Hello community, here is the log from the commit of package python-oslo.privsep for openSUSE:Factory checked in at 2019-05-03 22:42:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-oslo.privsep (Old) and /work/SRC/openSUSE:Factory/.python-oslo.privsep.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-oslo.privsep" Fri May 3 22:42:34 2019 rev:10 rq:692862 version:1.32.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-oslo.privsep/python-oslo.privsep.changes 2019-03-20 13:18:23.593356467 +0100 +++ /work/SRC/openSUSE:Factory/.python-oslo.privsep.new.5148/python-oslo.privsep.changes 2019-05-03 22:42:36.503264433 +0200 @@ -1,0 +2,27 @@ +Mon Apr 8 11:35:28 UTC 2019 - cloud-devel@suse.de + +- update to version 1.32.1 + - Remove PyPI downloads + - Switch to stestr + - Update mailinglist from dev to discuss + - Use template for lower-constraints + - import zuul job settings from project-config + - Add that 'Release Notes' in README + - Add futures as a requirement for Python 2 + - Added example blogposts + - Update reno for stable/rocky + - Don't quote {posargs} in tox.ini + - add python 3.6 unit test job + - add lib-forward-testing-python3 test job + - Expose privsep options for config-generator + - Set unicode_errors handler to 'surrogateescape' in msgpack + - Trivial: Update pypi url to new url + - Replace assertRaisesRegexp with assertRaisesRegex + - Avoids calling ffi.dlopen(None) on Windows + - fix tox python3 overrides + - Update hacking version + - Clean up .gitignore references to personal tools + - Use threads to process target function + - add python 3.7 unit test job + +------------------------------------------------------------------- Old: ---- oslo.privsep-1.29.2.tar.gz New: ---- oslo.privsep-1.32.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-oslo.privsep.spec ++++++ --- /var/tmp/diff_new_pack.AqvH1K/_old 2019-05-03 22:42:37.923267423 +0200 +++ /var/tmp/diff_new_pack.AqvH1K/_new 2019-05-03 22:42:37.947267474 +0200 @@ -17,15 +17,14 @@ Name: python-oslo.privsep -Version: 1.29.2 +Version: 1.32.1 Release: 0 Summary: OpenStack library for privilege separation License: Apache-2.0 Group: Development/Languages/Python URL: https://launchpad.net/oslo.privsep -Source0: https://files.pythonhosted.org/packages/source/o/oslo.privsep/oslo.privsep-1... +Source0: https://files.pythonhosted.org/packages/source/o/oslo.privsep/oslo.privsep-1... BuildRequires: openstack-macros -BuildRequires: python-devel BuildRequires: python2-Sphinx BuildRequires: python2-cffi >= 1.7.0 BuildRequires: python2-eventlet >= 0.18.2 @@ -43,7 +42,6 @@ BuildRequires: python2-stestr BuildRequires: python3-Sphinx BuildRequires: python3-cffi >= 1.7.0 -BuildRequires: python3-devel BuildRequires: python3-eventlet >= 0.18.2 BuildRequires: python3-greenlet >= 0.4.10 BuildRequires: python3-mock @@ -68,7 +66,9 @@ BuildArch: noarch %ifpython2 BuildRequires: python-enum34 >= 1.0.4 +BuildRequires: python-futures >= 3.1.1 Requires: python-enum34 >= 1.0.4 +Requires: python-futures >= 3.1.1 %endif %if 0%{?suse_version} Requires(post): update-alternatives @@ -92,9 +92,8 @@ Documentation for oslo.privsep %prep -%autosetup -p1 -n oslo.privsep-1.29.2 +%autosetup -p1 -n oslo.privsep-1.32.1 %py_req_cleanup -sed -i 's/^warning-is-error.*/warning-is-error = 0/g' setup.cfg %build %python_build @@ -114,8 +113,9 @@ %python_uninstall_alternative privsep-helper %check -export PYTHONPATH=. -%python_exec -m stestr.cli run +%{python_expand export PYTHONPATH=. +$python -m stestr.cli run +} %files %{python_files} %doc README.rst ++++++ _service ++++++ --- /var/tmp/diff_new_pack.AqvH1K/_old 2019-05-03 22:42:38.171267945 +0200 +++ /var/tmp/diff_new_pack.AqvH1K/_new 2019-05-03 22:42:38.171267945 +0200 @@ -1,8 +1,8 @@ <services> <service mode="disabled" name="renderspec"> - <param name="input-template">https://raw.githubusercontent.com/openstack/rpm-packaging/stable/rocky/openstack/oslo.privsep/oslo.privsep.spec.j2</param> + <param name="input-template">https://raw.githubusercontent.com/openstack/rpm-packaging/stable/stein/openstack/oslo.privsep/oslo.privsep.spec.j2</param> <param name="output-name">python-oslo.privsep.spec</param> - <param name="requirements">https://raw.githubusercontent.com/openstack/oslo.privsep/stable/rocky/requirements.txt</param> + <param name="requirements">https://raw.githubusercontent.com/openstack/oslo.privsep/stable/stein/requirements.txt</param> <param name="changelog-email">cloud-devel@suse.de</param> <param name="changelog-provider">gh,openstack,oslo.privsep</param> </service> ++++++ oslo.privsep-1.29.2.tar.gz -> oslo.privsep-1.32.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/.zuul.yaml new/oslo.privsep-1.32.1/.zuul.yaml --- old/oslo.privsep-1.29.2/.zuul.yaml 2018-09-25 21:49:23.000000000 +0200 +++ new/oslo.privsep-1.32.1/.zuul.yaml 2019-02-28 19:02:41.000000000 +0100 @@ -1,15 +1,13 @@ - project: - check: - jobs: - - openstack-tox-lower-constraints - gate: - jobs: - - openstack-tox-lower-constraints templates: + - check-requirements + - lib-forward-testing + - lib-forward-testing-python3 + - openstack-lower-constraints-jobs - openstack-python-jobs - openstack-python35-jobs + - openstack-python36-jobs + - openstack-python37-jobs + - periodic-stable-jobs - publish-openstack-docs-pti - - check-requirements - - lib-forward-testing - release-notes-jobs-python3 - - periodic-stable-jobs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/AUTHORS new/oslo.privsep-1.32.1/AUTHORS --- old/oslo.privsep-1.29.2/AUTHORS 2018-09-25 21:52:33.000000000 +0200 +++ new/oslo.privsep-1.32.1/AUTHORS 2019-02-28 19:05:39.000000000 +0100 @@ -1,32 +1,41 @@ Alexander Tsamutali <atsamutali@mirantis.com> Andreas Jaeger <aj@suse.com> Angus Lees <gus@inodes.org> +Ben Nemec <bnemec@redhat.com> Bogdan Teleaga <bteleaga@cloudbasesolutions.com> ChangBo Guo(gcb) <eric.guo@easystack.cn> +Chuck Short <chucks@redhat.com> Claudiu Belu <cbelu@cloudbasesolutions.com> +Cédric Jeanneret <cjeanner@redhat.com> Davanum Srinivas <davanum@gmail.com> Dirk Mueller <dirk@dmllr.de> Doug Hellmann <doug@doughellmann.com> Eric Brown <browne@vmware.com> Flavio Percoco <flaper87@gmail.com> Hongbin Lu <hongbin.lu@huawei.com> +Javier Pena <jpena@redhat.com> John Garbutt <john.garbutt@rackspace.com> Joshua Harlow <harlowja@gmail.com> Joshua Harlow <jxharlow@godaddy.com> Kirill Bespalov <kbespalov@mirantis.com> OpenStack Release Bot <infra-root@openstack.org> Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> +Sam Wan <sam.wan@emc.com> Swapnil Kulkarni (coolsvap) <me@coolsvap.net> TommyLike <tommylikehu@gmail.com> Tony Breeds <tony@bakeyournoodle.com> +Vieri <15050873171@163.com> Vu Cong Tuan <tuanvc@vn.fujitsu.com> Walter A. Boring IV <walter.boring@hpe.com> Zhihai Song <zhihai.song@easystack.cn> -Zuul <zuul@review.openstack.org> +ZhijunWei <wzj334965317@outlook.com> +ZhongShengping <chdzsp@163.com> avnish <avnish.pal@nectechnologies.in> liangcui <liangcui@fiberhome.com> loooosy <syluo5695@fiberhome.com> melissaml <ma.lei@99cloud.net> ricolin <rico.lin@easystack.cn> +shupeng <15050873171@163.com> sonu.kumar <sonu.kumar@nectechnologies.in> +wangqi <wang.qi@99cloud.net> xgwang5843 <xgwang5843@fiberhome.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/ChangeLog new/oslo.privsep-1.32.1/ChangeLog --- old/oslo.privsep-1.29.2/ChangeLog 2018-09-25 21:52:33.000000000 +0200 +++ new/oslo.privsep-1.32.1/ChangeLog 2019-02-28 19:05:39.000000000 +0100 @@ -1,14 +1,47 @@ CHANGES ======= -1.29.2 +1.32.1 ------ +* add python 3.7 unit test job +* Update hacking version + +1.32.0 +------ + + +1.31.1 +------ + +* Expose privsep options for config-generator + +1.31.0 +------ + +* Use template for lower-constraints +* Set unicode\_errors handler to 'surrogateescape' in msgpack +* Add futures as a requirement for Python 2 +* Update mailinglist from dev to discuss +* Use threads to process target function +* Clean up .gitignore references to personal tools +* Don't quote {posargs} in tox.ini + +1.30.1 +------ + +* Replace assertRaisesRegexp with assertRaisesRegex * Avoids calling ffi.dlopen(None) on Windows -* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky +* add lib-forward-testing-python3 test job +* add python 3.6 unit test job +* Remove PyPI downloads * import zuul job settings from project-config -* Update .gitreview for stable/rocky +* Add that 'Release Notes' in README +* Update reno for stable/rocky * Switch to stestr +* fix tox python3 overrides +* Added example blogposts +* Trivial: Update pypi url to new url 1.29.0 ------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/PKG-INFO new/oslo.privsep-1.32.1/PKG-INFO --- old/oslo.privsep-1.29.2/PKG-INFO 2018-09-25 21:52:34.000000000 +0200 +++ new/oslo.privsep-1.32.1/PKG-INFO 2019-02-28 19:05:39.000000000 +0100 @@ -1,10 +1,10 @@ Metadata-Version: 1.1 Name: oslo.privsep -Version: 1.29.2 +Version: 1.32.1 Summary: OpenStack library for privilege separation Home-page: https://docs.openstack.org/oslo.privsep/latest/ Author: OpenStack -Author-email: openstack-dev@lists.openstack.org +Author-email: openstack-discuss@lists.openstack.org License: UNKNOWN Description: ======================== Team and repository tags @@ -20,13 +20,9 @@ ============ .. image:: https://img.shields.io/pypi/v/oslo.privsep.svg - :target: https://pypi.python.org/pypi/oslo.privsep/ + :target: https://pypi.org/project/oslo.privsep/ :alt: Latest Version - .. image:: https://img.shields.io/pypi/dm/oslo.privsep.svg - :target: https://pypi.python.org/pypi/oslo.privsep/ - :alt: Downloads - OpenStack library for privilege separation This library helps applications perform actions which require more or @@ -39,6 +35,7 @@ * Documentation: https://docs.openstack.org/oslo.privsep/latest/ * Source: https://git.openstack.org/cgit/openstack/oslo.privsep * Bugs: https://bugs.launchpad.net/oslo.privsep + * Release Notes: https://docs.openstack.org/releasenotes/oslo.privsep .. _principle of least privilege: https://en.wikipedia.org/wiki/\ Principle_of_least_privilege diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/README.rst new/oslo.privsep-1.32.1/README.rst --- old/oslo.privsep-1.29.2/README.rst 2018-09-25 21:49:23.000000000 +0200 +++ new/oslo.privsep-1.32.1/README.rst 2019-02-28 19:02:41.000000000 +0100 @@ -12,13 +12,9 @@ ============ .. image:: https://img.shields.io/pypi/v/oslo.privsep.svg - :target: https://pypi.python.org/pypi/oslo.privsep/ + :target: https://pypi.org/project/oslo.privsep/ :alt: Latest Version -.. image:: https://img.shields.io/pypi/dm/oslo.privsep.svg - :target: https://pypi.python.org/pypi/oslo.privsep/ - :alt: Downloads - OpenStack library for privilege separation This library helps applications perform actions which require more or @@ -31,6 +27,7 @@ * Documentation: https://docs.openstack.org/oslo.privsep/latest/ * Source: https://git.openstack.org/cgit/openstack/oslo.privsep * Bugs: https://bugs.launchpad.net/oslo.privsep +* Release Notes: https://docs.openstack.org/releasenotes/oslo.privsep .. _principle of least privilege: https://en.wikipedia.org/wiki/\ Principle_of_least_privilege diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/RELEASENOTES.rst new/oslo.privsep-1.32.1/RELEASENOTES.rst --- old/oslo.privsep-1.29.2/RELEASENOTES.rst 2018-09-25 21:52:34.000000000 +0200 +++ new/oslo.privsep-1.32.1/RELEASENOTES.rst 1970-01-01 01:00:00.000000000 +0100 @@ -1,3 +0,0 @@ -============ -oslo.privsep -============ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/doc/source/user/index.rst new/oslo.privsep-1.32.1/doc/source/user/index.rst --- old/oslo.privsep-1.29.2/doc/source/user/index.rst 2018-09-25 21:49:23.000000000 +0200 +++ new/oslo.privsep-1.32.1/doc/source/user/index.rst 2019-02-28 19:02:41.000000000 +0100 @@ -5,3 +5,11 @@ To use oslo.privsep in a project:: import oslo_privsep + +You can read the following blog posts in order to know a bit more: + +* `How to make a privileged call with oslo privsep`_ +* `Adding oslo privsep to a new project, a worked example`_ + +.. _How to make a privileged call with oslo privsep: https://www.madebymikal.com/how-to-make-a-privileged-call-with-oslo-privsep/ +.. _Adding oslo privsep to a new project, a worked example: https://www.madebymikal.com/adding-oslo-privsep-to-a-new-project-a-worked-ex... diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/lower-constraints.txt new/oslo.privsep-1.32.1/lower-constraints.txt --- old/oslo.privsep-1.29.2/lower-constraints.txt 2018-09-25 21:49:12.000000000 +0200 +++ new/oslo.privsep-1.32.1/lower-constraints.txt 2019-02-28 19:02:41.000000000 +0100 @@ -11,6 +11,7 @@ extras==1.0.0 fixtures==3.0.0 flake8==2.5.5 +futures==3.1.1;python_version=='2.7' or python_version=='2.6' # PSF gitdb==0.6.4 GitPython==1.0.1 greenlet==0.4.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo.privsep.egg-info/PKG-INFO new/oslo.privsep-1.32.1/oslo.privsep.egg-info/PKG-INFO --- old/oslo.privsep-1.29.2/oslo.privsep.egg-info/PKG-INFO 2018-09-25 21:52:33.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo.privsep.egg-info/PKG-INFO 2019-02-28 19:05:39.000000000 +0100 @@ -1,10 +1,10 @@ Metadata-Version: 1.1 Name: oslo.privsep -Version: 1.29.2 +Version: 1.32.1 Summary: OpenStack library for privilege separation Home-page: https://docs.openstack.org/oslo.privsep/latest/ Author: OpenStack -Author-email: openstack-dev@lists.openstack.org +Author-email: openstack-discuss@lists.openstack.org License: UNKNOWN Description: ======================== Team and repository tags @@ -20,13 +20,9 @@ ============ .. image:: https://img.shields.io/pypi/v/oslo.privsep.svg - :target: https://pypi.python.org/pypi/oslo.privsep/ + :target: https://pypi.org/project/oslo.privsep/ :alt: Latest Version - .. image:: https://img.shields.io/pypi/dm/oslo.privsep.svg - :target: https://pypi.python.org/pypi/oslo.privsep/ - :alt: Downloads - OpenStack library for privilege separation This library helps applications perform actions which require more or @@ -39,6 +35,7 @@ * Documentation: https://docs.openstack.org/oslo.privsep/latest/ * Source: https://git.openstack.org/cgit/openstack/oslo.privsep * Bugs: https://bugs.launchpad.net/oslo.privsep + * Release Notes: https://docs.openstack.org/releasenotes/oslo.privsep .. _principle of least privilege: https://en.wikipedia.org/wiki/\ Principle_of_least_privilege diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo.privsep.egg-info/SOURCES.txt new/oslo.privsep-1.32.1/oslo.privsep.egg-info/SOURCES.txt --- old/oslo.privsep-1.29.2/oslo.privsep.egg-info/SOURCES.txt 2018-09-25 21:52:34.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo.privsep.egg-info/SOURCES.txt 2019-02-28 19:05:39.000000000 +0100 @@ -48,12 +48,14 @@ oslo_privsep/tests/test_priv_context.py oslo_privsep/tests/testctx.py releasenotes/notes/add_reno-3b4ae0789e9c45b4.yaml +releasenotes/notes/add_thread_pool_size-a54e6f27ab019f96.yaml releasenotes/source/conf.py releasenotes/source/index.rst releasenotes/source/newton.rst releasenotes/source/ocata.rst releasenotes/source/pike.rst releasenotes/source/queens.rst +releasenotes/source/rocky.rst releasenotes/source/unreleased.rst releasenotes/source/_static/.placeholder releasenotes/source/_templates/.placeholder diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo.privsep.egg-info/entry_points.txt new/oslo.privsep-1.32.1/oslo.privsep.egg-info/entry_points.txt --- old/oslo.privsep-1.29.2/oslo.privsep.egg-info/entry_points.txt 2018-09-25 21:52:33.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo.privsep.egg-info/entry_points.txt 2019-02-28 19:05:39.000000000 +0100 @@ -1,3 +1,6 @@ [console_scripts] privsep-helper = oslo_privsep.daemon:helper_main +[oslo.config.opts] +oslo.privsep = oslo_privsep.priv_context:_list_opts + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo.privsep.egg-info/pbr.json new/oslo.privsep-1.32.1/oslo.privsep.egg-info/pbr.json --- old/oslo.privsep-1.29.2/oslo.privsep.egg-info/pbr.json 2018-09-25 21:52:33.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo.privsep.egg-info/pbr.json 2019-02-28 19:05:39.000000000 +0100 @@ -1 +1 @@ -{"git_version": "f7ba0aa", "is_release": true} \ No newline at end of file +{"git_version": "130d715", "is_release": true} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo.privsep.egg-info/requires.txt new/oslo.privsep-1.32.1/oslo.privsep.egg-info/requires.txt --- old/oslo.privsep-1.29.2/oslo.privsep.egg-info/requires.txt 2018-09-25 21:52:33.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo.privsep.egg-info/requires.txt 2019-02-28 19:05:39.000000000 +0100 @@ -9,3 +9,6 @@ [:(python_version=='2.7' or python_version=='2.6' or python_version=='3.3')] enum34>=1.0.4 + +[:(python_version=='2.7' or python_version=='2.6')] +futures>=3.1.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo_privsep/comm.py new/oslo.privsep-1.32.1/oslo_privsep/comm.py --- old/oslo.privsep-1.29.2/oslo_privsep/comm.py 2018-09-25 21:49:12.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo_privsep/comm.py 2019-02-28 19:02:41.000000000 +0100 @@ -51,7 +51,8 @@ self.writesock = writesock def send(self, msg): - buf = msgpack.packb(msg, use_bin_type=True) + buf = msgpack.packb(msg, use_bin_type=True, + unicode_errors='surrogateescape') self.writesock.sendall(buf) def close(self): @@ -64,7 +65,8 @@ class Deserializer(six.Iterator): def __init__(self, readsock): self.readsock = readsock - self.unpacker = msgpack.Unpacker(use_list=False, encoding='utf-8') + self.unpacker = msgpack.Unpacker(use_list=False, encoding='utf-8', + unicode_errors='surrogateescape') def __iter__(self): return self diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo_privsep/daemon.py new/oslo.privsep-1.32.1/oslo_privsep/daemon.py --- old/oslo.privsep-1.29.2/oslo_privsep/daemon.py 2018-09-25 21:49:12.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo_privsep/daemon.py 2019-02-28 19:02:41.000000000 +0100 @@ -12,7 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. -'''Privilege separation ("privsep") daemon. +"""Privilege separation ("privsep") daemon. To ease transition this supports 2 alternative methods of starting the daemon, all resulting in a helper process running with elevated @@ -41,8 +41,9 @@ The privsep daemon exits when the communication channel is closed, (which usually occurs when the unprivileged process exits). -''' +""" +from concurrent import futures import enum import errno import io @@ -55,20 +56,20 @@ import tempfile import threading -if platform.system() == 'Linux': - import fcntl - import grp - import pwd - import eventlet from oslo_config import cfg from oslo_log import log as logging from oslo_utils import importutils +import six from oslo_privsep._i18n import _ from oslo_privsep import capabilities from oslo_privsep import comm +if platform.system() == 'Linux': + import fcntl + import grp + import pwd LOG = logging.getLogger(__name__) @@ -352,6 +353,9 @@ self.user = context.conf.user self.group = context.conf.group self.caps = set(context.conf.capabilities) + self.thread_pool = futures.ThreadPoolExecutor( + context.conf.thread_pool_size) + self.communication_error = None def run(self): """Run request loop. Sets up environment, then calls loop()""" @@ -413,53 +417,95 @@ 'inh': fmt_caps(inh), }) - def _process_cmd(self, cmd, *args): + def _process_cmd(self, msgid, cmd, *args): + """Executes the requested command in an execution thread. + + This executes a call within a thread executor and returns the results + of the execution. + + :param msgid: The message identifier. + :param cmd: The `Message` type indicating the command type. + :param args: The function, args, and kwargs if a Message.CALL type. + :return: A tuple of the return status, optional call output, and + optional error information. + """ if cmd == Message.PING: return (Message.PONG.value,) - elif cmd == Message.CALL: + try: + if cmd != Message.CALL: + raise ProtocolError(_('Unknown privsep cmd: %s') % cmd) + + # Extract the callable and arguments name, f_args, f_kwargs = args func = importutils.import_class(name) - if not self.context.is_entrypoint(func): msg = _('Invalid privsep function: %s not exported') % name raise NameError(msg) ret = func(*f_args, **f_kwargs) return (Message.RET.value, ret) + except Exception as e: + LOG.debug( + 'privsep: Exception during request[%(msgid)s]: ' + '%(err)s', {'msgid': msgid, 'err': e}, exc_info=True) + cls = e.__class__ + cls_name = '%s.%s' % (cls.__module__, cls.__name__) + return (Message.ERR.value, cls_name, e.args) - raise ProtocolError(_('Unknown privsep cmd: %s') % cmd) + def _create_done_callback(self, msgid): + """Creates a future callback to receive command execution results. - def loop(self): - """Main body of daemon request loop""" - LOG.info('privsep daemon running as pid %s', os.getpid()) + :param msgid: The message identifier. + :return: A future reply callback. + """ + channel = self.channel - # We *are* this context now - any calls through it should be - # executed locally. - self.context.set_client_mode(False) + def _call_back(result): + """Future execution callback. - for msgid, msg in self.channel: - LOG.debug('privsep: request[%(msgid)s]: %(req)s', - {'msgid': msgid, 'req': msg}) + :param result: The `future` execution and its results. + """ try: - reply = self._process_cmd(*msg) + reply = result.result() + LOG.debug('privsep: reply[%(msgid)s]: %(reply)s', + {'msgid': msgid, 'reply': reply}) + channel.send((msgid, reply)) + except IOError: + self.communication_error = sys.exc_info() except Exception as e: LOG.debug( - 'privsep: Exception during request[%(msgid)s]: %(err)s', - {'msgid': msgid, 'err': e}, exc_info=True) + 'privsep: Exception during request[%(msgid)s]: ' + '%(err)s', {'msgid': msgid, 'err': e}, exc_info=True) cls = e.__class__ cls_name = '%s.%s' % (cls.__module__, cls.__name__) reply = (Message.ERR.value, cls_name, e.args) + try: + channel.send((msgid, reply)) + except IOError: + self.communication_error = sys.exc_info() - try: - LOG.debug('privsep: reply[%(msgid)s]: %(reply)s', - {'msgid': msgid, 'reply': reply}) - self.channel.send((msgid, reply)) - except IOError as e: - if e.errno == errno.EPIPE: + return _call_back + + def loop(self): + """Main body of daemon request loop""" + LOG.info('privsep daemon running as pid %s', os.getpid()) + + # We *are* this context now - any calls through it should be + # executed locally. + self.context.set_client_mode(False) + + for msgid, msg in self.channel: + error = self.communication_error + if error: + if error[1].errno == errno.EPIPE: # Write stream closed, exit loop break - raise + six.reraise(error) + + # Submit the command for execution + future = self.thread_pool.submit(self._process_cmd, msgid, *msg) + future.add_done_callback(self._create_done_callback(msgid)) LOG.debug('Socket closed, shutting down privsep daemon') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo_privsep/priv_context.py new/oslo.privsep-1.32.1/oslo_privsep/priv_context.py --- old/oslo.privsep-1.29.2/oslo_privsep/priv_context.py 2018-09-25 21:49:12.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo_privsep/priv_context.py 2019-02-28 19:02:41.000000000 +0100 @@ -12,10 +12,11 @@ # License for the specific language governing permissions and limitations # under the License. - +import copy import enum import functools import logging +import multiprocessing import shlex import sys @@ -48,6 +49,12 @@ type=types.List(CapNameOrInt), default=[], help=_('List of Linux capabilities retained by the privsep ' 'daemon.')), + cfg.IntOpt('thread_pool_size', + min=1, + help=_("The number of threads available for privsep to " + "concurrently run processes. Defaults to the number of " + "CPU cores in the system."), + default=multiprocessing.cpu_count()), cfg.StrOpt('helper_command', help=_('Command to invoke to start the privsep daemon if ' 'not using the "fork" method. ' @@ -62,6 +69,33 @@ _HELPER_COMMAND_PREFIX = ['sudo'] +def _list_opts(): + """Returns a list of oslo.config options available in the library. + + The returned list includes all oslo.config options which may be registered + at runtime by the library. + + Each element of the list is a tuple. The first element is the name of the + group under which the list of elements in the second element will be + registered. A group name of None corresponds to the [DEFAULT] group in + config files. + + The purpose of this is to allow tools like the Oslo sample config file + generator to discover the options exposed to users by this library. + + :returns: a list of (group_name, opts) tuples + """ + # This is the default group name, but that can be overridden by the caller + group = cfg.OptGroup('privsep', + title='oslo.privsep options', + help='Configuration options for the oslo.privsep ' + 'daemon. Note that this group name can be ' + 'changed by the consuming service. Check the ' + 'service\'s docs to see if this is the case.' + ) + return [(group, copy.deepcopy(OPTS))] + + @enum.unique class Method(enum.Enum): FORK = 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo_privsep/tests/test_comm.py new/oslo.privsep-1.32.1/oslo_privsep/tests/test_comm.py --- old/oslo.privsep-1.29.2/oslo_privsep/tests/test_comm.py 2018-09-25 21:49:12.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo_privsep/tests/test_comm.py 2019-02-28 19:02:41.000000000 +0100 @@ -72,7 +72,7 @@ self.assertSendable(data) def test_unicode(self): - data = u'\u4e09\u9df9' + data = u'\u4e09\u9df9\udc82' self.assertSendable(data) def test_tuple(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo_privsep/tests/test_daemon.py new/oslo.privsep-1.32.1/oslo_privsep/tests/test_daemon.py --- old/oslo.privsep-1.29.2/oslo_privsep/tests/test_daemon.py 2018-09-25 21:49:23.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo_privsep/tests/test_daemon.py 2019-02-28 19:02:41.000000000 +0100 @@ -149,6 +149,7 @@ context = mock.NonCallableMock() context.conf.user = 42 context.conf.group = 84 + context.conf.thread_pool_size = 10 context.conf.capabilities = [ capabilities.CAP_SYS_ADMIN, capabilities.CAP_NET_ADMIN] @@ -174,6 +175,6 @@ class WithContextTest(testctx.TestContextTestCase): def test_unexported(self): - self.assertRaisesRegexp( + self.assertRaisesRegex( NameError, 'undecorated not exported', testctx.context._wrap, undecorated) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/oslo_privsep/tests/test_priv_context.py new/oslo.privsep-1.32.1/oslo_privsep/tests/test_priv_context.py --- old/oslo.privsep-1.29.2/oslo_privsep/tests/test_priv_context.py 2018-09-25 21:49:23.000000000 +0200 +++ new/oslo.privsep-1.32.1/oslo_privsep/tests/test_priv_context.py 2019-02-28 19:02:41.000000000 +0100 @@ -186,7 +186,7 @@ self.assertEqual(43, add1(42)) def test_raises_standard(self): - self.assertRaisesRegexp( + self.assertRaisesRegex( RuntimeError, "I can't let you do that Dave", fail) def test_raises_custom(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/releasenotes/notes/add_thread_pool_size-a54e6f27ab019f96.yaml new/oslo.privsep-1.32.1/releasenotes/notes/add_thread_pool_size-a54e6f27ab019f96.yaml --- old/oslo.privsep-1.29.2/releasenotes/notes/add_thread_pool_size-a54e6f27ab019f96.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/oslo.privsep-1.32.1/releasenotes/notes/add_thread_pool_size-a54e6f27ab019f96.yaml 2019-02-28 19:02:41.000000000 +0100 @@ -0,0 +1,7 @@ +--- +features: + - | + Privsep now uses multithreading to allow concurrency in executing + privileged commands. The number of concurrent threads defaults to the + available CPU cores, but can be adjusted by the new ``thread_pool_size`` + config option. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/releasenotes/notes/reno.cache new/oslo.privsep-1.32.1/releasenotes/notes/reno.cache --- old/oslo.privsep-1.29.2/releasenotes/notes/reno.cache 2018-09-25 21:52:34.000000000 +0200 +++ new/oslo.privsep-1.32.1/releasenotes/notes/reno.cache 1970-01-01 01:00:00.000000000 +0100 @@ -1,3 +0,0 @@ ---- -file-contents: {} -notes: [] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/releasenotes/source/index.rst new/oslo.privsep-1.32.1/releasenotes/source/index.rst --- old/oslo.privsep-1.29.2/releasenotes/source/index.rst 2018-09-25 21:49:23.000000000 +0200 +++ new/oslo.privsep-1.32.1/releasenotes/source/index.rst 2019-02-28 19:02:41.000000000 +0100 @@ -6,6 +6,7 @@ :maxdepth: 1 unreleased + rocky queens pike ocata diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/releasenotes/source/rocky.rst new/oslo.privsep-1.32.1/releasenotes/source/rocky.rst --- old/oslo.privsep-1.29.2/releasenotes/source/rocky.rst 1970-01-01 01:00:00.000000000 +0100 +++ new/oslo.privsep-1.32.1/releasenotes/source/rocky.rst 2019-02-28 19:02:41.000000000 +0100 @@ -0,0 +1,6 @@ +=================================== + Rocky Series Release Notes +=================================== + +.. release-notes:: + :branch: stable/rocky diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/requirements.txt new/oslo.privsep-1.32.1/requirements.txt --- old/oslo.privsep-1.29.2/requirements.txt 2018-09-25 21:49:12.000000000 +0200 +++ new/oslo.privsep-1.32.1/requirements.txt 2019-02-28 19:02:41.000000000 +0100 @@ -11,3 +11,4 @@ eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT greenlet>=0.4.10 # MIT msgpack>=0.5.0 # Apache-2.0 +futures>=3.1.1;python_version=='2.7' or python_version=='2.6' # PSF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/setup.cfg new/oslo.privsep-1.32.1/setup.cfg --- old/oslo.privsep-1.29.2/setup.cfg 2018-09-25 21:52:34.000000000 +0200 +++ new/oslo.privsep-1.32.1/setup.cfg 2019-02-28 19:05:39.000000000 +0100 @@ -4,7 +4,7 @@ description-file = README.rst author = OpenStack -author-email = openstack-dev@lists.openstack.org +author-email = openstack-discuss@lists.openstack.org home-page = https://docs.openstack.org/oslo.privsep/latest/ classifier = Environment :: OpenStack @@ -38,6 +38,8 @@ [entry_points] console_scripts = privsep-helper = oslo_privsep.daemon:helper_main +oslo.config.opts = + oslo.privsep = oslo_privsep.priv_context:_list_opts [upload_sphinx] upload-dir = doc/build/html diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/test-requirements.txt new/oslo.privsep-1.32.1/test-requirements.txt --- old/oslo.privsep-1.29.2/test-requirements.txt 2018-09-25 21:49:12.000000000 +0200 +++ new/oslo.privsep-1.32.1/test-requirements.txt 2019-02-28 19:02:41.000000000 +0100 @@ -2,7 +2,7 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 +hacking>=1.1.0,<1.2.0 # Apache-2.0 oslotest>=3.2.0 # Apache-2.0 mock>=2.0.0 # BSD fixtures>=3.0.0 # Apache-2.0/BSD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.privsep-1.29.2/tox.ini new/oslo.privsep-1.32.1/tox.ini --- old/oslo.privsep-1.29.2/tox.ini 2018-09-25 21:49:23.000000000 +0200 +++ new/oslo.privsep-1.32.1/tox.ini 2019-02-28 19:02:41.000000000 +0100 @@ -3,12 +3,11 @@ envlist = py35,py27,pypy,pep8 [testenv] -basepython = python3 install_command = pip install {opts} {packages} whitelist_externals = /bin/sh deps = - -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/rocky} + -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} -r{toxinidir}/test-requirements.txt -r{toxinidir}/requirements.txt commands = stestr run --slowest {posargs} @@ -17,6 +16,7 @@ basepython = python2.7 [testenv:pep8] +basepython = python3 deps = -r{toxinidir}/test-requirements.txt commands = @@ -25,9 +25,11 @@ bandit -r oslo_privsep -x tests -n5 --skip B404,B603 [testenv:venv] +basepython = python3 commands = {posargs} [testenv:docs] +basepython = python3 commands = python setup.py build_sphinx [testenv:cover] @@ -35,7 +37,7 @@ setenv = PYTHON=coverage run --source $project --parallel-mode commands = - stestr run '{posargs}' + stestr run {posargs} coverage combine coverage html -d cover coverage xml -o cover/coverage.xml @@ -56,9 +58,11 @@ oslo_privsep._i18n [testenv:releasenotes] +basepython = python3 commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html [testenv:lower-constraints] +basepython = python3 deps = -c{toxinidir}/lower-constraints.txt -r{toxinidir}/test-requirements.txt