[arch-commits] Commit in python-pg8000/trunk (PKGBUILD scram.diff)
Chih-Hsuan Yen
yan12125 at archlinux.org
Tue Feb 9 09:52:45 UTC 2021
Date: Tuesday, February 9, 2021 @ 09:52:45
Author: yan12125
Revision: 850896
upgpkg: python-pg8000 1.17.0-2; rework on check() and backport a fix for SCRAM authentication
Added:
python-pg8000/trunk/scram.diff
Modified:
python-pg8000/trunk/PKGBUILD
------------+
PKGBUILD | 51 ++++++++++++++++++++++++++++++++++++++-------------
scram.diff | 13 +++++++++++++
2 files changed, 51 insertions(+), 13 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-02-09 09:51:40 UTC (rev 850895)
+++ PKGBUILD 2021-02-09 09:52:45 UTC (rev 850896)
@@ -3,7 +3,7 @@
pkgname=python-pg8000
pkgver=1.17.0
-pkgrel=1
+pkgrel=2
pkgdesc="Pure-Python PostgreSQL database driver, DB-API compatible"
arch=(any)
url='https://github.com/tlocke/pg8000'
@@ -10,13 +10,13 @@
license=(BSD)
makedepends=(python-setuptools)
checkdepends=(python-pytest python-pytest-mock python-pytest-benchmark
- python-pytz pifpaf postgresql)
+ python-pytz postgresql)
depends=(python python-scramp)
source=("https://files.pythonhosted.org/packages/source/p/pg8000/pg8000-$pkgver.tar.gz"{,.asc}
- pghost-unix-sock.patch::https://github.com/tlocke/pg8000/pull/64.patch)
+ scram.diff)
sha256sums=('14198c5afeb289106e40ee6e5e4c0529c5369939f6ca588a028b371a75fe20dd'
'SKIP'
- '0a851dbbc0f8d0116795eb0d875e9178659bdf7c6964bff8b26c6b014c37e9c9')
+ '71cccb7b33863dc94f93251b8f7cbff93e9505e120e7b9213c4ede2feb4a8e1c')
validpgpkeys=(
'D5681B7EC7292511C4CC1450892B00AB699851E8' # Tony Locke <tlocke at tlocke.org.uk>, proven by https://keybase.io/tlocke
)
@@ -28,7 +28,8 @@
sed --in-place=.orig -r 's#,?<[0-9.]+,?##;s#==([0-9.]+)#>=\1#' setup.py
diff -u setup.py{.orig,} || true
- patch -Np1 -i ../pghost-unix-sock.patch
+ # Partial backport of https://github.com/tlocke/pg8000/commit/18eee18f7525bf3026339d206790d4d5843cf055
+ patch -Np1 -i ../scram.diff
}
build() {
@@ -38,15 +39,39 @@
check() {
cd pg8000-$pkgver
- # GSS tests: need custom pg_hba.conf, while pifpaf does not support it yet
- # SSL tests: need TCP connections [1][2], while pifpaf uses unix domain sockets
- # [1] https://github.com/postgres/postgres/blob/REL_13_1/src/backend/postmaster/postmaster.c#L2027
- # [2] https://www.postgresql.org/message-id/flat/200801041713.22341.peter_e%40gmx.net
- PYTHONPATH="$PWD" pifpaf run postgresql -- bash -c "
- psql -c \"CREATE ROLE postgres WITH LOGIN SUPERUSER PASSWORD 'pw';\"
- psql -c \"create extension hstore;\"
- pytest test -k 'not testGss and not test_gss and not testSsl and not test_ssl'
+
+ export PGDATA="$srcdir/postgres-testdata"
+ export PGHOST=127.0.0.1
+ export PGPORT=$((49152+$RANDOM%10000))
+
+ # See https://github.com/tlocke/pg8000#tests about database initialization steps for testing
+ initdb --username=postgres --auth=trust
+ openssl req -subj "/CN=self-signed" -nodes -x509 -newkey rsa:4096 -days 1 -keyout "$PGDATA/self-signed.key" -out "$PGDATA/self-signed.crt"
+ cat <<EOF >> "$PGDATA/postgresql.conf"
+ssl = on
+ssl_cert_file = 'self-signed.crt'
+ssl_key_file = 'self-signed.key'
+password_encryption = 'scram-sha-256'
+EOF
+
+ pg_ctl start -o "-k '' -h $PGHOST -p $PGPORT" -l "$srcdir/postgresql.log"
+ # Change the password for postgres after password_encryption is specified, so that the role has a valid SCRAM secret
+ psql -U postgres -c "
+ CREATE EXTENSION hstore;
+ ALTER ROLE postgres PASSWORD 'pw';
"
+
+ # should overwrite pg_hba.conf, or unexpected matches may happen against existing entries
+ cat <<EOF > "$PGDATA/pg_hba.conf"
+host pg8000_md5 all 127.0.0.1/32 md5
+host pg8000_gss all 127.0.0.1/32 gss
+host pg8000_password all 127.0.0.1/32 password
+host pg8000_scram_sha_256 all 127.0.0.1/32 scram-sha-256
+host all all 127.0.0.1/32 trust
+EOF
+ pg_ctl reload
+ PYTHONPATH="$PWD" pytest test
+ pg_ctl stop
}
package() {
Added: scram.diff
===================================================================
--- scram.diff (rev 0)
+++ scram.diff 2021-02-09 09:52:45 UTC (rev 850896)
@@ -0,0 +1,13 @@
+diff --git a/pg8000/core.py b/pg8000/core.py
+index 8c4c512..8c544b1 100644
+--- a/pg8000/core.py
++++ b/pg8000/core.py
+@@ -492,7 +492,7 @@ class CoreConnection():
+ elif auth_code == 10:
+ # AuthenticationSASL
+ mechanisms = [
+- m.decode('ascii') for m in data[4:-1].split(NULL_BYTE)]
++ m.decode('ascii') for m in data[4:-2].split(NULL_BYTE)]
+
+ self.auth = ScramClient(
+ mechanisms, self.user.decode('utf8'),
More information about the arch-commits
mailing list