPo9\n" - "Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R4hOcMMZNZdi0xLtFoTfwU61UPfFX\n" - "14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttLP3sMXJvc3EvM0JiDVj4l1TWFUHHz\n" - "eFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k6ai4tVzwkTmV5PsriP1ju88Lo3MB\n" - "4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWHAQIDAQABAoIBAGOzBzBYZUWRGOgl\n" - "IY8QjTT12dY/ymC05GM6gMobjxuD7FZ5d32HDLu/QrknfS3kKlFPUQGDAbQhbbb0\n" - "zw6VL5NO9mfOPO2W/3FaG1sRgBQcerWonoSSSn8OJwVBHMFLG3a+U1Zh1UvPoiPK\n" - "S734swIM+zFpNYivGPvOm/muF/waFf8tF/47t1cwt/JGXYQnkG/P7z0vp47Irpsb\n" - "Yjw7vPe4BnbY6SppSxscW3KoV7GtJLFKIxAXbxsuJMF/rYe3O3w2VKJ1Sug1VDJl\n" - "/GytwAkSUer84WwP2b07Wn4c5pCnmLslMgXCLkENgi1NnJMhYVOnckxGDZk54hqP\n" - "9RbLnkkCgYEA/yKuWEvgdzYRYkqpzB0l9ka7Y00CV4Dha9Of6GjQi9i4VCJ/UFVr\n" - "UlhTo5y0ZzpcDAPcoZf5CFZsD90a/BpQ3YTtdln2MMCL/Kr3QFmetkmDrt+3wYnX\n" - "sKESfsa2nZdOATRpl1antpwyD4RzsAeOPwBiACj4fkq5iZJBSI0bxrMCgYEA8GFi\n" - "qAjgKh81/Uai6KWTOW2kX02LEMVRrnZLQ9VPPLGid4KZDDk1/dEfxjjkcyOxX1Ux\n" - "Klu4W8ZEdZyzPcJrfk7PdopfGOfrhWzkREK9C40H7ou/1jUecq/STPfSOmxh3Y+D\n" - "ifMNO6z4sQAHx8VaHaxVsJ7SGR/spr0pkZL+NXsCgYEA84rIgBKWB1W+TGRXJzdf\n" - "yHIGaCjXpm2pQMN3LmP3RrcuZWm0vBt94dHcrR5l+u/zc6iwEDTAjJvqdU4rdyEr\n" - "tfkwr7v6TNlQB3WvpWanIPyVzfVSNFX/ZWSsAgZvxYjr9ixw6vzWBXOeOb/Gqu7b\n" - "cvpLkjmJ0wxDhbXtyXKhZA8CgYBZyvcQb+hUs732M4mtQBSD0kohc5TsGdlOQ1AQ\n" - "McFcmbpnzDghkclyW8jzwdLMk9uxEeDAwuxWE/UEvhlSi6qdzxC+Zifp5NBc0fVe\n" - "7lMx2mfJGxj5CnSqQLVdHQHB4zSXkAGB6XHbBd0MOUeuvzDPfs2voVQ4IG3FR0oc\n" - "3/znuwKBgQChZGH3McQcxmLA28aUwOVbWssfXKdDCsiJO+PEXXlL0maO3SbnFn+Q\n" - "Tyf8oHI5cdP7AbwDSx9bUfRPjg9dKKmATBFr2bn216pjGxK0OjYOCntFTVr0psRB\n" - "CrKg52Qrq71/2l4V2NLQZU40Dr1bN9V+Ftd9L0pvpCAEAWpIbLXGDw==\n" - "-----END RSA PRIVATE KEY-----" -) - -PUBKEY_DATA = ( - "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75GR6ZTv5JOv90Vq8tKh\n" - "KC7YQnhDIo2hM0HVziTEk5R4UQBWa0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD\n" - "4ZMsYqLzqjWMekLC8bjhxc+EuPo9Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R\n" - "4hOcMMZNZdi0xLtFoTfwU61UPfFX14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttL\n" - "P3sMXJvc3EvM0JiDVj4l1TWFUHHzeFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k\n" - "6ai4tVzwkTmV5PsriP1ju88Lo3MB4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWH\n" - "AQIDAQAB\n" - "-----END PUBLIC KEY-----" -) - -MSG = b"It's me, Mario" - -SIG = ( - b"\x07\xf3\xb1\xe7\xdb\x06\xf4_\xe2\xdc\xcb!F\xfb\xbex{W\x1d\xe4E" - b"\xd3\r\xc5\x90\xca(\x05\x1d\x99\x8b\x1aug\x9f\x95>\x94\x7f\xe3+" - b"\x12\xfa\x9c\xd4\xb8\x02]\x0e\xa5\xa3LL\xc3\xa2\x8f+\x83Z\x1b\x17" - b'\xbfT\xd3\xc7\xfd\x0b\xf4\xd7J\xfe^\x86q"I\xa3x\xbc\xd3$\xe9M<\xe1' - b"\x07\xad\xf2_\x9f\xfa\xf7g(~\xd8\xf5\xe7\xda-\xa3Ko\xfc.\x99\xcf" - b"\x9b\xb9\xc1U\x97\x82'\xcb\xc6\x08\xaa\xa0\xe4\xd0\xc1+\xfc\x86" - b'\r\xe4y\xb1#\xd3\x1dS\x96D28\xc4\xd5\r\xd4\x98\x1a44"\xd7\xc2\xb4' - b"]\xa7\x0f\xa7Db\x85G\x8c\xd6\x94!\x8af1O\xf6g\xd7\x03\xfd\xb3\xbc" - b"\xce\x9f\xe7\x015\xb8\x1d]AHK\xa0\x14m\xda=O\xa7\xde\xf2\xff\x9b" - b"\x8e\x83\xc8j\x11\x1a\x98\x85\xde\xc5\x91\x07\x84!\x12^4\xcb\xa8" - b"\x98\x8a\x8a&#\xb9(#?\x80\x15\x9eW\xb5\x12\xd1\x95S\xf2\xc3A\xed\x86x~\xcfU\xd5Q\xfe~\x10\xd2\x9b" -) - - -class TestBadCryptodomePubKey(TestCase): - """ - Test that we can load public keys exported by pycrpytodome<=3.4.6 - """ - - TEST_KEY = ( - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtFhsvfbFDFaUgulSEX\n" - "Gl12XriL1DT78Ef2/u8HHaSMmPie37BLWas/zaHwI6066bIyYQJ/nUCahTaoHM7L\n" - "GlWc0wOU6zyfpihCRQHil05Y6F+olFBoZuYbFPvtp7/hJx/D7I/0n2o/c7M5i3Y2\n" - "3sBxAYNooIQHXHUmPQW6C9iu95ylZDW8JQzYy/EI4vCC8yQMdTK8jK1FQV0Sbwny\n" - "qcMxSyAWDoFbnhh2P2TnO8HOWuUOaXR8ZHOJzVcDl+a6ew+medW090x3K5O1f80D\n" - "+WjgnG6b2HG7VQpOCfM2GALD/FrxicPilvZ38X1aLhJuwjmVE4LAAv8DVNJXohaO\n" - "WQIDAQAB\n" - "-----END RSA PUBLIC KEY-----\n" - ) - - def setUp(self): - self.test_dir = tempfile.mkdtemp() - self.key_path = os.path.join(self.test_dir, "cryptodom-3.4.6.pub") - with salt.utils.files.fopen(self.key_path, "wb") as fd: - fd.write(self.TEST_KEY.encode()) - - def tearDown(self): - shutil.rmtree(self.test_dir) - - @pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") - def test_m2_bad_key(self): - """ - Load public key with an invalid header using m2crypto and validate it - """ - key = salt.crypt.get_rsa_pub_key(self.key_path) - assert key.check_key() == 1 - - @pytest.mark.skipif(HAS_M2, reason="Skip when m2crypto is installed") - def test_crypto_bad_key(self): - """ - Load public key with an invalid header and validate it without m2crypto - """ - key = salt.crypt.get_rsa_pub_key(self.key_path) - assert key.can_encrypt() - - -class TestM2CryptoRegression47124(TestCase): - - SIGNATURE = ( - b"w\xac\xfe18o\xeb\xfb\x14+\x9e\xd1\xb7\x7fe}\xec\xd6\xe1P\x9e\xab" - b"\xb5\x07\xe0\xc1\xfd\xda#\x04Z\x8d\x7f\x0b\x1f}:~\xb2s\x860u\x02N" - b'\xd4q"\xb7\x86*\x8f\x1f\xd0\x9d\x11\x92\xc5~\xa68\xac>\x12H\xc2%y,' - b"\xe6\xceU\x1e\xa3?\x0c,\xf0u\xbb\xd0[g_\xdd\x8b\xb0\x95:Y\x18\xa5*" - b"\x99\xfd\xf3K\x92\x92 ({\xd1\xff\xd9F\xc8\xd6K\x86e\xf9\xa8\xad\xb0z" - b"\xe3\x9dD\xf5k\x8b_<\xe7\xe7\xec\xf3\"'\xd5\xd2M\xb4\xce\x1a\xe3$" - b"\x9c\x81\xad\xf9\x11\xf6\xf5>)\xc7\xdd\x03&\xf7\x86@ks\xa6\x05\xc2" - b"\xd0\xbd\x1a7\xfc\xde\xe6\xb0\xad!\x12#\xc86Y\xea\xc5\xe3\xe2\xb3" - b"\xc9\xaf\xfa\x0c\xf2?\xbf\x93w\x18\x9e\x0b\xa2a\x10:M\x05\x89\xe2W.Q" - b"\xe8;yGT\xb1\xf2\xc6A\xd2\xc4\xbeN\xb3\xcfS\xaf\x03f\xe2\xb4)\xe7\xf6" - b'\xdbs\xd0Z}8\xa4\xd2\x1fW*\xe6\x1c"\x8b\xd0\x18w\xb9\x7f\x9e\x96\xa3' - b"\xd9v\xf7\x833\x8e\x01" - ) - - @pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") - def test_m2crypto_verify_bytes(self): - message = salt.utils.stringutils.to_unicode("meh") - with patch( - "salt.utils.files.fopen", - mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), - ): - salt.crypt.verify_signature("/keydir/keyname.pub", message, self.SIGNATURE) - - @pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") - def test_m2crypto_verify_unicode(self): - message = salt.utils.stringutils.to_bytes("meh") - with patch( - "salt.utils.files.fopen", - mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)), - ): - salt.crypt.verify_signature("/keydir/keyname.pub", message, self.SIGNATURE) - - @pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") - def test_m2crypto_sign_bytes(self): - message = salt.utils.stringutils.to_unicode("meh") - key = M2Crypto.RSA.load_key_string( - salt.utils.stringutils.to_bytes(PRIVKEY_DATA) - ) - with patch("salt.crypt.get_rsa_key", return_value=key): - signature = salt.crypt.sign_message( - "/keydir/keyname.pem", message, passphrase="password" - ) - self.assertEqual(signature, self.SIGNATURE) - - @pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed") - def test_m2crypto_sign_unicode(self): - message = salt.utils.stringutils.to_bytes("meh") - key = M2Crypto.RSA.load_key_string( - salt.utils.stringutils.to_bytes(PRIVKEY_DATA) - ) - with patch("salt.crypt.get_rsa_key", return_value=key): - signature = salt.crypt.sign_message( - "/keydir/keyname.pem", message, passphrase="password" - ) - self.assertEqual(signature, self.SIGNATURE) - - -@pytest.mark.skipif( - not HAS_M2 and not HAS_PYCRYPTO_RSA, - reason="No crypto library found. Install either M2Crypto or Cryptodome to run this test", -) -class TestCrypt(TestCase): - def test_pwdata_decrypt(self): - key_string = """-----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAzhBRyyHa7b63RLE71uKMKgrpulcAJjaIaN68ltXcCvy4w9pi -Kj+4I3Qp6RvUaHOEmymqyjOMjQc6iwpe0scCFqh3nUk5YYaLZ3WAW0htQVlnesgB -ZiBg9PBeTQY/LzqtudL6RCng/AX+fbnCsddlIysRxnUoNVMvz0gAmCY2mnTDjcTt -pyxuk2T0AHSHNCKCalm75L1bWDFF+UzFemf536tBfBUGRWR6jWTij85vvCntxHS/ -HdknaTJ50E7XGVzwBJpCyV4Y2VXuW/3KrCNTqXw+jTmEw0vlcshfDg/vb3IxsUSK -5KuHalKq/nUIc+F4QCJOl+A10goGdIfYC1/67QIDAQABAoIBAAOP+qoFWtCTZH22 -hq9PWVb8u0+yY1lFxhPyDdaZueUiu1r/coUCdv996Z+TEJgBr0AzdzVpsLtbbaKr -ujnwoNOdc/vvISPTfKN8P4zUcrcXgZd4z7VhR+vUH/0652q8m/ZDdHorMy2IOP8Z -cAk9DQ2PmA4TRm+tkX0G5KO8vWLsK921aRMWdsKJyQ0lYxl7M8JWupFsCJFr/U+8 -dAVtwnUiS7RnhBABZ1cfNTHYhXVAh4d+a9y/gZ00a66OGqPxiXfhjjDUZ6fGvWKN -FlhKWEg6YqIx/H4aNXkLI5Rzzhdx/c2ukNm7+X2veRcAW7bcTwk8wxJxciEP5pBi -1el9VE0CgYEA/lbzdE2M4yRBvTfYYC6BqZcn+BqtrAUc2h3fEy+p7lwlet0af1id -gWpYpOJyLc0AUfR616/m2y3PwEH/nMKDSTuU7o/qKNtlHW0nQcnhDCjTUydS3+J/ -JM3dhfgVqi03rjqNcgHA2eOEwcu/OBZtiaC0wqKbuRZRtfGffyoO3ssCgYEAz2iw -wqu/NkA+MdQIxz/a3Is7gGwoFu6h7O+XU2uN8Y2++jSBw9AzzWj31YCvyjuJPAE+ -gxHm6yOnNoLVn423NtibHejhabzHNIK6UImH99bSTKabsxfF2BX6v982BimU1jwc -bYykzws37oN/poPb5FTpEiAUrsd2bAMn/1S43icCgYEAulHkY0z0aumCpyUkA8HO -BvjOtPiGRcAxFLBRXPLL3+vtIQachLHcIJRRf+jLkDXfiCo7W4pm6iWzTbqLkMEG -AD3/qowPFAM1Hct6uL01efzmYsIp+g0o60NMhvnolRQu+Bm4yM30AyqjdHzYBjSX -5fyuru8EeSCal1j8aOHcpuUCgYEAhGhDH6Pg59NPYSQJjpm3MMA59hwV473n5Yh2 -xKyO6zwgRT6r8MPDrkhqnwQONT6Yt5PbwnT1Q/t4zhXsJnWkFwFk1U1MSeJYEa+7 -HZsPECs2CfT6xPRSO0ac00y+AmUdPT8WruDwfbSdukh8f2MCR9vlBsswKPvxH7dM -G3aMplUCgYEAmMFgB/6Ox4OsQPPC6g4G+Ezytkc4iVkMEcjiVWzEsYATITjq3weO -/XDGBYJoBhYwWPi9oBufFc/2pNtWy1FKKXPuVyXQATdA0mfEPbtsHjMFQNZbeKnm -0na/SysSDCK3P+9ijlbjqLjMmPEmhJxGWTJ7khnTTkfre7/w9ZxJxi8= ------END RSA PRIVATE KEY-----""" - pwdata = b"""\ -V\x80+b\xca\x06M\xb6\x12\xc6\xe8\xf2\xb5\xbb\xd8m\xc0\x97\x9a\xeb\xb9q\x19\xc3\ -\xcdi\xb84\x90\xaf\x12kT\xe2@u\xd6\xe8T\x89\xa3\xc7\xb2Y\xd1N\x00\xa9\xc0"\xbe\ -\xed\xb1\xc3\xb7^\xbf\xbd\x8b\x13\xd3/L\x1b\xa1`\xe2\xea\x03\x98\x82\xf3uS&|\ -\xe5\xd8J\xce\xfc\x97\x8d\x0b\x949\xc0\xbd^\xef\xc6\xfd\xce\xbb\x1e\xd0"(m\xe1\ -\x95\xfb\xc8/\x07\x93\xb8\xda\x8f\x99\xfe\xdc\xd5\xcb\xdb\xb2\xf11M\xdbD\xcf\ -\x95\x13p\r\xa4\x1c{\xd5\xdb\xc7\xe5\xaf\x95F\x97\xa9\x00p~\xb5\xec\xa4.\xd0\ -\xa4\xb4\xf4f\xcds,Y/\xa1:WF\xb8\xc7\x07\xaa\x0b<\'~\x1b$D9\xd4\x8d\xf0x\xc5\ -\xee\xa8:\xe6\x00\x10\xc5i\x11\xc7]C8\x05l\x8b\x9b\xc3\x83e\xf7y\xadi:0\xb4R\ -\x1a(\x04&yL8\x19s\n\x11\x81\xfd?\xfb2\x80Ll\xa1\xdc\xc9\xb6P\xca\x8d\'\x11\xc1\ -\x07\xa5\xa1\x058\xc7\xce\xbeb\x92\xbf\x0bL\xec\xdf\xc3M\x83\xfb$\xec\xd5\xf9\ -""" - self.assertEqual("1234", salt.crypt.pwdata_decrypt(key_string, pwdata))