Commit 94fe6de8 authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

Merge branch '61-ci-broken-due-to-defunct-jessie-backports' into 'master'

Resolve "CI broken due to defunct jessie-backports"

Closes #61

See merge request !41
parents 1cfc77b1 f6604ed0
Pipeline #5265 passed with stages
in 2 minutes and 55 seconds
stages:
- source-tests
- build-containers
- unit-tests
- build-compile
- packaging
- functional-tests
variables:
......@@ -9,14 +9,13 @@ variables:
DOCKER_FILES_URL: docker.greenhost.net/open/stapled
BUILD_COMPILE_CONTAINER: $DOCKER_FILES_URL/build-stretch
STRETCH_TEST_CONTAINER: $DOCKER_FILES_URL/test-stretch
JESSIE_TEST_CONTAINER: $DOCKER_FILES_URL/test-jessie
# GL bug causes recursive strategy to fail for LE certificates
# GH recently started using LE certificates:
# https://gitlab.com/gitlab-org/gitlab-runner/issues/2148
# Adding old fashion before_script below.
# GIT_SUBMODULE_STRATEGY: recursive
build:build-container:
build:compile-container:
image: docker:stable-git
services:
- docker:stable-dind
......@@ -30,38 +29,22 @@ build:build-container:
- docker push $BUILD_COMPILE_CONTAINER:$CI_BUILD_REF
- docker push $BUILD_COMPILE_CONTAINER:latest
build:test-jessie:
image: docker:stable-git
services:
- docker:stable-dind
build:test-container:
stage: build-containers
variables:
GIT_STRATEGY: fetch
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN docker.greenhost.net
- docker pull $JESSIE_TEST_CONTAINER || true
- docker build --cache-from $CONTAINER_IMAGE:latest --pull --cache-from $JESSIE_TEST_CONTAINER:latest -t $JESSIE_TEST_CONTAINER:$CI_BUILD_REF -t $JESSIE_TEST_CONTAINER:latest -f ./docker/build-stretch/Dockerfile ./
- docker push $JESSIE_TEST_CONTAINER:$CI_BUILD_REF
- docker push $JESSIE_TEST_CONTAINER:latest
build:test-stretch:
image: docker:stable-git
services:
- docker:stable-dind
stage: build-containers
variables:
GIT_STRATEGY: fetch
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN docker.greenhost.net
- docker pull $STRETCH_TEST_CONTAINER || true
- docker build --cache-from $CONTAINER_IMAGE:latest --pull --cache-from $STRETCH_TEST_CONTAINER:latest -t $STRETCH_TEST_CONTAINER:$CI_BUILD_REF -t $STRETCH_TEST_CONTAINER:latest -f ./docker/build-stretch/Dockerfile ./
- docker build --cache-from $CONTAINER_IMAGE:latest --pull --cache-from $STRETCH_TEST_CONTAINER:latest -t $STRETCH_TEST_CONTAINER:$CI_BUILD_REF -t $STRETCH_TEST_CONTAINER:latest -f ./docker/test-stretch/Dockerfile ./
- docker push $STRETCH_TEST_CONTAINER:$CI_BUILD_REF
- docker push $STRETCH_TEST_CONTAINER:latest
build:compile:
stage: build-compile
build:package:
stage: packaging
image: $BUILD_COMPILE_CONTAINER
script:
- git submodule sync --recursive
......@@ -79,77 +62,17 @@ build:compile:
- dist/stapled*.tar.bz2
- dist/stapled*.deb
unit:python2:
stage: unit-tests
image: python:2.7-stretch
script:
- git submodule sync --recursive
- git submodule update --init --recursive
- which python && $(which python) --version
- pip install -r requirements.txt
- pytest -v
unit:python3:
stage: unit-tests
source:unit:
stage: source-tests
image: python:3.6-stretch
script:
- git submodule sync --recursive
- git submodule update --init --recursive
- which python && $(which python) --version
- which python3 && $(which python3) --version
- pip3 install -r requirements.txt
- pytest -v
test:jessie:python2:
stage: functional-tests
image: $JESSIE_TEST_CONTAINER
variables:
GIT_STRATEGY: none
script:
- which python && $(which python) --version
- openssl version
- dpkg -i ./dist/stapled-py2_*all.deb
- openssl version
- /refresh_testdata.sh
- stapled -p /tmp/testdata/ --recursive --interactive --no-haproxy-sockets -vvvv &
- sleep 30
- ls /tmp/testdata/**/chain.pem.ocsp
dependencies:
- build:compile
test:jessie:python3:
stage: functional-tests
image: $JESSIE_TEST_CONTAINER
variables:
GIT_STRATEGY: none
script:
- which python3 && $(which python3) --version
- openssl version
- dpkg -i ./dist/stapled_*all.deb
- /refresh_testdata.sh
- stapled -p /tmp/testdata/ --recursive --interactive --no-haproxy-sockets -vvvv &
- sleep 30
- ls /tmp/testdata/**/chain.pem.ocsp
dependencies:
- build:compile
test:stretch:python2:
stage: functional-tests
image: $STRETCH_TEST_CONTAINER
variables:
GIT_STRATEGY: none
script:
- which python && $(which python) --version
- openssl version
- apt-get install -y -q ./dist/stapled-py2_*all.deb
- pwd
- /refresh_testdata.sh
- stapled -p /tmp/testdata/ --recursive --interactive --no-haproxy-sockets -vvvv &
- sleep 30
- ls /tmp/testdata/**/chain.pem.ocsp
dependencies:
- build:compile
test:stretch:python3:
test:stretch:
stage: functional-tests
image: $STRETCH_TEST_CONTAINER
variables:
......@@ -160,13 +83,13 @@ test:stretch:python3:
- apt-get install -y -q ./dist/stapled_*all.deb
- /refresh_testdata.sh
- stapled -p /tmp/testdata/ --recursive --interactive --no-haproxy-sockets -vvvv &
- sleep 30
- sleep 15
- ls /tmp/testdata/**/chain.pem.ocsp
dependencies:
- build:compile
- build:package
test:dev-setup:
stage: build-compile
source:dev-setup:
stage: source-tests
image: python:3.6-stretch
script:
- git submodule sync --recursive
......@@ -176,5 +99,5 @@ test:dev-setup:
- pip3 install -e .
- ./refresh_testdata.sh
- stapled -p /tmp/testdata/ --recursive --interactive --no-haproxy-sockets -vvvv &
- sleep 30
- sleep 15
- ls /tmp/testdata/**/chain.pem.ocsp
FROM debian:stretch
RUN apt-get update -qq
RUN apt-get upgrade
RUN apt-get install -q -y build-essential python-cffi python3-cffi libffi-dev \
python-all python3-all python-dev python3-dev python-setuptools \
python3-setuptools python-pip python3-pip rpm tar gzip bzip2 git debhelper
RUN apt-get install -q -y build-essential python3-cffi libffi-dev \
python-all python3-all python3-dev python3-setuptools python3-pip \
rpm tar gzip bzip2 git debhelper
RUN pip3 install --user pip
ADD . ./
RUN pip3 install -r requirements.txt
......
......@@ -29,12 +29,12 @@ rpm:
.PHONY: deb-src
deb-src:
python3 setup.py --command-packages=stdeb.command sdist_dsc \
--with-python2=True --with-python3=True
--with-python3=True
.PHONY: deb
deb:
python3 setup.py --command-packages=stdeb.command sdist_dsc \
--with-python2=True --with-python3=True bdist_deb
--with-python3=True bdist_deb
@echo "Moving binary packages from 'deb_dist' to 'dist'."
mkdir -p dist/
mv deb_dist/stapled*.deb dist/
......@@ -80,7 +80,7 @@ docker-run:
docker exec -it stapled bash -c 'which python3 && python3 --version'
docker exec -it stapled openssl version
docker exec -it stapled ./refresh_testdata.sh
docker exec -it stapled stapled -d testdata/ --recursive --interactive --no-haproxy-sockets -vvvv
docker exec -it stapled stapled -p /tmp/testdata/ --recursive --interactive --no-haproxy-sockets -vvvv
docker stop stapled
.PHONY: docker-stop
......
......@@ -25,7 +25,7 @@ Read the full documentation on
System requirements
===================
This application requires **Python 3.3+** or **Python 2.7.9** and an installed
This application requires **Python 3.3+** and an installed
version of **PIP** for the Python version you are using. It is also convenient
to have ``virtualenv`` installed so you can make a separate environment for
stapled's dependencies.
......@@ -111,21 +111,17 @@ Build locally
Assuming you have the following packages installed on a debian based system:
- build-essential
- python-cffi
- python3-cffi
- libffi-dev
- python-all
- python3-all
- python-dev
- python3-dev
- python-setuptools
- python3-setuptools
- python-pip
- python-pip3
- rpm
- tar, gzip & bzip2
- git
- debhelper
- stdeb (``pip install --user stdeb``)
- stdeb (``pip3 install --user stdeb``)
Or the equivalents of these on another distribution. You can build the packages
by running one or more of the following ``make`` commands.
......
......@@ -2,23 +2,12 @@
Maintainer: Greenhost BV <info@greenhost.nl>
Section: Network
Priority: optional
Build-Depends: python-setuptools (>= 0.6b3), python3-setuptools, python-all (>= 2.6.6-3), python3-all, debhelper (>= 7.4.3)
Build-Depends: python3-setuptools, python3-all, debhelper (>= 7.4.3)
Standards-Version: 3.9.1
Package: stapled-py2
Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, python-daemon, python-certvalidator, python-ocspbuilder, python-oscrypto, python-asn1crypto, python-future, python-configargparse, python-six
Provides: stapled
Description: Daemon for updating OCSP staples
Update OCSP staples from CA's and store the result so they can be served to clients.
Package: stapled
Architecture: all
Depends: ${misc:Depends}, ${python3:Depends}, python3-daemon, python3-certvalidator, python3-ocspbuilder, python3-oscrypto, python3-asn1crypto, python-future, python3-configargparse, python3-six
Depends: ${misc:Depends}, ${python3:Depends}, python3-daemon, python3-certvalidator, python3-ocspbuilder, python3-oscrypto, python3-asn1crypto, python3-configargparse
Provides: stapled
Description: Daemon for updating OCSP staples
Update OCSP staples from CA's and store the result so they can be served to clients.
#!/usr/bin/make -f
%:
dh $@ --with python2,python3 --buildsystem=python_distutils
dh $@ --with python3 --buildsystem=python_distutils
override_dh_auto_clean:
python setup.py clean -a
python3 setup.py clean -a
find . -name \*.pyc -exec rm {} \;
override_dh_auto_build:
python setup.py build --force
python3 setup.py build --force
override_dh_auto_install:
python setup.py install --force --root=debian/stapled_py2 --no-compile -O0 --install-layout=deb --prefix=/usr
python3 setup.py install --force --root=debian/stapled --no-compile -O0 --install-layout=deb --prefix=/usr
override_dh_python2:
dh_python2 --no-guessing-versions
FROM debian:stretch
RUN apt-get update -qq
RUN apt-get upgrade
RUN apt-get install -q -y build-essential python-cffi python3-cffi libffi-dev \
python-all python3-all python-dev python3-dev python-setuptools \
python3-setuptools python-pip python3-pip rpm tar gzip bzip2 git \
debhelper ca-certificates
RUN apt-get install -q -y build-essential python3-cffi libffi-dev \
python-all python3-all python3-dev python3-setuptools python3-pip \
rpm tar gzip bzip2 git debhelper ca-certificates
ADD ./requirements.txt ./requirements.txt
RUN pip install --user pip
RUN pip install --user -r requirements.txt
RUN pip3 install --user pip
RUN pip3 install --user -r requirements.txt
FROM debian:jessie
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> \
/etc/apt/sources.list
RUN apt-get update -qq
RUN apt-get upgrade
RUN apt-get install -y -t jessie-backports python-configargparse \
python-daemon python-future python3-configargparse python3-daemon \
python3-future
RUN apt-get install -y openssl ca-certificates python-six python-cffi \
python3-six python3-cffi
COPY ./refresh_testdata.sh ./refresh_testdata.sh
FROM debian:stretch
RUN apt-get update -qq
RUN apt-get upgrade
RUN apt-get install -y openssl ca-certificates python-six python-cffi \
python3-six python3-cffi python-configargparse python-daemon \
python-future python3-configargparse python3-daemon python3-future
RUN apt-get install -y openssl ca-certificates python3-cffi \
python3-configargparse python3-daemon
COPY ./refresh_testdata.sh ./refresh_testdata.sh
......@@ -2,7 +2,6 @@
ConfigArgParse==0.12.0
future==0.16.0
six==1.11.0
cffi==1.11.2
python-daemon==2.1.2
......
......@@ -166,8 +166,7 @@ class CertModel(object):
:raises OCSPBadResponse: Response is empty, invalid or the status is
not "good".
:raises urllib.error.URLError: An OCSP url can't be opened (Python3).
:raises urllib2.URLError: An OCSP url can't be opened (Python2).
:raises: urllib.error.URLError/urllib2.URLError - when a URL/HTTP error
:raises: urllib.error.URLError - when a URL/HTTP error
occurs
:raises:
socket.error - when a socket error occurs
......
......@@ -37,7 +37,6 @@ import logging
import os
import errno
import traceback
from future.standard_library import hooks
from stapled.core.exceptions import OCSPBadResponse
from stapled.core.exceptions import RenewalRequirementMissing
from stapled.core.exceptions import CertFileAccessError
......@@ -45,14 +44,7 @@ from stapled.core.exceptions import CertParsingError
from stapled.core.exceptions import CertValidationError
from stapled.core.exceptions import StapleAdderBadResponse
from stapled.core.exceptions import SocketError
with hooks():
from urllib.error import URLError
try:
_ = BrokenPipeError
except NameError:
import socket
BrokenPipeError = socket.error #noqa
from urllib.error import URLError
LOG = logging.getLogger(__name__)
......
......@@ -11,11 +11,6 @@ from io import StringIO
from stapled.core.excepthandler import stapled_except_handle
import stapled.core.exceptions
try:
_ = BrokenPipeError
except NameError:
BrokenPipeError = socket.error
LOG = logging.getLogger(__name__)
SOCKET_BUFFER_SIZE = 1024
SOCKET_TIMEOUT = 86400
......
[DEFAULT]
Section: Network
Package: stapled-py2
Package3: stapled
Provides: stapled
Provides3: stapled
Depends: python-daemon, python-future, python-configargparse, python-six, python-cffi
Depends3: python3-daemon, python3-future, python3-configargparse, python3-six, python3-cffi
......@@ -9,7 +9,6 @@ import re
import time
import collections
import os
from six.moves import input
try:
from stapled.version import __version__, __app_name__, __debian_version__
......@@ -18,12 +17,6 @@ except ImportError as exc:
__app_name__ = None
__debian_version__ = None
# For Python2.7 compatibility
try:
FileNotFoundError
except NameError:
FileNotFoundError = IOError
class NeedInputException(Exception):
pass
......@@ -383,7 +376,7 @@ class GitVersion(object):
log = log_str.format(
app_name=self.app_name,
version=str(self),
deb_os_version=self.deb_os_version, # jessie, stretch, etc.
deb_os_version=self.deb_os_version, # stretch, sid.
log=log,
name=name,
email=email,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment