From 38a70d7cdfcb7d02ec038b8e2e2bf39c961b9cfb Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 00:08:21 +0000 Subject: [PATCH 01/15] py3-cassandra-medusa: Define and use vars.py-version No functional change. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index d0a15fd1197..4d28738a23a 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -12,7 +12,10 @@ package: dependencies: runtime: - poetry - - python-3.11-base + - python-${{vars.py-version}}-base + +vars: + py-version: 3.11 environment: contents: @@ -20,10 +23,10 @@ environment: - build-base - busybox - ca-certificates-bundle - - py3.11-installer - - py3.11-pip - - python-3.11 - - python-3.11-dev + - py${{vars.py-version}}-installer + - py${{vars.py-version}}-pip + - python-${{vars.py-version}} + - python-${{vars.py-version}}-dev - wolfi-base pipeline: @@ -113,8 +116,8 @@ test: environment: contents: packages: - - python-3.11 - - python-3.11-dev + - python-${{vars.py-version}} + - python-${{vars.py-version}}-dev - grpc-health-probe pipeline: - runs: medusa --version From fbbba77a39839581913e4a6411d852296ab0b3aa Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 00:12:38 +0000 Subject: [PATCH 02/15] py3-cassandra-medusa: Drop unneeded dep on python-3.11-dev It builds and tests fine w/o this. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 4d28738a23a..1880fc61b08 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -26,7 +26,6 @@ environment: - py${{vars.py-version}}-installer - py${{vars.py-version}}-pip - python-${{vars.py-version}} - - python-${{vars.py-version}}-dev - wolfi-base pipeline: @@ -117,7 +116,6 @@ test: contents: packages: - python-${{vars.py-version}} - - python-${{vars.py-version}}-dev - grpc-health-probe pipeline: - runs: medusa --version From b3abd5e4533964141a897c70378c7efe191188f3 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 00:26:43 +0000 Subject: [PATCH 03/15] py3-cassandra-medusa: Use versioned python binaries Remove the dependency on /usr/bin/python3 and /usr/bin/pip being the same version of python that we are using by using the versioned binaries. If an image needs python3 to be python3.11 for compat reasons, then it should explicitly install python-3.11. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 1880fc61b08..7b58b3e8634 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -25,7 +25,7 @@ environment: - ca-certificates-bundle - py${{vars.py-version}}-installer - py${{vars.py-version}}-pip - - python-${{vars.py-version}} + - python-${{vars.py-version}}-base - wolfi-base pipeline: @@ -37,8 +37,8 @@ pipeline: - name: Python Build runs: | - pip install wheel - pip install poetry + pip${{vars.py-version}} install wheel + pip${{vars.py-version}} install poetry poetry add "aiohttp==3.10.11" poetry add "certifi==2024.7.4" poetry add "dnspython==2.6.1" @@ -57,17 +57,17 @@ pipeline: - runs: | # Setup the virtualenv - python -m venv .venv --system-site-packages + python${{vars.py-version}} -m venv .venv --system-site-packages # Bump pip to patch a CVE - .venv/bin/pip install --upgrade pip==24.0 setuptools==70.0.0 + .venv/bin/pip${{vars.py-version}} install --upgrade pip==24.0 setuptools==70.0.0 - runs: | - .venv/bin/pip install -I -r requirements.txt --no-compile - .venv/bin/pip install -I --no-compile dist/*.whl + .venv/bin/pip${{vars.py-version}} install -I -r requirements.txt --no-compile + .venv/bin/pip${{vars.py-version}} install -I --no-compile dist/*.whl - runs: | # python-snappy is required to run medusa using $MEDUSA_MODE=GRPC. - .venv/bin/pip install -I python-snappy --no-compile + .venv/bin/pip${{vars.py-version}} install -I python-snappy --no-compile - runs: | mkdir -p ${{targets.destdir}}/home/cassandra @@ -115,14 +115,13 @@ test: environment: contents: packages: - - python-${{vars.py-version}} - grpc-health-probe pipeline: - runs: medusa --version - runs: | set +e fail() { echo "$@" 1>&2; exit 1; } - out=$(/home/cassandra/.venv/bin/python3 -m medusa.service.grpc.server 2>&1) + out=$(/home/cassandra/.venv/bin/python${{vars.py-version}} -m medusa.service.grpc.server 2>&1) status=$? echo "$out" | grep -q '/etc/medusa/medusa.ini' || fail "medusa.service.grpc.server output did not contain expected 'medusa.ini' message. Exit status $status: $out" echo "medusa.service.grpc.server exited with expected error message" From 1388e31305deb60a756e238af593289fc8f8dd51 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 00:31:23 +0000 Subject: [PATCH 04/15] py3-cassandra-medusa: Use py3.11-build-base Replace dependencies that py3.11-build-base provides with py3.11-build-base. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 7b58b3e8634..04cdf4845e7 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -21,11 +21,8 @@ environment: contents: packages: - build-base - - busybox - ca-certificates-bundle - - py${{vars.py-version}}-installer - - py${{vars.py-version}}-pip - - python-${{vars.py-version}}-base + - py${{vars.py-version}}-build-base - wolfi-base pipeline: From 380dff9512dc455250dd152b3e78a022adf85d8d Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 00:34:33 +0000 Subject: [PATCH 05/15] py3-cassandra-medusa: Add explicit dep on py-version-specific poetry-bin Otherwise apk will resolve the dependency using provide priorities, which currently the python 3.13 version will win. That drags in an entirely new python environment that we don't need. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 04cdf4845e7..99fc930f6d2 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -11,7 +11,7 @@ package: no-depends: true dependencies: runtime: - - poetry + - py${{vars.py-version}}-poetry - python-${{vars.py-version}}-base vars: @@ -34,7 +34,6 @@ pipeline: - name: Python Build runs: | - pip${{vars.py-version}} install wheel pip${{vars.py-version}} install poetry poetry add "aiohttp==3.10.11" poetry add "certifi==2024.7.4" From c25d18506843a90ad15b2891cd265519974f9e2c Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 13:50:27 +0000 Subject: [PATCH 06/15] py3-cassandra-medusa: let melange populate the python dep Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 99fc930f6d2..3b2112c9506 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -12,7 +12,6 @@ package: dependencies: runtime: - py${{vars.py-version}}-poetry - - python-${{vars.py-version}}-base vars: py-version: 3.11 From 73aecc7c4dddff23d39df5baf9431c4bd3ccc300 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 13:54:09 +0000 Subject: [PATCH 07/15] py3-cassandra-medusa: stop shipping copies of the python interpreter `sed -i` will replace a symlink with a full copy. Only run it on regular files. This should make sure we're always running the latest patched interpreter, as well as decrease package and image sizes. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 3b2112c9506..e146ff6f866 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -69,7 +69,8 @@ pipeline: mv .venv ${{targets.destdir}}/home/cassandra/ # edit the venv paths - sed -i "s|/home/build|${{targets.destdir}}/home/cassandra|g" ${{targets.destdir}}/home/cassandra/.venv/bin/* + find '${{targets.destdir}}/home/cassandra/.venv/bin/' -type f | \ + xargs sed -i "s|/home/build|${{targets.destdir}}/home/cassandra|g" # allow site-packages sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/home/cassandra/.venv/pyvenv.cfg From c2c6f2c2d06b962e85cb08b6b113dcd4ebfbb223 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 13:56:41 +0000 Subject: [PATCH 08/15] py3-cassandra-medusa: Add compat dep on grpc-health-probe Without this, our compat symlink dangles. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index e146ff6f866..5f44b20c1b2 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -93,6 +93,7 @@ subpackages: # The entrypoint script fails to start without bash and sleep (which comes from busybox) - bash - busybox + - grpc-health-probe pipeline: - runs: | mkdir -p "${{targets.subpkgdir}}/home/cassandra/" From a2968185bb843aecd83b48f628e0f9f97e38302a Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 07:14:31 -0700 Subject: [PATCH 09/15] py3-cassandra-medusa: restore build-dep on py3.11-build-base-dev for arm64 psutil, and possibly other module dependencies from PyPI, are not pre-compiled for arm64, so we need the C build environment. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 5f44b20c1b2..2c192846d0e 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -21,7 +21,7 @@ environment: packages: - build-base - ca-certificates-bundle - - py${{vars.py-version}}-build-base + - py${{vars.py-version}}-build-base-dev - wolfi-base pipeline: From 2986dc0a48569e44df1f4d3fb844c3ffd22503e1 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sun, 22 Dec 2024 09:06:08 -0700 Subject: [PATCH 10/15] py3-cassandra-medusa: Use poetry from wolfi We are relying on system-installed poetry at runtime, so let's also use it at build-time to reduce external dependencies. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 2c192846d0e..17e6eb21369 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -22,6 +22,7 @@ environment: - build-base - ca-certificates-bundle - py${{vars.py-version}}-build-base-dev + - py${{vars.py-version}}-poetry-bin - wolfi-base pipeline: @@ -33,7 +34,6 @@ pipeline: - name: Python Build runs: | - pip${{vars.py-version}} install poetry poetry add "aiohttp==3.10.11" poetry add "certifi==2024.7.4" poetry add "dnspython==2.6.1" From 0dd7702a7c6164029bac0145a45ccbae416c33cb Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sun, 22 Dec 2024 17:21:05 +0000 Subject: [PATCH 11/15] py3-cassandra-medusa: Use python packages from wolfi when available MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ci-cve-scan currently fails with the errors below[*]. This is a result of us installing pinned versions of dependencies from PyPI. Most of these packages are available in wolfi, and using the wolfi packages would keep us up to date with the latest upstream fixes. Since we no longer need to modify pins, we can build with the py/pip-build-install pipeline instead of poetry. [*] ├── 📄 /home/cassandra/.venv/lib/python3.11/site-packages/pip/_vendor/vendor.txt │ 📦 certifi 2023.7.22 (python) │ Low CVE-2024-39689 GHSA-248v-346w-9cwc fixed in 2024.07.04 │ 📦 idna 3.4 (python) │ Medium CVE-2024-3651 GHSA-jjg7-2v4v-x38h fixed in 3.7 │ 📦 requests 2.31.0 (python) │ Medium CVE-2024-35195 GHSA-9wx4-h78v-vm56 fixed in 2.32.0 │ 📦 setuptools 68.0.0 (python) │ High CVE-2024-6345 GHSA-cx63-2mw6-8hw5 fixed in 70.0.0 │ 📦 urllib3 1.26.17 (python) │ Medium CVE-2024-37891 GHSA-34jh-p97f-mpxf fixed in 1.26.19 │ Medium CVE-2023-45803 GHSA-g4mx-q9vg-27p4 fixed in 1.26.18 ├── 📄 /home/cassandra/.venv/lib/python3.11/site-packages/virtualenv/seed/wheels/embed/setuptools-68.0.0-py3-none-any.whl │ 📦 setuptools 68.0.0 (python) │ High CVE-2024-6345 GHSA-cx63-2mw6-8hw5 fixed in 70.0.0 └── 📄 /home/cassandra/.venv/lib/python3.11/site-packages/virtualenv/seed/wheels/embed/setuptools-69.5.1-py3-none-any.whl 📦 setuptools 69.5.1 (python) High CVE-2024-6345 GHSA-cx63-2mw6-8hw5 fixed in 70.0.0 Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 62 +++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 26 deletions(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 17e6eb21369..1be19aabc5f 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -11,7 +11,29 @@ package: no-depends: true dependencies: runtime: - - py${{vars.py-version}}-poetry + - py${{vars.py-version}}-aiohttp + - py${{vars.py-version}}-azure-identity + - py${{vars.py-version}}-azure-storage-blob + - py${{vars.py-version}}-boto3 + - py${{vars.py-version}}-cassandra-driver + - py${{vars.py-version}}-click + - py${{vars.py-version}}-click-aliases + - py${{vars.py-version}}-certifi + - py${{vars.py-version}}-cryptography + - py${{vars.py-version}}-datadog + - py${{vars.py-version}}-dnspython + - py${{vars.py-version}}-ffwd + - py${{vars.py-version}}-gcloud-aio-storage + - py${{vars.py-version}}-gevent + - py${{vars.py-version}}-grpcio + - py${{vars.py-version}}-grpcio-health-checking + - py${{vars.py-version}}-idna + - py${{vars.py-version}}-psutil + - py${{vars.py-version}}-pyopenssl + - py${{vars.py-version}}-requests + - py${{vars.py-version}}-retrying + - py${{vars.py-version}}-urllib3 + - py${{vars.py-version}}-pyyaml vars: py-version: 3.11 @@ -22,7 +44,7 @@ environment: - build-base - ca-certificates-bundle - py${{vars.py-version}}-build-base-dev - - py${{vars.py-version}}-poetry-bin + - py${{vars.py-version}}-poetry - wolfi-base pipeline: @@ -32,37 +54,25 @@ pipeline: tag: v${{package.version}} expected-commit: 6202aca6e4c2859d2ad601571571a774df7bebc8 - - name: Python Build - runs: | - poetry add "aiohttp==3.10.11" - poetry add "certifi==2024.7.4" - poetry add "dnspython==2.6.1" - poetry add "idna==3.7" - poetry add "pyOpenSSL@^24.0.0" - poetry add "cryptography@^43.0.1" - # CVE-2024-35195: requests - poetry add "requests@^2.23.0" - # GHSA-m5vv-6r4h-3vj9: azure-identity - poetry add "azure-identity==1.16.1" - # GHSA-34jh-p97f-mpxf: urllib3 - poetry add "urllib3==1.26.19" - poetry run pip freeze | grep -v cassandra-medusa > requirements.txt - POETRY_VIRTUALENVS_IN_PROJECT=true poetry install - poetry build - - runs: | # Setup the virtualenv python${{vars.py-version}} -m venv .venv --system-site-packages - # Bump pip to patch a CVE - .venv/bin/pip${{vars.py-version}} install --upgrade pip==24.0 setuptools==70.0.0 - - runs: | - .venv/bin/pip${{vars.py-version}} install -I -r requirements.txt --no-compile - .venv/bin/pip${{vars.py-version}} install -I --no-compile dist/*.whl + - name: Python Build + uses: py/pip-build-install + with: + python: .venv/bin/python${{vars.py-version}} + + - name: Install deps from PyPI that aren't currently packaged in wolfi + runs: | + .venv/bin/pip${{vars.py-version}} install -I parallel-ssh --no-compile --no-deps + .venv/bin/pip${{vars.py-version}} install -I ssh2-python --no-compile --no-deps + .venv/bin/pip${{vars.py-version}} install -I ssh-python --no-compile --no-deps + .venv/bin/pip${{vars.py-version}} install -I .wheels/${{vars.py-version}}/*.whl --no-compile --no-deps - runs: | # python-snappy is required to run medusa using $MEDUSA_MODE=GRPC. - .venv/bin/pip${{vars.py-version}} install -I python-snappy --no-compile + .venv/bin/pip${{vars.py-version}} install -I python-snappy --no-compile --no-deps - runs: | mkdir -p ${{targets.destdir}}/home/cassandra From 385e3f96a909b4df0653779da2793b5bcb5d3db5 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sun, 22 Dec 2024 17:27:31 +0000 Subject: [PATCH 12/15] Revert "py3-parallel-ssh: remove package & deps (wolfi-dev#23756) (#26270)" This reverts commit a5e49689675f3ea663478e22ca155b99a36361d2. Restore these dependencies for py3-cassandra-medusa now that we're using wolfi-python-deps again. Signed-off-by: dann frazier --- py3-parallel-ssh.yaml | 42 ++++++++++++++++ py3-parallel-ssh/config-parser.patch | 16 ++++++ py3-ssh-python.yaml | 75 ++++++++++++++++++++++++++++ py3-ssh-python/config-parser.patch | 16 ++++++ py3-ssh2-python.yaml | 74 +++++++++++++++++++++++++++ py3-ssh2-python/config-parser.patch | 16 ++++++ 6 files changed, 239 insertions(+) create mode 100644 py3-parallel-ssh.yaml create mode 100644 py3-parallel-ssh/config-parser.patch create mode 100644 py3-ssh-python.yaml create mode 100644 py3-ssh-python/config-parser.patch create mode 100644 py3-ssh2-python.yaml create mode 100644 py3-ssh2-python/config-parser.patch diff --git a/py3-parallel-ssh.yaml b/py3-parallel-ssh.yaml new file mode 100644 index 00000000000..0daf8145392 --- /dev/null +++ b/py3-parallel-ssh.yaml @@ -0,0 +1,42 @@ +# Generated from https://pypi.org/project/parallel-ssh/ +package: + name: py3-parallel-ssh + version: 2.12.0 + epoch: 1 + description: Asynchronous parallel SSH library + copyright: + - license: LGPL-2.1-or-later + dependencies: + runtime: + - py3-gevent + - py3-ssh2-python + - py3-ssh-python + - python3 + +environment: + contents: + packages: + - build-base + - busybox + - ca-certificates-bundle + - wolfi-base + +pipeline: + - uses: fetch + with: + expected-sha256: be2c06ee8765273d204e00f82afae2dace5eebaefc5343d1dfc64513642161e0 + uri: https://files.pythonhosted.org/packages/source/p/parallel-ssh/parallel-ssh-${{package.version}}.tar.gz + + - uses: patch + with: + patches: config-parser.patch + + - name: Python Build + uses: python/build-wheel + + - uses: strip + +update: + enabled: true + release-monitor: + identifier: 7890 diff --git a/py3-parallel-ssh/config-parser.patch b/py3-parallel-ssh/config-parser.patch new file mode 100644 index 00000000000..c04c7c030b0 --- /dev/null +++ b/py3-parallel-ssh/config-parser.patch @@ -0,0 +1,16 @@ +diff --git a/versioneer.py b/versioneer.py +index a287060..eafcdac 100644 +--- a/versioneer.py ++++ b/versioneer.py +@@ -339,9 +339,9 @@ def get_config_from_root(root): + # configparser.NoOptionError (if it lacks "VCS="). See the docstring at + # the top of versioneer.py for instructions on writing your setup.cfg . + setup_cfg = os.path.join(root, "setup.cfg") +- parser = configparser.SafeConfigParser() ++ parser = configparser.ConfigParser() + with open(setup_cfg, "r") as f: +- parser.readfp(f) ++ parser.read_file(f) + VCS = parser.get("versioneer", "VCS") # mandatory + + def get(parser, name): diff --git a/py3-ssh-python.yaml b/py3-ssh-python.yaml new file mode 100644 index 00000000000..54a21312036 --- /dev/null +++ b/py3-ssh-python.yaml @@ -0,0 +1,75 @@ +# Generated from https://pypi.org/project/ssh-python/ +package: + name: py3-ssh-python + version: 1.0.0 + epoch: 1 + description: libssh C library bindings for Python. + copyright: + - license: LGPL-2.1-only + dependencies: + runtime: + - python3 + +environment: + contents: + packages: + - build-base + - busybox + - ca-certificates-bundle + - cmake + - libssh2 + - libssh2-dev + - libssl3 + - openssl + - openssl-dev + - py3.11-installer + - py3.11-pip + - python-3.11 + - python-3.11-dev + - zlib + - zlib-dev + +pipeline: + - uses: git-checkout + with: + expected-commit: a62aaf26aa18b861242364ddf3c18bc5d8343ae6 + repository: https://github.com/ParallelSSH/ssh-python + tag: ${{package.version}} + + - uses: patch + with: + patches: config-parser.patch + + - name: Python Build + runs: | + pip install wheel + python setup.py bdist_wheel + + - runs: | + # Setup the virtualenv + python -m venv .venv --system-site-packages + # Bump pip to patch a CVE + .venv/bin/pip install --upgrade pip==23.3.2 setuptools==65.5.1 + + - runs: | + .venv/bin/pip install -I --no-compile dist/*.whl + + - runs: | + mkdir -p ${{targets.destdir}}/usr/share/py3-ssh + mv .venv ${{targets.destdir}}/usr/share/py3-ssh/ + + # edit the venv paths + sed -i "s|/home/build|/usr/share/py3-ssh|g" ${{targets.destdir}}/usr/share/py3-ssh/.venv/bin/* + + # allow site-packages + sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/usr/share/py3-ssh/.venv/pyvenv.cfg + + - uses: strip + +update: + enabled: true + ignore-regex-patterns: + - (.*).post(.*) + - 03.0 + github: + identifier: ParallelSSH/ssh-python diff --git a/py3-ssh-python/config-parser.patch b/py3-ssh-python/config-parser.patch new file mode 100644 index 00000000000..ff392c2ce88 --- /dev/null +++ b/py3-ssh-python/config-parser.patch @@ -0,0 +1,16 @@ +diff --git a/versioneer.py b/versioneer.py +index a287060..eafcdac 100644 +--- a/versioneer.py ++++ b/versioneer.py +@@ -339,9 +339,9 @@ def get_config_from_root(root): + # configparser.NoOptionError (if it lacks "VCS="). See the docstring at + # the top of versioneer.py for instructions on writing your setup.cfg . + setup_cfg = os.path.join(root, "setup.cfg") +- parser = configparser.SafeConfigParser() ++ parser = configparser.ConfigParser() + with open(setup_cfg, "r") as f: +- parser.readfp(f) ++ parser.read_file(f) + VCS = parser.get("versioneer", "VCS") # mandatory + + def get(parser, name): \ No newline at end of file diff --git a/py3-ssh2-python.yaml b/py3-ssh2-python.yaml new file mode 100644 index 00000000000..89bac4330e6 --- /dev/null +++ b/py3-ssh2-python.yaml @@ -0,0 +1,74 @@ +# Generated from https://pypi.org/project/ssh2-python/ +package: + name: py3-ssh2-python + version: 1.0.0 + epoch: 1 + description: Bindings for libssh2 C library + copyright: + - license: LGPL-2.1-only + dependencies: + runtime: + - python-3 + +environment: + contents: + packages: + - build-base + - busybox + - ca-certificates-bundle + - cmake + - libssh2 + - libssh2-dev + - libssl3 + - openssl + - openssl-dev + - py3.11-installer + - py3.11-pip + - python-3.11 + - python-3.11-dev + - zlib + - zlib-dev + +pipeline: + - uses: git-checkout + with: + expected-commit: 018fd695ebadad7eed102ec3a00dcfa70cf44e83 + repository: https://github.com/ParallelSSH/ssh2-python + tag: ${{package.version}} + + - uses: patch + with: + patches: config-parser.patch + + - name: Python Build + runs: | + pip install wheel + python setup.py bdist_wheel + + - runs: | + # Setup the virtualenv + python -m venv .venv --system-site-packages + # Bump pip to patch a CVE + .venv/bin/pip install --upgrade pip==23.3.2 setuptools==65.5.1 + + - runs: | + .venv/bin/pip install -I --no-compile dist/*.whl + + - runs: | + mkdir -p ${{targets.destdir}}/usr/share/py3-ssh2 + mv .venv ${{targets.destdir}}/usr/share/py3-ssh2/ + + # edit the venv paths + sed -i "s|/home/build|/usr/share/py3-ssh2|g" ${{targets.destdir}}/usr/share/py3-ssh2/.venv/bin/* + + # allow site-packages + sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/usr/share/py3-ssh2/.venv/pyvenv.cfg + + - uses: strip + +update: + enabled: true + ignore-regex-patterns: + - (.*).post(.*) + github: + identifier: ParallelSSH/ssh2-python diff --git a/py3-ssh2-python/config-parser.patch b/py3-ssh2-python/config-parser.patch new file mode 100644 index 00000000000..ff392c2ce88 --- /dev/null +++ b/py3-ssh2-python/config-parser.patch @@ -0,0 +1,16 @@ +diff --git a/versioneer.py b/versioneer.py +index a287060..eafcdac 100644 +--- a/versioneer.py ++++ b/versioneer.py +@@ -339,9 +339,9 @@ def get_config_from_root(root): + # configparser.NoOptionError (if it lacks "VCS="). See the docstring at + # the top of versioneer.py for instructions on writing your setup.cfg . + setup_cfg = os.path.join(root, "setup.cfg") +- parser = configparser.SafeConfigParser() ++ parser = configparser.ConfigParser() + with open(setup_cfg, "r") as f: +- parser.readfp(f) ++ parser.read_file(f) + VCS = parser.get("versioneer", "VCS") # mandatory + + def get(parser, name): \ No newline at end of file From b45c6bccf24a175b0726caab9353b3d0bb29bd75 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sun, 22 Dec 2024 18:00:35 +0000 Subject: [PATCH 13/15] py3-parallel-ssh / py3-ssh2-python / py3-ssh-python: multiversion Signed-off-by: dann frazier --- py3-parallel-ssh.yaml | 62 ++++++++++++++++++++++++++------ py3-ssh-python.yaml | 82 ++++++++++++++++++++++++++----------------- py3-ssh2-python.yaml | 80 ++++++++++++++++++++++++----------------- 3 files changed, 149 insertions(+), 75 deletions(-) diff --git a/py3-parallel-ssh.yaml b/py3-parallel-ssh.yaml index 0daf8145392..68988ab04a0 100644 --- a/py3-parallel-ssh.yaml +++ b/py3-parallel-ssh.yaml @@ -1,17 +1,22 @@ -# Generated from https://pypi.org/project/parallel-ssh/ package: name: py3-parallel-ssh version: 2.12.0 - epoch: 1 + epoch: 2 description: Asynchronous parallel SSH library copyright: - license: LGPL-2.1-or-later dependencies: - runtime: - - py3-gevent - - py3-ssh2-python - - py3-ssh-python - - python3 + provider-priority: 0 + +vars: + pypi-package: parallel-ssh + import: pssh + +data: + - name: py-versions + items: + 3.10: "310" + 3.11: "311" environment: contents: @@ -19,6 +24,7 @@ environment: - build-base - busybox - ca-certificates-bundle + - py3-supported-build-base - wolfi-base pipeline: @@ -31,10 +37,46 @@ pipeline: with: patches: config-parser.patch - - name: Python Build - uses: python/build-wheel +subpackages: + - range: py-versions + name: py${{range.key}}-${{vars.pypi-package}} + description: python${{range.key}} version of ${{vars.pypi-package}} + dependencies: + provides: + - py3-${{vars.pypi-package}} + provider-priority: ${{range.value}} + runtime: + - py${{range.key}}-gevent + - py${{range.key}}-ssh2-python + - py${{range.key}}-ssh-python + pipeline: + - uses: py/pip-build-install + with: + python: python${{range.key}} + - uses: strip + test: + pipeline: + - uses: python/import + with: + python: python${{range.key}} + import: ${{vars.import}} - - uses: strip + - name: py3-supported-${{vars.pypi-package}} + description: meta package providing ${{vars.pypi-package}} for supported python versions. + dependencies: + runtime: + - py3.10-${{vars.pypi-package}} + - py3.11-${{vars.pypi-package}} + test: + pipeline: + - uses: python/import + with: + python: python3.10 + import: ${{vars.import}} + - uses: python/import + with: + python: python3.11 + import: ${{vars.import}} update: enabled: true diff --git a/py3-ssh-python.yaml b/py3-ssh-python.yaml index 54a21312036..e2224709e9f 100644 --- a/py3-ssh-python.yaml +++ b/py3-ssh-python.yaml @@ -1,20 +1,27 @@ -# Generated from https://pypi.org/project/ssh-python/ package: name: py3-ssh-python version: 1.0.0 - epoch: 1 + epoch: 2 description: libssh C library bindings for Python. copyright: - license: LGPL-2.1-only dependencies: - runtime: - - python3 + provider-priority: 0 + +vars: + pypi-package: ssh-python + import: ssh + +data: + - name: py-versions + items: + 3.10: "310" + 3.11: "311" environment: contents: packages: - build-base - - busybox - ca-certificates-bundle - cmake - libssh2 @@ -22,10 +29,7 @@ environment: - libssl3 - openssl - openssl-dev - - py3.11-installer - - py3.11-pip - - python-3.11 - - python-3.11-dev + - py3-supported-build-base-dev - zlib - zlib-dev @@ -40,31 +44,43 @@ pipeline: with: patches: config-parser.patch - - name: Python Build - runs: | - pip install wheel - python setup.py bdist_wheel - - - runs: | - # Setup the virtualenv - python -m venv .venv --system-site-packages - # Bump pip to patch a CVE - .venv/bin/pip install --upgrade pip==23.3.2 setuptools==65.5.1 - - - runs: | - .venv/bin/pip install -I --no-compile dist/*.whl - - - runs: | - mkdir -p ${{targets.destdir}}/usr/share/py3-ssh - mv .venv ${{targets.destdir}}/usr/share/py3-ssh/ - - # edit the venv paths - sed -i "s|/home/build|/usr/share/py3-ssh|g" ${{targets.destdir}}/usr/share/py3-ssh/.venv/bin/* - - # allow site-packages - sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/usr/share/py3-ssh/.venv/pyvenv.cfg +subpackages: + - range: py-versions + name: py${{range.key}}-${{vars.pypi-package}} + description: python${{range.key}} version of ${{vars.pypi-package}} + dependencies: + provides: + - py3-${{vars.pypi-package}} + provider-priority: ${{range.value}} + pipeline: + - uses: py/pip-build-install + with: + python: python${{range.key}} + - uses: strip + test: + pipeline: + - uses: python/import + with: + python: python${{range.key}} + import: ${{vars.import}} - - uses: strip + - name: py3-supported-${{vars.pypi-package}} + description: meta package providing ${{vars.pypi-package}} for supported python versions. + dependencies: + runtime: + - py3.10-${{vars.pypi-package}} + - py3.11-${{vars.pypi-package}} + test: + pipeline: + - uses: python/import + with: + python: python3.10 + import: ${{vars.import}} + - uses: python/import + with: + python: python3.11 + import: ${{vars.import}} + - uses: strip update: enabled: true diff --git a/py3-ssh2-python.yaml b/py3-ssh2-python.yaml index 89bac4330e6..7d587cb3ab1 100644 --- a/py3-ssh2-python.yaml +++ b/py3-ssh2-python.yaml @@ -2,19 +2,27 @@ package: name: py3-ssh2-python version: 1.0.0 - epoch: 1 + epoch: 2 description: Bindings for libssh2 C library copyright: - license: LGPL-2.1-only dependencies: - runtime: - - python-3 + provider-priority: 0 + +vars: + pypi-package: ssh2-python + import: ssh2 + +data: + - name: py-versions + items: + 3.10: "310" + 3.11: "311" environment: contents: packages: - build-base - - busybox - ca-certificates-bundle - cmake - libssh2 @@ -22,10 +30,7 @@ environment: - libssl3 - openssl - openssl-dev - - py3.11-installer - - py3.11-pip - - python-3.11 - - python-3.11-dev + - py3-supported-build-base-dev - zlib - zlib-dev @@ -40,31 +45,42 @@ pipeline: with: patches: config-parser.patch - - name: Python Build - runs: | - pip install wheel - python setup.py bdist_wheel - - - runs: | - # Setup the virtualenv - python -m venv .venv --system-site-packages - # Bump pip to patch a CVE - .venv/bin/pip install --upgrade pip==23.3.2 setuptools==65.5.1 - - - runs: | - .venv/bin/pip install -I --no-compile dist/*.whl - - - runs: | - mkdir -p ${{targets.destdir}}/usr/share/py3-ssh2 - mv .venv ${{targets.destdir}}/usr/share/py3-ssh2/ - - # edit the venv paths - sed -i "s|/home/build|/usr/share/py3-ssh2|g" ${{targets.destdir}}/usr/share/py3-ssh2/.venv/bin/* - - # allow site-packages - sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/usr/share/py3-ssh2/.venv/pyvenv.cfg +subpackages: + - range: py-versions + name: py${{range.key}}-${{vars.pypi-package}} + description: python${{range.key}} version of ${{vars.pypi-package}} + dependencies: + provides: + - py3-${{vars.pypi-package}} + provider-priority: ${{range.value}} + pipeline: + - uses: py/pip-build-install + with: + python: python${{range.key}} + - uses: strip + test: + pipeline: + - uses: python/import + with: + python: python${{range.key}} + import: ${{vars.import}} - - uses: strip + - name: py3-supported-${{vars.pypi-package}} + description: meta package providing ${{vars.pypi-package}} for supported python versions. + dependencies: + runtime: + - py3.10-${{vars.pypi-package}} + - py3.11-${{vars.pypi-package}} + test: + pipeline: + - uses: python/import + with: + python: python3.10 + import: ${{vars.import}} + - uses: python/import + with: + python: python3.11 + import: ${{vars.import}} update: enabled: true From 397f9528186045b63e14376322503db3775358a5 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 23 Dec 2024 00:42:24 +0000 Subject: [PATCH 14/15] py3-cassandra-medusa: use resurrected py3 ssh deps from wolfi This leaves python-snappy as the only remaining package that we're still pulling from PyPI. Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 1be19aabc5f..1244a01cb0a 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -28,6 +28,7 @@ package: - py${{vars.py-version}}-grpcio - py${{vars.py-version}}-grpcio-health-checking - py${{vars.py-version}}-idna + - py${{vars.py-version}}-parallel-ssh - py${{vars.py-version}}-psutil - py${{vars.py-version}}-pyopenssl - py${{vars.py-version}}-requests @@ -65,12 +66,6 @@ pipeline: - name: Install deps from PyPI that aren't currently packaged in wolfi runs: | - .venv/bin/pip${{vars.py-version}} install -I parallel-ssh --no-compile --no-deps - .venv/bin/pip${{vars.py-version}} install -I ssh2-python --no-compile --no-deps - .venv/bin/pip${{vars.py-version}} install -I ssh-python --no-compile --no-deps - .venv/bin/pip${{vars.py-version}} install -I .wheels/${{vars.py-version}}/*.whl --no-compile --no-deps - - - runs: | # python-snappy is required to run medusa using $MEDUSA_MODE=GRPC. .venv/bin/pip${{vars.py-version}} install -I python-snappy --no-compile --no-deps From c54a1c1199f4d7ffe08de9dd68f4607904da60e9 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 21 Dec 2024 13:57:18 +0000 Subject: [PATCH 15/15] py3-cassandra-medusa: bump epoch Signed-off-by: dann frazier --- py3-cassandra-medusa.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 1244a01cb0a..46c04d93329 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -2,7 +2,7 @@ package: name: py3-cassandra-medusa version: 0.22.3 - epoch: 1 + epoch: 2 description: Apache Cassandra backup and restore tool copyright: - license: Apache-2.0