1
0
mirror of https://github.com/openSUSE/osc.git synced 2024-12-26 18:06:13 +01:00
Commit Graph

286 Commits

Author SHA1 Message Date
Dirk Müller
adb1a9b4ef mark boolean and integer_opts as private
It is unused elsewhere, and only used for unit-testing
2022-12-01 10:05:32 +01:00
7e67269b74 Replace 'if not <cond> in ...' with 'if <cond> not in ...' 2022-09-12 14:15:34 +02:00
fe59986e1c Run autopep8 to fix whitespace issues 2022-09-12 13:45:19 +02:00
b511be20ff Always import at the toplevel 2022-09-12 13:45:19 +02:00
ff63226c2f Properly test for None 2022-09-09 09:33:51 +02:00
b55384a914 Fix undefined variable in conf.apply_option_types() 2022-09-09 09:33:51 +02:00
a5b8729f2f Fix usage of super() 2022-09-09 09:33:51 +02:00
f8a8c9c91c Print user and apiurl when prompting for a password
It's not a good idea to send a password to a different server
than it belongs. Now the server identity is obvious.
2022-09-08 10:51:04 +02:00
3d8efe2d15 ssh auth: Avoid password prompt when using TransientCredentialsManager 2022-09-06 12:49:47 +02:00
ed5def96ba Remove deprecated 'plaintext_passwd' config option 2022-08-25 13:20:25 +02:00
41ceb4b5f8 Remove deprecated 'GnomeKeyringCredentialsManager' and related code 2022-08-25 13:20:25 +02:00
b306bf0b91 Convert defaults to their expected types
Fixes problems in reading conf values before the configuration
is fully initialized.
2022-08-22 15:08:49 +02:00
6cb7412749 Remove duplicated --debug and --verbose options
Additional changes:
* rename getbinaries --debug to --debuginfo to avoid conflicts
* switch conf['verbose'] from int to bool

The changes were needed because the new argparser behaves differently
and commands such as `osc ls` ran in verbose mode by default.
2022-08-12 10:06:00 +02:00
e469c2c184
Merge pull request #1041 from AdamMajer/master
Add support for project separator
2022-08-12 10:03:23 +02:00
229913a77f Clean imports up, drop python 2 fallbacks 2022-07-28 13:17:43 +02:00
0d701556f2 Warn when using HTTP connection. Make HTTPS the default.
It is possible to omit protocol in -A/--apiurl now,
because https:// is the default.
2022-07-27 11:15:21 +02:00
93bc0e4731 Switch http_request() to urllib3
Use connection pools for better performance.
Replace M2Crypto with cryptography and urllib3's ssl context.
2022-07-27 11:15:21 +02:00
4deaf2b9c3
Merge pull request #1077 from abitrolly/relconf
Fix failure to create config in current dir
2022-07-26 09:37:29 +02:00
Anatoli Babenia
6a9398a97b Fix failure to create config in current dir
This uses exception based protection from parallel execution
https://github.com/openSUSE/osc/pull/1077#discussion_r928976845
2022-07-26 09:04:15 +03:00
9786aafa51 Update list of considered file names for ssh key autodetection
The file names come from ssh(1) man page.
2022-07-25 17:54:43 +02:00
f83e9a23d5
Merge pull request #1074 from dmach/pr1049-v2
RFC: ssh: recognize gpg keys (yubikey usage)
2022-07-25 13:52:31 +02:00
a7e5e12c5a Allow users to prefer ssh key over password auth
If `sshkey` config option is set, then osc prefers it over password auth.
If `sshkey` config option is not set and the server supports both basic
and signature auth, basic auth is used and ssh key is NOT auto-detected.

Users who want to use ssh auth with ssh key auto-detection can now leave
the `pass` config option empty to trigger ssh key auto-detection.

The ssh-key autodetection picks the first key that matches:
- key loaded to ssh-agent (`ssh-add -l`) that has a public key in ~/.ssh
- ~/.ssh/{id_ed25519,id_rsa}

It is also recommended to use Obfuscated or Plaintext credentials manager.
Please be aware that storing passwords using these credentials managers
is unsafe, because they're stored in plain text on disk.

Example:

    [<apiurl>]
    user=<username>
    pass=
    # ssh key is auto-detected because `pass` is empty
    sshkey=
    credentials_mgr_class=osc.credentials.ObfuscatedConfigFileCredentialsManager
2022-07-22 08:20:44 +02:00
Martin Wilck
870d861b61 ssh: recognize gpg keys (yubikey usage)
When using ssh keys from gpg, there are no private key files on
disk. The public keys are available from "ssh-add -L". Conveniently,
users store the public keys in some ".pub" file under ~/.ssh
(see e.g. https://serverfault.com/questions/906871/force-the-use-of-a-gpg-key-as-an-ssh-key-for-a-given-server;
this is also necessary to use IdentityFile= in ssh itself).

Thus public key files can't be ignored any more in list_ssh_dir_keys().
"ssh-keygen -Y sign" works nicely with a public key file if the agent
has access to the private key.
2022-07-11 13:08:34 +02:00
Adam Majer
c4c2d2a933 Add project_separator to config file
This allows for arbitrary string to be used as a project
separator instead of restricting oneself to : or directory
structure.

Fixes: #1024
2022-07-04 15:05:05 +02:00
lethliel
d9e2d958c1 declare OscHTTPSignatureAuthHandler as a new-style class
remove illegal character in comment
2022-06-14 14:27:48 +02:00
dec6f7135d
Merge pull request #1043 from dirkmueller/download_url_quoting
Fix quoting of download urls
2022-06-02 13:28:59 +02:00
1715163166
Merge pull request #994 from dmach/update-sphinx-configuration
Update Sphinx configuration
2022-06-02 10:09:38 +02:00
1f8fc339de
ssh key authentification fixes
- do not crash when having binary files in ~/.ssh
- support also RSA key setups
2022-06-01 16:23:02 +02:00
Marco Strigl
c3d535c3b2
Merge pull request #1012 from adrianschroeter/obs_git
initial obs-git support
2022-05-24 11:39:45 +02:00
Michael Schroeder
badcfc283c Remove no longer used modules 2022-05-23 11:23:13 +02:00
Michael Schroeder
b8f76f7990 OscHTTPSignatureAuthHandler: try to guess ssh key from the keys added to ssh-agent
Based on a patch by Daniel Mach
2022-05-23 11:23:05 +02:00
Dirk Müller
b7ed6534eb
trailing whitespace cleanup 2022-05-20 12:00:44 +02:00
mls
0b826613d9
Integrate signature authentication in the OscHTTPAuthHandler 2022-05-06 16:30:15 +02:00
mls
99ba3719c7
Add support for the Signature authentication scheme
See https://tools.ietf.org/id/draft-cavage-http-signatures-12.html
2022-05-06 16:29:58 +02:00
c875ca2886
initial obs-git support
* init command is working inside of a git repository
* downloadassets command fetches references assets from build description
* checkout is cloning from git
2022-04-29 09:59:13 +02:00
mls
e47a265388
Allow to configure a ssh key in the config
We support a global key and a key specific to an apiurl.
2022-04-27 11:36:20 +02:00
mls
119ffd6027
Rename OscHTTPBasicAuthHandler to OscHTTPAuthHandler
We'll support more than one auth scheme in the future.
2022-04-27 11:36:20 +02:00
mls
38e3c4952f
Simplify bad auth retry workaround needed for old python versions
This changes the code back to retrying up to 5 times for old
python version 2.6.6-2.7.9. The complete backport of the basic auth
changes clutters up the code way to much for such a little gain.

(This basically reverts commit 326abe0c8b)
2022-04-27 11:36:08 +02:00
Marcus Huewe
90ccc84f95 Merge commit 'refs/pull/1022/head' of github.com:openSUSE/osc
Only ask for a password if it is really needed for authentication.
The new lazy password approach is much smarter than the old callable
hack. That's why we deprecate returning a callable from
AbstractCredentialsManager.get_password. The current compatibility code
for a callable will be removed in the near future.

Minor nitpick: actually it would have been "cleaner" to introduce a new
subclass like an AbstractLazyPasswordCredentialsManager that encapsulates
the lazy password behavior. Currently, if, for instance, a credentials
manager is always non-lazy it would just override get_password but still
inherits the abstract (and unused) _get_password method.
2022-04-11 15:27:14 +02:00
Michael Schroeder
784d330f20
Only prompt for a password if the server asks for it
In many cases the session cookie is already available, so there
is no need to ask for a password. To make this work with the
python authentication implementation, we add a small proxy object
for the password and only ask the credential manager if the
stringify method is called.

This approach also makes it possible to offer a non-password based
authorization type if the server allows multiple authentication
methods.
2022-04-11 11:46:08 +02:00
Marco Strigl
c1bec6901a
Merge pull request #950 from Firstyear/allow-download-source
Add support to manually override download url locations.
2022-04-07 11:06:13 +02:00
8a85789573 Set the first (highest prio) credentials manager as the default 2022-03-28 09:49:55 +02:00
88a8a0cdd8 Print credentials managers as a table 2022-03-24 11:02:01 +01:00
William Brown
299965fd69 Add support to manually override download url locations. 2022-03-17 09:48:57 +10:00
1385297978 Fix several issues in HTML doc rendering, improve output 2022-03-16 15:19:24 +01:00
William Brown
e25682b802 Allow formatting of the sccache uri
This allows a format to be specified in the sccache uri, specifically
the file uri so that a per-package cache can be created. This way
an osc build locally doesn't ruin your cache moving between different
packages.
2022-03-04 14:10:44 +10:00
5ba6bbe0c2 conf: Preserve oscrc symlink
When a user creates a symlink pointing from ~/.config/osc/oscrc
to a different location, don't overwrite the symlink but follow
it when writing configuration on disk.
2021-12-08 08:48:59 +01:00
William Brown
d56a46b669 Improve logic for conffile mode handling 2021-10-25 09:34:16 +10:00
Marcus Huewe
0285986f52 Handle missing os.sysconf more gracefully
os.sysconf is not available on all platforms (like Windows) but it
is used to retrieve the number of online processors. If missing,
assume one processor (building on such a platform will most likely
not work, though).

Fixes: #948 ("Windows compatibility") (at least it improves the
Windows support a bit)
2021-09-03 10:41:43 +02:00
Marcus Huewe
ebcf3de6ab Merge branch 'xdg-cookiejar' of https://github.com/hyperupcall/osc
Store the cookiejar file in a location that is compliant with the
XDG base directory specification (unless ~/.osc_cookiejar exists).
2021-08-16 20:30:49 +02:00