From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CD9D415806E for ; Fri, 26 May 2023 04:26:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E159EE0856; Fri, 26 May 2023 04:26:35 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C6E59E0856 for ; Fri, 26 May 2023 04:26:35 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0FC2333BEE8 for ; Fri, 26 May 2023 04:26:35 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 72ED3A73 for ; Fri, 26 May 2023 04:26:33 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1685075189.580240beb0451c74ebde79904f3bec0b7f907287.mgorny@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-python/paramiko/, dev-python/paramiko/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-python/paramiko/Manifest dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch dev-python/paramiko/paramiko-3.2.0.ebuild X-VCS-Directories: dev-python/paramiko/ dev-python/paramiko/files/ X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: 580240beb0451c74ebde79904f3bec0b7f907287 X-VCS-Branch: master Date: Fri, 26 May 2023 04:26:33 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 2239dc0f-b0be-4279-afb6-e0e8c095ba2c X-Archives-Hash: 0b5614208db28517129e51f398062c24 commit: 580240beb0451c74ebde79904f3bec0b7f907287 Author: Michał Górny gentoo org> AuthorDate: Fri May 26 04:19:15 2023 +0000 Commit: Michał Górny gentoo org> CommitDate: Fri May 26 04:26:29 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=580240be dev-python/paramiko: Bump to 3.2.0 Signed-off-by: Michał Górny gentoo.org> dev-python/paramiko/Manifest | 1 + .../files/paramiko-3.2.0-disable-server.patch | 58 +++++++++ .../files/paramiko-3.2.0-nih-test-deps.patch | 134 +++++++++++++++++++++ dev-python/paramiko/paramiko-3.2.0.ebuild | 57 +++++++++ 4 files changed, 250 insertions(+) diff --git a/dev-python/paramiko/Manifest b/dev-python/paramiko/Manifest index e8f8b589c1eb..1b3bc344a812 100644 --- a/dev-python/paramiko/Manifest +++ b/dev-python/paramiko/Manifest @@ -1 +1,2 @@ DIST paramiko-3.1.0.gh.tar.gz 351910 BLAKE2B 7350626f3a8e54d8950085cbd8253f5564355abb4db7c65113c0df22674e3df0081da7299cfad779f1fcf9569b01720b6ab5dc2bde32c4a71500e79910caf4c8 SHA512 1a556a5b7a6ebc72a0c61b59f326a95c9f2784d74fdc1a171455867ba7b4b07a15741e168747b5a3a225685ad069e2d58021f54dadf7feb00f8acf65b0c07d51 +DIST paramiko-3.2.0.gh.tar.gz 374709 BLAKE2B 80ec5678a51dc8a0eadd28228ae70a8912fb9a4be1807f5f65a925dd2252fd43ebba6f63b350b62ff7545d9ed0db6e4a78710fb73cff332e6d1ed996b0f1a7d9 SHA512 1d87a19284cef73a76eb7402d0492eb35d4a0588becd2f67ba19fe1498d6c10927127617398de11184d4865c8ce0f3e0c48194d50ef546414a17cf6faff3c39d diff --git a/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch b/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch new file mode 100644 index 000000000000..942f5161ee6f --- /dev/null +++ b/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch @@ -0,0 +1,58 @@ +From a47e9bdc80224c9ceafcea6da5cea1539ddfbd4d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= +Date: Fri, 26 May 2023 06:05:13 +0200 +Subject: [PATCH 3/3] Disable server component due to security issues + +--- + paramiko/transport.py | 4 ++++ + tests/conftest.py | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/paramiko/transport.py b/paramiko/transport.py +index 8785d6bb..803d07d1 100644 +--- a/paramiko/transport.py ++++ b/paramiko/transport.py +@@ -120,6 +120,8 @@ from paramiko.util import ( + ) + + ++SERVER_DISABLED_BY_GENTOO = True ++ + # for thread cleanup + _active_threads = [] + +@@ -768,6 +770,8 @@ class Transport(threading.Thread, ClosingContextManager): + `.SSHException` -- if negotiation fails (and no ``event`` was + passed in) + """ ++ if SERVER_DISABLED_BY_GENTOO: ++ raise Exception("Disabled by Gentoo for security reasons. Enable with 'server' USE flag") + if server is None: + server = ServerInterface() + self.server_mode = True +diff --git a/tests/conftest.py b/tests/conftest.py +index 7546aae4..804a289e 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -16,6 +16,7 @@ from paramiko import ( + Ed25519Key, + ECDSAKey, + PKey, ++ transport, + ) + + from ._loop import LoopSocket +@@ -23,6 +24,10 @@ from ._stub_sftp import StubServer, StubSFTPServer + from ._util import _support + + ++# We need the server component for testing ++transport.SERVER_DISABLED_BY_GENTOO = False ++ ++ + # Perform logging by default; pytest will capture and thus hide it normally, + # presenting it on error/failure. (But also allow turning it off when doing + # very pinpoint debugging - e.g. using breakpoints, so you don't want output +-- +2.40.1 + diff --git a/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch b/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch new file mode 100644 index 000000000000..84fb618dffb8 --- /dev/null +++ b/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch @@ -0,0 +1,134 @@ +From 33c56a44f425bb5c4bf63759fbe85cfee06ab087 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= +Date: Tue, 17 May 2022 07:26:36 +0200 +Subject: [PATCH 1/3] Replace pytest-relaxed with plain pytest.raises + +There is really no technical reason to bring pytest-relaxed to call +@raises as a decorator while plain pytest works just fine. Plus, +pytest.raises() is used in test_sftp already. + +pytest-relaxed causes humongous breakage to other packages +on the system. It has been banned from Gentoo for this reason. +--- + tests/test_client.py | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/tests/test_client.py b/tests/test_client.py +index 1c0c6c84..c12cbe9a 100644 +--- a/tests/test_client.py ++++ b/tests/test_client.py +@@ -33,7 +33,6 @@ import weakref + from tempfile import mkstemp + + import pytest +-from pytest_relaxed import raises + from unittest.mock import patch, Mock + + import paramiko +@@ -799,11 +798,11 @@ class PasswordPassphraseTests(ClientTest): + + # TODO: more granular exception pending #387; should be signaling "no auth + # methods available" because no key and no password +- @raises(SSHException) + @requires_sha1_signing + def test_passphrase_kwarg_not_used_for_password_auth(self): +- # Using the "right" password in the "wrong" field shouldn't work. +- self._test_connection(passphrase="pygmalion") ++ with pytest.raises(SSHException): ++ # Using the "right" password in the "wrong" field shouldn't work. ++ self._test_connection(passphrase="pygmalion") + + @requires_sha1_signing + def test_passphrase_kwarg_used_for_key_passphrase(self): +@@ -823,15 +822,15 @@ class PasswordPassphraseTests(ClientTest): + password="television", + ) + +- @raises(AuthenticationException) # TODO: more granular + @requires_sha1_signing + def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given( # noqa + self, + ): + # Sanity: if we're given both fields, the password field is NOT used as + # a passphrase. +- self._test_connection( +- key_filename=_support("test_rsa_password.key"), +- password="television", +- passphrase="wat? lol no", +- ) ++ with pytest.raises(AuthenticationException): ++ self._test_connection( ++ key_filename=_support("test_rsa_password.key"), ++ password="television", ++ passphrase="wat? lol no", ++ ) +-- +2.40.1 + +From a75bdc46a6eb72a0b0e80eeafad2e2a2536a9bd8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= +Date: Sat, 21 Jan 2023 06:56:09 +0100 +Subject: [PATCH 2/3] Remove icecream dep + +--- + tests/conftest.py | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index 12b97283..7546aae4 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -22,13 +22,6 @@ from ._loop import LoopSocket + from ._stub_sftp import StubServer, StubSFTPServer + from ._util import _support + +-from icecream import ic, install as install_ic +- +- +-# Better print() for debugging - use ic()! +-install_ic() +-ic.configureOutput(includeContext=True) +- + + # Perform logging by default; pytest will capture and thus hide it normally, + # presenting it on error/failure. (But also allow turning it off when doing +-- +2.40.1 + +From a4f96f21450942398b46f2b5f125b89297f3f3f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= +Date: Fri, 26 May 2023 06:18:25 +0200 +Subject: [PATCH] Remove pointless use of Lexicon vendored from invoke with + class + +--- + tests/conftest.py | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index 7546aae4..45362de8 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -4,8 +4,6 @@ import shutil + import threading + from pathlib import Path + +-from invoke.vendor.lexicon import Lexicon +- + import pytest + from paramiko import ( + SFTPServer, +@@ -132,6 +130,10 @@ for datum in key_data: + datum.insert(0, short) + + ++class Lexicon: ++ pass ++ ++ + @pytest.fixture(scope="session", params=key_data, ids=lambda x: x[0]) + def keys(request): + """ +-- +2.40.1 + diff --git a/dev-python/paramiko/paramiko-3.2.0.ebuild b/dev-python/paramiko/paramiko-3.2.0.ebuild new file mode 100644 index 000000000000..74945454d841 --- /dev/null +++ b/dev-python/paramiko/paramiko-3.2.0.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..11} ) +PYTHON_REQ_USE="threads(+)" + +inherit distutils-r1 + +DESCRIPTION="SSH2 protocol library" +HOMEPAGE=" + https://www.paramiko.org/ + https://github.com/paramiko/paramiko/ + https://pypi.org/project/paramiko/ +" +SRC_URI=" + https://github.com/paramiko/paramiko/archive/${PV}.tar.gz + -> ${P}.gh.tar.gz +" + +LICENSE="LGPL-2.1" +SLOT="0" +# the release is broken +# https://github.com/paramiko/paramiko/issues/2245 +KEYWORDS="" +IUSE="examples server" + +RDEPEND=" + >=dev-python/bcrypt-3.1.3[${PYTHON_USEDEP}] + >=dev-python/cryptography-2.5[${PYTHON_USEDEP}] + >=dev-python/pynacl-1.0.1[${PYTHON_USEDEP}] + >=dev-python/pyasn1-0.1.7[${PYTHON_USEDEP}] +" + +distutils_enable_tests pytest + +src_prepare() { + local PATCHES=( + "${FILESDIR}/${PN}-3.2.0-nih-test-deps.patch" + ) + + if ! use server; then + PATCHES+=( "${FILESDIR}/${PN}-3.2.0-disable-server.patch" ) + fi + distutils-r1_src_prepare +} + +python_install_all() { + distutils-r1_python_install_all + + if use examples; then + docinto examples + dodoc -r demos/* + fi +}