Date: Saturday, April 30, 2016 @ 07:13:02 Author: fyan Revision: 173030
upgpkg: python-docker-py 1.8.1-1 Modified: python-docker-py/trunk/PKGBUILD Deleted: python-docker-py/trunk/backports.patch -----------------+ PKGBUILD | 12 --- backports.patch | 214 ------------------------------------------------------ 2 files changed, 3 insertions(+), 223 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-04-30 05:08:32 UTC (rev 173029) +++ PKGBUILD 2016-04-30 05:13:02 UTC (rev 173030) @@ -5,7 +5,7 @@ # Contributor: Josh VanderLinden <a...@cloudlery.com> pkgname=(python-docker-py python2-docker-py) -pkgver=1.8.0 +pkgver=1.8.1 pkgrel=1 pkgdesc="Python client for Docker." arch=('any') @@ -16,16 +16,10 @@ 'python2-backports.ssl_match_hostname' 'python2-ipaddress') checkdepends=('python-pytest-cov' 'python2-pytest-cov' 'python-mock' 'python2-mock' 'docker' 'flake8' 'python2-flake8') -source=("git+https://github.com/docker/docker-py.git#tag=$pkgver" - backports.patch) -sha256sums=('SKIP' - '0bbf17354fa7e7089180577271f552ea08c6b262fd0ca732626085c0bde7a3e0') +source=("git+https://github.com/docker/docker-py.git#tag=$pkgver") +sha256sums=('SKIP') prepare() { - # Use match_hostname from backports.ssl_match_hostname, as the required py2-ipaddress module conflicts with python2-ipaddress - # https://github.com/docker/docker-py/pull/1029 - (cd docker-py; patch -p1 -i ../backports.patch) - sed -i 's/==.*$//' docker-py/{,test-}requirements.txt cp -a docker-py{,-py2} Deleted: backports.patch =================================================================== --- backports.patch 2016-04-30 05:08:32 UTC (rev 173029) +++ backports.patch 2016-04-30 05:13:02 UTC (rev 173030) @@ -1,214 +0,0 @@ -From 9da54931355c5ac7146e1f2b137a12cbbb190cfa Mon Sep 17 00:00:00 2001 -From: Felix Yan <felixonm...@archlinux.org> -Date: Fri, 8 Apr 2016 00:20:42 +0800 -Subject: [PATCH] Use backports.ssl_match_hostname - -The py2-ipaddress module unfortunately conflicts with the pypi:ipaddress module, which is in the dependency tree of widely used pyOpenSSL. I think it would be a good idea to use a well maintained backport of the Python 3.5 implementation of match_hostname() instead of duplicating the effort and maintain another. - -All tests are passing here. - -Signed-off-by: Felix Yan <felixonm...@archlinux.org> ---- - docker/ssladapter/ssl_match_hostname.py | 130 -------------------------------- - docker/ssladapter/ssladapter.py | 2 +- - requirements.txt | 2 +- - setup.py | 2 +- - tests/unit/ssladapter_test.py | 12 ++- - 5 files changed, 12 insertions(+), 136 deletions(-) - delete mode 100644 docker/ssladapter/ssl_match_hostname.py - -diff --git a/docker/ssladapter/ssl_match_hostname.py b/docker/ssladapter/ssl_match_hostname.py -deleted file mode 100644 -index 9de0c5f..0000000 ---- a/docker/ssladapter/ssl_match_hostname.py -+++ /dev/null -@@ -1,130 +0,0 @@ --# Slightly modified version of match_hostname in python's ssl library --# https://hg.python.org/cpython/file/tip/Lib/ssl.py --# Changed to make code python 2.x compatible (unicode strings for ip_address --# and 3.5-specific var assignment syntax) -- --import ipaddress --import re -- --try: -- from ssl import CertificateError --except ImportError: -- CertificateError = ValueError -- --import six -- -- --def _ipaddress_match(ipname, host_ip): -- """Exact matching of IP addresses. -- -- RFC 6125 explicitly doesn't define an algorithm for this -- (section 1.7.2 - "Out of Scope"). -- """ -- # OpenSSL may add a trailing newline to a subjectAltName's IP address -- ip = ipaddress.ip_address(six.text_type(ipname.rstrip())) -- return ip == host_ip -- -- --def _dnsname_match(dn, hostname, max_wildcards=1): -- """Matching according to RFC 6125, section 6.4.3 -- -- http://tools.ietf.org/html/rfc6125#section-6.4.3 -- """ -- pats = [] -- if not dn: -- return False -- -- split_dn = dn.split(r'.') -- leftmost, remainder = split_dn[0], split_dn[1:] -- -- wildcards = leftmost.count('*') -- if wildcards > max_wildcards: -- # Issue #17980: avoid denials of service by refusing more -- # than one wildcard per fragment. A survey of established -- # policy among SSL implementations showed it to be a -- # reasonable choice. -- raise CertificateError( -- "too many wildcards in certificate DNS name: " + repr(dn)) -- -- # speed up common case w/o wildcards -- if not wildcards: -- return dn.lower() == hostname.lower() -- -- # RFC 6125, section 6.4.3, subitem 1. -- # The client SHOULD NOT attempt to match a presented identifier in which -- # the wildcard character comprises a label other than the left-most label. -- if leftmost == '*': -- # When '*' is a fragment by itself, it matches a non-empty dotless -- # fragment. -- pats.append('[^.]+') -- elif leftmost.startswith('xn--') or hostname.startswith('xn--'): -- # RFC 6125, section 6.4.3, subitem 3. -- # The client SHOULD NOT attempt to match a presented identifier -- # where the wildcard character is embedded within an A-label or -- # U-label of an internationalized domain name. -- pats.append(re.escape(leftmost)) -- else: -- # Otherwise, '*' matches any dotless string, e.g. www* -- pats.append(re.escape(leftmost).replace(r'\*', '[^.]*')) -- -- # add the remaining fragments, ignore any wildcards -- for frag in remainder: -- pats.append(re.escape(frag)) -- -- pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE) -- return pat.match(hostname) -- -- --def match_hostname(cert, hostname): -- """Verify that *cert* (in decoded format as returned by -- SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 -- rules are followed, but IP addresses are not accepted for *hostname*. -- -- CertificateError is raised on failure. On success, the function -- returns nothing. -- """ -- if not cert: -- raise ValueError("empty or no certificate, match_hostname needs a " -- "SSL socket or SSL context with either " -- "CERT_OPTIONAL or CERT_REQUIRED") -- try: -- host_ip = ipaddress.ip_address(six.text_type(hostname)) -- except ValueError: -- # Not an IP address (common case) -- host_ip = None -- dnsnames = [] -- san = cert.get('subjectAltName', ()) -- for key, value in san: -- if key == 'DNS': -- if host_ip is None and _dnsname_match(value, hostname): -- return -- dnsnames.append(value) -- elif key == 'IP Address': -- if host_ip is not None and _ipaddress_match(value, host_ip): -- return -- dnsnames.append(value) -- if not dnsnames: -- # The subject is only checked when there is no dNSName entry -- # in subjectAltName -- for sub in cert.get('subject', ()): -- for key, value in sub: -- # XXX according to RFC 2818, the most specific Common Name -- # must be used. -- if key == 'commonName': -- if _dnsname_match(value, hostname): -- return -- dnsnames.append(value) -- if len(dnsnames) > 1: -- raise CertificateError( -- "hostname %r doesn't match either of %s" -- % (hostname, ', '.join(map(repr, dnsnames)))) -- elif len(dnsnames) == 1: -- raise CertificateError( -- "hostname %r doesn't match %r" -- % (hostname, dnsnames[0]) -- ) -- else: -- raise CertificateError( -- "no appropriate commonName or " -- "subjectAltName fields were found" -- ) -diff --git a/docker/ssladapter/ssladapter.py b/docker/ssladapter/ssladapter.py -index 179510c..e17dfad 100644 ---- a/docker/ssladapter/ssladapter.py -+++ b/docker/ssladapter/ssladapter.py -@@ -18,7 +18,7 @@ - # Monkey-patching match_hostname with a version that supports - # IP-address checking. Not necessary for Python 3.5 and above - if sys.version_info[0] < 3 or sys.version_info[1] < 5: -- from .ssl_match_hostname import match_hostname -+ from backports.ssl_match_hostname import match_hostname - urllib3.connection.match_hostname = match_hostname - - -diff --git a/requirements.txt b/requirements.txt -index c340f17..8161e2b 100644 ---- a/requirements.txt -+++ b/requirements.txt -@@ -1,4 +1,4 @@ - requests==2.5.3 - six>=1.4.0 - websocket-client==0.32.0 --py2-ipaddress==3.4.1 ; python_version < '3.2' -\ No newline at end of file -+backports.ssl_match_hostname>=3.5 ; python_version < '3.5' -\ No newline at end of file -diff --git a/setup.py b/setup.py -index 0329ba3..2be705d 100644 ---- a/setup.py -+++ b/setup.py -@@ -13,7 +13,7 @@ - ] - - extras_require = { -- ':python_version < "3"': 'py2-ipaddress >= 3.4.1', -+ ':python_version < "3.5"': 'backports.ssl_match_hostname >= 3.5', - } - - exec(open('docker/version.py').read()) -diff --git a/tests/unit/ssladapter_test.py b/tests/unit/ssladapter_test.py -index fa9c77a..2ad1cad 100644 ---- a/tests/unit/ssladapter_test.py -+++ b/tests/unit/ssladapter_test.py -@@ -1,7 +1,13 @@ - from docker.ssladapter import ssladapter --from docker.ssladapter.ssl_match_hostname import ( -- match_hostname, CertificateError --) -+ -+try: -+ from backports.ssl_match_hostname import ( -+ match_hostname, CertificateError -+ ) -+except ImportError: -+ from ssl import ( -+ match_hostname, CertificateError -+ ) - - try: - from ssl import OP_NO_SSLv3, OP_NO_SSLv2, OP_NO_TLSv1