Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

py3-cassandra-medusa: pin to python3.11, use wolfi deps where possible, restoring & multiversioning ssh python libs #38209

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

py3-cassandra-medusa: pin to python3.11, use wolfi deps where possible, restoring & multiversioning ssh python libs #38209

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
38a70d7
py3-cassandra-medusa: Define and use vars.py-version
dannf Dec 21, 2024
fbbba77
py3-cassandra-medusa: Drop unneeded dep on python-3.11-dev
dannf Dec 21, 2024
b3abd5e
py3-cassandra-medusa: Use versioned python binaries
dannf Dec 21, 2024
1388e31
py3-cassandra-medusa: Use py3.11-build-base
dannf Dec 21, 2024
380dff9
py3-cassandra-medusa: Add explicit dep on py-version-specific poetry-bin
dannf Dec 21, 2024
c25d185
py3-cassandra-medusa: let melange populate the python dep
dannf Dec 21, 2024
73aecc7
py3-cassandra-medusa: stop shipping copies of the python interpreter
dannf Dec 21, 2024
c2c6f2c
py3-cassandra-medusa: Add compat dep on grpc-health-probe
dannf Dec 21, 2024
a296818
py3-cassandra-medusa: restore build-dep on py3.11-build-base-dev for …
dannf Dec 21, 2024
2986dc0
py3-cassandra-medusa: Use poetry from wolfi
dannf Dec 22, 2024
0dd7702
py3-cassandra-medusa: Use python packages from wolfi when available
dannf Dec 22, 2024
385e3f9
Revert "py3-parallel-ssh: remove package & deps (wolfi-dev#23756) (#2…
dannf Dec 22, 2024
b45c6bc
py3-parallel-ssh / py3-ssh2-python / py3-ssh-python: multiversion
dannf Dec 22, 2024
397f952
py3-cassandra-medusa: use resurrected py3 ssh deps from wolfi
dannf Dec 23, 2024
c54a1c1
py3-cassandra-medusa: bump epoch
dannf Dec 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 42 additions & 40 deletions py3-cassandra-medusa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
package:
name: py3-cassandra-medusa
version: 0.22.3
epoch: 1
epoch: 2
description: Apache Cassandra backup and restore tool
copyright:
- license: Apache-2.0
Expand All @@ -11,19 +11,41 @@ package:
no-depends: true
dependencies:
runtime:
- poetry
- python-3.11-base
- py${{vars.py-version}}-aiohttp
- py${{vars.py-version}}-azure-identity
- py${{vars.py-version}}-azure-storage-blob
- py${{vars.py-version}}-boto3
- py${{vars.py-version}}-cassandra-driver
- py${{vars.py-version}}-click
- py${{vars.py-version}}-click-aliases
- py${{vars.py-version}}-certifi
- py${{vars.py-version}}-cryptography
- py${{vars.py-version}}-datadog
- py${{vars.py-version}}-dnspython
- py${{vars.py-version}}-ffwd
- py${{vars.py-version}}-gcloud-aio-storage
- py${{vars.py-version}}-gevent
- py${{vars.py-version}}-grpcio
- py${{vars.py-version}}-grpcio-health-checking
- py${{vars.py-version}}-idna
- py${{vars.py-version}}-parallel-ssh
- py${{vars.py-version}}-psutil
- py${{vars.py-version}}-pyopenssl
- py${{vars.py-version}}-requests
- py${{vars.py-version}}-retrying
- py${{vars.py-version}}-urllib3
- py${{vars.py-version}}-pyyaml

vars:
py-version: 3.11

environment:
contents:
packages:
- build-base
- busybox
- ca-certificates-bundle
- py3.11-installer
- py3.11-pip
- python-3.11
- python-3.11-dev
- py${{vars.py-version}}-build-base-dev
- py${{vars.py-version}}-poetry
- wolfi-base

pipeline:
Expand All @@ -33,46 +55,27 @@ pipeline:
tag: v${{package.version}}
expected-commit: 6202aca6e4c2859d2ad601571571a774df7bebc8

- name: Python Build
runs: |
pip install wheel
pip install poetry
poetry add "aiohttp==3.10.11"
poetry add "certifi==2024.7.4"
poetry add "dnspython==2.6.1"
poetry add "idna==3.7"
poetry add "pyOpenSSL@^24.0.0"
poetry add "cryptography@^43.0.1"
# CVE-2024-35195: requests
poetry add "requests@^2.23.0"
# GHSA-m5vv-6r4h-3vj9: azure-identity
poetry add "azure-identity==1.16.1"
# GHSA-34jh-p97f-mpxf: urllib3
poetry add "urllib3==1.26.19"
poetry run pip freeze | grep -v cassandra-medusa > requirements.txt
POETRY_VIRTUALENVS_IN_PROJECT=true poetry install
poetry build

- runs: |
# Setup the virtualenv
python -m venv .venv --system-site-packages
# Bump pip to patch a CVE
.venv/bin/pip install --upgrade pip==24.0 setuptools==70.0.0
python${{vars.py-version}} -m venv .venv --system-site-packages

- runs: |
.venv/bin/pip install -I -r requirements.txt --no-compile
.venv/bin/pip install -I --no-compile dist/*.whl
- name: Python Build
uses: py/pip-build-install
with:
python: .venv/bin/python${{vars.py-version}}

- runs: |
- name: Install deps from PyPI that aren't currently packaged in wolfi
runs: |
# python-snappy is required to run medusa using $MEDUSA_MODE=GRPC.
.venv/bin/pip install -I python-snappy --no-compile
.venv/bin/pip${{vars.py-version}} install -I python-snappy --no-compile --no-deps

- runs: |
mkdir -p ${{targets.destdir}}/home/cassandra
mv .venv ${{targets.destdir}}/home/cassandra/

# edit the venv paths
sed -i "s|/home/build|${{targets.destdir}}/home/cassandra|g" ${{targets.destdir}}/home/cassandra/.venv/bin/*
find '${{targets.destdir}}/home/cassandra/.venv/bin/' -type f | \
xargs sed -i "s|/home/build|${{targets.destdir}}/home/cassandra|g"

# allow site-packages
sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/home/cassandra/.venv/pyvenv.cfg
Expand All @@ -95,6 +98,7 @@ subpackages:
# The entrypoint script fails to start without bash and sleep (which comes from busybox)
- bash
- busybox
- grpc-health-probe
pipeline:
- runs: |
mkdir -p "${{targets.subpkgdir}}/home/cassandra/"
Expand All @@ -113,15 +117,13 @@ test:
environment:
contents:
packages:
- python-3.11
- python-3.11-dev
- grpc-health-probe
pipeline:
- runs: medusa --version
- runs: |
set +e
fail() { echo "$@" 1>&2; exit 1; }
out=$(/home/cassandra/.venv/bin/python3 -m medusa.service.grpc.server 2>&1)
out=$(/home/cassandra/.venv/bin/python${{vars.py-version}} -m medusa.service.grpc.server 2>&1)
status=$?
echo "$out" | grep -q '/etc/medusa/medusa.ini' || fail "medusa.service.grpc.server output did not contain expected 'medusa.ini' message. Exit status $status: $out"
echo "medusa.service.grpc.server exited with expected error message"
84 changes: 84 additions & 0 deletions py3-parallel-ssh.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
package:
name: py3-parallel-ssh
version: 2.12.0
epoch: 2
description: Asynchronous parallel SSH library
copyright:
- license: LGPL-2.1-or-later
dependencies:
provider-priority: 0

vars:
pypi-package: parallel-ssh
import: pssh

data:
- name: py-versions
items:
3.10: "310"
3.11: "311"

environment:
contents:
packages:
- build-base
- busybox
- ca-certificates-bundle
- py3-supported-build-base
- wolfi-base

pipeline:
- uses: fetch
with:
expected-sha256: be2c06ee8765273d204e00f82afae2dace5eebaefc5343d1dfc64513642161e0
uri: https://files.pythonhosted.org/packages/source/p/parallel-ssh/parallel-ssh-${{package.version}}.tar.gz

- uses: patch
with:
patches: config-parser.patch

subpackages:
- range: py-versions
name: py${{range.key}}-${{vars.pypi-package}}
description: python${{range.key}} version of ${{vars.pypi-package}}
dependencies:
provides:
- py3-${{vars.pypi-package}}
provider-priority: ${{range.value}}
runtime:
- py${{range.key}}-gevent
- py${{range.key}}-ssh2-python
- py${{range.key}}-ssh-python
pipeline:
- uses: py/pip-build-install
with:
python: python${{range.key}}
- uses: strip
test:
pipeline:
- uses: python/import
with:
python: python${{range.key}}
import: ${{vars.import}}

- name: py3-supported-${{vars.pypi-package}}
description: meta package providing ${{vars.pypi-package}} for supported python versions.
dependencies:
runtime:
- py3.10-${{vars.pypi-package}}
- py3.11-${{vars.pypi-package}}
test:
pipeline:
- uses: python/import
with:
python: python3.10
import: ${{vars.import}}
- uses: python/import
with:
python: python3.11
import: ${{vars.import}}

update:
enabled: true
release-monitor:
identifier: 7890
16 changes: 16 additions & 0 deletions py3-parallel-ssh/config-parser.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
diff --git a/versioneer.py b/versioneer.py
index a287060..eafcdac 100644
--- a/versioneer.py
+++ b/versioneer.py
@@ -339,9 +339,9 @@ def get_config_from_root(root):
# configparser.NoOptionError (if it lacks "VCS="). See the docstring at
# the top of versioneer.py for instructions on writing your setup.cfg .
setup_cfg = os.path.join(root, "setup.cfg")
- parser = configparser.SafeConfigParser()
+ parser = configparser.ConfigParser()
with open(setup_cfg, "r") as f:
- parser.readfp(f)
+ parser.read_file(f)
VCS = parser.get("versioneer", "VCS") # mandatory

def get(parser, name):
91 changes: 91 additions & 0 deletions py3-ssh-python.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
package:
name: py3-ssh-python
version: 1.0.0
epoch: 2
description: libssh C library bindings for Python.
copyright:
- license: LGPL-2.1-only
dependencies:
provider-priority: 0

vars:
pypi-package: ssh-python
import: ssh

data:
- name: py-versions
items:
3.10: "310"
3.11: "311"

environment:
contents:
packages:
- build-base
- ca-certificates-bundle
- cmake
- libssh2
- libssh2-dev
- libssl3
- openssl
- openssl-dev
- py3-supported-build-base-dev
- zlib
- zlib-dev

pipeline:
- uses: git-checkout
with:
expected-commit: a62aaf26aa18b861242364ddf3c18bc5d8343ae6
repository: https://github.com/ParallelSSH/ssh-python
tag: ${{package.version}}

- uses: patch
with:
patches: config-parser.patch

subpackages:
- range: py-versions
name: py${{range.key}}-${{vars.pypi-package}}
description: python${{range.key}} version of ${{vars.pypi-package}}
dependencies:
provides:
- py3-${{vars.pypi-package}}
provider-priority: ${{range.value}}
pipeline:
- uses: py/pip-build-install
with:
python: python${{range.key}}
- uses: strip
test:
pipeline:
- uses: python/import
with:
python: python${{range.key}}
import: ${{vars.import}}

- name: py3-supported-${{vars.pypi-package}}
description: meta package providing ${{vars.pypi-package}} for supported python versions.
dependencies:
runtime:
- py3.10-${{vars.pypi-package}}
- py3.11-${{vars.pypi-package}}
test:
pipeline:
- uses: python/import
with:
python: python3.10
import: ${{vars.import}}
- uses: python/import
with:
python: python3.11
import: ${{vars.import}}
- uses: strip

update:
enabled: true
ignore-regex-patterns:
- (.*).post(.*)
- 03.0
github:
identifier: ParallelSSH/ssh-python
16 changes: 16 additions & 0 deletions py3-ssh-python/config-parser.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
diff --git a/versioneer.py b/versioneer.py
index a287060..eafcdac 100644
--- a/versioneer.py
+++ b/versioneer.py
@@ -339,9 +339,9 @@ def get_config_from_root(root):
# configparser.NoOptionError (if it lacks "VCS="). See the docstring at
# the top of versioneer.py for instructions on writing your setup.cfg .
setup_cfg = os.path.join(root, "setup.cfg")
- parser = configparser.SafeConfigParser()
+ parser = configparser.ConfigParser()
with open(setup_cfg, "r") as f:
- parser.readfp(f)
+ parser.read_file(f)
VCS = parser.get("versioneer", "VCS") # mandatory

def get(parser, name):
Loading
Loading