[PATCH 035-038] Python 3 compatibility
by Christian Heimes
Hi,
the second large patch makes the code work on Python 3.4. It mostly
fixes a couple of str/bytes related issues. With the patches I'm able to
pkispawn a CA, KRA and OCSP with Python 3.4.
Christian
9 years
[PATCH 024-034] Python 3 modernizations
by Christian Heimes
Hello,
this patch set replaces patch 22 and 23.
The patches 24 to 31 are the same as the patches from my git fork
https://github.com/tiran/pki/commits/modernize. I just have squashed
some related patches into one patch and added long descriptions.
Patch 32 is the same as patch 23
Patch 33 also fixes a second occurrence of 'import seobject'.
Patch 34 addresses Ade's request to use six.moves and fixes Endi's
pylint warnings.
Christian
9 years
Dogtag PKI is Python 3.4 compatible (mostly)
by Christian Heimes
Hello,
Good news everybody! I got Dogtag's Python code working under Python
3.4. With my patches 24-38 I'm able to run pkispawn and pkidestroy under
Python 2.7 and 3.4 from the same code base. I was able to spawn a CA,
KRA and OCSP responder with Python 3.4 successfully.
There is still much work to do, though. I have neither tested the PKI
client API nor the upgrade framework. I also suspect problems with
non-ASCII paths and internationalized domain names. Packaging has to be
addressed, too.
I like to thank John and Miro for their hard work on Python 3 ports of
NSS and pyldap.
How to test under Python 3.4
----------------------------
Install Python 3 versions of Python dependencies:
# dnf install python3-lxml python3-sphinx python3-requests python3-six
libselinux-python3 policycoreutils3-python
Install build dependencies for pyldap and python-nss
# dnf install python-dnf-plugins-core python3-pip python-tox
# dnf builddep python-nss
# dnf builddep python-ldap
You also have to disable SELinux enforcement because seobject is missing:
# setenforce 0
Now you can use a tox virtual env to install the dependencies and test
the Python 3 port
$ tox -e py34 (ignore the error)
$ .tox/py34/bin/pip3.4 install pyldap
$ .tox/py34/bin/pip3.4 install
hg+https://fedorapeople.org/~jdennis/python-nss/repos/python-nss/
# .tox/py34/bin/python3.4 .tox/py34/bin/pkispawn
Christian
9 years
[PATCH 022] Modernize for Python 3 support
by Christian Heimes
One big step for Python 3 support. With this patch and manual
installation of pyldap and nss, pki can be imported under Python 3.4.
The code doesn't run properly yet, though.
Run python-modernize fixers:
libmodernize.fixes.fix_import
libmodernize.fixes.fix_print
libmodernize.fixes.fix_input_six
libmodernize.fixes.fix_xrange_six
lib2to3.fixes.fix_execfile
libmodernize.fixes.fix_metaclass
libmodernize.fixes.fix_unicode_type
libmodernize.fixes.fix_dict_six
Add more from __future__ import absolute_import
Manually fix import problems with either six.moves or manual try/except
ImportError blocks.
Remove Exception.message attribute access.
Add a workaround for policycoreutils-python3. It lacks sepolgen on
Fedora 22.
Test pep8 and lint on Python 3 with tox.
9 years
[PATCH] Ticket #1556 Weak HTTPS TLS ciphers
by Christina Fu
(this patch overrides the preliminary one sent out yesterday)
https://fedorahosted.org/pki/ticket/1556
Please note that the cipher lists can be considered to be ack'ed by Bob
Relyea as it incorporates feedback directly from him.
All changes have been tested to work for both RSA and ECC servers.
Ticket #1556 Weak HTTPS TLS ciphers
This patch fixes the RSA ciphers that were mistakenly turned on
under ECC
section, and off under RSA section. A few adjustments have also
been made
based on Bob Relyea's feedback. A new file,
<instance>/conf/ciphers.info
was also created to
1. provide info on the ciphers
2. provide default rsa and ecc ciphers for admins to incorporate
into earlier
instances (as migration script might not be ideal due to
possible customization)
thanks,
Christina
9 years
[PATCH] pki-cfu-0096-Ticket-1556-Weak-HTTPS-TLS-ciphers.patch
by Christina Fu
This is a preliminary patch for:
https://fedorahosted.org/pki/ticket/1556 Weak HTTPS TLS ciphers
It is preliminary because I have to leave a couple RSA ciphers under the
ECC option due to the fact that if we leave that out, the configuration
will not be able to connect with the temporary ssl server cert.
We could add code to remove those after the configuration, or we can
leave it for a separate ticket.
We can discuss tomorrow morning.
thanks,
Christina
9 years