[arch-commits] Commit in python-docker-py/trunk (PKGBUILD backports.patch)
Felix Yan
fyan at archlinux.org
Sat Apr 30 05:13:03 UTC 2016
Date: Saturday, April 30, 2016 @ 07:13:02
Author: fyan
Revision: 173030
upgpkg: python-docker-py 1.8.1-1
Modified:
python-docker-py/trunk/PKGBUILD
Deleted:
python-docker-py/trunk/backports.patch
-----------------+
PKGBUILD | 12 ---
backports.patch | 214 ------------------------------------------------------
2 files changed, 3 insertions(+), 223 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-04-30 05:08:32 UTC (rev 173029)
+++ PKGBUILD 2016-04-30 05:13:02 UTC (rev 173030)
@@ -5,7 +5,7 @@
# Contributor: Josh VanderLinden <arch at cloudlery.com>
pkgname=(python-docker-py python2-docker-py)
-pkgver=1.8.0
+pkgver=1.8.1
pkgrel=1
pkgdesc="Python client for Docker."
arch=('any')
@@ -16,16 +16,10 @@
'python2-backports.ssl_match_hostname' 'python2-ipaddress')
checkdepends=('python-pytest-cov' 'python2-pytest-cov' 'python-mock' 'python2-mock' 'docker'
'flake8' 'python2-flake8')
-source=("git+https://github.com/docker/docker-py.git#tag=$pkgver"
- backports.patch)
-sha256sums=('SKIP'
- '0bbf17354fa7e7089180577271f552ea08c6b262fd0ca732626085c0bde7a3e0')
+source=("git+https://github.com/docker/docker-py.git#tag=$pkgver")
+sha256sums=('SKIP')
prepare() {
- # Use match_hostname from backports.ssl_match_hostname, as the required py2-ipaddress module conflicts with python2-ipaddress
- # https://github.com/docker/docker-py/pull/1029
- (cd docker-py; patch -p1 -i ../backports.patch)
-
sed -i 's/==.*$//' docker-py/{,test-}requirements.txt
cp -a docker-py{,-py2}
Deleted: backports.patch
===================================================================
--- backports.patch 2016-04-30 05:08:32 UTC (rev 173029)
+++ backports.patch 2016-04-30 05:13:02 UTC (rev 173030)
@@ -1,214 +0,0 @@
-From 9da54931355c5ac7146e1f2b137a12cbbb190cfa Mon Sep 17 00:00:00 2001
-From: Felix Yan <felixonmars at archlinux.org>
-Date: Fri, 8 Apr 2016 00:20:42 +0800
-Subject: [PATCH] Use backports.ssl_match_hostname
-
-The py2-ipaddress module unfortunately conflicts with the pypi:ipaddress module, which is in the dependency tree of widely used pyOpenSSL. I think it would be a good idea to use a well maintained backport of the Python 3.5 implementation of match_hostname() instead of duplicating the effort and maintain another.
-
-All tests are passing here.
-
-Signed-off-by: Felix Yan <felixonmars at archlinux.org>
----
- docker/ssladapter/ssl_match_hostname.py | 130 --------------------------------
- docker/ssladapter/ssladapter.py | 2 +-
- requirements.txt | 2 +-
- setup.py | 2 +-
- tests/unit/ssladapter_test.py | 12 ++-
- 5 files changed, 12 insertions(+), 136 deletions(-)
- delete mode 100644 docker/ssladapter/ssl_match_hostname.py
-
-diff --git a/docker/ssladapter/ssl_match_hostname.py b/docker/ssladapter/ssl_match_hostname.py
-deleted file mode 100644
-index 9de0c5f..0000000
---- a/docker/ssladapter/ssl_match_hostname.py
-+++ /dev/null
-@@ -1,130 +0,0 @@
--# Slightly modified version of match_hostname in python's ssl library
--# https://hg.python.org/cpython/file/tip/Lib/ssl.py
--# Changed to make code python 2.x compatible (unicode strings for ip_address
--# and 3.5-specific var assignment syntax)
--
--import ipaddress
--import re
--
--try:
-- from ssl import CertificateError
--except ImportError:
-- CertificateError = ValueError
--
--import six
--
--
--def _ipaddress_match(ipname, host_ip):
-- """Exact matching of IP addresses.
--
-- RFC 6125 explicitly doesn't define an algorithm for this
-- (section 1.7.2 - "Out of Scope").
-- """
-- # OpenSSL may add a trailing newline to a subjectAltName's IP address
-- ip = ipaddress.ip_address(six.text_type(ipname.rstrip()))
-- return ip == host_ip
--
--
--def _dnsname_match(dn, hostname, max_wildcards=1):
-- """Matching according to RFC 6125, section 6.4.3
--
-- http://tools.ietf.org/html/rfc6125#section-6.4.3
-- """
-- pats = []
-- if not dn:
-- return False
--
-- split_dn = dn.split(r'.')
-- leftmost, remainder = split_dn[0], split_dn[1:]
--
-- wildcards = leftmost.count('*')
-- if wildcards > max_wildcards:
-- # Issue #17980: avoid denials of service by refusing more
-- # than one wildcard per fragment. A survey of established
-- # policy among SSL implementations showed it to be a
-- # reasonable choice.
-- raise CertificateError(
-- "too many wildcards in certificate DNS name: " + repr(dn))
--
-- # speed up common case w/o wildcards
-- if not wildcards:
-- return dn.lower() == hostname.lower()
--
-- # RFC 6125, section 6.4.3, subitem 1.
-- # The client SHOULD NOT attempt to match a presented identifier in which
-- # the wildcard character comprises a label other than the left-most label.
-- if leftmost == '*':
-- # When '*' is a fragment by itself, it matches a non-empty dotless
-- # fragment.
-- pats.append('[^.]+')
-- elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
-- # RFC 6125, section 6.4.3, subitem 3.
-- # The client SHOULD NOT attempt to match a presented identifier
-- # where the wildcard character is embedded within an A-label or
-- # U-label of an internationalized domain name.
-- pats.append(re.escape(leftmost))
-- else:
-- # Otherwise, '*' matches any dotless string, e.g. www*
-- pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
--
-- # add the remaining fragments, ignore any wildcards
-- for frag in remainder:
-- pats.append(re.escape(frag))
--
-- pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
-- return pat.match(hostname)
--
--
--def match_hostname(cert, hostname):
-- """Verify that *cert* (in decoded format as returned by
-- SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
-- rules are followed, but IP addresses are not accepted for *hostname*.
--
-- CertificateError is raised on failure. On success, the function
-- returns nothing.
-- """
-- if not cert:
-- raise ValueError("empty or no certificate, match_hostname needs a "
-- "SSL socket or SSL context with either "
-- "CERT_OPTIONAL or CERT_REQUIRED")
-- try:
-- host_ip = ipaddress.ip_address(six.text_type(hostname))
-- except ValueError:
-- # Not an IP address (common case)
-- host_ip = None
-- dnsnames = []
-- san = cert.get('subjectAltName', ())
-- for key, value in san:
-- if key == 'DNS':
-- if host_ip is None and _dnsname_match(value, hostname):
-- return
-- dnsnames.append(value)
-- elif key == 'IP Address':
-- if host_ip is not None and _ipaddress_match(value, host_ip):
-- return
-- dnsnames.append(value)
-- if not dnsnames:
-- # The subject is only checked when there is no dNSName entry
-- # in subjectAltName
-- for sub in cert.get('subject', ()):
-- for key, value in sub:
-- # XXX according to RFC 2818, the most specific Common Name
-- # must be used.
-- if key == 'commonName':
-- if _dnsname_match(value, hostname):
-- return
-- dnsnames.append(value)
-- if len(dnsnames) > 1:
-- raise CertificateError(
-- "hostname %r doesn't match either of %s"
-- % (hostname, ', '.join(map(repr, dnsnames))))
-- elif len(dnsnames) == 1:
-- raise CertificateError(
-- "hostname %r doesn't match %r"
-- % (hostname, dnsnames[0])
-- )
-- else:
-- raise CertificateError(
-- "no appropriate commonName or "
-- "subjectAltName fields were found"
-- )
-diff --git a/docker/ssladapter/ssladapter.py b/docker/ssladapter/ssladapter.py
-index 179510c..e17dfad 100644
---- a/docker/ssladapter/ssladapter.py
-+++ b/docker/ssladapter/ssladapter.py
-@@ -18,7 +18,7 @@
- # Monkey-patching match_hostname with a version that supports
- # IP-address checking. Not necessary for Python 3.5 and above
- if sys.version_info[0] < 3 or sys.version_info[1] < 5:
-- from .ssl_match_hostname import match_hostname
-+ from backports.ssl_match_hostname import match_hostname
- urllib3.connection.match_hostname = match_hostname
-
-
-diff --git a/requirements.txt b/requirements.txt
-index c340f17..8161e2b 100644
---- a/requirements.txt
-+++ b/requirements.txt
-@@ -1,4 +1,4 @@
- requests==2.5.3
- six>=1.4.0
- websocket-client==0.32.0
--py2-ipaddress==3.4.1 ; python_version < '3.2'
-\ No newline at end of file
-+backports.ssl_match_hostname>=3.5 ; python_version < '3.5'
-\ No newline at end of file
-diff --git a/setup.py b/setup.py
-index 0329ba3..2be705d 100644
---- a/setup.py
-+++ b/setup.py
-@@ -13,7 +13,7 @@
- ]
-
- extras_require = {
-- ':python_version < "3"': 'py2-ipaddress >= 3.4.1',
-+ ':python_version < "3.5"': 'backports.ssl_match_hostname >= 3.5',
- }
-
- exec(open('docker/version.py').read())
-diff --git a/tests/unit/ssladapter_test.py b/tests/unit/ssladapter_test.py
-index fa9c77a..2ad1cad 100644
---- a/tests/unit/ssladapter_test.py
-+++ b/tests/unit/ssladapter_test.py
-@@ -1,7 +1,13 @@
- from docker.ssladapter import ssladapter
--from docker.ssladapter.ssl_match_hostname import (
-- match_hostname, CertificateError
--)
-+
-+try:
-+ from backports.ssl_match_hostname import (
-+ match_hostname, CertificateError
-+ )
-+except ImportError:
-+ from ssl import (
-+ match_hostname, CertificateError
-+ )
-
- try:
- from ssl import OP_NO_SSLv3, OP_NO_SSLv2, OP_NO_TLSv1
More information about the arch-commits
mailing list