Mercurial > p > roundup > code
view roundup/install_util.py @ 7968:d7e79f8eb943
issue2551350 - Python changes for 3.12 with roundup 2.3.0 mailer.py
Fix due to change in smtplib.SMTP.starttls() signature.
As of 3.3 it can use an optional ssl context argument for
certificates/keys. In 3.12 it dropped legacy support for specifing
cert/key files as arguments and requires a context.
I modified Andrew's original patch to initialize SSLContext with
ssl.PROTOCOL_TLS_CLIENT.
If there is a cert file specified, enable
check_hostname - verify that the cert supplied by the server matches
the hostname we supplied.
If there is no cert file call
load_default_certs()
Also opened issue2551351 to look into more SMTP ssmtp tightening. We
also should have an option in Roundup to use TLS/SSL (smtps) without
using starttls.
Note that this code is untested by the test suite due to the need to
setup an SMTP server with STARTTLS support. issue2551351 has some
notes on this.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 15 May 2024 00:08:05 -0400 |
| parents | 8e118eb20d86 |
| children |
line wrap: on
line source
# # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/) # This module is free software, and you may redistribute it and/or modify # under the same terms as Python, so long as this copyright message and # disclaimer are retained in their original form. # # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # """Support module to generate and check fingerprints of installed files. """ __docformat__ = 'restructuredtext' import os import shutil from hashlib import sha1 from roundup.anypy.strings import s2b sgml_file_types = [".xml", ".ent", ".html"] hash_file_types = [".py", ".sh", ".conf", ".cgi"] slast_file_types = [".css"] digested_file_types = sgml_file_types + hash_file_types + slast_file_types def extractFingerprint(lines): # get fingerprint from last line if lines[-1].startswith(b"#SHA: "): # handle .py/.sh comment return lines[-1][6:].strip() elif lines[-1].startswith(b"<!-- SHA: "): # handle xml/html files fingerprint = lines[-1][10:] fingerprint = fingerprint.replace(b'-->', b'') return fingerprint.strip() elif lines[-1].startswith(b"/* SHA: "): # handle css files fingerprint = lines[-1][8:] fingerprint = fingerprint.replace(b'*/', b'') return fingerprint.strip() return None def checkDigest(filename): """Read file, check for valid fingerprint, return TRUE if ok""" # open and read file inp = open(filename, "rb") lines = inp.readlines() inp.close() fingerprint = extractFingerprint(lines) if fingerprint is None: return 0 del lines[-1] # calculate current digest digest = sha1() for line in lines: digest.update(line) # compare current to stored digest return fingerprint == s2b(digest.hexdigest()) class DigestFile: """ A class that you can use like open() and that calculates and writes a SHA digest to the target file. """ def __init__(self, filename): self.filename = filename self.digest = sha1() self.file = open(self.filename, "wb") def write(self, data): lines = data.splitlines() # if the file is coming from an installed tracker being used as a # template, then we will want to re-calculate the SHA fingerprint = extractFingerprint(lines) if fingerprint is not None: data = b'\n'.join(lines[:-1]) + b'\n' self.file.write(data) self.digest.update(data) def close(self): file, ext = os.path.splitext(self.filename) if ext in sgml_file_types: self.file.write(s2b("<!-- SHA: %s -->\n" % (self.digest.hexdigest(),))) elif ext in hash_file_types: self.file.write(s2b("#SHA: %s\n" % (self.digest.hexdigest(),))) elif ext in slast_file_types: self.file.write(s2b("/* SHA: %s */\n" % (self.digest.hexdigest(),))) self.file.close() def copyDigestedFile(src, dst, copystat=1): """ Copy data from `src` to `dst`, adding a fingerprint to `dst`. If `copystat` is true, the file status is copied, too (like shutil.copy2). """ if os.path.isdir(dst): dst = os.path.join(dst, os.path.basename(src)) dummy, ext = os.path.splitext(src) if ext not in digested_file_types: if copystat: return shutil.copy2(src, dst) else: return shutil.copyfile(src, dst) fsrc = None fdst = None try: fsrc = open(src, 'rb') fdst = DigestFile(dst) shutil.copyfileobj(fsrc, fdst) finally: if fdst: fdst.close() if fsrc: fsrc.close() if copystat: shutil.copystat(src, dst) def test(): import sys testdata = open(sys.argv[0], 'rb').read() for ext in digested_file_types: testfile = "__digest_test" + ext out = DigestFile(testfile) out.write(testdata) out.close() assert checkDigest(testfile), "digest ok w/o modification" mod = open(testfile, 'r+b') mod.seek(0) mod.write('# changed!') mod.close() assert not checkDigest(testfile), "digest fails after modification" os.remove(testfile) if __name__ == '__main__': test() # vim: set filetype=python ts=4 sw=4 et si