From 94d3a128d4c38ada6577c5190d5f4f4286cfb18c Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 01/24] Remove trailing whitespace from CHANGELOG --- CHANGELOG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 05176934..7b327f3b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -83,7 +83,7 @@ Changelog for ssm - Verify any certificate supplied for encrypting messages against the CA path - Receiver can check CRLs on certificates - + * Wed Feb 27 2013 Will Rogers - 2.0.3-0 - Add support for messages signed with quopri or base64 content-transfer-encoding (for UNICORE). From 4c732cf379c30aabdc35e9781934fced6af2c762 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 02/24] Remove trailing whitespace from LICENSE --- LICENSE | 76 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/LICENSE b/LICENSE index e451d7b8..8a8a912f 100644 --- a/LICENSE +++ b/LICENSE @@ -15,9 +15,9 @@ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are -controlled by, or are under common control with that entity. +controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, -to cause the direction or management of such entity, whether by contract +to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. @@ -79,57 +79,57 @@ the following conditions: You must cause any modified files to carry prominent notices stating that You changed the files; and - You must retain, in the Source form of any Derivative Works that You distribute, all copyright, - patent, trademark, and attribution notices from the Source form of the Work, excluding those + You must retain, in the Source form of any Derivative Works that You distribute, all copyright, + patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and - If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative - Works that You distribute must include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not pertain to any part of the - Derivative Works, in at least one of the following places: within a NOTICE text file - distributed as part of the Derivative Works; within the Source form or documentation, - if provided along with the Derivative Works; or, within a display generated by the - Derivative Works, if and wherever such third-party notices normally appear. - The contents of the NOTICE file are for informational purposes only and do not modify - the License. You may add Your own attribution notices within Derivative Works that + If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative + Works that You distribute must include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not pertain to any part of the + Derivative Works, in at least one of the following places: within a NOTICE text file + distributed as part of the Derivative Works; within the Source form or documentation, + if provided along with the Derivative Works; or, within a display generated by the + Derivative Works, if and wherever such third-party notices normally appear. + The contents of the NOTICE file are for informational purposes only and do not modify + the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed as modifying the License. - You may add Your own copyright statement to Your modifications and may provide additional - or different license terms and conditions for use, reproduction, or distribution of Your + that such additional attribution notices cannot be construed as modifying the License. + You may add Your own copyright statement to Your modifications and may provide additional + or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. -5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution -intentionally submitted for inclusion in the Work by You to the Licensor shall be under -the terms and conditions of this License, without any additional terms or conditions. -Notwithstanding the above, nothing herein shall supersede or modify the terms of any -separate license agreement you may have executed with Licensor regarding such +5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution +intentionally submitted for inclusion in the Work by You to the Licensor shall be under +the terms and conditions of this License, without any additional terms or conditions. +Notwithstanding the above, nothing herein shall supersede or modify the terms of any +separate license agreement you may have executed with Licensor regarding such Contributions. -6. Trademarks. This License does not grant permission to use the trade names, -trademarks, service marks, or product names of the Licensor, except as required -for reasonable and customary use in describing the origin of the Work and reproducing +6. Trademarks. This License does not grant permission to use the trade names, +trademarks, service marks, or product names of the Licensor, except as required +for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. -7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, +7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, -without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, -or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the -appropriateness of using or redistributing the Work and assume any risks associated with +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, +without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, +or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the +appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. -8. Limitation of Liability. In no event and under no legal theory, whether in tort -(including negligence), contract, or otherwise, unless required by applicable law -(such as deliberate and grossly negligent acts) or agreed to in writing, shall any -Contributor be liable to You for damages, including any direct, indirect, special, -incidental, or consequential damages of any character arising as a result of this -License or out of the use or inability to use the Work (including but not limited -to damages for loss of goodwill, work stoppage, computer failure or malfunction, -or any and all other commercial damages or losses), even if such Contributor has +8. Limitation of Liability. In no event and under no legal theory, whether in tort +(including negligence), contract, or otherwise, unless required by applicable law +(such as deliberate and grossly negligent acts) or agreed to in writing, shall any +Contributor be liable to You for damages, including any direct, indirect, special, +incidental, or consequential damages of any character arising as a result of this +License or out of the use or inability to use the Work (including but not limited +to damages for loss of goodwill, work stoppage, computer failure or malfunction, +or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. -9. Accepting Warranty or Additional Liability. While redistributing the Work or +9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own From d579b9fb09ba72f2761ca762142433907708214a Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 03/24] Remove trailing whitespace from README.md --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 557b423b..ce4fa5bd 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ All file and directory names must use hex characters: `[0-9a-f]`. * Create a directory within /var/spool/apel/outgoing with a name of EIGHT hex characters e.g. `12345678` - * Put files in this directory with names of FOURTEEN hex + * Put files in this directory with names of FOURTEEN hex e.g. `1234567890abcd` #### Without the dirq module @@ -147,7 +147,7 @@ Use the Python or Perl dirq libraries: * Python: http://pypi.python.org/pypi/dirq * Perl: http://search.cpan.org/~lcons/Directory-Queue/ -Create a QueueSimple object with path /var/spool/apel/outgoing/ and +Create a QueueSimple object with path /var/spool/apel/outgoing/ and add your messages. #### Without the dirq module @@ -163,14 +163,14 @@ add your messages using the `add` method. * Run 'ssmsend' * SSM will pick up any messages and send them to the configured queue on the configured broker - + ### Sender (sending via the ARGO Messaging Service (AMS)) * Edit your sender configuration, usually under `/etc/apel/sender.cfg`, as per the [migration instructions](migrating_to_ams.md#sender) with some minor differences: * There is no need to add the `[sender]` section as it already exists. Instead change the `protocol` to `AMS`. * Set `ams_project` to the appropriate project. * Then run 'ssmsend'. SSM will pick up any messages and send them via the ARGO Messaging Service. - + ### Sender (container) * Download the example [configuration file](conf/sender.cfg) * Edit the downloaded `sender.cfg` file as above for sending either via the [EGI message brokers](README.md#sender-sending-via-the-egi-message-brokers) or the [ARGO Messaging Service](README.md#sender-sending-via-the-argo-messaging-service-ams). @@ -185,9 +185,9 @@ add your messages using the `add` method. stfc/ssm ``` * The line `-v /path/to/persistently/log:/var/log/apel \` is only required if you want to access the sender log as a file. If `console: true` is set in your `sender.cfg`, the container will also log to stdout/stderr. - + ### Receiver (service) - + * Run `service apelssm start` * If this fails, check /var/log/apel/ssmreceive.log for details * To stop, run `service apelssm stop` @@ -214,7 +214,7 @@ add your messages using the `add` method. * SSM will receive any messages on the specified queue and write them to the filesystem * To stop, run ```'kill `cat /var/run/apel/ssm.pid`'``` - + ### Receiver (receiving via the ARGO Messaging Service (AMS)) * Edit your receiver configuration, usually under `/etc/apel/receiver.cfg`, as per the [migration instructions](migrating_to_ams.md#receiver) with some minor differences: From d1f464357ec3e964351d16117ee96a9a0217da28 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 04/24] Remove trailing whitespace from apel-ssm.spec --- apel-ssm.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apel-ssm.spec b/apel-ssm.spec index a452b581..b71a82b9 100644 --- a/apel-ssm.spec +++ b/apel-ssm.spec @@ -183,14 +183,14 @@ rm -rf $RPM_BUILD_ROOT - Verify any certificate supplied for encrypting messages against the CA path - Receiver can check CRLs on certificates - + * Wed Feb 27 2013 Will Rogers - 2.0.3-0 - Add support for messages signed with quopri or base64 content-transfer-encoding (for UNICORE). * Tue Feb 26 2013 Will Rogers - 2.0.2-0 - Fix SSL connection for receiver - + * Fri Feb 8 2013 Will Rogers - 2.0.1-0 - Fix crash when receiver sends ping message @@ -206,6 +206,6 @@ rm -rf $RPM_BUILD_ROOT * Thu Jan 03 2013 Will Rogers - 0.0.2-0 - Fixed connection freeze - + * Fri Oct 02 2012 Will Rogers - 0.0.1-0 - First tag From cdea6994ca525ed7bb59cb9e6c946f8617decc0c Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 05/24] Remove trailing whitespace from bin/apel-ssm --- bin/apel-ssm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/apel-ssm b/bin/apel-ssm index a316ce76..6df00e27 100755 --- a/bin/apel-ssm +++ b/bin/apel-ssm @@ -32,7 +32,7 @@ stop() { RETVAL=$? if [ $RETVAL -ne 0 ]; then failure; - else + else success; fi; else @@ -61,7 +61,7 @@ case "$1" in stop start ;; - + reload) stop start From 286fa66bc456a2521de510ceb126c24e9337f679 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 06/24] Remove trailing whitespace from bin/receiver.py --- bin/receiver.py | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/bin/receiver.py b/bin/receiver.py index 42ed11fc..57f92ec6 100644 --- a/bin/receiver.py +++ b/bin/receiver.py @@ -31,7 +31,7 @@ import ldap import os import sys -from optparse import OptionParser +from optparse import OptionParser from daemon import DaemonContext import ConfigParser @@ -72,32 +72,32 @@ def main(): ''' ver = "SSM %s.%s.%s" % __version__ op = OptionParser(description=__doc__, version=ver) - op.add_option('-c', '--config', help='location of config file', + op.add_option('-c', '--config', help='location of config file', default='/etc/apel/receiver.cfg') - op.add_option('-l', '--log_config', - help='location of logging config file (optional)', + op.add_option('-l', '--log_config', + help='location of logging config file (optional)', default='/etc/apel/logging.cfg') - op.add_option('-d', '--dn_file', - help='location of the file containing valid DNs', + op.add_option('-d', '--dn_file', + help='location of the file containing valid DNs', default='/etc/apel/dns') - + (options, unused_args) = op.parse_args() - + cp = ConfigParser.ConfigParser() cp.read(options.config) - + # Check for pidfile pidfile = cp.get('daemon', 'pidfile') if os.path.exists(pidfile): print 'Cannot start SSM. Pidfile %s already exists.' % pidfile sys.exit(1) - + # set up logging try: if os.path.exists(options.log_config): logging.config.fileConfig(options.log_config) else: - set_up_logging(cp.get('logging', 'logfile'), + set_up_logging(cp.get('logging', 'logfile'), cp.get('logging', 'level'), cp.getboolean('logging', 'console')) except (ConfigParser.Error, ValueError, IOError), err: @@ -195,16 +195,16 @@ def main(): log.error('System will exit.') log.info(LOG_BREAK) sys.exit(1) - + log.info('The SSM will run as a daemon.') - + # We need to preserve the file descriptor for any log files. rootlog = logging.getLogger() log_files = [x.stream for x in rootlog.handlers] dc = DaemonContext(files_preserve=log_files) - + try: - ssm = Ssm2(brokers, + ssm = Ssm2(brokers, cp.get('messaging','path'), cert=cp.get('certificates','certificate'), key=cp.get('certificates','key'), @@ -220,7 +220,7 @@ def main(): log.info('Fetching valid DNs.') dns = get_dns(options.dn_file) ssm.set_dns(dns) - + except Exception, e: log.fatal('Failed to initialise SSM: %s', e) log.info(LOG_BREAK) @@ -274,10 +274,10 @@ def main(): log.error('The SSM will exit.') ssm.shutdown() dc.close() - + log.info('Receiving SSM has shut down.') log.info(LOG_BREAK) - - + + if __name__ == '__main__': main() From 6c04ec67b7fb682a5d932abeeefd03b03f095a22 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 07/24] Remove trailing whitespace from bin/sender.py --- bin/sender.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bin/sender.py b/bin/sender.py index 35c32123..01541fc9 100644 --- a/bin/sender.py +++ b/bin/sender.py @@ -38,22 +38,22 @@ def main(): ''' ver = "SSM %s.%s.%s" % __version__ op = OptionParser(description=__doc__, version=ver) - op.add_option('-c', '--config', help='location of config file', + op.add_option('-c', '--config', help='location of config file', default='/etc/apel/sender.cfg') - op.add_option('-l', '--log_config', - help='location of logging config file (optional)', + op.add_option('-l', '--log_config', + help='location of logging config file (optional)', default='/etc/apel/logging.cfg') (options, unused_args) = op.parse_args() - + cp = ConfigParser.ConfigParser() cp.read(options.config) - + # set up logging try: if os.path.exists(options.log_config): logging.config.fileConfig(options.log_config) else: - set_up_logging(cp.get('logging', 'logfile'), + set_up_logging(cp.get('logging', 'logfile'), cp.get('logging', 'level'), cp.getboolean('logging', 'console')) except (ConfigParser.Error, ValueError, IOError), err: @@ -163,7 +163,7 @@ def main(): log.error('System will exit.') log.info(LOG_BREAK) sys.exit(1) - + try: server_cert = None verify_server_cert = True @@ -175,7 +175,7 @@ def main(): pass except ConfigParser.NoOptionError: log.info('No server certificate supplied. Will not encrypt messages.') - + try: destination = cp.get('messaging', 'destination') if destination == '': @@ -191,7 +191,7 @@ def main(): log.info('No path type defined, assuming dirq.') path_type = 'dirq' - sender = Ssm2(brokers, + sender = Ssm2(brokers, cp.get('messaging', 'path'), path_type=path_type, cert=cp.get('certificates', 'certificate'), @@ -211,7 +211,7 @@ def main(): log.info('SSM run has finished.') else: log.info('No messages found to send.') - + except (Ssm2Exception, CryptoException), e: print 'SSM failed to complete successfully. See log file for details.' log.error('SSM failed to complete successfully: %s', e) @@ -228,7 +228,7 @@ def main(): log.info('SSM has shut down.') log.info(LOG_BREAK) - - + + if __name__ == '__main__': main() From 1f6f091e92fa44e46768a37f81546f51a0cfef18 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 08/24] Remove trailing whitespace from conf/receiver.cfg --- conf/receiver.cfg | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/receiver.cfg b/conf/receiver.cfg index bca39065..55b50299 100644 --- a/conf/receiver.cfg +++ b/conf/receiver.cfg @@ -4,17 +4,17 @@ protocol: STOMP [broker] -# The SSM will query a BDII to find brokers available. These details are for the +# The SSM will query a BDII to find brokers available. These details are for the # EGI production broker network bdii: ldap://lcg-bdii.cern.ch:2170 network: PROD # Alternatively, 'host' and 'port' can be set manually (with 'bdii' and # 'network' commented out). This option MUST be used for AMS. -#host: -#port: +#host: +#port: # broker authentication. If use_ssl is set, the certificates configured -# in the mandatory [certificates] section will be used. +# in the mandatory [certificates] section will be used. use_ssl: true [certificates] From c53bc96bd8f624b7773927efe737aec6cfcc7cd9 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 09/24] Remove trailing whitespace from conf/sender.cfg --- conf/sender.cfg | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/sender.cfg b/conf/sender.cfg index 4e7698c4..dac849bc 100644 --- a/conf/sender.cfg +++ b/conf/sender.cfg @@ -4,17 +4,17 @@ protocol: STOMP [broker] -# The SSM will query a BDII to find brokers available. These details are for the +# The SSM will query a BDII to find brokers available. These details are for the # EGI production broker network bdii: ldap://lcg-bdii.cern.ch:2170 network: PROD # Alternatively, 'host' and 'port' may be set manually (with 'bdii' and # 'network' commented out). This option must be used for AMS. -#host: -#port: +#host: +#port: # broker authentication. If use_ssl is set, the certificates configured -# in the mandatory [certificates] section will be used. +# in the mandatory [certificates] section will be used. use_ssl: true [certificates] @@ -32,7 +32,7 @@ capath: /etc/grid-security/certificates ams_project: # Queue to which SSM will send messages -destination: +destination: # Outgoing messages will be read and removed from this directory. path: /var/spool/apel/outgoing From 36bdc51da5a1a8d7748d76c590b90acefd9cf835 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 10/24] Remove trailing whitespace from ssm/__init__.py --- ssm/__init__.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ssm/__init__.py b/ssm/__init__.py index bc90c920..9477e7c3 100644 --- a/ssm/__init__.py +++ b/ssm/__init__.py @@ -12,7 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - + @author: Will Rogers ''' @@ -32,18 +32,18 @@ def set_up_logging(logfile, level, console): 'WARN': logging.WARN, 'ERROR': logging.ERROR, 'CRITICAL': logging.CRITICAL} - + fmt = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' formatter = logging.Formatter(fmt) - + log = logging.getLogger() log.setLevel(levels[level]) - + if logfile is not None: fh = logging.FileHandler(logfile) fh.setFormatter(formatter) log.addHandler(fh) - + if console: ch = logging.StreamHandler(sys.stdout) ch.setFormatter(formatter) From 26e4d923fd88995bda54bc82aca5d7a39c51937a Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 11/24] Remove trailing whitespace from ssm/brokers.py --- ssm/brokers.py | 52 +++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/ssm/brokers.py b/ssm/brokers.py index 5509e444..3441f4db 100644 --- a/ssm/brokers.py +++ b/ssm/brokers.py @@ -12,10 +12,10 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - + @author: Will Rogers -Class to interact with a BDII LDAP server to retrieve information about +Class to interact with a BDII LDAP server to retrieve information about the stomp brokers specified in a network. ''' import ldap @@ -32,10 +32,10 @@ class StompBrokerGetter(object): ''' - Given the URL of a BDII, searches for all the STOMP + Given the URL of a BDII, searches for all the STOMP brokers listed that are part of the specified network. ''' - + def __init__(self, bdii_url): ''' Set up the LDAP connection and strings which are re-used. @@ -48,28 +48,28 @@ def __init__(self, bdii_url): self._service_id_key = 'GlueServiceUniqueID' self._endpoint_key = 'GlueServiceEndpoint' self._service_data_value_key = 'GlueServiceDataValue' - + def get_broker_urls(self, service_type, network): ''' - Gets the list of all the stomp brokers in the BDII, then + Gets the list of all the stomp brokers in the BDII, then checks them to see if they are part of the network. The network is supplied as a string. Returns a list of URLs. ''' prod_broker_urls = [] - + broker_details = self._get_broker_details(service_type) - + for broker_id, broker_url in broker_details: if self._broker_in_network(broker_id, network): prod_broker_urls.append(broker_url) - + return prod_broker_urls - + def get_broker_hosts_and_ports(self, service_type, network): ''' - Gets the list of all the stomp brokers in the BDII, then - checks them to see if they are part of the network. The network + Gets the list of all the stomp brokers in the BDII, then + checks them to see if they are part of the network. The network is supplied as a string. Returns a list of (host, port) tuples. ''' @@ -78,35 +78,35 @@ def get_broker_hosts_and_ports(self, service_type, network): for url in urls: hosts_and_ports.append(parse_stomp_url(url)) return hosts_and_ports - + def _get_broker_details(self, service_type): ''' - Searches the BDII for all STOMP message brokers. Returns a list of + Searches the BDII for all STOMP message brokers. Returns a list of tuples: (, ). ''' broker_details = [] - - ldap_filter = '(&(objectClass=GlueService)(GlueServiceType=%s))' % service_type + + ldap_filter = '(&(objectClass=GlueService)(GlueServiceType=%s))' % service_type attrs = [self._service_id_key, self._endpoint_key] - brokers = self._ldap_conn.search_s(self._base_dn, ldap.SCOPE_SUBTREE, ldap_filter, attrs) - + brokers = self._ldap_conn.search_s(self._base_dn, ldap.SCOPE_SUBTREE, ldap_filter, attrs) + for unused_dn, attrs in brokers: - details = attrs[self._service_id_key][0], attrs[self._endpoint_key][0] + details = attrs[self._service_id_key][0], attrs[self._endpoint_key][0] broker_details.append(details) - + return broker_details - + def _broker_in_network(self, broker_id, network): ''' - Given a GlueServiceUniqueID for a message broker, check that it is + Given a GlueServiceUniqueID for a message broker, check that it is part of the specified network. ''' ldap_filter = '(&(GlueServiceDataKey=cluster)(GlueChunkKey=GlueServiceUniqueID=%s))' \ % broker_id attrs = [self._service_data_value_key] results = self._ldap_conn.search_s(self._base_dn, ldap.SCOPE_SUBTREE, ldap_filter, attrs) - + try: unused_dn, attrs2 = results[0] return network in attrs2[self._service_data_value_key] @@ -119,16 +119,16 @@ def parse_stomp_url(stomp_url): return a tuple containing (stomp.cern.ch, 6262). ''' parts = stomp_url.split(':') - + protocols = [STOMP_PREFIX, STOMP_SSL_PREFIX] if not parts[0].lower() in protocols: raise ValueError("URL %s does not begin 'stomp:'." % stomp_url) - + host = parts[1].strip('/') port = parts[2].strip('/') if not port.isdigit(): raise ValueError('URL %s does not have an integer as its third part.') - + return host, int(port) From 7b20357330c86c7d7a048bc4bda00104146a1f59 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:29 +0100 Subject: [PATCH 12/24] Remove trailing whitespace from ssm/crypto.py --- ssm/crypto.py | 90 +++++++++++++++++++++++++-------------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index f3b88ac0..5435ddcd 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -12,12 +12,12 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - + @author: Kevin Haines, Will Rogers - + The crypto module calls openssl command line directly, using subprocess. - We investigated python's crypto libraries (all openssl bindings) and - found that none were mature enough to implement the SMIME crypto we had + We investigated python's crypto libraries (all openssl bindings) and + found that none were mature enough to implement the SMIME crypto we had decided on. ''' @@ -60,7 +60,7 @@ def check_cert_key(certpath, keypath): except IOError, e: log.error('Could not find cert or key file: %s', e) return False - + # Two things the same have the same modulus. if cert == key: return False @@ -80,27 +80,27 @@ def check_cert_key(certpath, keypath): if error != '': log.error(error) return False - + return modulus1.strip() == modulus2.strip() def sign(text, certpath, keypath): ''' Sign the specified message using the certificate and key in the files specified. - + Returns the signed message as an SMIME string, suitable for transmission. ''' try: p1 = Popen(['openssl', 'smime', '-sign', '-inkey', keypath, '-signer', certpath, '-text'], stdin=PIPE, stdout=PIPE, stderr=PIPE) - + signed_msg, error = p1.communicate(text) - + if (error != ''): log.error(error) return signed_msg - + except OSError, e: log.error('Failed to sign message: %s', e) raise CryptoException('Message signing failed. Check cert and key permissions.') @@ -109,19 +109,19 @@ def sign(text, certpath, keypath): def encrypt(text, certpath, cipher='aes128'): ''' Encrypt the specified message using the certificate string. - + Returns the encrypted SMIME text suitable for transmission ''' if cipher not in CIPHERS: raise CryptoException('Invalid cipher %s.' % cipher) - + cipher = '-' + cipher # encrypt - p1 = Popen(['openssl', 'smime', '-encrypt', cipher, certpath], + p1 = Popen(['openssl', 'smime', '-encrypt', cipher, certpath], stdin=PIPE, stdout=PIPE, stderr=PIPE) - + enc_txt, error = p1.communicate(text) - + if (error != ''): log.error(error) @@ -137,27 +137,27 @@ def verify(signed_text, capath, check_crl): Returns a tuple including the signer's certificate and the plain-text of the message if it has been verified. If the content transfer encoding is specified as 'quoted-printable' or 'base64', decode the message body accordingly. - ''' + ''' if signed_text is None or capath is None: raise CryptoException('Invalid None argument to verify().') # This ensures that openssl knows that the string is finished. - # It makes no difference if the signed message is correct, but + # It makes no difference if the signed message is correct, but # prevents it from hanging in the case of an empty string. signed_text += '\n\n' - + signer = get_signer_cert(signed_text) - + if not verify_cert(signer, capath, check_crl): raise CryptoException('Unverified signer') - - # The -noverify flag removes the certificate verification. The certificate + + # The -noverify flag removes the certificate verification. The certificate # is verified above; this check would also check that the certificate # is allowed to sign with SMIME, which host certificates sometimes aren't. - p1 = Popen(['openssl', 'smime', '-verify', '-CApath', capath, '-noverify'], + p1 = Popen(['openssl', 'smime', '-verify', '-CApath', capath, '-noverify'], stdin=PIPE, stdout=PIPE, stderr=PIPE) - + message, error = p1.communicate(signed_text) - + # SMIME header and message body are separated by a blank line lines = message.strip().splitlines() try: @@ -195,18 +195,18 @@ def decrypt(encrypted_text, certpath, keypath): encrypt the data ''' # This ensures that openssl knows that the string is finished. - # It makes no difference if the signed message is correct, but + # It makes no difference if the signed message is correct, but # prevents it from hanging in the case of an empty string. encrypted_text += '\n\n' - + log.info('Decrypting message.') - - p1 = Popen(['openssl', 'smime', '-decrypt', - '-recip', certpath, '-inkey', keypath], + + p1 = Popen(['openssl', 'smime', '-decrypt', + '-recip', certpath, '-inkey', keypath], stdin=PIPE, stdout=PIPE, stderr=PIPE) - + enc_txt, error = p1.communicate(encrypted_text) - + if (error != ''): log.error(error) @@ -242,7 +242,7 @@ def verify_cert_date(certpath): def verify_cert(certstring, capath, check_crls=True): ''' Verify that the certificate is signed by a CA whose certificate is stored in - capath. + capath. Note that I've had to compare strings in the output of openssl to check for verification, which may make this brittle. @@ -251,16 +251,16 @@ def verify_cert(certstring, capath, check_crls=True): ''' if certstring is None or capath is None: raise CryptoException('Invalid None argument to verify_cert().') - + args = ['openssl', 'verify', '-CApath', capath] - + if check_crls: args.append('-crl_check_all') p1 = Popen(args, stdin=PIPE, stdout=PIPE, stderr=PIPE) - + message, error = p1.communicate(certstring) - + # I think this is unlikely ever to happen if (error != ''): log.error(error) @@ -296,13 +296,13 @@ def get_certificate_subject(certstring): ''' p1 = Popen(['openssl', 'x509', '-noout', '-subject'], stdin=PIPE, stdout=PIPE, stderr=PIPE) - + subject, error = p1.communicate(certstring) if (error != ''): log.error(error) raise CryptoException('Failed to get subject: %s' % error) - + subject = subject.strip()[9:] # remove 'subject= ' from the front return subject @@ -313,20 +313,20 @@ def get_signer_cert(signed_text): certificate string. ''' # This ensures that openssl knows that the string is finished. - # It makes no difference if the signed message is correct, but + # It makes no difference if the signed message is correct, but # prevents it from hanging in the case of an empty string. signed_text += '\n\n' - - p1 = Popen(['openssl', 'smime', '-pk7out'], + + p1 = Popen(['openssl', 'smime', '-pk7out'], stdin=PIPE, stdout=PIPE, stderr=PIPE) - p2 = Popen(['openssl', 'pkcs7', '-print_certs'], + p2 = Popen(['openssl', 'pkcs7', '-print_certs'], stdin=p1.stdout, stdout=PIPE, stderr=PIPE) - + p1.stdin.write(signed_text) certstring, error = p2.communicate() - + if (error != ''): log.error(error) - + return certstring From f67b646b2cec6f315a8d6e01dc8c28e31d65ddb2 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:30 +0100 Subject: [PATCH 13/24] Remove trailing whitespace from ssm/ssm2.py --- ssm/ssm2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssm/ssm2.py b/ssm/ssm2.py index 28e9762b..ac170283 100644 --- a/ssm/ssm2.py +++ b/ssm/ssm2.py @@ -69,8 +69,8 @@ class Ssm2(stomp.ConnectionListener): STOMP_MESSAGING = 'STOMP' AMS_MESSAGING = 'AMS' - def __init__(self, hosts_and_ports, qpath, cert, key, dest=None, listen=None, - capath=None, check_crls=False, use_ssl=False, username=None, password=None, + def __init__(self, hosts_and_ports, qpath, cert, key, dest=None, listen=None, + capath=None, check_crls=False, use_ssl=False, username=None, password=None, enc_cert=None, verify_enc_cert=True, pidfile=None, path_type='dirq', protocol=STOMP_MESSAGING, project=None, token=''): ''' From 55d279b30d63fd9186d67a336a0b56736cccc87b Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 11:35:30 +0100 Subject: [PATCH 14/24] Remove trailing whitespace from test/test_crypto.py --- test/test_crypto.py | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/test/test_crypto.py b/test/test_crypto.py index fbb0abbf..c4a4fc69 100644 --- a/test/test_crypto.py +++ b/test/test_crypto.py @@ -28,7 +28,7 @@ class TestEncryptUtils(unittest.TestCase): ''' Tests for the encrypt_utils module. ''' - + def setUp(self): ''' If no key/cert pair found, generate a new @@ -39,7 +39,7 @@ def setUp(self): '-newkey', 'rsa:2048', '-keyout', TEST_KEY_FILE, '-out', TEST_CERT_FILE, '-subj', TEST_CERT_DN]) - # Set up an openssl-style CA directory, containing the + # Set up an openssl-style CA directory, containing the # self-signed certificate as its own CA certificate, but with its # name as .0. p1 = Popen(['openssl', 'x509', '-subject_hash', '-noout'], @@ -62,10 +62,10 @@ def tearDown(self): def test_check_cert_key(self): ''' - This will print an error log message for the tests that are + This will print an error log message for the tests that are supposed to fail; you can ignore it. ''' - + # One version of the method would have passed this, because of the # way it checked for validity. try: @@ -73,35 +73,35 @@ def test_check_cert_key(self): self.fail('Accepted non-existent cert and key.') except CryptoException: pass - + if check_cert_key(TEST_CERT_FILE, TEST_CERT_FILE): self.fail('Accepted certificate as key.') - + if not check_cert_key(TEST_CERT_FILE, TEST_KEY_FILE): self.fail('Cert and key match but function failed.') - + def test_sign(self): ''' - I haven't found a good way to test this yet. Each time you sign a + I haven't found a good way to test this yet. Each time you sign a message, the output has a random element, so you can't compare strings. ''' signed = sign(MSG, TEST_CERT_FILE, TEST_KEY_FILE) - + if not 'MIME-Version' in signed: self.fail("Didn't get MIME message when signing.") - + if not MSG in signed: self.fail('The plaintext should be included in the signed message.') - + # Indirect testing, using the verify_message() method retrieved_msg, retrieved_dn = verify(signed, TEST_CA_DIR, False) - + if not retrieved_dn == TEST_CERT_DN: self.fail("The DN of the verified message didn't match the cert.") if not retrieved_msg == MSG: self.fail("The verified message didn't match the original.") - + def test_verify(self): signed_msg = sign(MSG, TEST_CERT_FILE, TEST_KEY_FILE) @@ -128,26 +128,26 @@ def test_verify(self): self.fail(error) retrieved_msg, retrieved_dn = verify(signed_msg, TEST_CA_DIR, False) - + if not retrieved_dn == TEST_CERT_DN: self.fail("The DN of the verified message didn't match the cert.") - + if not retrieved_msg.strip() == MSG: self.fail("The verified messge didn't match the original.") - + retrieved_msg2, retrieved_dn2 = verify(signed_msg2, TEST_CA_DIR, False) - + if not retrieved_dn2 == TEST_CERT_DN: print retrieved_dn2 print TEST_CERT_DN self.fail("The DN of the verified message didn't match the cert.") - + if not retrieved_msg2.strip() == MSG2: print retrieved_msg2 print MSG2 self.fail("The verified messge didn't match the original.") - - # Try empty string + + # Try empty string try: verify('', TEST_CA_DIR, False) except CryptoException: @@ -157,7 +157,7 @@ def test_verify(self): verify('Bibbly bobbly', TEST_CA_DIR, False) except CryptoException: pass - # Try None arguments + # Try None arguments try: verify('Bibbly bobbly', None, False) except CryptoException: @@ -166,7 +166,7 @@ def test_verify(self): verify(None, 'not a path', False) except CryptoException: pass - + def test_get_certificate_subject(self): ''' Check that the correct DN is extracted from the cert. @@ -176,22 +176,22 @@ def test_get_certificate_subject(self): with open(TEST_CERT_FILE, 'r') as test_cert: cert_string = test_cert.read() dn = get_certificate_subject(cert_string) - + if not dn == TEST_CERT_DN: self.fail("Didn't retrieve correct DN from cert.") - + try: subj = get_certificate_subject('Rubbish') self.fail('Returned %s as subject from empty string.' % subj) except CryptoException: pass - + try: subj = get_certificate_subject('') self.fail('Returned %s as subject from empty string.' % subj) except CryptoException: pass - + def test_get_signer_cert(self): ''' Check that the certificate retrieved from the signed message @@ -209,29 +209,29 @@ def test_get_signer_cert(self): if cert.strip() != cert_string.strip(): self.fail('Certificate retrieved from signature ' 'does not match certificate used to sign.') - + def test_encrypt(self): ''' Not a correct test yet. ''' encrypted = encrypt(MSG, TEST_CERT_FILE) - + if not 'MIME-Version' in encrypted: self.fail('Encrypted message is not MIME') - + # Indirect testing, using the decrypt_message function. decrypted = decrypt(encrypted, TEST_CERT_FILE, TEST_KEY_FILE) - + if decrypted != MSG: self.fail("Encrypted message wasn't decrypted successfully.") - + # invalid cipher try: encrypted = encrypt(MSG, TEST_CERT_FILE, 'aes1024') except CryptoException: - pass - - + pass + + def test_decrypt(self): ''' Check that the encrypted message can be decrypted and returns the @@ -239,17 +239,17 @@ def test_decrypt(self): ''' encrypted = encrypt(MSG, TEST_CERT_FILE) decrypted = decrypt(encrypted, TEST_CERT_FILE, TEST_KEY_FILE) - + if decrypted.strip() != MSG: - self.fail('Failed to decrypt message.') - - + self.fail('Failed to decrypt message.') + + def test_verify_cert(self): ''' Check that the test certificate is verified against itself, and that - it doesn't verify without the correct CA directory. Check that a + it doesn't verify without the correct CA directory. Check that a nonsense string isn't verified. - + I can't check the CRLs of a self-signed certificate easily. ''' with open(TEST_CERT_FILE, 'r') as test_cert: @@ -258,18 +258,18 @@ def test_verify_cert(self): if not verify_cert(cert_string, TEST_CA_DIR, False): self.fail('The self signed certificate should validate against' 'itself in a CA directory.') - + if verify_cert(cert_string, '/var/tmp', False): self.fail("The verify method isn't checking the CA dir correctly.") - + if verify_cert('bloblo', TEST_CA_DIR, False): self.fail('Nonsense successfully verified.') - + if verify_cert(cert_string, TEST_CA_DIR, True): self.fail('The self-signed certificate should not be verified ' + 'if CRLs are checked.') - - try: + + try: if verify_cert(None, TEST_CA_DIR, False): self.fail('Verified None rather than certificate string.') except CryptoException: From b59b74100f2d005ac486ff96273f0e9d5780bd87 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Fri, 14 Jun 2019 16:29:04 +0100 Subject: [PATCH 15/24] Add basic CODEOWNERS file to simplify code reviews This file will mean that when a pull request is opened, everyone in the code-reviewers team will be requested for review. --- CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..534c4bef --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,5 @@ +# These owners will be the default owners for everything in the repo, unless a +# later match is added and takes precedence. They will be requested for review +# when someone opens a pull request. + +* @apel/code-reviewers From 85614b9fc7d13a013b6cf9ae61b026fed25fdbc2 Mon Sep 17 00:00:00 2001 From: James Adams Date: Thu, 1 Aug 2019 13:02:11 +0100 Subject: [PATCH 16/24] Replace tabs with spaces in bin/apel-ssm --- bin/apel-ssm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/apel-ssm b/bin/apel-ssm index 6df00e27..16e48a85 100755 --- a/bin/apel-ssm +++ b/bin/apel-ssm @@ -19,7 +19,7 @@ start() { if [ $RETVAL -ne 0 ]; then failure; else - success; + success; fi; echo return $RETVAL @@ -32,8 +32,8 @@ stop() { RETVAL=$? if [ $RETVAL -ne 0 ]; then failure; - else - success; + else + success; fi; else RETVAL=1 From 812582be6f69d9078daa69781ace6014070fb3b3 Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Tue, 13 Aug 2019 11:32:39 +0100 Subject: [PATCH 17/24] Limit urllib3 logging based on overall level - Add log level setting for connectionpool logging, to the code that already handles setting stomp.py logging, otherwise connectionpool generates a lot of "Starting new HTTPS connection" messages at the INFO level that we aren't really interested in. --- ssm/ssm2.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssm/ssm2.py b/ssm/ssm2.py index ac170283..1ae2402f 100644 --- a/ssm/ssm2.py +++ b/ssm/ssm2.py @@ -169,13 +169,17 @@ def __init__(self, hosts_and_ports, qpath, cert, key, dest=None, listen=None, % (self._enc_cert, self._capath)) # If the overall SSM log level is info, we want to only - # see log entries from stomp.py at the warning level and above. + # see entries from stomp.py and connectionpool at WARNING and above. if logging.getLogger("ssm.ssm2").getEffectiveLevel() == logging.INFO: logging.getLogger("stomp.py").setLevel(logging.WARNING) + logging.getLogger("requests.packages.urllib3.connectionpool" + ).setLevel(logging.WARNING) # If the overall SSM log level is debug, we want to only - # see log entries from stomp.py at the info level and above. + # see entries from stomp.py and connectionpool at INFO above. elif logging.getLogger("ssm.ssm2").getEffectiveLevel() == logging.DEBUG: logging.getLogger("stomp.py").setLevel(logging.INFO) + logging.getLogger("requests.packages.urllib3.connectionpool" + ).setLevel(logging.INFO) def set_dns(self, dn_list): ''' From 4796a38284b2d8cc13bd85366ecf3065b99a8d93 Mon Sep 17 00:00:00 2001 From: Greg Corbett Date: Wed, 31 Jul 2019 10:27:49 +0000 Subject: [PATCH 18/24] Add a test case for catching tampered messages --- test/test_crypto.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/test_crypto.py b/test/test_crypto.py index c4a4fc69..0d31b1ff 100644 --- a/test/test_crypto.py +++ b/test/test_crypto.py @@ -275,6 +275,18 @@ def test_verify_cert(self): except CryptoException: pass + def test_message_tampering(self): + """Test that a tampered message is not accepted as valid.""" + signed_message = sign(MSG, TEST_CERT_FILE, TEST_KEY_FILE) + tampered_message = signed_message.replace(MSG, "Spam") + + # Verifying the orignal, un-tampered message should be fine. + verify(signed_message, TEST_CA_DIR, False) + # Verifying the tampered message should not be fine. + self.assertRaises( + CryptoException, verify, tampered_message, TEST_CA_DIR, False + ) + ################################################################ # Test data below. ################################################################ From 0680c0147f3b53edfd2d147f195682e0313413ec Mon Sep 17 00:00:00 2001 From: Greg Corbett Date: Wed, 31 Jul 2019 14:28:21 +0000 Subject: [PATCH 19/24] Raise CryptoException if message fails to verify --- ssm/crypto.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index 5435ddcd..93f254a7 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -180,6 +180,9 @@ def verify(signed_text, capath, check_crl): log.debug(error) else: log.warn(error) + raise CryptoException( + "Failed to verify the signed message, see the log for details." + ) subj = get_certificate_subject(signer) return body, subj @@ -329,4 +332,3 @@ def get_signer_cert(signed_text): log.error(error) return certstring - From 3f8ea678935e41a7e666ee5f9802b4a995646836 Mon Sep 17 00:00:00 2001 From: Greg Corbett Date: Wed, 21 Aug 2019 13:44:25 +0000 Subject: [PATCH 20/24] Check output of verify for the non-tampered message - to confirm the output is as expected --- test/test_crypto.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/test_crypto.py b/test/test_crypto.py index 0d31b1ff..d63d1933 100644 --- a/test/test_crypto.py +++ b/test/test_crypto.py @@ -281,7 +281,12 @@ def test_message_tampering(self): tampered_message = signed_message.replace(MSG, "Spam") # Verifying the orignal, un-tampered message should be fine. - verify(signed_message, TEST_CA_DIR, False) + verified_message, verified_signer = verify( + signed_message, TEST_CA_DIR, False + ) + self.assertEqual(verified_message, MSG) + self.assertEqual(verified_signer, TEST_CERT_DN) + # Verifying the tampered message should not be fine. self.assertRaises( CryptoException, verify, tampered_message, TEST_CA_DIR, False From 761d010d646f8af7433566c09c88c41878b9c38c Mon Sep 17 00:00:00 2001 From: Greg Corbett Date: Wed, 21 Aug 2019 13:52:35 +0000 Subject: [PATCH 21/24] Remove unneeded "see the log" message - as it only appears in the logs --- ssm/crypto.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index 93f254a7..dafba106 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -181,7 +181,7 @@ def verify(signed_text, capath, check_crl): else: log.warn(error) raise CryptoException( - "Failed to verify the signed message, see the log for details." + "Failed to verify the signed message." ) subj = get_certificate_subject(signer) From 13adcfbf3c6e9e3800f8e180091b0c4652396ef2 Mon Sep 17 00:00:00 2001 From: gregcorbett Date: Tue, 3 Sep 2019 16:29:08 +0100 Subject: [PATCH 22/24] Apply suggestions from code review Co-Authored-By: Adrian Coveney --- ssm/crypto.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssm/crypto.py b/ssm/crypto.py index dafba106..b4084e46 100644 --- a/ssm/crypto.py +++ b/ssm/crypto.py @@ -179,9 +179,8 @@ def verify(signed_text, capath, check_crl): if "Verification successful" in error: log.debug(error) else: - log.warn(error) raise CryptoException( - "Failed to verify the signed message." + "Possible tampering. See OpenSSL error: %s" % error ) subj = get_certificate_subject(signer) From 57e11c1e5e906e69053a284ec5173a091ce3e66d Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Tue, 3 Sep 2019 16:54:33 +0100 Subject: [PATCH 23/24] Update version numbers for 2.4.1 --- apel-ssm.spec | 2 +- scripts/ssm-build-deb.sh | 2 +- scripts/ssm-build-rpm.sh | 2 +- ssm/__init__.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apel-ssm.spec b/apel-ssm.spec index b71a82b9..51b5516f 100644 --- a/apel-ssm.spec +++ b/apel-ssm.spec @@ -4,7 +4,7 @@ %endif Name: apel-ssm -Version: 2.4.0 +Version: 2.4.1 %define releasenumber 1 Release: %{releasenumber}%{?dist} Summary: Secure stomp messenger diff --git a/scripts/ssm-build-deb.sh b/scripts/ssm-build-deb.sh index 4eb15210..91ceeca2 100755 --- a/scripts/ssm-build-deb.sh +++ b/scripts/ssm-build-deb.sh @@ -16,7 +16,7 @@ set -eu -TAG=2.4.0-1 +TAG=2.4.1-1 SOURCE_DIR=~/debbuild/source BUILD_DIR=~/debbuild/build diff --git a/scripts/ssm-build-rpm.sh b/scripts/ssm-build-rpm.sh index a892b88c..39ce74e0 100644 --- a/scripts/ssm-build-rpm.sh +++ b/scripts/ssm-build-rpm.sh @@ -10,7 +10,7 @@ rpmdev-setuptree RPMDIR=/home/rpmb/rpmbuild -VERSION=2.4.0-1 +VERSION=2.4.1-1 SSMDIR=apel-ssm-$VERSION # Remove old sources and RPMS diff --git a/ssm/__init__.py b/ssm/__init__.py index 9477e7c3..37b62c51 100644 --- a/ssm/__init__.py +++ b/ssm/__init__.py @@ -19,7 +19,7 @@ import logging import sys -__version__ = (2, 4, 0) +__version__ = (2, 4, 1) LOG_BREAK = '========================================' From dbb638371568807c37b988457fac1920f20682fa Mon Sep 17 00:00:00 2001 From: Adrian Coveney Date: Tue, 3 Sep 2019 17:03:36 +0100 Subject: [PATCH 24/24] Update changelogs --- CHANGELOG | 6 ++++++ apel-ssm.spec | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 7b327f3b..9fd86a5f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,11 @@ Changelog for ssm ================= +* Tue Sep 03 2019 Adrian Coveney - 2.4.1-1 + - Fixed handling of OpenSSL errors so that messages that have been tampered + with are now rejected. + - Changed logging to remove excessive messages from a 3rd-party module used + when sending via AMS. + * Thu Aug 01 2019 Adrian Coveney - 2.4.0-1 - Added support for sending and receiving messages using the ARGO Messaging Service (AMS). diff --git a/apel-ssm.spec b/apel-ssm.spec index 51b5516f..20badee6 100644 --- a/apel-ssm.spec +++ b/apel-ssm.spec @@ -100,6 +100,12 @@ rm -rf $RPM_BUILD_ROOT %doc %_defaultdocdir/%{name} %changelog +* Tue Sep 03 2019 Adrian Coveney - 2.4.1-1 + - Fixed handling of OpenSSL errors so that messages that have been tampered + with are now rejected. + - Changed logging to remove excessive messages from a 3rd-party module used + when sending via AMS. + * Thu Aug 01 2019 Adrian Coveney - 2.4.0-1 - Added support for sending and receiving messages using the ARGO Messaging Service (AMS).