From ec6f504516e49e876bb261a95af12d18cf0c9842 Mon Sep 17 00:00:00 2001 From: OpenStack Release Bot Date: Fri, 11 Sep 2020 21:02:11 +0000 Subject: [PATCH 1/4] Update master for stable/victoria Add file to the reno documentation build to show release notes for stable/victoria. Use pbr instruction to increment the minor version number automatically so that master versions are higher than the versions on stable/victoria. Change-Id: I40d078d93ce1d63bbc1b7bafa6221b6f3f136de6 Sem-Ver: feature --- releasenotes/source/index.rst | 1 + releasenotes/source/victoria.rst | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 releasenotes/source/victoria.rst diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst index 84e055b..474f7eb 100644 --- a/releasenotes/source/index.rst +++ b/releasenotes/source/index.rst @@ -6,6 +6,7 @@ :maxdepth: 1 unreleased + victoria ussuri train stein diff --git a/releasenotes/source/victoria.rst b/releasenotes/source/victoria.rst new file mode 100644 index 0000000..4efc7b6 --- /dev/null +++ b/releasenotes/source/victoria.rst @@ -0,0 +1,6 @@ +============================= +Victoria Series Release Notes +============================= + +.. release-notes:: + :branch: stable/victoria -- GitLab From 02a61d0402b9cceaf9f2a688de7085c57f02fe79 Mon Sep 17 00:00:00 2001 From: OpenStack Release Bot Date: Fri, 11 Sep 2020 21:02:14 +0000 Subject: [PATCH 2/4] Add Python3 wallaby unit tests This is an automatically generated patch to ensure unit testing is in place for all the of the tested runtimes for wallaby. See also the PTI in governance [1]. [1]: https://governance.openstack.org/tc/reference/project-testing-interface.html Change-Id: Icdc9ca232efbda2c0fa685479d4bbb0edca1e575 --- .zuul.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.zuul.yaml b/.zuul.yaml index 600de85..4b91294 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -6,7 +6,7 @@ - check-requirements - lib-forward-testing-python3 - openstack-lower-constraints-jobs - - openstack-python3-victoria-jobs + - openstack-python3-wallaby-jobs - periodic-stable-jobs - publish-openstack-docs-pti - release-notes-jobs-python3 -- GitLab From e8b3a90978655356b321d646805ef927698c0142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Beraud?= Date: Tue, 21 Jul 2020 13:38:20 +0200 Subject: [PATCH 3/4] Adding pre-commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduced changes: - pre-commit config and rules - Add pre-commit to pep8 gate, Flake8 is covered in the pre-commit hooks. - Applying fixes for pre-commit compliance in all code. Also commit hash will be used instead of version tags in pre-commit to prevend arbitrary code from running in developer's machines. pre-commit will be used to: - trailing whitespace; - Replaces or checks mixed line ending (mixed-line-ending); - Forbid files which have a UTF-8 byte-order marker (check-byte-order-marker); - Checks that non-binary executables have a proper shebang (check-executables-have-shebangs); - Check for files that contain merge conflict strings (check-merge-conflict); - Check for debugger imports and py37+ breakpoint() calls in python source (debug-statements); - Attempts to load all yaml files to verify syntax (check-yaml); - Run flake8 checks (flake8) (local) For further details about tests please refer to: https://github.com/pre-commit/pre-commit-hooks Change-Id: I60e74ffcc7a4cc5bb80b19c3aae1b317442d93bd Signed-off-by: Moisés Guimarães de Medeiros --- .pre-commit-config.yaml | 35 +++++++++++++++++++++++++++++++++++ doc/source/conf.py | 5 ++--- test-requirements.txt | 2 ++ tox.ini | 2 +- 4 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..9d94556 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,35 @@ +# We from the Oslo project decided to pin repos based on the +# commit hash instead of the version tag to prevend arbitrary +# code from running in developer's machines. To update to a +# newer version, run `pre-commit autoupdate` and then replace +# the newer versions with their commit hash. + +default_language_version: + python: python3 + +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: ebc15addedad713c86ef18ae9632c88e187dd0af # v3.1.0 + hooks: + - id: trailing-whitespace + # Replaces or checks mixed line ending + - id: mixed-line-ending + args: ['--fix', 'lf'] + exclude: '.*\.(svg)$' + # Forbid files which have a UTF-8 byte-order marker + - id: check-byte-order-marker + # Checks that non-binary executables have a proper shebang + - id: check-executables-have-shebangs + # Check for files that contain merge conflict strings. + - id: check-merge-conflict + # Check for debugger imports and py37+ breakpoint() + # calls in python source + - id: debug-statements + - id: check-yaml + files: .*\.(yaml|yml)$ + - repo: https://gitlab.com/pycqa/flake8 + rev: 181bb46098dddf7e2d45319ea654b4b4d58c2840 # 3.8.3 + hooks: + - id: flake8 + additional_dependencies: + - hacking>=3.0.1,<3.1.0 diff --git a/doc/source/conf.py b/doc/source/conf.py index 92897ea..834bf69 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -1,4 +1,6 @@ # -*- coding: utf-8 -*- +# Copyright (C) 2020 Red Hat, Inc. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -85,6 +87,3 @@ latex_documents = [ u'%s Documentation' % project, u'OpenStack Foundation', 'manual'), ] - -# Example configuration for intersphinx: refer to the Python standard library. -#intersphinx_mapping = {'http://docs.python.org/': None} diff --git a/test-requirements.txt b/test-requirements.txt index ccb1dc6..6ba22a8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -12,3 +12,5 @@ fixtures>=3.0.0 # Apache-2.0/BSD # Bandit security code scanner bandit>=1.6.0,<1.7.0 # Apache-2.0 + +pre-commit>=2.6.0 # MIT diff --git a/tox.ini b/tox.ini index 3e74520..7c6169b 100644 --- a/tox.ini +++ b/tox.ini @@ -12,7 +12,7 @@ commands = stestr run --slowest {posargs} [testenv:pep8] commands = - flake8 + pre-commit run -a # Run security linter bandit -r oslo_versionedobjects tests -n5 --skip B303 -- GitLab From 9f0f31eb8b6953bdd299e34658644142bedfc1e8 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Thu, 1 Oct 2020 10:40:31 -0400 Subject: [PATCH 4/4] Replace md5 with oslo version md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added to oslo_utils. See https://review.opendev.org/#/c/750031/ This patch is to replace the instances of hashlib.md5() with this new encapsulation, adding an annotation indicating whether the usage is a security context or not. In this case, md5 is computed as one of the object hashes for the purposes of object versioning. Change-Id: Idf36897d690a20d23123950618643d0b9e085f6c Depends-On: https://review.opendev.org/#/c/760160 --- lower-constraints.txt | 2 +- oslo_versionedobjects/fixture.py | 7 ++++--- .../notes/update_md5_for_fips-e5a8f8f438ac81fb.yaml | 4 ++++ requirements.txt | 2 +- 4 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/update_md5_for_fips-e5a8f8f438ac81fb.yaml diff --git a/lower-constraints.txt b/lower-constraints.txt index a1e990d..4d20032 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -35,7 +35,7 @@ oslo.messaging==5.29.0 oslo.middleware==3.31.0 oslo.serialization==2.18.0 oslo.service==1.24.0 -oslo.utils==3.33.0 +oslo.utils==4.7.0 oslotest==3.2.0 Paste==2.0.2 PasteDeploy==1.5.0 diff --git a/oslo_versionedobjects/fixture.py b/oslo_versionedobjects/fixture.py index 960146b..9661c70 100644 --- a/oslo_versionedobjects/fixture.py +++ b/oslo_versionedobjects/fixture.py @@ -24,12 +24,12 @@ from collections import namedtuple from collections import OrderedDict import copy import datetime -import hashlib import inspect import logging from unittest import mock import fixtures +from oslo_utils.secretutils import md5 from oslo_utils import versionutils as vutils from oslo_versionedobjects import base @@ -271,8 +271,9 @@ class ObjectVersionChecker(object): if extra_data_func: relevant_data += extra_data_func(obj_class) - fingerprint = '%s-%s' % (obj_class.VERSION, hashlib.md5( - bytes(repr(relevant_data).encode())).hexdigest()) + fingerprint = '%s-%s' % (obj_class.VERSION, md5( + bytes(repr(relevant_data).encode()), + usedforsecurity=False).hexdigest()) return fingerprint def get_hashes(self, extra_data_func=None): diff --git a/releasenotes/notes/update_md5_for_fips-e5a8f8f438ac81fb.yaml b/releasenotes/notes/update_md5_for_fips-e5a8f8f438ac81fb.yaml new file mode 100644 index 0000000..fadd096 --- /dev/null +++ b/releasenotes/notes/update_md5_for_fips-e5a8f8f438ac81fb.yaml @@ -0,0 +1,4 @@ +--- +features: + - Updated _get_fingerprint to use new oslo.utils encapsulation of md5 to + allow md5 hashes to be returned on a FIPS enabled system. diff --git a/requirements.txt b/requirements.txt index 8eb7ca5..1235e45 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ oslo.config>=5.2.0 # Apache-2.0 oslo.context>=2.19.2 # Apache-2.0 oslo.messaging>=5.29.0 # Apache-2.0 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 -oslo.utils>=3.33.0 # Apache-2.0 +oslo.utils>=4.7.0 # Apache-2.0 iso8601>=0.1.11 # MIT oslo.log>=3.36.0 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 -- GitLab