On Tumbleweed, `zypper in python-keyring` installs python2 version, while `osc` runs on python3.
After this change, user will be pointed to the correct version.
This will print the direct url to show the created request.
New general bool option 'print_web_links' must be set to enable
this.
Right now this is only for creating requests. More to follow.
If a python-keyring based backend is configured, but
python-keyring is not installed osc fails without giving
the user the opportunity to continue.
This introduces a new class method `create` for the AbstractCredentialsManager.
The CredentialsManagers for the backends that use a 3rd party software can
now check if the software is present in its own create method.
* Adapt do_config to use the new credentials manager implementation
and add a --change-password option which can be used to change the
password.
* Adapt config_set_option to follow the change in do_config.
* Split selection of the credentials manager descriptor to reuse it
in do_config and interactive_config_setup.
* Introduce new ConfigMissingCredentialsError which is raised in case
of missing credentials (user or password). In this case the user will
be asked to enter the new credentials.
* new module credentials.py which contains classes
and methods to set and get passwords for different
backends:
- python-keyring
- gnomekeyring
- ConfigFile based storage
The new code should be backward compatible except a minor
change in add_section (pass and passx are not removed from
the config parser). This affects only callers that do not pass
a creds_mgr_descriptor.
On initial osc call or initial osc call on new API Url
the user now can decide where to store the password (based
on the backends available on his system)
The upcoming credentials manager abstraction supersedes the old
plaintext_passwd behavior. This commits "breaks" the old behavior:
Passwords are not rewritten anymore (plaintext <-> obfuscated)
Move logic to conf module in new function interactive_config_setup
for new config file and missing apiurl section.
Dropped keyring code, because it was never used in write_initial_config()
write oscrc to the default location for user-specific configuration.
If XDG_CONFIG_HOME is not set use ~/.config/osc/oscrc which is basically the same.
If there is already a ~/.oscrc use this one (for compat reasons). Existing user
installations should not get affected by this commit.
The order is the following:
Given config with -c
config defined in OSC_CONFIG
existing ~/.oscrc
default XDG_CONFIG_HOME/osc/oscrc
In Debian and Ubuntu build is renamed to obs-build for disambiguation
purposes.
Add a simple check to use the correct paths if running on Debian and
use /usr/bin/obs-build and /usr/lib/obs-build if so.
This change makes basic authentication fail after first unsuccessful
attempt (instead of automatically retrying) and thus prevents unnecessary
failed login attempts.
This change also allows printing the contents of an HTTP 401 message to
the user.
Since python >= 2.7.9 urllib2/httplib verifies the ssl cert by default - so
make sure that this "builtin" ssl check is disabled as well if
"sslcertck" is disabled. Fixes#179.
Note: eventually, we should abandon m2crypto and use urllib2/httplib to
verify the ssl cert.
Currently osc supports API URLs without path only,
like https://api.example.com (if there is pathname, it's just ignored).
With this change API URLS with path, like https://example.com/api
are supported correctly.
This is useful for those who can't have OBS api, webui and main site
on different domains and buy separate X.509 certificates for them,
or just can't afford to have separate IP addresses for them
(please note that currently osc doesn't support TLS SNI).
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Some distributions have no initrd images compatible with KVM builds and
sometimes we need to use not system kernel version.
New options in configuration file:
- build-kernel -- kernel used for VM builds
- build-initrd -- initrd image used for VM builds
The string.encode('bz2') does not work in python3. Implement
passx_encode/passx_decode functions compatible with python 2.6, 2.7 and
3.3.
Add a simple unit test.
this is left-over from 87d354e1a0
Addressing:
Traceback (most recent call last):
File "/usr/bin/osc", line 26, in <module>
r = babysitter.run(osccli)
File "/usr/lib/python2.7/site-packages/osc/babysitter.py", line 60, in run
return prg.main()
File "/usr/lib/python2.7/site-packages/osc/cmdln.py", line 335, in main
self.postoptparse()
File "/usr/lib/python2.7/site-packages/osc/commandline.py", line 136, in postoptparse
override_verbose = self.options.verbose)
File "/usr/lib/python2.7/site-packages/osc/conf.py", line 873, in get_config
add_section(conffile, url, user, passwordx)
File "/usr/lib/python2.7/site-packages/osc/conf.py", line 712, in add_section
except OscConfigParser.ConfigParser.DuplicateSectionError:
AttributeError: class OscConfigParser has no attribute 'ConfigParser'
If http_debug is set we redirect sys.stdout to an StringIO
instance in order to do some header filtering (see conf module)
so we have to use the "original" stdout for printing the certificate
information.
The most visible change in python3 - removal of print statement and all
the crufty
print >> sys.stderr, foo,
The from __future__ import print_function makes it available in python
2.6
Some modules (httplib, StringIO, ...) were renamed in python3. This
patch try to import the proper symbols from python3 and then fallback to
python2 in a case ImportError will appear.
There is one exception, python 2.7 got the io module with StringIO, but
it allow unicode arguments only. Therefor the old module is poked before
new one.
This is more useful and meaningful error message than M2Crypto's
"ValueError: cafile and capath can not both be None." when neither
of cafile and capath is defined for load_verify_locations call.
This way it's possible to hide requests which have a given project
as a source project when running "osc rq list project".
Original patch by darix (just a bit beautified)
Fix situation where osc has added a blank username to the keyring and
update the config parse script to do the right thing and not allow blank
usernames.
I was in a very confusing situation where my keyring ended up with two
entries:
- @api.suse.de
- philipsb@api.suse.de
And I was getting 401s because of it.
Signed-off-by: Brandon Philips <bphilips@suse.de>
There is a bug either in buildservice or in iChain which sometimes
truncates data and sends empty Content-Length header (see bnc#656281).
This patch makes osc retry request to workaround this problem.
The number of retries are configurable in config file as http_retries.
the old code didn't turn off the ssl checking if conf['apiurl']
was configured with "sslcertk = 1".
Example:
~/.oscrc:
[https://foo]
sslcertk = 0
...
[https://main]
sslcertk = 1
...
[general]
apiurl = https://main
if you send a request to https://foo (and conf['apiurl'] == https://main)
it'll fail because the ssl checking isn't disabled.