Date: Tuesday, February 9, 2021 @ 09:52:45 Author: yan12125 Revision: 850896
upgpkg: python-pg8000 1.17.0-2; rework on check() and backport a fix for SCRAM authentication Added: python-pg8000/trunk/scram.diff Modified: python-pg8000/trunk/PKGBUILD ------------+ PKGBUILD | 51 ++++++++++++++++++++++++++++++++++++++------------- scram.diff | 13 +++++++++++++ 2 files changed, 51 insertions(+), 13 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-02-09 09:51:40 UTC (rev 850895) +++ PKGBUILD 2021-02-09 09:52:45 UTC (rev 850896) @@ -3,7 +3,7 @@ pkgname=python-pg8000 pkgver=1.17.0 -pkgrel=1 +pkgrel=2 pkgdesc="Pure-Python PostgreSQL database driver, DB-API compatible" arch=(any) url='https://github.com/tlocke/pg8000' @@ -10,13 +10,13 @@ license=(BSD) makedepends=(python-setuptools) checkdepends=(python-pytest python-pytest-mock python-pytest-benchmark - python-pytz pifpaf postgresql) + python-pytz postgresql) depends=(python python-scramp) source=("https://files.pythonhosted.org/packages/source/p/pg8000/pg8000-$pkgver.tar.gz"{,.asc} - pghost-unix-sock.patch::https://github.com/tlocke/pg8000/pull/64.patch) + scram.diff) sha256sums=('14198c5afeb289106e40ee6e5e4c0529c5369939f6ca588a028b371a75fe20dd' 'SKIP' - '0a851dbbc0f8d0116795eb0d875e9178659bdf7c6964bff8b26c6b014c37e9c9') + '71cccb7b33863dc94f93251b8f7cbff93e9505e120e7b9213c4ede2feb4a8e1c') validpgpkeys=( 'D5681B7EC7292511C4CC1450892B00AB699851E8' # Tony Locke <tlo...@tlocke.org.uk>, proven by https://keybase.io/tlocke ) @@ -28,7 +28,8 @@ sed --in-place=.orig -r 's#,?<[0-9.]+,?##;s#==([0-9.]+)#>=\1#' setup.py diff -u setup.py{.orig,} || true - patch -Np1 -i ../pghost-unix-sock.patch + # Partial backport of https://github.com/tlocke/pg8000/commit/18eee18f7525bf3026339d206790d4d5843cf055 + patch -Np1 -i ../scram.diff } build() { @@ -38,15 +39,39 @@ check() { cd pg8000-$pkgver - # GSS tests: need custom pg_hba.conf, while pifpaf does not support it yet - # SSL tests: need TCP connections [1][2], while pifpaf uses unix domain sockets - # [1] https://github.com/postgres/postgres/blob/REL_13_1/src/backend/postmaster/postmaster.c#L2027 - # [2] https://www.postgresql.org/message-id/flat/200801041713.22341.peter_e%40gmx.net - PYTHONPATH="$PWD" pifpaf run postgresql -- bash -c " - psql -c \"CREATE ROLE postgres WITH LOGIN SUPERUSER PASSWORD 'pw';\" - psql -c \"create extension hstore;\" - pytest test -k 'not testGss and not test_gss and not testSsl and not test_ssl' + + export PGDATA="$srcdir/postgres-testdata" + export PGHOST=127.0.0.1 + export PGPORT=$((49152+$RANDOM%10000)) + + # See https://github.com/tlocke/pg8000#tests about database initialization steps for testing + initdb --username=postgres --auth=trust + openssl req -subj "/CN=self-signed" -nodes -x509 -newkey rsa:4096 -days 1 -keyout "$PGDATA/self-signed.key" -out "$PGDATA/self-signed.crt" + cat <<EOF >> "$PGDATA/postgresql.conf" +ssl = on +ssl_cert_file = 'self-signed.crt' +ssl_key_file = 'self-signed.key' +password_encryption = 'scram-sha-256' +EOF + + pg_ctl start -o "-k '' -h $PGHOST -p $PGPORT" -l "$srcdir/postgresql.log" + # Change the password for postgres after password_encryption is specified, so that the role has a valid SCRAM secret + psql -U postgres -c " + CREATE EXTENSION hstore; + ALTER ROLE postgres PASSWORD 'pw'; " + + # should overwrite pg_hba.conf, or unexpected matches may happen against existing entries + cat <<EOF > "$PGDATA/pg_hba.conf" +host pg8000_md5 all 127.0.0.1/32 md5 +host pg8000_gss all 127.0.0.1/32 gss +host pg8000_password all 127.0.0.1/32 password +host pg8000_scram_sha_256 all 127.0.0.1/32 scram-sha-256 +host all all 127.0.0.1/32 trust +EOF + pg_ctl reload + PYTHONPATH="$PWD" pytest test + pg_ctl stop } package() { Added: scram.diff =================================================================== --- scram.diff (rev 0) +++ scram.diff 2021-02-09 09:52:45 UTC (rev 850896) @@ -0,0 +1,13 @@ +diff --git a/pg8000/core.py b/pg8000/core.py +index 8c4c512..8c544b1 100644 +--- a/pg8000/core.py ++++ b/pg8000/core.py +@@ -492,7 +492,7 @@ class CoreConnection(): + elif auth_code == 10: + # AuthenticationSASL + mechanisms = [ +- m.decode('ascii') for m in data[4:-1].split(NULL_BYTE)] ++ m.decode('ascii') for m in data[4:-2].split(NULL_BYTE)] + + self.auth = ScramClient( + mechanisms, self.user.decode('utf8'),