1. 17 Feb, 2022 1 commit
  2. 16 Feb, 2022 3 commits
    • Jérome Perrin's avatar
      runpromises: support software releases older than slapos 1.0.118 · 2a90733c
      Jérome Perrin authored
      Before slapos commit a184cca8b (Try to reuse existing file to avoid
      excessive IO on update + other minor optimisations, 2019-06-17), which
      started to be used in profiles in 65acdca0d (Release slapos.cookbook
      (1.0.118), 2019-08-13), the promise plugins did not contain
      
          import sys
          sys.path[0:0] = (..., )
      
      but there was an extra import statement:
      
          import sys
          import json
          sys.path[0:0] = (..., )
      
      slapos.core >= 1.7 was not able to process such promises, because the
      code introspecting these promises assumed that the second node of the
      AST was the assignment, which is incorrect in the old promises because
      it was another import.
      
      To accomodate both cases, use the value from the first assignment.
      
      We also change to use ast.literal_eval for safety.
      2a90733c
    • Jérome Perrin's avatar
      tests: refactor grid tests to use a getTestComputerClass method · b01cc6cf
      Jérome Perrin authored
      This method returns the class of computer used for the test, then
      it's easier for test subclasses to use a computer with different
      classes for software and instances.
      
      Use this in TestSlapgridPluginPromiseWithInstancePython, using
      subclasses instead of monkey patching should make extending this
      test a bit easier
      b01cc6cf
    • Jérome Perrin's avatar
  3. 08 Feb, 2022 1 commit
  4. 04 Feb, 2022 1 commit
  5. 01 Feb, 2022 2 commits
  6. 28 Jan, 2022 1 commit
  7. 26 Jan, 2022 2 commits
  8. 25 Jan, 2022 1 commit
    • Jérome Perrin's avatar
      check_software: fix warning on python2 · e6b637a2
      Jérome Perrin authored
      On python2, warnings.warn expects the message to be passed as a str
      and it will silently output nothing when the message is an unicode
      that can not be converted to str using ascii encoding (cf.
      https://bugs.python.org/issue34752 )
      
      Since october update of pyupio/safety-db there is a new vulnerability
      for pytest-runner, which is described as:
      
          "pytest-runner": [
              {
                  "advisory": "Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example \u2018setup_requires\u2019 and \u2018tests_require\u2019 bypass pip --require-hashes. See also pypa/setuptools#1684.\r\nIt is recommended that you:\r\n- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.\r\n- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.\r\n- Select a tool to bootstrap and then run tests such as tox.",
                  "cve": "PVE-2021-43313",
                  "id": "pyup.io-43313",
                  "specs": [
                      ">0"
                  ],
                  "v": ">0"
              }
          ],
      
      notice the quotes:
      
          \u2018setup_requires\u2019 and \u2018tests_require\u2019
      
      this was sent to warnings.warn as unicode and because all our softwares
      have this vulnerability (that BTW do not impact us because we run
      buildout with a patch for setup_requires), we no longer saw any
      warning on python2 software release tests.
      e6b637a2
  9. 24 Jan, 2022 2 commits
    • Jérome Perrin's avatar
      check_software: check egg vulnerabilities for every used python versions · 3cb8a899
      Jérome Perrin authored
      pkg_resources.Environment only scans packages for the current python
      version, but the checked software might be using a different python
      version than the python version used to check software (the slapos
      python). The checked software might also include packages for
      multiples python versions.
      
      Compute the list used python packages from the eggs directory and use
      an Environment for each python version, this way we check all python
      versions and also when slapos python and software python are different.
      3cb8a899
    • Jérome Perrin's avatar
      check_software: fix indentation · f72f61db
      Jérome Perrin authored
      f72f61db
  10. 17 Jan, 2022 1 commit
    • Jérome Perrin's avatar
      check_software fixes · 79cc1ec0
      Jérome Perrin authored
       - only consider shared parts from checked software
       - support new `.buildout-shared.json` signature files
       - unit test coverage
      
      See merge request !361
      79cc1ec0
  11. 12 Jan, 2022 1 commit
  12. 11 Jan, 2022 6 commits
  13. 06 Jan, 2022 2 commits
  14. 29 Dec, 2021 16 commits