Retire Packaging Deb project repos
This commit is part of a series to retire the Packaging Deb project. Step 2 is to remove all content from the project repos, replacing it with a README notification where to find ongoing work, and how to recover the repo if needed at some future point (as in https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project). Change-Id: I4fc8c78684b734165c30e7ff570d6dc7c696aae8
This commit is contained in:
parent
69ddb16dac
commit
7f3aabd571
|
@ -1,5 +0,0 @@
|
|||
*.egg*
|
||||
*.pyc
|
||||
.tox
|
||||
.testrepository/
|
||||
releasenotes/build
|
|
@ -1,4 +0,0 @@
|
|||
[gerrit]
|
||||
host=review.openstack.org
|
||||
port=29418
|
||||
project=openstack/cursive.git
|
|
@ -1,9 +0,0 @@
|
|||
[DEFAULT]
|
||||
test_command=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \
|
||||
OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \
|
||||
OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-160} \
|
||||
${PYTHON:-python} -m subunit.run discover -t ./ ${OS_TEST_PATH:-./cursive/tests} $LISTOPT $IDOPTION
|
||||
|
||||
test_id_option=--load-list $IDFILE
|
||||
test_list_option=--list
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
If you would like to contribute to the development of OpenStack, you must
|
||||
follow the steps in this page:
|
||||
|
||||
http://docs.openstack.org/infra/manual/developers.html
|
||||
|
||||
If you already have a good understanding of how the system works and your
|
||||
OpenStack accounts are set up, you can skip to the development workflow
|
||||
section of this documentation to learn how changes to OpenStack should be
|
||||
submitted for review via the Gerrit tool:
|
||||
|
||||
http://docs.openstack.org/infra/manual/developers.html#development-workflow
|
||||
|
||||
Pull requests submitted through GitHub will be ignored.
|
||||
|
||||
Bugs should be filed on Launchpad, not GitHub:
|
||||
|
||||
https://bugs.launchpad.net/cursive
|
|
@ -1,9 +0,0 @@
|
|||
cursive Style Commandments
|
||||
===============================================
|
||||
|
||||
Read the OpenStack Style Commandments http://docs.openstack.org/developer/hacking/
|
||||
|
||||
cursive Specific Commandments
|
||||
-----------------------------
|
||||
|
||||
- Copyright notices for organizations should not be included.
|
176
LICENSE
176
LICENSE
|
@ -1,176 +0,0 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
include AUTHORS
|
||||
include ChangeLog
|
||||
exclude .gitignore
|
||||
exclude .gitreview
|
||||
|
||||
global-exclude *.pyc
|
|
@ -0,0 +1,14 @@
|
|||
This project is no longer maintained.
|
||||
|
||||
The contents of this repository are still available in the Git
|
||||
source code management system. To see the contents of this
|
||||
repository before it reached its end of life, please check out the
|
||||
previous commit with "git checkout HEAD^1".
|
||||
|
||||
For ongoing work on maintaining OpenStack packages in the Debian
|
||||
distribution, please see the Debian OpenStack packaging team at
|
||||
https://wiki.debian.org/OpenStack/.
|
||||
|
||||
For any further questions, please email
|
||||
openstack-dev@lists.openstack.org or join #openstack-dev on
|
||||
Freenode.
|
19
README.rst
19
README.rst
|
@ -1,19 +0,0 @@
|
|||
===============================
|
||||
cursive
|
||||
===============================
|
||||
|
||||
Cursive implements OpenStack-specific validation of digital signatures.
|
||||
|
||||
As OpenStack continues to mature, robust security controls become increasingly
|
||||
critical. The cursive project contains code extracted from various OpenStack
|
||||
projects for verifying digital signatures. Additional capabilities will be
|
||||
added to this project in support of various security features.
|
||||
|
||||
* Free software: Apache license
|
||||
* Source: http://git.openstack.org/cgit/openstack/cursive
|
||||
* Bugs: http://bugs.launchpad.net/cursive
|
||||
|
||||
Features
|
||||
--------
|
||||
|
||||
* TODO
|
|
@ -1,19 +0,0 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import pbr.version
|
||||
|
||||
|
||||
__version__ = pbr.version.VersionInfo(
|
||||
'cursive').version_string()
|
|
@ -1,52 +0,0 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""Cursive base exception handling"""
|
||||
|
||||
from cursive.i18n import _
|
||||
|
||||
|
||||
class CursiveException(Exception):
|
||||
"""Base Cursive Exception
|
||||
|
||||
To correctly use this class, inherit from it and define
|
||||
a 'msg_fmt' property. That msg_fmt will get printf'd
|
||||
with the keyword arguments provided to the constructor.
|
||||
|
||||
"""
|
||||
msg_fmt = _("An unknown exception occurred.")
|
||||
headers = {}
|
||||
safe = False
|
||||
|
||||
def __init__(self, message=None, **kwargs):
|
||||
self.kwargs = kwargs
|
||||
|
||||
if not message:
|
||||
try:
|
||||
message = self.msg_fmt % kwargs
|
||||
|
||||
except Exception:
|
||||
# at least get the core message out if something happened
|
||||
message = self.msg_fmt
|
||||
|
||||
self.message = message
|
||||
super(CursiveException, self).__init__(message)
|
||||
|
||||
def format_message(self):
|
||||
# NOTE(dane-fichter): use the first argument to the python Exception
|
||||
# object which should be our full CursiveException message
|
||||
return self.args[0]
|
||||
|
||||
|
||||
class SignatureVerificationError(CursiveException):
|
||||
msg_fmt = _("Signature verification for the image "
|
||||
"failed: %(reason)s.")
|
|
@ -1,36 +0,0 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""oslo.i18n integration module.
|
||||
|
||||
See http://docs.openstack.org/developer/oslo.i18n/usage.html .
|
||||
|
||||
"""
|
||||
|
||||
import oslo_i18n
|
||||
|
||||
DOMAIN = 'cursive'
|
||||
|
||||
_translators = oslo_i18n.TranslatorFactory(domain=DOMAIN)
|
||||
|
||||
# The primary translation function using the well-known name "_"
|
||||
_ = _translators.primary
|
||||
|
||||
# Translators for log levels.
|
||||
#
|
||||
# The abbreviated names are meant to reflect the usual use of a short
|
||||
# name like '_'. The "L" is for "log" and the other letter comes from
|
||||
# the level.
|
||||
_LI = _translators.log_info
|
||||
_LW = _translators.log_warning
|
||||
_LE = _translators.log_error
|
||||
_LC = _translators.log_critical
|
|
@ -1,363 +0,0 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""Support signature verification."""
|
||||
|
||||
import binascii
|
||||
|
||||
from castellan.common.exception import KeyManagerError
|
||||
from castellan import key_manager
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.asymmetric import dsa
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from cryptography.hazmat.primitives.asymmetric import padding
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography import x509
|
||||
from oslo_log import log as logging
|
||||
from oslo_serialization import base64
|
||||
from oslo_utils import encodeutils
|
||||
from oslo_utils import timeutils
|
||||
|
||||
from cursive import exception
|
||||
from cursive.i18n import _, _LE
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
HASH_METHODS = {
|
||||
'SHA-224': hashes.SHA224(),
|
||||
'SHA-256': hashes.SHA256(),
|
||||
'SHA-384': hashes.SHA384(),
|
||||
'SHA-512': hashes.SHA512(),
|
||||
}
|
||||
|
||||
# Currently supported signature key types
|
||||
# RSA Options
|
||||
RSA_PSS = 'RSA-PSS'
|
||||
# DSA Options
|
||||
DSA = 'DSA'
|
||||
|
||||
# ECC curves -- note that only those with key sizes >=384 are included
|
||||
# Note also that some of these may not be supported by the cryptography backend
|
||||
ECC_CURVES = (
|
||||
ec.SECT571K1(),
|
||||
ec.SECT409K1(),
|
||||
ec.SECT571R1(),
|
||||
ec.SECT409R1(),
|
||||
ec.SECP521R1(),
|
||||
ec.SECP384R1(),
|
||||
)
|
||||
|
||||
# These are the currently supported certificate formats
|
||||
X_509 = 'X.509'
|
||||
|
||||
CERTIFICATE_FORMATS = {
|
||||
X_509,
|
||||
}
|
||||
|
||||
# These are the currently supported MGF formats, used for RSA-PSS signatures
|
||||
MASK_GEN_ALGORITHMS = {
|
||||
'MGF1': padding.MGF1,
|
||||
}
|
||||
|
||||
# Required image property names
|
||||
(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
|
||||
'img_signature',
|
||||
'img_signature_hash_method',
|
||||
'img_signature_key_type',
|
||||
'img_signature_certificate_uuid'
|
||||
)
|
||||
|
||||
|
||||
class SignatureKeyType(object):
|
||||
|
||||
_REGISTERED_TYPES = {}
|
||||
|
||||
def __init__(self, name, public_key_type, create_verifier):
|
||||
self.name = name
|
||||
self.public_key_type = public_key_type
|
||||
self.create_verifier = create_verifier
|
||||
|
||||
@classmethod
|
||||
def register(cls, name, public_key_type, create_verifier):
|
||||
"""Register a signature key type.
|
||||
|
||||
:param name: the name of the signature key type
|
||||
:param public_key_type: e.g. RSAPublicKey, DSAPublicKey, etc.
|
||||
:param create_verifier: a function to create a verifier for this type
|
||||
"""
|
||||
cls._REGISTERED_TYPES[name] = cls(name,
|
||||
public_key_type,
|
||||
create_verifier)
|
||||
|
||||
@classmethod
|
||||
def lookup(cls, name):
|
||||
"""Look up the signature key type.
|
||||
|
||||
:param name: the name of the signature key type
|
||||
:returns: the SignatureKeyType object
|
||||
:raises: SignatureVerificationError if signature key type is invalid
|
||||
"""
|
||||
if name not in cls._REGISTERED_TYPES:
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Invalid signature key type: %s') % name)
|
||||
return cls._REGISTERED_TYPES[name]
|
||||
|
||||
|
||||
# each key type will require its own verifier
|
||||
def create_verifier_for_pss(signature, hash_method, public_key):
|
||||
"""Create the verifier to use when the key type is RSA-PSS.
|
||||
|
||||
:param signature: the decoded signature to use
|
||||
:param hash_method: the hash method to use, as a cryptography object
|
||||
:param public_key: the public key to use, as a cryptography object
|
||||
:raises: SignatureVerificationError if the RSA-PSS specific properties
|
||||
are invalid
|
||||
:returns: the verifier to use to verify the signature for RSA-PSS
|
||||
"""
|
||||
# default to MGF1
|
||||
mgf = padding.MGF1(hash_method)
|
||||
|
||||
# default to max salt length
|
||||
salt_length = padding.PSS.MAX_LENGTH
|
||||
|
||||
# return the verifier
|
||||
return public_key.verifier(
|
||||
signature,
|
||||
padding.PSS(mgf=mgf, salt_length=salt_length),
|
||||
hash_method
|
||||
)
|
||||
|
||||
|
||||
def create_verifier_for_ecc(signature, hash_method, public_key):
|
||||
"""Create the verifier to use when the key type is ECC_*.
|
||||
|
||||
:param signature: the decoded signature to use
|
||||
:param hash_method: the hash method to use, as a cryptography object
|
||||
:param public_key: the public key to use, as a cryptography object
|
||||
:returns: the verifier to use to verify the signature for ECC_*.
|
||||
"""
|
||||
# return the verifier
|
||||
return public_key.verifier(
|
||||
signature,
|
||||
ec.ECDSA(hash_method)
|
||||
)
|
||||
|
||||
|
||||
def create_verifier_for_dsa(signature, hash_method, public_key):
|
||||
"""Create the verifier to use when the key type is DSA
|
||||
|
||||
:param signature: the decoded signature to use
|
||||
:param hash_method: the hash method to use, as a cryptography object
|
||||
:param public_key: the public key to use, as a cryptography object
|
||||
:returns: the verifier to use to verify the signature for DSA
|
||||
"""
|
||||
# return the verifier
|
||||
return public_key.verifier(
|
||||
signature,
|
||||
hash_method
|
||||
)
|
||||
|
||||
|
||||
SignatureKeyType.register(RSA_PSS, rsa.RSAPublicKey, create_verifier_for_pss)
|
||||
SignatureKeyType.register(DSA, dsa.DSAPublicKey, create_verifier_for_dsa)
|
||||
|
||||
# Register the elliptic curves which are supported by the backend
|
||||
for curve in ECC_CURVES:
|
||||
if default_backend().elliptic_curve_supported(curve):
|
||||
SignatureKeyType.register('ECC_' + curve.name.upper(),
|
||||
ec.EllipticCurvePublicKey,
|
||||
create_verifier_for_ecc)
|
||||
|
||||
|
||||
def should_create_verifier(image_properties):
|
||||
"""Determine whether a verifier should be created.
|
||||
|
||||
Using the image properties, determine whether existing properties indicate
|
||||
that signature verification should be done.
|
||||
|
||||
:param image_properties: the key-value properties about the image
|
||||
:return: True, if signature metadata properties exist, False otherwise
|
||||
"""
|
||||
return (image_properties is not None and
|
||||
CERT_UUID in image_properties and
|
||||
HASH_METHOD in image_properties and
|
||||
SIGNATURE in image_properties and
|
||||
KEY_TYPE in image_properties)
|
||||
|
||||
|
||||
def get_verifier(context, img_signature_certificate_uuid,
|
||||
img_signature_hash_method, img_signature,
|
||||
img_signature_key_type):
|
||||
"""Instantiate signature properties and use them to create a verifier.
|
||||
|
||||
:param context: the user context for authentication
|
||||
:param img_signature_certificate_uuid:
|
||||
uuid of signing certificate stored in key manager
|
||||
:param img_signature_hash_method:
|
||||
string denoting hash method used to compute signature
|
||||
:param img_signature: string of base64 encoding of signature
|
||||
:param img_signature_key_type:
|
||||
string denoting type of keypair used to compute signature
|
||||
:returns: instance of
|
||||
cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext
|
||||
:raises: SignatureVerificationError if we fail to build the verifier
|
||||
"""
|
||||
image_meta_props = {'img_signature_uuid': img_signature_certificate_uuid,
|
||||
'img_signature_hash_method': img_signature_hash_method,
|
||||
'img_signature': img_signature,
|
||||
'img_signature_key_type': img_signature_key_type}
|
||||
for key in image_meta_props.keys():
|
||||
if image_meta_props[key] is None:
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Required image properties for signature verification'
|
||||
' do not exist. Cannot verify signature. Missing'
|
||||
' property: %s') % key)
|
||||
|
||||
signature = get_signature(img_signature)
|
||||
hash_method = get_hash_method(img_signature_hash_method)
|
||||
signature_key_type = SignatureKeyType.lookup(img_signature_key_type)
|
||||
public_key = get_public_key(context,
|
||||
img_signature_certificate_uuid,
|
||||
signature_key_type)
|
||||
|
||||
# create the verifier based on the signature key type
|
||||
verifier = signature_key_type.create_verifier(signature,
|
||||
hash_method,
|
||||
public_key)
|
||||
if verifier:
|
||||
return verifier
|
||||
else:
|
||||
# Error creating the verifier
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Error occurred while creating the verifier'))
|
||||
|
||||
|
||||
def get_signature(signature_data):
|
||||
"""Decode the signature data and returns the signature.
|
||||
|
||||
:param signature_data: the base64-encoded signature data
|
||||
:returns: the decoded signature
|
||||
:raises: SignatureVerificationError if the signature data is malformatted
|
||||
"""
|
||||
try:
|
||||
signature = base64.decode_as_bytes(signature_data)
|
||||
except (TypeError, binascii.Error):
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('The signature data was not properly '
|
||||
'encoded using base64'))
|
||||
|
||||
return signature
|
||||
|
||||
|
||||
def get_hash_method(hash_method_name):
|
||||
"""Verify the hash method name and create the hash method.
|
||||
|
||||
:param hash_method_name: the name of the hash method to retrieve
|
||||
:returns: the hash method, a cryptography object
|
||||
:raises: SignatureVerificationError if the hash method name is invalid
|
||||
"""
|
||||
if hash_method_name not in HASH_METHODS:
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Invalid signature hash method: %s') % hash_method_name)
|
||||
|
||||
return HASH_METHODS[hash_method_name]
|
||||
|
||||
|
||||
def get_public_key(context, signature_certificate_uuid, signature_key_type):
|
||||
"""Create the public key object from a retrieved certificate.
|
||||
|
||||
:param context: the user context for authentication
|
||||
:param signature_certificate_uuid: the uuid to use to retrieve the
|
||||
certificate
|
||||
:param signature_key_type: a SignatureKeyType object
|
||||
:returns: the public key cryptography object
|
||||
:raises: SignatureVerificationError if public key format is invalid
|
||||
"""
|
||||
certificate = get_certificate(context, signature_certificate_uuid)
|
||||
|
||||
# Note that this public key could either be
|
||||
# RSAPublicKey, DSAPublicKey, or EllipticCurvePublicKey
|
||||
public_key = certificate.public_key()
|
||||
|
||||
# Confirm the type is of the type expected based on the signature key type
|
||||
if not isinstance(public_key, signature_key_type.public_key_type):
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Invalid public key type for signature key type: %s')
|
||||
% signature_key_type.name)
|
||||
|
||||
return public_key
|
||||
|
||||
|
||||
def get_certificate(context, signature_certificate_uuid):
|
||||
"""Create the certificate object from the retrieved certificate data.
|
||||
|
||||
:param context: the user context for authentication
|
||||
:param signature_certificate_uuid: the uuid to use to retrieve the
|
||||
certificate
|
||||
:returns: the certificate cryptography object
|
||||
:raises: SignatureVerificationError if the retrieval fails or the format
|
||||
is invalid
|
||||
"""
|
||||
keymgr_api = key_manager.API()
|
||||
|
||||
try:
|
||||
# The certificate retrieved here is a castellan certificate object
|
||||
cert = keymgr_api.get(context, signature_certificate_uuid)
|
||||
except KeyManagerError as e:
|
||||
# The problem encountered may be backend-specific, since castellan
|
||||
# can use different backends. Rather than importing all possible
|
||||
# backends here, the generic "Exception" is used.
|
||||
msg = (_LE("Unable to retrieve certificate with ID %(id)s: %(e)s")
|
||||
% {'id': signature_certificate_uuid,
|
||||
'e': encodeutils.exception_to_unicode(e)})
|
||||
LOG.error(msg)
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Unable to retrieve certificate with ID: %s')
|
||||
% signature_certificate_uuid)
|
||||
|
||||
if cert.format not in CERTIFICATE_FORMATS:
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Invalid certificate format: %s') % cert.format)
|
||||
|
||||
if cert.format == X_509:
|
||||
# castellan always encodes certificates in DER format
|
||||
cert_data = cert.get_encoded()
|
||||
certificate = x509.load_der_x509_certificate(cert_data,
|
||||
default_backend())
|
||||
|
||||
# verify the certificate
|
||||
verify_certificate(certificate)
|
||||
|
||||
return certificate
|
||||
|
||||
|
||||
def verify_certificate(certificate):
|
||||
"""Verify that the certificate has not expired.
|
||||
|
||||
:param certificate: the cryptography certificate object
|
||||
:raises: SignatureVerificationError if the certificate valid time range
|
||||
does not include now
|
||||
"""
|
||||
# Get now in UTC, since certificate returns times in UTC
|
||||
now = timeutils.utcnow()
|
||||
|
||||
# Confirm the certificate valid time range includes now
|
||||
if now < certificate.not_valid_before:
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Certificate is not valid before: %s UTC')
|
||||
% certificate.not_valid_before)
|
||||
elif now > certificate.not_valid_after:
|
||||
raise exception.SignatureVerificationError(
|
||||
reason=_('Certificate is not valid after: %s UTC')
|
||||
% certificate.not_valid_after)
|
|
@ -1,22 +0,0 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright 2010-2011 OpenStack Foundation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslotest import base
|
||||
|
||||
|
||||
class TestCase(base.BaseTestCase):
|
||||
|
||||
"""Test case base class for all unit tests."""
|
|
@ -1,19 +0,0 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""
|
||||
:mod:`cursive.tests.unit` -- Cursive Unittests
|
||||
=====================================================
|
||||
|
||||
.. automodule:: cursive.tests.unit
|
||||
:platform: Unix
|
||||
"""
|
|
@ -1,380 +0,0 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import base64
|
||||
import datetime
|
||||
|
||||
from castellan.common.exception import KeyManagerError
|
||||
import cryptography.exceptions as crypto_exceptions
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.asymmetric import dsa
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from cryptography.hazmat.primitives.asymmetric import padding
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
import mock
|
||||
from oslo_utils import timeutils
|
||||
|
||||
from cursive import exception
|
||||
from cursive import signature_utils
|
||||
from cursive.tests import base
|
||||
|
||||
TEST_RSA_PRIVATE_KEY = rsa.generate_private_key(public_exponent=3,
|
||||
key_size=1024,
|
||||
backend=default_backend())
|
||||
|
||||
# secp521r1 is assumed to be available on all supported platforms
|
||||
TEST_ECC_PRIVATE_KEY = ec.generate_private_key(ec.SECP521R1(),
|
||||
default_backend())
|
||||
|
||||
TEST_DSA_PRIVATE_KEY = dsa.generate_private_key(key_size=3072,
|
||||
backend=default_backend())
|
||||
|
||||
# Required image property names
|
||||
(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
|
||||
signature_utils.SIGNATURE,
|
||||
signature_utils.HASH_METHOD,
|
||||
signature_utils.KEY_TYPE,
|
||||
signature_utils.CERT_UUID
|
||||
)
|
||||
|
||||
|
||||
class FakeKeyManager(object):
|
||||
|
||||
def __init__(self):
|
||||
self.certs = {'invalid_format_cert':
|
||||
FakeCastellanCertificate('A' * 256, 'BLAH'),
|
||||
'valid_format_cert':
|
||||
FakeCastellanCertificate('A' * 256, 'X.509')}
|
||||
|
||||
def get(self, context, cert_uuid):
|
||||
cert = self.certs.get(cert_uuid)
|
||||
|
||||
if cert is None:
|
||||
raise KeyManagerError("No matching certificate found.")
|
||||
|
||||
return cert
|
||||
|
||||
|
||||
class FakeCastellanCertificate(object):
|
||||
|
||||
def __init__(self, data, cert_format):
|
||||
self.data = data
|
||||
self.cert_format = cert_format
|
||||
|
||||
@property
|
||||
def format(self):
|
||||
return self.cert_format
|
||||
|
||||
def get_encoded(self):
|
||||
return self.data
|
||||
|
||||
|
||||
class FakeCryptoCertificate(object):
|
||||
|
||||
def __init__(self, pub_key=TEST_RSA_PRIVATE_KEY.public_key(),
|
||||
not_valid_before=(timeutils.utcnow() -
|
||||
datetime.timedelta(hours=1)),
|
||||
not_valid_after=(timeutils.utcnow() +
|
||||
datetime.timedelta(hours=2))):
|
||||
self.pub_key = pub_key
|
||||
self.cert_not_valid_before = not_valid_before
|
||||
self.cert_not_valid_after = not_valid_after
|
||||
|
||||
def public_key(self):
|
||||
return self.pub_key
|
||||
|
||||
@property
|
||||
def not_valid_before(self):
|
||||
return self.cert_not_valid_before
|
||||
|
||||
@property
|
||||
def not_valid_after(self):
|
||||
return self.cert_not_valid_after
|
||||
|
||||
|
||||
class BadPublicKey(object):
|
||||
|
||||
def verifier(self, signature, padding, hash_method):
|
||||
return None
|
||||
|
||||
|
||||
class TestSignatureUtils(base.TestCase):
|
||||
"""Test methods of signature_utils"""
|
||||
|
||||
def test_should_create_verifier(self):
|
||||
image_props = {CERT_UUID: 'CERT_UUID',
|
||||
HASH_METHOD: 'HASH_METHOD',
|
||||
SIGNATURE: 'SIGNATURE',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'}
|
||||
self.assertTrue(signature_utils.should_create_verifier(image_props))
|
||||
|
||||
def test_should_create_verifier_fail(self):
|
||||
bad_image_properties = [{CERT_UUID: 'CERT_UUID',
|
||||
HASH_METHOD: 'HASH_METHOD',
|
||||
SIGNATURE: 'SIGNATURE'},
|
||||
{CERT_UUID: 'CERT_UUID',
|
||||
HASH_METHOD: 'HASH_METHOD',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'},
|
||||
{CERT_UUID: 'CERT_UUID',
|
||||
SIGNATURE: 'SIGNATURE',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'},
|
||||
{HASH_METHOD: 'HASH_METHOD',
|
||||
SIGNATURE: 'SIGNATURE',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'}]
|
||||
|
||||
for bad_props in bad_image_properties:
|
||||
result = signature_utils.should_create_verifier(bad_props)
|
||||
self.assertFalse(result)
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_public_key')
|
||||
def test_verify_signature_PSS(self, mock_get_pub_key):
|
||||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||
mock_get_pub_key.return_value = TEST_RSA_PRIVATE_KEY.public_key()
|
||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||
signer = TEST_RSA_PRIVATE_KEY.signer(
|
||||
padding.PSS(
|
||||
mgf=padding.MGF1(hash_alg),
|
||||
salt_length=padding.PSS.MAX_LENGTH
|
||||
),
|
||||
hash_alg
|
||||
)
|
||||
signer.update(data)
|
||||
signature = base64.b64encode(signer.finalize())
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
||||
hash_name, signature,
|
||||
signature_utils.RSA_PSS)
|
||||
verifier.update(data)
|
||||
verifier.verify()
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_public_key')
|
||||
def test_verify_signature_ECC(self, mock_get_pub_key):
|
||||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||
# test every ECC curve
|
||||
for curve in signature_utils.ECC_CURVES:
|
||||
key_type_name = 'ECC_' + curve.name.upper()
|
||||
try:
|
||||
signature_utils.SignatureKeyType.lookup(key_type_name)
|
||||
except exception.SignatureVerificationError:
|
||||
import warnings
|
||||
warnings.warn("ECC curve '%s' not supported" % curve.name)
|
||||
continue
|
||||
|
||||
# Create a private key to use
|
||||
private_key = ec.generate_private_key(curve,
|
||||
default_backend())
|
||||
mock_get_pub_key.return_value = private_key.public_key()
|
||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||
signer = private_key.signer(
|
||||
ec.ECDSA(hash_alg)
|
||||
)
|
||||
signer.update(data)
|
||||
signature = base64.b64encode(signer.finalize())
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
verifier = signature_utils.get_verifier(None,
|
||||
img_sig_cert_uuid,
|
||||
hash_name, signature,
|
||||
key_type_name)
|
||||
verifier.update(data)
|
||||
verifier.verify()
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_public_key')
|
||||
def test_verify_signature_DSA(self, mock_get_pub_key):
|
||||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||
mock_get_pub_key.return_value = TEST_DSA_PRIVATE_KEY.public_key()
|
||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||
signer = TEST_DSA_PRIVATE_KEY.signer(
|
||||
hash_alg
|
||||
)
|
||||
signer.update(data)
|
||||
signature = base64.b64encode(signer.finalize())
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
||||
hash_name, signature,
|
||||
signature_utils.DSA)
|
||||
verifier.update(data)
|
||||
verifier.verify()
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_public_key')
|
||||
def test_verify_signature_bad_signature(self, mock_get_pub_key):
|
||||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||
mock_get_pub_key.return_value = TEST_RSA_PRIVATE_KEY.public_key()
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
||||
'SHA-256', 'BLAH',
|
||||
signature_utils.RSA_PSS)
|
||||
verifier.update(data)
|
||||
self.assertRaises(crypto_exceptions.InvalidSignature,
|
||||
verifier.verify)
|
||||
|
||||
def test_get_verifier_invalid_image_props(self):
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Required image properties for signature'
|
||||
' verification do not exist. Cannot verify'
|
||||
' signature. Missing property: .*',
|
||||
signature_utils.get_verifier,
|
||||
None, None, 'SHA-256', 'BLAH',
|
||||
signature_utils.RSA_PSS)
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_public_key')
|
||||
def test_verify_signature_bad_sig_key_type(self, mock_get_pub_key):
|
||||
mock_get_pub_key.return_value = TEST_RSA_PRIVATE_KEY.public_key()
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Invalid signature key type: .*',
|
||||
signature_utils.get_verifier,
|
||||
None, img_sig_cert_uuid, 'SHA-256',
|
||||
'BLAH', 'BLAH')
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_public_key')
|
||||
def test_get_verifier_none(self, mock_get_pub_key):
|
||||
mock_get_pub_key.return_value = BadPublicKey()
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Error occurred while creating'
|
||||
' the verifier',
|
||||
signature_utils.get_verifier,
|
||||
None, img_sig_cert_uuid, 'SHA-256',
|
||||
'BLAH', signature_utils.RSA_PSS)
|
||||
|
||||
def test_get_signature(self):
|
||||
signature = b'A' * 256
|
||||
data = base64.b64encode(signature)
|
||||
self.assertEqual(signature,
|
||||
signature_utils.get_signature(data))
|
||||
|
||||
def test_get_signature_fail(self):
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'The signature data was not properly'
|
||||
' encoded using base64',
|
||||
signature_utils.get_signature, '///')
|
||||
|
||||
def test_get_hash_method(self):
|
||||
hash_dict = signature_utils.HASH_METHODS
|
||||
for hash_name in hash_dict.keys():
|
||||
hash_class = signature_utils.get_hash_method(hash_name).__class__
|
||||
self.assertIsInstance(hash_dict[hash_name], hash_class)
|
||||
|
||||
def test_get_hash_method_fail(self):
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Invalid signature hash method: .*',
|
||||
signature_utils.get_hash_method, 'SHA-2')
|
||||
|
||||
def test_signature_key_type_lookup(self):
|
||||
for sig_format in [signature_utils.RSA_PSS, signature_utils.DSA]:
|
||||
sig_key_type = signature_utils.SignatureKeyType.lookup(sig_format)
|
||||
self.assertIsInstance(sig_key_type,
|
||||
signature_utils.SignatureKeyType)
|
||||
self.assertEqual(sig_format, sig_key_type.name)
|
||||
|
||||
def test_signature_key_type_lookup_fail(self):
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Invalid signature key type: .*',
|
||||
signature_utils.SignatureKeyType.lookup,
|
||||
'RSB-PSS')
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_certificate')
|
||||
def test_get_public_key_rsa(self, mock_get_cert):
|
||||
fake_cert = FakeCryptoCertificate()
|
||||
mock_get_cert.return_value = fake_cert
|
||||
sig_key_type = signature_utils.SignatureKeyType.lookup(
|
||||
signature_utils.RSA_PSS
|
||||
)
|
||||
result_pub_key = signature_utils.get_public_key(None, None,
|
||||
sig_key_type)
|
||||
self.assertEqual(fake_cert.public_key(), result_pub_key)
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_certificate')
|
||||
def test_get_public_key_ecc(self, mock_get_cert):
|
||||
fake_cert = FakeCryptoCertificate(TEST_ECC_PRIVATE_KEY.public_key())
|
||||
mock_get_cert.return_value = fake_cert
|
||||
sig_key_type = signature_utils.SignatureKeyType.lookup('ECC_SECP521R1')
|
||||
result_pub_key = signature_utils.get_public_key(None, None,
|
||||
sig_key_type)
|
||||
self.assertEqual(fake_cert.public_key(), result_pub_key)
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_certificate')
|
||||
def test_get_public_key_dsa(self, mock_get_cert):
|
||||
fake_cert = FakeCryptoCertificate(TEST_DSA_PRIVATE_KEY.public_key())
|
||||
mock_get_cert.return_value = fake_cert
|
||||
sig_key_type = signature_utils.SignatureKeyType.lookup(
|
||||
signature_utils.DSA
|
||||
)
|
||||
result_pub_key = signature_utils.get_public_key(None, None,
|
||||
sig_key_type)
|
||||
self.assertEqual(fake_cert.public_key(), result_pub_key)
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_certificate')
|
||||
def test_get_public_key_invalid_key(self, mock_get_certificate):
|
||||
bad_pub_key = 'A' * 256
|
||||
mock_get_certificate.return_value = FakeCryptoCertificate(bad_pub_key)
|
||||
sig_key_type = signature_utils.SignatureKeyType.lookup(
|
||||
signature_utils.RSA_PSS
|
||||
)
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Invalid public key type for '
|
||||
'signature key type: .*',
|
||||
signature_utils.get_public_key, None,
|
||||
None, sig_key_type)
|
||||
|
||||
@mock.patch('cryptography.x509.load_der_x509_certificate')
|
||||
@mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
|
||||
def test_get_certificate(self, mock_key_manager_API, mock_load_cert):
|
||||
cert_uuid = 'valid_format_cert'
|
||||
x509_cert = FakeCryptoCertificate()
|
||||
mock_load_cert.return_value = x509_cert
|
||||
self.assertEqual(x509_cert,
|
||||
signature_utils.get_certificate(None, cert_uuid))
|
||||
|
||||
@mock.patch('cryptography.x509.load_der_x509_certificate')
|
||||
@mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
|
||||
def test_get_expired_certificate(self, mock_key_manager_API,
|
||||
mock_load_cert):
|
||||
cert_uuid = 'valid_format_cert'
|
||||
x509_cert = FakeCryptoCertificate(
|
||||
not_valid_after=timeutils.utcnow() -
|
||||
datetime.timedelta(hours=1))
|
||||
mock_load_cert.return_value = x509_cert
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Certificate is not valid after: .*',
|
||||
signature_utils.get_certificate, None,
|
||||
cert_uuid)
|
||||
|
||||
@mock.patch('cryptography.x509.load_der_x509_certificate')
|
||||
@mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
|
||||
def test_get_not_yet_valid_certificate(self, mock_key_manager_API,
|
||||
mock_load_cert):
|
||||
cert_uuid = 'valid_format_cert'
|
||||
x509_cert = FakeCryptoCertificate(
|
||||
not_valid_before=timeutils.utcnow() +
|
||||
datetime.timedelta(hours=1))
|
||||
mock_load_cert.return_value = x509_cert
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Certificate is not valid before: .*',
|
||||
signature_utils.get_certificate, None,
|
||||
cert_uuid)
|
||||
|
||||
@mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
|
||||
def test_get_certificate_key_manager_fail(self, mock_key_manager_API):
|
||||
bad_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0695'
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Unable to retrieve certificate with ID: .*',
|
||||
signature_utils.get_certificate, None,
|
||||
bad_cert_uuid)
|
||||
|
||||
@mock.patch('castellan.key_manager.API', return_value=FakeKeyManager())
|
||||
def test_get_certificate_invalid_format(self, mock_API):
|
||||
cert_uuid = 'invalid_format_cert'
|
||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||
'Invalid certificate format: .*',
|
||||
signature_utils.get_certificate, None,
|
||||
cert_uuid)
|
|
@ -1,75 +0,0 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import os
|
||||
import sys
|
||||
|
||||
sys.path.insert(0, os.path.abspath('../..'))
|
||||
# -- General configuration ----------------------------------------------------
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be
|
||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
|
||||
extensions = [
|
||||
'sphinx.ext.autodoc',
|
||||
#'sphinx.ext.intersphinx',
|
||||
'oslosphinx'
|
||||
]
|
||||
|
||||
# autodoc generation is a bit aggressive and a nuisance when doing heavy
|
||||
# text edit cycles.
|
||||
# execute "export SPHINX_DEBUG=1" in your terminal to disable
|
||||
|
||||
# The suffix of source filenames.
|
||||
source_suffix = '.rst'
|
||||
|
||||
# The master toctree document.
|
||||
master_doc = 'index'
|
||||
|
||||
# General information about the project.
|
||||
project = u'cursive'
|
||||
copyright = u'2016, OpenStack Foundation'
|
||||
|
||||
# If true, '()' will be appended to :func: etc. cross-reference text.
|
||||
add_function_parentheses = True
|
||||
|
||||
# If true, the current module name will be prepended to all description
|
||||
# unit titles (such as .. function::).
|
||||
add_module_names = True
|
||||
|
||||
# The name of the Pygments (syntax highlighting) style to use.
|
||||
pygments_style = 'sphinx'
|
||||
|
||||
# -- Options for HTML output --------------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. Major themes that come with
|
||||
# Sphinx are currently 'default' and 'sphinxdoc'.
|
||||
# html_theme_path = ["."]
|
||||
# html_theme = '_theme'
|
||||
# html_static_path = ['static']
|
||||
|
||||
# Output file base name for HTML help builder.
|
||||
htmlhelp_basename = '%sdoc' % project
|
||||
|
||||
# Grouping the document tree into LaTeX files. List of tuples
|
||||
# (source start file, target name, title, author, documentclass
|
||||
# [howto/manual]).
|
||||
latex_documents = [
|
||||
('index',
|
||||
'%s.tex' % project,
|
||||
u'%s Documentation' % project,
|
||||
u'OpenStack Foundation', 'manual'),
|
||||
]
|
||||
|
||||
# Example configuration for intersphinx: refer to the Python standard library.
|
||||
#intersphinx_mapping = {'http://docs.python.org/': None}
|
|
@ -1,4 +0,0 @@
|
|||
============
|
||||
Contributing
|
||||
============
|
||||
.. include:: ../../CONTRIBUTING.rst
|
|
@ -1,25 +0,0 @@
|
|||
.. cursive documentation master file, created by
|
||||
sphinx-quickstart on Tue Jul 9 22:26:36 2013.
|
||||
You can adapt this file completely to your liking, but it should at least
|
||||
contain the root `toctree` directive.
|
||||
|
||||
Welcome to cursive's documentation!
|
||||
========================================================
|
||||
|
||||
Contents:
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
||||
readme
|
||||
installation
|
||||
usage
|
||||
contributing
|
||||
|
||||
Indices and tables
|
||||
==================
|
||||
|
||||
* :ref:`genindex`
|
||||
* :ref:`modindex`
|
||||
* :ref:`search`
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
============
|
||||
Installation
|
||||
============
|
||||
|
||||
At the command line::
|
||||
|
||||
$ pip install cursive
|
||||
|
||||
Or, if you have virtualenvwrapper installed::
|
||||
|
||||
$ mkvirtualenv cursive
|
||||
$ pip install cursive
|
|
@ -1 +0,0 @@
|
|||
.. include:: ../../README.rst
|
|
@ -1,7 +0,0 @@
|
|||
========
|
||||
Usage
|
||||
========
|
||||
|
||||
To use cursive in a project::
|
||||
|
||||
import cursive
|
|
@ -1,273 +0,0 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Cursive Release Notes documentation build configuration file, created by
|
||||
# sphinx-quickstart on Tue Nov 3 17:40:50 2015.
|
||||
#
|
||||
# This file is execfile()d with the current directory set to its
|
||||
# containing dir.
|
||||
#
|
||||
# Note that not all possible configuration values are present in this
|
||||
# autogenerated file.
|
||||
#
|
||||
# All configuration values have a default; values that are commented out
|
||||
# serve to show the default.
|
||||
|
||||
# If extensions (or modules to document with autodoc) are in another directory,
|
||||
# add these directories to sys.path here. If the directory is relative to the
|
||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||
# sys.path.insert(0, os.path.abspath('.'))
|
||||
|
||||
# -- General configuration ------------------------------------------------
|
||||
|
||||
# If your documentation needs a minimal Sphinx version, state it here.
|
||||
# needs_sphinx = '1.0'
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be
|
||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
|
||||
# ones.
|
||||
extensions = [
|
||||
'oslosphinx',
|
||||
'reno.sphinxext',
|
||||
]
|
||||
|
||||
# Add any paths that contain templates here, relative to this directory.
|
||||
templates_path = ['_templates']
|
||||
|
||||
# The suffix of source filenames.
|
||||
source_suffix = '.rst'
|
||||
|
||||
# The encoding of source files.
|
||||
# source_encoding = 'utf-8-sig'
|
||||
|
||||
# The master toctree document.
|
||||
master_doc = 'index'
|
||||
|
||||
# General information about the project.
|
||||
project = u'cursive Release Notes'
|
||||
copyright = u'2016, OpenStack Foundation'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
# |version| and |release|, also used in various other places throughout the
|
||||
# built documents.
|
||||
#
|
||||
# The short X.Y version.
|
||||
# The full version, including alpha/beta/rc tags.
|
||||
release = ''
|
||||
# The short X.Y version.
|
||||
version = ''
|
||||
|
||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||
# for a list of supported languages.
|
||||
# language = None
|
||||
|
||||
# There are two options for replacing |today|: either, you set today to some
|
||||
# non-false value, then it is used:
|
||||
# today = ''
|
||||
# Else, today_fmt is used as the format for a strftime call.
|
||||
# today_fmt = '%B %d, %Y'
|
||||
|
||||
# List of patterns, relative to source directory, that match files and
|
||||
# directories to ignore when looking for source files.
|
||||
exclude_patterns = []
|
||||
|
||||
# The reST default role (used for this markup: `text`) to use for all
|
||||
# documents.
|
||||
# default_role = None
|
||||
|
||||
# If true, '()' will be appended to :func: etc. cross-reference text.
|
||||
# add_function_parentheses = True
|
||||
|
||||
# If true, the current module name will be prepended to all description
|
||||
# unit titles (such as .. function::).
|
||||
# add_module_names = True
|
||||
|
||||
# If true, sectionauthor and moduleauthor directives will be shown in the
|
||||
# output. They are ignored by default.
|
||||
# show_authors = False
|
||||
|
||||
# The name of the Pygments (syntax highlighting) style to use.
|
||||
pygments_style = 'sphinx'
|
||||
|
||||
# A list of ignored prefixes for module index sorting.
|
||||
# modindex_common_prefix = []
|
||||
|
||||
# If true, keep warnings as "system message" paragraphs in the built documents.
|
||||
# keep_warnings = False
|
||||
|
||||
|
||||
# -- Options for HTML output ----------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||
# a list of builtin themes.
|
||||
html_theme = 'default'
|
||||
|
||||
# Theme options are theme-specific and customize the look and feel of a theme
|
||||
# further. For a list of options available for each theme, see the
|
||||
# documentation.
|
||||
# html_theme_options = {}
|
||||
|
||||
# Add any paths that contain custom themes here, relative to this directory.
|
||||
# html_theme_path = []
|
||||
|
||||
# The name for this set of Sphinx documents. If None, it defaults to
|
||||
# "<project> v<release> documentation".
|
||||
# html_title = None
|
||||
|
||||
# A shorter title for the navigation bar. Default is the same as html_title.
|
||||
# html_short_title = None
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top
|
||||
# of the sidebar.
|
||||
# html_logo = None
|
||||
|
||||
# The name of an image file (within the static path) to use as favicon of the
|
||||
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
|
||||
# pixels large.
|
||||
# html_favicon = None
|
||||
|
||||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
html_static_path = ['_static']
|
||||
|
||||
# Add any extra paths that contain custom files (such as robots.txt or
|
||||
# .htaccess) here, relative to this directory. These files are copied
|
||||
# directly to the root of the documentation.
|
||||
# html_extra_path = []
|
||||
|
||||
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||
# using the given strftime format.
|
||||
# html_last_updated_fmt = '%b %d, %Y'
|
||||
|
||||
# If true, SmartyPants will be used to convert quotes and dashes to
|
||||
# typographically correct entities.
|
||||
# html_use_smartypants = True
|
||||
|
||||
# Custom sidebar templates, maps document names to template names.
|
||||
# html_sidebars = {}
|
||||
|
||||
# Additional templates that should be rendered to pages, maps page names to
|
||||
# template names.
|
||||
# html_additional_pages = {}
|
||||
|
||||
# If false, no module index is generated.
|
||||
# html_domain_indices = True
|
||||
|
||||
# If false, no index is generated.
|
||||
# html_use_index = True
|
||||
|
||||
# If true, the index is split into individual pages for each letter.
|
||||
# html_split_index = False
|
||||
|
||||
# If true, links to the reST sources are added to the pages.
|
||||
# html_show_sourcelink = True
|
||||
|
||||
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
|
||||
# html_show_sphinx = True
|
||||
|
||||
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
|
||||
# html_show_copyright = True
|
||||
|
||||
# If true, an OpenSearch description file will be output, and all pages will
|
||||
# contain a <link> tag referring to it. The value of this option must be the
|
||||
# base URL from which the finished HTML is served.
|
||||
# html_use_opensearch = ''
|
||||
|
||||
# This is the file name suffix for HTML files (e.g. ".xhtml").
|
||||
# html_file_suffix = None
|
||||
|
||||
# Output file base name for HTML help builder.
|
||||
htmlhelp_basename = 'CursiveReleaseNotesdoc'
|
||||
|
||||
|
||||
# -- Options for LaTeX output ---------------------------------------------
|
||||
|
||||
latex_elements = {
|
||||
# The paper size ('letterpaper' or 'a4paper').
|
||||
# 'papersize': 'letterpaper',
|
||||
|
||||
# The font size ('10pt', '11pt' or '12pt').
|
||||
# 'pointsize': '10pt',
|
||||
|
||||
# Additional stuff for the LaTeX preamble.
|
||||
# 'preamble': '',
|
||||
}
|
||||
|
||||
# Grouping the document tree into LaTeX files. List of tuples
|
||||
# (source start file, target name, title,
|
||||
# author, documentclass [howto, manual, or own class]).
|
||||
latex_documents = [
|
||||
('index', 'CursiveReleaseNotes.tex',
|
||||
u'Cursive Release Notes Documentation',
|
||||
u'Cursive Developers', 'manual'),
|
||||
]
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top of
|
||||
# the title page.
|
||||
# latex_logo = None
|
||||
|
||||
# For "manual" documents, if this is true, then toplevel headings are parts,
|
||||
# not chapters.
|
||||
# latex_use_parts = False
|
||||
|
||||
# If true, show page references after internal links.
|
||||
# latex_show_pagerefs = False
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
# latex_show_urls = False
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
# latex_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
# latex_domain_indices = True
|
||||
|
||||
|
||||
# -- Options for manual page output ---------------------------------------
|
||||
|
||||
# One entry per manual page. List of tuples
|
||||
# (source start file, name, description, authors, manual section).
|
||||
man_pages = [
|
||||
('index', 'cursivereleasenotes', u'Cursive Release Notes Documentation',
|
||||
[u'Cursive Developers'], 1)
|
||||
]
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
# man_show_urls = False
|
||||
|
||||
|
||||
# -- Options for Texinfo output -------------------------------------------
|
||||
|
||||
# Grouping the document tree into Texinfo files. List of tuples
|
||||
# (source start file, target name, title, author,
|
||||
# dir menu entry, description, category)
|
||||
texinfo_documents = [
|
||||
('index', 'CursiveReleaseNotes', u'Cursive Release Notes Documentation',
|
||||
u'Cursive Developers', 'CursiveReleaseNotes',
|
||||
'One line description of project.',
|
||||
'Miscellaneous'),
|
||||
]
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
# texinfo_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
# texinfo_domain_indices = True
|
||||
|
||||
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||
# texinfo_show_urls = 'footnote'
|
||||
|
||||
# If true, do not generate a @detailmenu in the "Top" node's menu.
|
||||
# texinfo_no_detailmenu = False
|
|
@ -1,8 +0,0 @@
|
|||
============================================
|
||||
cursive Release Notes
|
||||
============================================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
unreleased
|
|
@ -1,5 +0,0 @@
|
|||
==============================
|
||||
Current Series Release Notes
|
||||
==============================
|
||||
|
||||
.. release-notes::
|
|
@ -1,13 +0,0 @@
|
|||
# The order of packages is significant, because pip processes them in the order
|
||||
# of appearance. Changing the order has an impact on the overall integration
|
||||
# process, which may cause wedges in the gate later.
|
||||
|
||||
pbr>=1.6 # Apache-2.0
|
||||
lxml>=2.3 # BSD
|
||||
cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0
|
||||
netifaces>=0.10.4 # MIT
|
||||
six>=1.9.0 # MIT
|
||||
oslo.serialization>=1.10.0 # Apache-2.0
|
||||
oslo.utils>=3.16.0 # Apache-2.0
|
||||
oslo.i18n>=2.1.0 # Apache-2.0
|
||||
castellan>=0.4.0 # Apache-2.0
|
54
setup.cfg
54
setup.cfg
|
@ -1,54 +0,0 @@
|
|||
[metadata]
|
||||
name = cursive
|
||||
summary = Cursive implements OpenStack-specific validation of digital signatures.
|
||||
description-file =
|
||||
README.rst
|
||||
author = OpenStack
|
||||
author-email = openstack-dev@lists.openstack.org
|
||||
home-page = http://www.openstack.org/
|
||||
classifier =
|
||||
Environment :: OpenStack
|
||||
Intended Audience :: Information Technology
|
||||
Intended Audience :: System Administrators
|
||||
License :: OSI Approved :: Apache Software License
|
||||
Operating System :: POSIX :: Linux
|
||||
Programming Language :: Python
|
||||
Programming Language :: Python :: 2
|
||||
Programming Language :: Python :: 2.7
|
||||
Programming Language :: Python :: 3
|
||||
Programming Language :: Python :: 3.3
|
||||
Programming Language :: Python :: 3.4
|
||||
|
||||
[files]
|
||||
packages =
|
||||
cursive
|
||||
|
||||
[build_sphinx]
|
||||
source-dir = doc/source
|
||||
build-dir = doc/build
|
||||
all_files = 1
|
||||
|
||||
[upload_sphinx]
|
||||
upload-dir = doc/build/html
|
||||
|
||||
[compile_catalog]
|
||||
directory = cursive/locale
|
||||
domain = cursive
|
||||
|
||||
[update_catalog]
|
||||
domain = cursive
|
||||
output_dir = cursive/locale
|
||||
input_file = cursive/locale/cursive.pot
|
||||
|
||||
[extract_messages]
|
||||
keywords = _ gettext ngettext l_ lazy_gettext
|
||||
mapping_file = babel.cfg
|
||||
output_file = cursive/locale/cursive.pot
|
||||
|
||||
[build_releasenotes]
|
||||
all_files = 1
|
||||
build-dir = releasenotes/build
|
||||
source-dir = releasenotes/source
|
||||
|
||||
[wheel]
|
||||
universal = 1
|
27
setup.py
27
setup.py
|
@ -1,27 +0,0 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
|
||||
import setuptools
|
||||
|
||||
# In python < 2.7.4, a lazy loading of package `pbr` will break
|
||||
# setuptools if some other modules registered functions in `atexit`.
|
||||
# solution from: http://bugs.python.org/issue15881#msg170215
|
||||
try:
|
||||
import multiprocessing # noqa
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
setuptools.setup(
|
||||
setup_requires=['pbr>=1.8'],
|
||||
pbr=True)
|
|
@ -1,17 +0,0 @@
|
|||
# The order of packages is significant, because pip processes them in the order
|
||||
# of appearance. Changing the order has an impact on the overall integration
|
||||
# process, which may cause wedges in the gate later.
|
||||
|
||||
hacking<0.12,>=0.11.0 # Apache-2.0
|
||||
|
||||
coverage>=3.6 # Apache-2.0
|
||||
python-subunit>=0.0.18 # Apache-2.0/BSD
|
||||
sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
|
||||
oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
|
||||
oslotest>=1.10.0 # Apache-2.0
|
||||
testrepository>=0.0.18 # Apache-2.0/BSD
|
||||
testscenarios>=0.4 # Apache-2.0/BSD
|
||||
testtools>=1.4.0 # MIT
|
||||
|
||||
# releasenotes
|
||||
reno>=1.8.0 # Apache2
|
39
tox.ini
39
tox.ini
|
@ -1,39 +0,0 @@
|
|||
[tox]
|
||||
minversion = 2.0
|
||||
envlist = py34,py27,pep8
|
||||
skipsdist = True
|
||||
|
||||
[testenv]
|
||||
usedevelop = True
|
||||
install_command = pip install -U {opts} {packages}
|
||||
setenv =
|
||||
VIRTUAL_ENV={envdir}
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
commands = python setup.py testr --slowest --testr-args='{posargs}'
|
||||
|
||||
[testenv:pep8]
|
||||
commands = flake8 {posargs}
|
||||
|
||||
[testenv:venv]
|
||||
commands = {posargs}
|
||||
|
||||
[testenv:cover]
|
||||
commands = python setup.py test --coverage --testr-args='{posargs}'
|
||||
|
||||
[testenv:docs]
|
||||
commands = python setup.py build_sphinx
|
||||
|
||||
[testenv:releasenotes]
|
||||
commands =
|
||||
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
||||
|
||||
[testenv:debug]
|
||||
commands = oslo_debug_helper {posargs}
|
||||
|
||||
[flake8]
|
||||
# E123, E125 skipped as they are invalid PEP-8.
|
||||
|
||||
show-source = True
|
||||
ignore = E123,E125,H301
|
||||
builtins = _
|
||||
exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build
|
Loading…
Reference in New Issue