diff options
author | Bazaah | 2024-03-23 10:42:50 +0000 |
---|---|---|
committer | Bazaah | 2024-03-23 10:42:50 +0000 |
commit | b9a598f37529ebfd98fd5a0ead5a66518626acb4 (patch) | |
tree | 59573dd45254dad75f52231f618f5c39fa283201 | |
parent | fbbe080875e5fe2d5fa51f8f5aba285d0ba61797 (diff) | |
parent | c719c85b68176c8bfcdb97233b5eb3ae83b26171 (diff) | |
download | aur-b9a598f37529ebfd98fd5a0ead5a66518626acb4.tar.gz |
merge: master <--- feature/v18.2.2-1
* HEAD
| \
| * c719c85 <github@luxolus.com> pkgbuild: pkgver=18.2.2 pkgrel=1
| * 3d35081 <github@luxolus.com> pkgbuild: add ceph_bcrypt to python-ceph-common
| * 8b874b8 <github@luxolus.com> pkgbuild: add python-bcrypt sources,patches
| * 8576de3 <github@luxolus.com> repo: add python-bcrypt patches
| * 246af22 <github@luxolus.com> pkgbuild: restrict prepare() patch machinery to ceph-*
| * fcde70e <github@luxolus.com> pkgbuild: mv {,ceph-}disable-empty-readable.sh-test
| * abc0a56 <github@luxolus.com> pkgbuild: use mgr-ceph-module-stub.patch
| * a75f61e <github@luxolus.com> repo: add ceph-18.2.2-mgr-ceph-module-stub.patch
| * 93719e4 <github@luxolus.com> pkgbuild: use mgr-dashboard fix backport
| * 836304d <github@luxolus.com> repo: backport mgr/dashboard fix for python-cryptography issues
| * bfe55db <github@luxolus.com> pkgbuild: rm checkdepends->python-mock
| /
| master
Signed-off-by: Bazaah <github@luxolus.com>
-rw-r--r-- | .SRCINFO | 161 | ||||
-rw-r--r-- | PKGBUILD | 108 | ||||
-rw-r--r-- | ceph-18.2.2-backport-mgr-dashboard-simplify-authentication-protocol.patch | 323 | ||||
-rw-r--r-- | ceph-18.2.2-mgr-ceph-module-stub.patch | 34 | ||||
-rw-r--r-- | ceph-disable-empty-readable.sh-test.patch (renamed from disable-empty-readable.sh-test.patch) | 0 | ||||
-rw-r--r-- | python-bcrypt-allow-subinterpreters.patch | 13 | ||||
-rw-r--r-- | python-bcrypt-prefix-ceph.patch | 56 |
7 files changed, 607 insertions, 88 deletions
@@ -1,13 +1,12 @@ pkgbase = ceph pkgdesc = Distributed, fault-tolerant storage platform delivering object, block, and file system - pkgver = 18.2.1 - pkgrel = 2 + pkgver = 18.2.2 + pkgrel = 1 url = https://ceph.com/ arch = x86_64 license = GPL checkdepends = inetutils checkdepends = xmlstarlet - checkdepends = python-mock checkdepends = python-nose checkdepends = python-pycodestyle checkdepends = python-pylint @@ -79,13 +78,17 @@ pkgbase = ceph makedepends = python-typing_extensions makedepends = python-werkzeug makedepends = python-yaml + makedepends = python-build + makedepends = python-installer + makedepends = python-setuptools-rust + makedepends = python-wheel options = emptydirs options = !lto - source = https://download.ceph.com/tarballs/ceph-18.2.1.tar.gz + source = https://download.ceph.com/tarballs/ceph-18.2.2.tar.gz source = ceph.sysusers source = ceph.sudoers source = ceph-13.2.2-dont-install-sysvinit-script.patch - source = disable-empty-readable.sh-test.patch + source = ceph-disable-empty-readable.sh-test.patch source = ceph-17.2.5-logrotate-ignore-dups.patch source = ceph-17.2.4-tox-flake8-git-ls-files.patch source = ceph-17.2.4-tox-mypy-false-postive.patch @@ -99,7 +102,12 @@ pkgbase = ceph source = ceph-18.2.0-fmt10-fixes.patch source = ceph-18.2.0-fix-ecode-shec-test.patch source = ceph-18.2.0-backport-log-runway-expansion.patch - sha512sums = 88e1c18bc6c824b6203cf026cca4c9409000e7cf5b2b986e22ab74d2790d8b93d91556bd3af15a320dbdd0cf2302308f0b2c75fd1243bc5a65f76fc6b3d70736 + source = ceph-18.2.2-backport-mgr-dashboard-simplify-authentication-protocol.patch + source = ceph-18.2.2-mgr-ceph-module-stub.patch + source = python-bcrypt-4.1.2.tar.gz::https://github.com/pyca/bcrypt/archive/4.1.2.tar.gz + source = python-bcrypt-prefix-ceph.patch + source = python-bcrypt-allow-subinterpreters.patch + sha512sums = 2fcd3d67512754947adc8780edbbee9498ef666056b804298cdc998a3eb4a2916c8eb7f2635fd19b78a8b98bd74cce30f969fa2ccb6860257880245c6df703fa sha512sums = 4354001c1abd9a0c385ba7bd529e3638fb6660b6a88d4e49706d4ac21c81b8e829303a20fb5445730bdac18c4865efb10bc809c1cd56d743c12aa9a52e160049 sha512sums = 41dbc1c395cdf9b3edf5c5d91bbc90f416b4338ad964fa3471f26a4312d3ec2a5dcebbc351a1640dc4b047b4f71aa134ac7486747e5f62980092b0176e7567f5 sha512sums = ea069b75b786c22166c609b127b512802cc5c6e9512d792d7b7b34d276f5b86d57c8c35cfc7b5c855a59c0ba87ba1aabe2ca26da72b26bff46b6ba8410ddb27e @@ -117,12 +125,17 @@ pkgbase = ceph sha512sums = 4613232e5a0003c08d233e40fe3ac1cd00e1195d29bdd9892188587b4a782d6979004232927c0a1bff554eabf2fb9b18eb751682b7ad90762292b63891f3b301 sha512sums = 9a1183c08f8799b14235c9271519203cbf93e48ca3a8607d3a0500910efca5379c8a08421c377227f93d8436a850f5ca99784f28aaa920e55f0457c657511f17 sha512sums = e238b326609636bc7dd10cec59290e22898948ef105c49643c38d2621abf16c2efcf9581b0b6bad65066607510c9827d00a7abdb14f2054701cc33b7101ea054 + sha512sums = 965f1174ed682409f5aebfe689ccc870a860f323b00dcd4c9ee079839108ee27ed4d8b42d8b59c7e3cc5fb61d554929d9f779ce224691d20b868acf7f15adb2c + sha512sums = 494290871b12be79a3e74618912d552f4802a7580abcd8e174b890944917ac04e1a52ddd7c039fa230cf43463ed479f9abf6f9a7d403d4ba5b522297184b09a5 + sha512sums = 9cd6535249b88d83efd6f84e36c552cfb68d080c12b5f35167976219fd298efa03010c8674aa6d173242c098194c7d6ace3e2a5173a910bebf63791f60e7ade3 + sha512sums = 26e4569396005f7461764dbe57634ab6d20ca9bfe777b4eeae3def8e3c887333b4d64470ad1db15a8170979f85372c111abfc043bdc1deae219183cc7539980e + sha512sums = 80f0d698d03b18c7168818983e150b34c19480f629f33d5537f76f810bdc7394dea68409ededa5d7f369bf9377cbaa7a9f11caa8874e3ecb29fd8bb06d45aeb2 pkgname = ceph-common pkgdesc = Ceph Storage common libraries and dependencies - depends = ceph-compressor=18.2.1-2 - depends = ceph-crypto=18.2.1-2 - depends = ceph-erasure=18.2.1-2 + depends = ceph-compressor=18.2.2-1 + depends = ceph-crypto=18.2.2-1 + depends = ceph-erasure=18.2.2-1 depends = boost-libs depends = curl depends = glibc @@ -159,7 +172,7 @@ pkgname = ceph-erasure pkgname = ceph-tools pkgdesc = Ceph Storage miscellaneous tooling and utilities - depends = ceph-base=18.2.1-2 + depends = ceph-base=18.2.2-1 depends = bash depends = boost-libs depends = gperftools @@ -169,7 +182,7 @@ pkgname = ceph-tools pkgname = ceph-test pkgdesc = Ceph Storage tools for benchmarking and testing live clusters - depends = ceph-base=18.2.1-2 + depends = ceph-base=18.2.2-1 depends = libcap depends = libaio depends = boost-libs @@ -179,8 +192,8 @@ pkgname = ceph-test pkgname = ceph-volume pkgdesc = Ceph Storage utility for preparing block devices for use as OSDs - depends = python-ceph-common=18.2.1-2 - depends = ceph-osd=18.2.1-2 + depends = python-ceph-common=18.2.2-1 + depends = ceph-osd=18.2.2-1 depends = python depends = lvm2 depends = python-setuptools @@ -195,22 +208,22 @@ pkgname = ceph-cephadm pkgname = ceph-rados pkgdesc = Ceph Storage utilities and tools for librados - depends = librados=18.2.1-2 + depends = librados=18.2.2-1 depends = gcc-libs pkgname = ceph-base pkgdesc = Ceph Storage cluster base utilities and configuration - depends = ceph-common=18.2.1-2 - depends = librados=18.2.1-2 - depends = python-ceph-common=18.2.1-2 - depends = python-rados=18.2.1-2 + depends = ceph-common=18.2.2-1 + depends = librados=18.2.2-1 + depends = python-ceph-common=18.2.2-1 + depends = python-rados=18.2.2-1 depends = python backup = etc/logrotate.d/ceph backup = etc/sudoers.d/90-ceph pkgname = ceph-mon pkgdesc = Ceph Storage cluster monitor daemon, for distributed state storage via PAXOS - depends = ceph-base=18.2.1-2 + depends = ceph-base=18.2.2-1 depends = bash depends = boost-libs depends = fmt @@ -219,10 +232,10 @@ pkgname = ceph-mon pkgname = ceph-mgr pkgdesc = Ceph Storage cluster manager daemon, the API gateway for cluster management - depends = ceph-base=18.2.1-2 - depends = python-cephfs=18.2.1-2 - depends = python-rbd=18.2.1-2 - depends = libcephsqlite=18.2.1-2 + depends = ceph-base=18.2.2-1 + depends = python-cephfs=18.2.2-1 + depends = python-rbd=18.2.2-1 + depends = libcephsqlite=18.2.2-1 depends = sqlite depends = python depends = boost-libs @@ -230,7 +243,6 @@ pkgname = ceph-mgr depends = gperftools depends = python-requests depends = python-typing_extensions - depends = python-pyjwt depends = python-coverage depends = python-jinja depends = python-pyopenssl @@ -246,7 +258,6 @@ pkgname = ceph-mgr depends = python-cheroot depends = python-urllib3 depends = python-jsonpatch - depends = python-cryptography optdepends = cephadm: Required if cluster is managed via cephadm optdepends = python-kubernetes: For mgr/module:rook,k8sevents optdepends = python-numpy: For mgr/module:diskprediction_local @@ -254,7 +265,7 @@ pkgname = ceph-mgr pkgname = ceph-osd pkgdesc = Ceph Storage cluster object storage daemon, for managing block devices - depends = ceph-base=18.2.1-2 + depends = ceph-base=18.2.2-1 depends = fuse3 depends = bash depends = boost-libs @@ -271,14 +282,14 @@ pkgname = ceph-osd pkgname = ceph-mds pkgdesc = Ceph Storage cluster metadata server, the API gateway for CephFS - depends = ceph-base=18.2.1-2 + depends = ceph-base=18.2.2-1 depends = lua depends = fmt depends = gperftools pkgname = ceph-rbd pkgdesc = Ceph Storage utilities and tooling for librbd - depends = librbd=18.2.1-2 + depends = librbd=18.2.2-1 depends = libnl depends = fmt depends = fuse3 @@ -290,7 +301,7 @@ pkgname = ceph-rbd pkgname = ceph-cephfs pkgdesc = Ceph Storage utilities and tooling for libcephfs - depends = libcephfs=18.2.1-2 + depends = libcephfs=18.2.2-1 depends = fuse3 depends = fmt depends = gperftools @@ -302,7 +313,7 @@ pkgname = ceph-cephfs pkgname = ceph-rgw pkgdesc = Ceph Storage cluster RADOS Object Gateway daemon, for serving RESTful traffic - depends = librgw=18.2.1-2 + depends = librgw=18.2.2-1 depends = gawk depends = oath-toolkit depends = boost-libs @@ -314,7 +325,7 @@ pkgname = ceph-rgw pkgname = librados pkgdesc = Ceph Storage client library to the RADOS distributed object store - depends = ceph-common=18.2.1-2 + depends = ceph-common=18.2.2-1 depends = bash depends = boost-libs depends = fmt @@ -325,13 +336,13 @@ pkgname = librados pkgname = libcephfs pkgdesc = Ceph Storage client library for CephFS, a distributed POSIX filesystem - depends = librados=18.2.1-2 + depends = librados=18.2.2-1 depends = fmt provides = libcephfs.so pkgname = librbd pkgdesc = Ceph Storage client library for RADOS block devices - depends = librados=18.2.1-2 + depends = librados=18.2.2-1 depends = cryptsetup depends = fmt provides = librbd.so @@ -339,7 +350,7 @@ pkgname = librbd pkgname = librgw pkgdesc = Ceph Storage client library to RADOS Object Gateway, a S3 and Swift compatible REST API - depends = librados=18.2.1-2 + depends = librados=18.2.2-1 depends = librabbitmq-c depends = lua depends = librdkafka @@ -350,13 +361,13 @@ pkgname = librgw pkgname = libcephsqlite pkgdesc = Ceph Storage client library for a RADOS backed sqlite3 VFS extension - depends = librados=18.2.1-2 + depends = librados=18.2.2-1 depends = fmt provides = libcephsqlite.so pkgname = python-ceph-common pkgdesc = Ceph Storage python module for common classes, objects and types - depends = ceph-common=18.2.1-2 + depends = ceph-common=18.2.2-1 depends = python depends = python-setuptools depends = python-prettytable @@ -364,81 +375,81 @@ pkgname = python-ceph-common pkgname = python-rados pkgdesc = Ceph Storage python library for librados - depends = python-ceph-common=18.2.1-2 - depends = librados=18.2.1-2 + depends = python-ceph-common=18.2.2-1 + depends = librados=18.2.2-1 depends = libxcrypt pkgname = python-rbd pkgdesc = Ceph Storage python library for librbd - depends = python-ceph-common=18.2.1-2 - depends = python-rados=18.2.1-2 - depends = librbd=18.2.1-2 + depends = python-ceph-common=18.2.2-1 + depends = python-rados=18.2.2-1 + depends = librbd=18.2.2-1 depends = libxcrypt pkgname = python-cephfs pkgdesc = Ceph Storage python library for libcephfs - depends = python-ceph-common=18.2.1-2 - depends = python-rados=18.2.1-2 - depends = libcephfs=18.2.1-2 + depends = python-ceph-common=18.2.2-1 + depends = python-rados=18.2.2-1 + depends = libcephfs=18.2.2-1 depends = libxcrypt pkgname = python-rgw pkgdesc = Ceph Storage python library for librgw - depends = python-ceph-common=18.2.1-2 - depends = python-rados=18.2.1-2 - depends = librgw=18.2.1-2 + depends = python-ceph-common=18.2.2-1 + depends = python-rados=18.2.2-1 + depends = librgw=18.2.2-1 depends = libxcrypt pkgname = cephfs-top pkgdesc = Ceph Storage utility for a top(1) inspired curses TUI for CephFS metrics - depends = python-ceph-common=18.2.1-2 - depends = python-cephfs=18.2.1-2 + depends = python-ceph-common=18.2.2-1 + depends = python-cephfs=18.2.2-1 depends = python pkgname = cephfs-shell pkgdesc = Ceph Storage utility for accessing a CephFS filesystem shell - depends = python-ceph-common=18.2.1-2 - depends = python-cephfs=18.2.1-2 + depends = python-ceph-common=18.2.2-1 + depends = python-cephfs=18.2.2-1 depends = python depends = python-cmd2 depends = python-colorama pkgname = java-cephfs pkgdesc = Ceph Storage JNI bindings for CephFS - depends = libcephfs=18.2.1-2 + depends = libcephfs=18.2.2-1 depends = java-runtime pkgname = ceph pkgdesc = Ceph Storage full install [VIRTUAL] - depends = ceph-libs=18.2.1-2 - depends = ceph-cluster=18.2.1-2 - depends = ceph-rados=18.2.1-2 - depends = ceph-rbd=18.2.1-2 - depends = ceph-cephfs=18.2.1-2 - depends = ceph-tools=18.2.1-2 - depends = ceph-test=18.2.1-2 - depends = python-rados=18.2.1-2 - depends = python-rbd=18.2.1-2 - depends = python-cephfs=18.2.1-2 - depends = python-rgw=18.2.1-2 + depends = ceph-libs=18.2.2-1 + depends = ceph-cluster=18.2.2-1 + depends = ceph-rados=18.2.2-1 + depends = ceph-rbd=18.2.2-1 + depends = ceph-cephfs=18.2.2-1 + depends = ceph-tools=18.2.2-1 + depends = ceph-test=18.2.2-1 + depends = python-rados=18.2.2-1 + depends = python-rbd=18.2.2-1 + depends = python-cephfs=18.2.2-1 + depends = python-rgw=18.2.2-1 pkgname = ceph-libs pkgdesc = Ceph Storage client libraries [VIRTUAL] - depends = librados=18.2.1-2 - depends = librbd=18.2.1-2 - depends = libcephfs=18.2.1-2 - depends = librgw=18.2.1-2 - depends = libcephsqlite=18.2.1-2 + depends = librados=18.2.2-1 + depends = librbd=18.2.2-1 + depends = libcephfs=18.2.2-1 + depends = librgw=18.2.2-1 + depends = libcephsqlite=18.2.2-1 pkgname = ceph-cluster pkgdesc = Ceph Storage cluster daemons and components [VIRTUAL] - depends = ceph-mon=18.2.1-2 - depends = ceph-mgr=18.2.1-2 - depends = ceph-osd=18.2.1-2 - depends = ceph-mds=18.2.1-2 - depends = ceph-rgw=18.2.1-2 - depends = ceph-volume=18.2.1-2 + depends = ceph-mon=18.2.2-1 + depends = ceph-mgr=18.2.2-1 + depends = ceph-osd=18.2.2-1 + depends = ceph-mds=18.2.2-1 + depends = ceph-rgw=18.2.2-1 + depends = ceph-volume=18.2.2-1 pkgname = ceph-cli pkgdesc = Ceph Storage CLI utility [VIRTUAL] - depends = ceph-base=18.2.1-2 + depends = ceph-base=18.2.2-1 @@ -4,8 +4,8 @@ pkgbase='ceph' pkgdesc='Distributed, fault-tolerant storage platform delivering object, block, and file system' -pkgver=18.2.1 -pkgrel=2 +pkgver=18.2.2 +pkgrel=1 url='https://ceph.com/' arch=('x86_64') license=('GPL') @@ -38,13 +38,16 @@ makedepends=( 'python-pecan' 'python-prettytable' 'python-pyjwt' 'python-pyopenssl' 'python-requests' 'python-scipy' 'python-setuptools' 'python-sphinx' 'python-typing_extensions' 'python-werkzeug' 'python-yaml' + + # python-bcrypt makedepends + 'python-build' 'python-installer' 'python-setuptools-rust' 'python-wheel' ) checkdepends=( 'inetutils' 'xmlstarlet' - 'python-mock' 'python-nose' 'python-pycodestyle' 'python-pylint' 'python-pytest' - 'python-pytest-cov' + 'python-nose' 'python-pycodestyle' 'python-pylint' 'python-pytest' 'python-pytest-cov' ) +__bcrypt_version='4.1.2' # Despite the upstream suggesting that LTO is now possible, I still am unable # to set this. I get SEGVs in tests, and repeated mentions of C++ One Definition Rule @@ -57,7 +60,7 @@ source=( 'ceph.sysusers' 'ceph.sudoers' 'ceph-13.2.2-dont-install-sysvinit-script.patch' - 'disable-empty-readable.sh-test.patch' + 'ceph-disable-empty-readable.sh-test.patch' # Avoid spurious failures in logrotate when duplicate rule files exist, # typically around cephadm auto-generated rotate rules @@ -107,8 +110,26 @@ source=( # test_concurrent_dir_link_and_compact_log_56210 due to the strange mount/umount/mount # pattern 'ceph-18.2.0-backport-log-runway-expansion.patch' + + # Backport https://github.com/ceph/ceph/pull/55689, removing the mgr dependency on + # python-pyjwt -> python-cryptography (-> pyo3) + # See https://github.com/bazaah/aur-ceph/issues/20 for more + 'ceph-18.2.2-backport-mgr-dashboard-simplify-authentication-protocol.patch' + + # Fix a change in behavior between python 3.11.5 and 3.11.8, which prevents + # importing type stub (.pyi) files directly, without a .py skeleton + 'ceph-18.2.2-mgr-ceph-module-stub.patch' + + # ===== ceph-python-bcrypt sources ===== # + "python-bcrypt-${__bcrypt_version}.tar.gz::https://github.com/pyca/bcrypt/archive/${__bcrypt_version}.tar.gz" + + # Rename bcrypt -> ceph_bcrypt + 'python-bcrypt-prefix-ceph.patch' + + # Use our fork of pyo3, reenabling subinterpreter support + 'python-bcrypt-allow-subinterpreters.patch' ) -sha512sums=('88e1c18bc6c824b6203cf026cca4c9409000e7cf5b2b986e22ab74d2790d8b93d91556bd3af15a320dbdd0cf2302308f0b2c75fd1243bc5a65f76fc6b3d70736' +sha512sums=('2fcd3d67512754947adc8780edbbee9498ef666056b804298cdc998a3eb4a2916c8eb7f2635fd19b78a8b98bd74cce30f969fa2ccb6860257880245c6df703fa' '4354001c1abd9a0c385ba7bd529e3638fb6660b6a88d4e49706d4ac21c81b8e829303a20fb5445730bdac18c4865efb10bc809c1cd56d743c12aa9a52e160049' '41dbc1c395cdf9b3edf5c5d91bbc90f416b4338ad964fa3471f26a4312d3ec2a5dcebbc351a1640dc4b047b4f71aa134ac7486747e5f62980092b0176e7567f5' 'ea069b75b786c22166c609b127b512802cc5c6e9512d792d7b7b34d276f5b86d57c8c35cfc7b5c855a59c0ba87ba1aabe2ca26da72b26bff46b6ba8410ddb27e' @@ -125,7 +146,12 @@ sha512sums=('88e1c18bc6c824b6203cf026cca4c9409000e7cf5b2b986e22ab74d2790d8b93d91 '0c5124693bd317a73707dfd34b17664cc05233aec08e07739fe08fc9a73be7a1f4446052b1addde832cba141a382c35f45e60c89a00bb7dab81cee7ed6be07e1' '4613232e5a0003c08d233e40fe3ac1cd00e1195d29bdd9892188587b4a782d6979004232927c0a1bff554eabf2fb9b18eb751682b7ad90762292b63891f3b301' '9a1183c08f8799b14235c9271519203cbf93e48ca3a8607d3a0500910efca5379c8a08421c377227f93d8436a850f5ca99784f28aaa920e55f0457c657511f17' - 'e238b326609636bc7dd10cec59290e22898948ef105c49643c38d2621abf16c2efcf9581b0b6bad65066607510c9827d00a7abdb14f2054701cc33b7101ea054') + 'e238b326609636bc7dd10cec59290e22898948ef105c49643c38d2621abf16c2efcf9581b0b6bad65066607510c9827d00a7abdb14f2054701cc33b7101ea054' + '965f1174ed682409f5aebfe689ccc870a860f323b00dcd4c9ee079839108ee27ed4d8b42d8b59c7e3cc5fb61d554929d9f779ce224691d20b868acf7f15adb2c' + '494290871b12be79a3e74618912d552f4802a7580abcd8e174b890944917ac04e1a52ddd7c039fa230cf43463ed479f9abf6f9a7d403d4ba5b522297184b09a5' + '9cd6535249b88d83efd6f84e36c552cfb68d080c12b5f35167976219fd298efa03010c8674aa6d173242c098194c7d6ace3e2a5173a910bebf63791f60e7ade3' + '26e4569396005f7461764dbe57634ab6d20ca9bfe777b4eeae3def8e3c887333b4d64470ad1db15a8170979f85372c111abfc043bdc1deae219183cc7539980e' + '80f0d698d03b18c7168818983e150b34c19480f629f33d5537f76f810bdc7394dea68409ededa5d7f369bf9377cbaa7a9f11caa8874e3ecb29fd8bb06d45aeb2') __version="${pkgver}-${pkgrel}" # -fno-plt causes linker errors (undefined reference to internal methods) @@ -140,10 +166,13 @@ export CXXFLAGS="${CXXFLAGS/-fno-plt/}" prepare() { cd "${srcdir}/${pkgbase}-${pkgver}" + _prepare_ceph_python_bcrypt + # apply patches from the source array local filename for filename in "${source[@]%%::*}"; do - if [[ "${filename}" =~ \.patch$ ]]; then + if [[ "${filename}" =~ \.patch$ ]] \ + && [[ "${filename}" =~ ^ceph-.* ]]; then echo "Applying patch ${filename##*/}" patch -p1 -N -i "${srcdir}/${filename##*/}" fi @@ -168,6 +197,8 @@ prepare() { build() { cd "${srcdir}/${pkgbase}-${pkgver}" + _build_ceph_python_bcrypt + export CFLAGS+=" ${CPPFLAGS}" export CXXFLAGS+=" ${CPPFLAGS}" export CMAKE_BUILD_TYPE='RelWithDebInfo' @@ -233,6 +264,8 @@ build() { check() { cd "${srcdir}/${pkgbase}-${pkgver}" + _check_ceph_python_bcrypt + export CTEST_PARALLEL_LEVEL=7 export CTEST_OUTPUT_ON_FAILURE=1 @@ -731,11 +764,10 @@ package_ceph-mgr() { 'sqlite' 'python' 'boost-libs' 'fmt' 'gperftools' - 'python-requests' 'python-typing_extensions' 'python-pyjwt' 'python-coverage' 'python-jinja' - 'python-pyopenssl' 'python-cherrypy' 'python-werkzeug' 'python-prettytable' 'python-pecan' - 'python-scipy' 'python-yaml' 'python-setuptools' 'python-bcrypt' 'python-dateutil' - 'python-cheroot' 'python-urllib3' 'python-jsonpatch' 'python-cryptography' - + 'python-requests' 'python-typing_extensions' 'python-coverage' 'python-jinja' 'python-pyopenssl' + 'python-cherrypy' 'python-werkzeug' 'python-prettytable' 'python-pecan' 'python-scipy' + 'python-yaml' 'python-setuptools' 'python-bcrypt' 'python-dateutil' + 'python-cheroot' 'python-urllib3' 'python-jsonpatch' ) optdepends=( 'cephadm: Required if cluster is managed via cephadm' @@ -1014,6 +1046,9 @@ package_python-ceph-common() { ) mv __pkg__/$pkgname/* "$pkgdir" + + _package_ceph_python_bcrypt + _print } @@ -1120,4 +1155,51 @@ package_ceph() { #======================================================================================# #======================================================================================# +_prepare_ceph_python_bcrypt() { + ( + cd "${srcdir}/bcrypt-${__bcrypt_version}" + + # apply patches from the source array + local filename + for filename in "${source[@]%%::*}"; do + if [[ "${filename}" =~ \.patch$ ]] \ + && [[ "${filename}" =~ ^python-bcrypt-.* ]]; then + echo "Applying patch ${filename##*/}" + patch -p1 -N -i "${srcdir}/${filename##*/}" + fi + done + + mv -v src/{bcrypt,ceph_bcrypt} + ) +} + +_build_ceph_python_bcrypt() { + ( + cd "${srcdir}/bcrypt-${__bcrypt_version}" + + python -m build --wheel --no-isolation + ) +} + +_check_ceph_python_bcrypt() { + ( + cd "${srcdir}/bcrypt-${__bcrypt_version}" + + local _site_packages=$(python -c "import site; print(site.getsitepackages()[0])") + + python -m installer --destdir=test_dir dist/*.whl + PYTHONPATH="test_dir/$_site_packages:$PYTHONPATH" pytest + ) +} + +_package_ceph_python_bcrypt() { + ( + cd "${srcdir}/bcrypt-${__bcrypt_version}" + + python -m installer --destdir="${pkgdir}" dist/*.whl + ) +} +#======================================================================================# +#======================================================================================# + # vim:set ts=2 sw=2 et: diff --git a/ceph-18.2.2-backport-mgr-dashboard-simplify-authentication-protocol.patch b/ceph-18.2.2-backport-mgr-dashboard-simplify-authentication-protocol.patch new file mode 100644 index 000000000000..2f398465c887 --- /dev/null +++ b/ceph-18.2.2-backport-mgr-dashboard-simplify-authentication-protocol.patch @@ -0,0 +1,323 @@ +From fcbd8fdae9d80d9a9bd61838aeaf41b504a5888a Mon Sep 17 00:00:00 2001 +From: Daniel Persson <mailto.woden@gmail.com> +Date: Wed, 29 Nov 2023 09:39:51 +0000 +Subject: [PATCH 1/3] mgr/dashboard: Simplify authentication protocol By + removing the dependency to PyJWT we also remove the dependency to the + cryptographic library which in the dashboard module will create a crash. In + newer implementations of the library PyO3 is used to run rust code in order + to encrypt with Elliptic Curves. This is never used in the dashboard + communication so a much simpler implementation where we only use the hmac + sha256 algorithm to create the signed JWT message could be used. + +Fixes: https://forum.proxmox.com/threads/ceph-warning-post-upgrade-to-v8.129371 +Signed-off-by: Daniel Persson <mailto.woden@gmail.com> +(cherry picked from commit c616a9d017b5fcc85bb5c1556bccf4c77cc3899e) +--- + src/pybind/mgr/dashboard/constraints.txt | 1 - + src/pybind/mgr/dashboard/exceptions.py | 12 ++++ + src/pybind/mgr/dashboard/requirements.txt | 1 - + src/pybind/mgr/dashboard/services/auth.py | 70 ++++++++++++++++++++--- + src/pybind/mgr/dashboard/tox.ini | 1 + + 5 files changed, 74 insertions(+), 11 deletions(-) + +diff --git a/src/pybind/mgr/dashboard/constraints.txt b/src/pybind/mgr/dashboard/constraints.txt +index 55f81c92dec06..fd6141048800a 100644 +--- a/src/pybind/mgr/dashboard/constraints.txt ++++ b/src/pybind/mgr/dashboard/constraints.txt +@@ -1,6 +1,5 @@ + CherryPy~=13.1 + more-itertools~=8.14 +-PyJWT~=2.0 + bcrypt~=3.1 + python3-saml~=1.4 + requests~=2.26 +diff --git a/src/pybind/mgr/dashboard/exceptions.py b/src/pybind/mgr/dashboard/exceptions.py +index 96cbc52335613..d396a38d2c3a2 100644 +--- a/src/pybind/mgr/dashboard/exceptions.py ++++ b/src/pybind/mgr/dashboard/exceptions.py +@@ -121,3 +121,15 @@ class GrafanaError(Exception): + + class PasswordPolicyException(Exception): + pass ++ ++ ++class ExpiredSignatureError(Exception): ++ pass ++ ++ ++class InvalidTokenError(Exception): ++ pass ++ ++ ++class InvalidAlgorithmError(Exception): ++ pass +diff --git a/src/pybind/mgr/dashboard/requirements.txt b/src/pybind/mgr/dashboard/requirements.txt +index 8003d62a5523f..292971819c9c6 100644 +--- a/src/pybind/mgr/dashboard/requirements.txt ++++ b/src/pybind/mgr/dashboard/requirements.txt +@@ -1,7 +1,6 @@ + bcrypt + CherryPy + more-itertools +-PyJWT + pyopenssl + requests + Routes +diff --git a/src/pybind/mgr/dashboard/services/auth.py b/src/pybind/mgr/dashboard/services/auth.py +index f13963abffdd4..3c6002312524d 100644 +--- a/src/pybind/mgr/dashboard/services/auth.py ++++ b/src/pybind/mgr/dashboard/services/auth.py +@@ -1,17 +1,19 @@ + # -*- coding: utf-8 -*- + ++import base64 ++import hashlib ++import hmac + import json + import logging + import os + import threading + import time + import uuid +-from base64 import b64encode + + import cherrypy +-import jwt + + from .. import mgr ++from ..exceptions import ExpiredSignatureError, InvalidAlgorithmError, InvalidTokenError + from .access_control import LocalAuthenticator, UserDoesNotExist + + cherrypy.config.update({ +@@ -33,7 +35,7 @@ class JwtManager(object): + @staticmethod + def _gen_secret(): + secret = os.urandom(16) +- return b64encode(secret).decode('utf-8') ++ return base64.b64encode(secret).decode('utf-8') + + @classmethod + def init(cls): +@@ -45,6 +47,54 @@ def init(cls): + mgr.set_store('jwt_secret', secret) + cls._secret = secret + ++ @classmethod ++ def array_to_base64_string(cls, message): ++ jsonstr = json.dumps(message, sort_keys=True).replace(" ", "") ++ string_bytes = base64.urlsafe_b64encode(bytes(jsonstr, 'UTF-8')) ++ return string_bytes.decode('UTF-8').replace("=", "") ++ ++ @classmethod ++ def encode(cls, message, secret): ++ header = {"alg": cls.JWT_ALGORITHM, "typ": "JWT"} ++ base64_header = cls.array_to_base64_string(header) ++ base64_message = cls.array_to_base64_string(message) ++ base64_secret = base64.urlsafe_b64encode(hmac.new( ++ bytes(secret, 'UTF-8'), ++ msg=bytes(base64_header + "." + base64_message, 'UTF-8'), ++ digestmod=hashlib.sha256 ++ ).digest()).decode('UTF-8').replace("=", "") ++ return base64_header + "." + base64_message + "." + base64_secret ++ ++ @classmethod ++ def decode(cls, message, secret): ++ split_message = message.split(".") ++ base64_header = split_message[0] ++ base64_message = split_message[1] ++ base64_secret = split_message[2] ++ ++ decoded_header = json.loads(base64.urlsafe_b64decode(base64_header)) ++ ++ if decoded_header['alg'] != cls.JWT_ALGORITHM: ++ raise InvalidAlgorithmError() ++ ++ incoming_secret = base64.urlsafe_b64encode(hmac.new( ++ bytes(secret, 'UTF-8'), ++ msg=bytes(base64_header + "." + base64_message, 'UTF-8'), ++ digestmod=hashlib.sha256 ++ ).digest()).decode('UTF-8').replace("=", "") ++ ++ if base64_secret != incoming_secret: ++ raise InvalidTokenError() ++ ++ # We add ==== as padding to ignore the requirement to have correct padding in ++ # the urlsafe_b64decode method. ++ decoded_message = json.loads(base64.urlsafe_b64decode(base64_message + "====")) ++ now = int(time.time()) ++ if decoded_message['exp'] < now: ++ raise ExpiredSignatureError() ++ ++ return decoded_message ++ + @classmethod + def gen_token(cls, username): + if not cls._secret: +@@ -59,13 +109,13 @@ def gen_token(cls, username): + 'iat': now, + 'username': username + } +- return jwt.encode(payload, cls._secret, algorithm=cls.JWT_ALGORITHM) # type: ignore ++ return cls.encode(payload, cls._secret) # type: ignore + + @classmethod + def decode_token(cls, token): + if not cls._secret: + cls.init() +- return jwt.decode(token, cls._secret, algorithms=cls.JWT_ALGORITHM) # type: ignore ++ return cls.decode(token, cls._secret) # type: ignore + + @classmethod + def get_token_from_header(cls): +@@ -99,8 +149,8 @@ def get_username(cls): + @classmethod + def get_user(cls, token): + try: +- dtoken = JwtManager.decode_token(token) +- if not JwtManager.is_blocklisted(dtoken['jti']): ++ dtoken = cls.decode_token(token) ++ if not cls.is_blocklisted(dtoken['jti']): + user = AuthManager.get_user(dtoken['username']) + if user.last_update <= dtoken['iat']: + return user +@@ -110,10 +160,12 @@ def get_user(cls, token): + ) + else: + cls.logger.debug('Token is block-listed') # type: ignore +- except jwt.ExpiredSignatureError: ++ except ExpiredSignatureError: + cls.logger.debug("Token has expired") # type: ignore +- except jwt.InvalidTokenError: ++ except InvalidTokenError: + cls.logger.debug("Failed to decode token") # type: ignore ++ except InvalidAlgorithmError: ++ cls.logger.debug("Only the HS256 algorithm is supported.") # type: ignore + except UserDoesNotExist: + cls.logger.debug( # type: ignore + "Invalid token: user %s does not exist", dtoken['username'] +diff --git a/src/pybind/mgr/dashboard/tox.ini b/src/pybind/mgr/dashboard/tox.ini +index 47756e946e125..271df286ec5e8 100644 +--- a/src/pybind/mgr/dashboard/tox.ini ++++ b/src/pybind/mgr/dashboard/tox.ini +@@ -20,6 +20,7 @@ addopts = + deps = + -rrequirements.txt + -cconstraints.txt ++ PyJWT + + [base-test] + deps = + +From d456590743aa26d7d253b20294f5aa33544ab8a7 Mon Sep 17 00:00:00 2001 +From: Daniel Persson <mailto.woden@gmail.com> +Date: Sun, 3 Dec 2023 08:03:47 +0000 +Subject: [PATCH 2/3] mgr/dashboard: Changes suggested after review by + @epuertat. + +Move the JWT requirement to the test requirements file. Also remove JWT from ceph specification and debian build. + +Signed-off-by: Daniel Persson <mailto.woden@gmail.com> +(cherry picked from commit c1ea66fe12f86e7a63681cba860fb91b1ea86e12) +--- + ceph.spec.in | 4 ---- + debian/control | 1 - + src/pybind/mgr/dashboard/requirements-test.txt | 1 + + src/pybind/mgr/dashboard/tox.ini | 1 - + 4 files changed, 1 insertion(+), 6 deletions(-) + +diff --git a/ceph.spec.in b/ceph.spec.in +index ff8aa5aafbff8..c4281abc5bfbb 100644 +--- a/ceph.spec.in ++++ b/ceph.spec.in +@@ -412,7 +412,6 @@ BuildRequires: xmlsec1-nss + BuildRequires: xmlsec1-openssl + BuildRequires: xmlsec1-openssl-devel + BuildRequires: python%{python3_pkgversion}-cherrypy +-BuildRequires: python%{python3_pkgversion}-jwt + BuildRequires: python%{python3_pkgversion}-routes + BuildRequires: python%{python3_pkgversion}-scipy + BuildRequires: python%{python3_pkgversion}-werkzeug +@@ -425,7 +424,6 @@ BuildRequires: libxmlsec1-1 + BuildRequires: libxmlsec1-nss1 + BuildRequires: libxmlsec1-openssl1 + BuildRequires: python%{python3_pkgversion}-CherryPy +-BuildRequires: python%{python3_pkgversion}-PyJWT + BuildRequires: python%{python3_pkgversion}-Routes + BuildRequires: python%{python3_pkgversion}-Werkzeug + BuildRequires: python%{python3_pkgversion}-numpy-devel +@@ -617,7 +615,6 @@ Requires: ceph-prometheus-alerts = %{_epoch_prefix}%{version}-%{release} + Requires: python%{python3_pkgversion}-setuptools + %if 0%{?fedora} || 0%{?rhel} + Requires: python%{python3_pkgversion}-cherrypy +-Requires: python%{python3_pkgversion}-jwt + Requires: python%{python3_pkgversion}-routes + Requires: python%{python3_pkgversion}-werkzeug + %if 0%{?weak_deps} +@@ -626,7 +623,6 @@ Recommends: python%{python3_pkgversion}-saml + %endif + %if 0%{?suse_version} + Requires: python%{python3_pkgversion}-CherryPy +-Requires: python%{python3_pkgversion}-PyJWT + Requires: python%{python3_pkgversion}-Routes + Requires: python%{python3_pkgversion}-Werkzeug + Recommends: python%{python3_pkgversion}-python3-saml +diff --git a/debian/control b/debian/control +index 837a55a371670..e7b123ec381e7 100644 +--- a/debian/control ++++ b/debian/control +@@ -91,7 +91,6 @@ Build-Depends: automake, + python3-all-dev, + python3-cherrypy3, + python3-natsort, +- python3-jwt <pkg.ceph.check>, + python3-pecan <pkg.ceph.check>, + python3-bcrypt <pkg.ceph.check>, + tox <pkg.ceph.check>, +diff --git a/src/pybind/mgr/dashboard/requirements-test.txt b/src/pybind/mgr/dashboard/requirements-test.txt +index da283d0b64aaa..aa80b3336b540 100644 +--- a/src/pybind/mgr/dashboard/requirements-test.txt ++++ b/src/pybind/mgr/dashboard/requirements-test.txt +@@ -2,3 +2,4 @@ pytest-cov + pytest-instafail + pyfakefs==4.5.0 +-jsonschema ++jsonschema~=4.0 ++PyJWT~=2.0 +diff --git a/src/pybind/mgr/dashboard/tox.ini b/src/pybind/mgr/dashboard/tox.ini +index 271df286ec5e8..47756e946e125 100644 +--- a/src/pybind/mgr/dashboard/tox.ini ++++ b/src/pybind/mgr/dashboard/tox.ini +@@ -20,7 +20,6 @@ addopts = + deps = + -rrequirements.txt + -cconstraints.txt +- PyJWT + + [base-test] + deps = + +From 04b3792228415fa0320eb2e28c60e00fac68d3d8 Mon Sep 17 00:00:00 2001 +From: Daniel Persson <mailto.woden@gmail.com> +Date: Sun, 3 Dec 2023 09:46:56 +0000 +Subject: [PATCH 3/3] mgr/dashboard: Updated test dependencies + +Seemed that the test dependencies was separated in two different requirements files +one for the testing and one for linting. Added the JWT dependency in the linting file +as well. + +Signed-off-by: Daniel Persson <mailto.woden@gmail.com> +(cherry picked from commit 06765e648acb1676d5d563c631b8d8fc08b5323c) +--- + src/pybind/mgr/dashboard/requirements-lint.txt | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/pybind/mgr/dashboard/requirements-lint.txt b/src/pybind/mgr/dashboard/requirements-lint.txt +index 57e5191574083..571c92a4ebfbc 100644 +--- a/src/pybind/mgr/dashboard/requirements-lint.txt ++++ b/src/pybind/mgr/dashboard/requirements-lint.txt +@@ -9,3 +9,4 @@ autopep8==1.5.7 + pyfakefs==4.5.0 + isort==5.5.3 +-jsonschema==4.16.0 ++jsonschema~=4.0 ++PyJWT~=2.0 diff --git a/ceph-18.2.2-mgr-ceph-module-stub.patch b/ceph-18.2.2-mgr-ceph-module-stub.patch new file mode 100644 index 000000000000..151c81313f93 --- /dev/null +++ b/ceph-18.2.2-mgr-ceph-module-stub.patch @@ -0,0 +1,34 @@ +diff --git a/src/pybind/mgr/ceph_module.py b/src/pybind/mgr/ceph_module.py +new file mode 100644 +index 00000000000..bfa21a853f4 +--- /dev/null ++++ b/src/pybind/mgr/ceph_module.py +@@ -0,0 +1,28 @@ ++# This is an interface definition of classes that are generated within C++. ++# Used by mypy to do proper type checking of mgr modules. ++# Without this file, all classes have undefined base classes. ++ ++from typing import Any, Dict, List, Mapping, Optional, Sequence, Tuple, Union ++try: ++ from typing import Protocol # Protocol was added in Python 3.8 ++except ImportError: ++ class Protocol: # type: ignore ++ pass ++ ++class BasePyOSDMap(object): ++ pass ++ ++class BasePyOSDMapIncremental(object): ++ pass ++ ++class BasePyCRUSH(object): ++ pass ++ ++class BaseMgrStandbyModule(object): ++ pass ++ ++class CompletionT(Protocol): ++ pass ++ ++class BaseMgrModule(object): ++ pass diff --git a/disable-empty-readable.sh-test.patch b/ceph-disable-empty-readable.sh-test.patch index 19a8c3d75ac7..19a8c3d75ac7 100644 --- a/disable-empty-readable.sh-test.patch +++ b/ceph-disable-empty-readable.sh-test.patch diff --git a/python-bcrypt-allow-subinterpreters.patch b/python-bcrypt-allow-subinterpreters.patch new file mode 100644 index 000000000000..060532898f5b --- /dev/null +++ b/python-bcrypt-allow-subinterpreters.patch @@ -0,0 +1,13 @@ +diff --git a/src/_bcrypt/Cargo.toml b/src/_bcrypt/Cargo.toml +index a9c7f7c..02317c8 100644 +--- a/src/_bcrypt/Cargo.toml ++++ b/src/_bcrypt/Cargo.toml +@@ -6,7 +6,7 @@ edition = "2018" + publish = false + + [dependencies] +-pyo3 = { version = "0.20.0", features = ["abi3"] } ++pyo3 = { git = "https://git.st8l.com/luxolus/pyo3", tag = "v0.20.3-subint+1", features = ["abi3", "unsafe-allow-subinterpreters"] } + bcrypt = "0.15" + bcrypt-pbkdf = "0.10.0" + base64 = "0.21.5" diff --git a/python-bcrypt-prefix-ceph.patch b/python-bcrypt-prefix-ceph.patch new file mode 100644 index 000000000000..f7d574fbc9e5 --- /dev/null +++ b/python-bcrypt-prefix-ceph.patch @@ -0,0 +1,56 @@ +diff --git a/pyproject.toml b/pyproject.toml +index e365c8c..6e27a0d 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -10,7 +10,7 @@ requires = [ + build-backend = "setuptools.build_meta" + + [project] +-name = "bcrypt" ++name = "ceph_bcrypt" + # When updating this, also update lib.rs + version = "4.1.2" + authors = [ +@@ -41,7 +41,7 @@ homepage = "https://github.com/pyca/bcrypt/" + [tool.setuptools] + zip-safe = false + package-dir = {"" = "src"} +-packages = ["bcrypt"] ++packages = ["ceph_bcrypt"] + + [tool.setuptools.dynamic] + readme = {file = "README.rst", content-type = "text/x-rst"} +@@ -57,7 +57,7 @@ select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF'] + line-length = 79 + + [tool.ruff.isort] +-known-first-party = ["bcrypt", "tests"] ++known-first-party = ["ceph_bcrypt", "tests"] + + [tool.mypy] + show_error_codes = true +diff --git a/setup.py b/setup.py +index 13694c4..160abdd 100644 +--- a/setup.py ++++ b/setup.py +@@ -35,7 +35,7 @@ try: + setup( + rust_extensions=[ + RustExtension( +- "bcrypt._bcrypt", ++ "ceph_bcrypt._bcrypt", + "src/_bcrypt/Cargo.toml", + py_limited_api="auto", + rust_version=( +diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py +index 68c00fb..0661573 100644 +--- a/tests/test_bcrypt.py ++++ b/tests/test_bcrypt.py +@@ -1,6 +1,6 @@ + import pytest + +-import bcrypt ++import ceph_bcrypt as bcrypt + + _test_vectors = [ + ( |