gimmecert Changeset - 7a8c83185a93

Changeset - 7a8c83185a93

Parent rev.

Child rev.

[Not reviewed]

0 14 0

Branko Majic (branko) - 2 months ago 2024-02-23 18:01:51
branko@majic.rs

GC-45: Drop support for Python 3.5, 3.6, and 3.7:

- Updated documentation, removing references to versions as being
supported.
- Switched the Vagrant test machine to Debian Bullseye (still in LTS
support) to match the main development environment.
- Updated functional tests for output changes in OpenSSL CLI from
Debian Bullseye.
- Updated Tox configuration and instructions.
- Dropped workaround for Python 3.5.
- Updated package requirements.
- Updated release notes.

11 files changed:

README.rst

Vagrantfile

docs/development.rst

docs/installation.rst

docs/releasenotes.rst

functional_tests/base.py

functional_tests/test_client.py

functional_tests/test_init.py

functional_tests/test_key_specification.py

functional_tests/test_server.py

provision.sh

Changeset was too big and was cut off... Show full diff anyway

0 comments (0 inline, 0 general)

README.rst

➞

Show inline comments

@@ @@ -29,11 +29,8 @@ The tool is useful for issuing certificates in: @@
 At time of this writing, Gimmecert is compatible with the following
 Python versions:
 - *Python 3.5*
 - *Python 3.6*
 - *Python 3.7*
 - *Python 3.8*
 - *Python 3.8*
 - *Python 3.9*
 Why was this tool created?

Vagrantfile

➞

Show inline comments

@@ @@ -6,7 +6,7 @@ @@
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
-  config.vm.box = "debian/contrib-stretch64"
+  config.vm.box = "debian/bullseye64"
   config.vm.hostname = "gimmecert-testing"
   config.vm.provision "shell", path: "provision.sh"

docs/development.rst

➞

Show inline comments

@@ @@ -28,7 +28,7 @@ tailored for a GNU/Linux system. @@
 Before proceeding, ensure you have the following system-wide packages
 installed:
-- `Python, version 3.5+ <https://www.python.org/>`_.
+- `Python, version 3.8+ <https://www.python.org/>`_.
 - `virtualenvwrapper <https://virtualenvwrapper.readthedocs.io/>`_.
 With those in place, do the following:
   tox -l
   # Run tests against specific Python version.
-  tox -e py35
+  tox -e py38
   # Run documentation and linting tests only.
   tox -e doc,lint

docs/installation.rst

➞

Show inline comments

@@ @@ -14,7 +14,7 @@ Installation @@
 Gimmecert can be easily installed using ``pip``. Before installing it,
 make sure the following requirements have been met:
-- You are running *Python 3.5+*.
+- You are running *Python 3.8+*.
 In order to install latest stable release of *Gimmecert* using *pip*, run the
 following command::

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -5,6 +5,20 @@ Release notes @@
 NEXT RELEASE
 ------------
 .. warning::
    This release contains the following breaking changes:
    - Support for Python 3.5, 3.6, and 3.7 has been dropped. Make sure
      that you are using one of the supported Python versions prior to
      upgrading *Gimmecert*.
 Resolves issues:
 - **Tasks**:
   - `GC-45: Drop support for Python 3.5, Python 3.6, and Python 3.7 <https://projects.majic.rs/gimmecert/issues/GC-45>`_
 .5.0
 -----

functional_tests/base.py

➞

Show inline comments

@@ @@ -20,7 +20,6 @@ @@
 import io
 import os
 import subprocess
 import pexpect
@@ @@ -47,23 +46,7 @@ def run_command(command, *args): @@
     invocation = [command]
     invocation.extend(args)
     # @TODO: Workaround for masking the Python 3.5 deprecation warning
     #        from the Cryptography package.
+    #
     #        This is required in order to continue running functional
     #        tests against Python 3.5 since we extensively take
     #        advantage of checking the standard error output.
+    #
     #        In case of unit tests it is a non-issue because Pytest
     #        will wrap around the deprecation warning, showing them
     #        only once (and thus preventing them from affecting the
     #        actual test code). However, in case of subprocess
     #        invocation, Pytest is unable to provide similar
     #        capability.
     env = os.environ
     env["PYTHONWARNINGS"] = "ignore:Python 3.5 support will be dropped in the next release of cryptography. Please upgrade your Python."
     process = subprocess.Popen(invocation, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)
     process = subprocess.Popen(invocation, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     stdout, stderr = process.communicate()
     stdout, stderr = stdout.decode(), stderr.decode()
     # Assume that all prompts/answers worked as expected.
     failure = None
     # @TODO: Workaround for masking the Python 3.5 deprecation warning
     #        from the Cryptography package.
+    #
     #        This is required in order to continue running functional
     #        tests against Python 3.5 since we extensively take
     #        advantage of checking the standard error output.
+    #
     #        In case of unit tests it is a non-issue because Pytest
     #        will wrap around the deprecation warning, showing them
     #        only once (and thus preventing them from affecting the
     #        actual test code). However, in case of subprocess
     #        invocation, Pytest is unable to provide similar
     #        capability.
     env = os.environ
     env["PYTHONWARNINGS"] = "ignore:Python 3.5 support will be dropped in the next release of cryptography. Please upgrade your Python."
     # Spawn the process, use dedicated stream for capturin command
     # stdout/stderr.
     output_stream = io.StringIO()

functional_tests/test_client.py

➞

Show inline comments

@@ @@ -88,7 +88,7 @@ def test_client_command_issues_client_certificate(tmpdir): @@
     # about the generated key.
     assert exit_code == 0
     assert stderr == ""
     assert "Private-Key: (2048 bit)" in stdout
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout
     # John then has a look at the generated certificate file.
     stdout, stderr, exit_code = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/client/myclient.cert.pem')

functional_tests/test_init.py

➞

Show inline comments

@@ @@ -73,7 +73,7 @@ def test_initialisation_on_fresh_directory(tmpdir): @@
     # about the generated key.
     assert exit_code == 0
     assert stderr == ""
     assert "Private-Key: (2048 bit)" in stdout
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout
     # John then has a look at the generated certificate file.
     stdout, stderr, exit_code = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/ca/level1.cert.pem')
     assert exit_code1 == 0
     assert stderr1 == ""
     assert "Private-Key: (2048 bit)" in stdout1
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout1
     assert exit_code2 == 0
     assert stderr2 == ""
     assert "Private-Key: (2048 bit)" in stdout2
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout2
     assert exit_code3 == 0
     assert stderr3 == ""
     assert "Private-Key: (2048 bit)" in stdout3
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout3
     # John then has a look at the generated CA certificate files.
     stdout1, stderr1, exit_code1 = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/ca/level1.cert.pem')

functional_tests/test_key_specification.py

➞

Show inline comments

     assert exit_code == 0
     assert stderr == ""
     assert "Private-Key: (4096 bit)" in stdout
+    assert "Private-Key: (4096 bit, 2 primes)" in stdout
     # John also does a quick check on the generated certificate's
     # signing and public key algorithm.
     # He can see that the generated private key uses the same size as the
     # one he specified for the CA hierarchy.
     assert "Private-Key: (1024 bit)" in stdout
+    assert "Private-Key: (1024 bit, 2 primes)" in stdout
 def test_server_command_key_specification_with_rsa(tmpdir):
@@ @@ -212,7 +212,7 @@ def test_server_command_key_specification_with_rsa(tmpdir): @@
     # He nods with his head, observing that the generated private key
     # uses the same key size as he has requested.
     assert "Private-Key: (2048 bit)" in stdout
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout
 def test_client_command_default_key_specification_with_rsa(tmpdir):
     # He can see that the generated private key uses the same size as the
     # one he specified for the CA hierarchy.
     assert "Private-Key: (1024 bit)" in stdout
+    assert "Private-Key: (1024 bit, 2 primes)" in stdout
 def test_client_command_key_specification_with_rsa(tmpdir):
@@ @@ -264,7 +264,7 @@ def test_client_command_key_specification_with_rsa(tmpdir): @@
     # He nods with his head, observing that the generated private key
     # uses the same key size as he has specified.
     assert "Private-Key: (2048 bit)" in stdout
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout
 def test_renew_command_key_specification_with_rsa(tmpdir):
@@ @@ -300,7 +300,7 @@ def test_renew_command_key_specification_with_rsa(tmpdir): @@
     # disovers that Gimmecert generated the key according to his
     # wishes.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')
     assert "Private-Key: (1024 bit)" in stdout
+    assert "Private-Key: (1024 bit, 2 primes)" in stdout
     # John goes ahead and performs a similar operation for his client
     # entity.
@@ @@ -310,7 +310,7 @@ def test_renew_command_key_specification_with_rsa(tmpdir): @@
     # And once again, Gimmecert has created the key with correct size.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem')
     assert "Private-Key: (1024 bit)" in stdout
+    assert "Private-Key: (1024 bit, 2 primes)" in stdout
     # After some further testing, John decides to renew the
     # certificates that have been issued using a CSR. He requests new
     # The renew command has used the same key specification for the
     # new private key as for the old private key.
     assert "Private-Key: (1024 bit)" in stdout
+    assert "Private-Key: (1024 bit, 2 primes)" in stdout
     # He performs the same check on the client key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem')
     # The renew command has used the same key specification for the
     # new private key as for the old private key.
     assert "Private-Key: (1024 bit)" in stdout
+    assert "Private-Key: (1024 bit, 2 primes)" in stdout
     # After using his manually generated private keys for a while,
     # John accidentally deletes them from his managed machine. Instead
     # He checks the server private key, and everything seems right -
     # same key size is used as in case of the old private key.
     stdout, stderr, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver2.key.pem')
     assert "Private-Key: (3072 bit)" in stdout
+    assert "Private-Key: (3072 bit, 2 primes)" in stdout
     # Then he has a look at the client private key, and that one is
     # also using the same key size as the old private key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient2.key.pem')
     assert "Private-Key: (3072 bit)" in stdout
+    assert "Private-Key: (3072 bit, 2 primes)" in stdout
 def test_initialisation_with_ecdsa_key_specification(tmpdir):

functional_tests/test_server.py

➞

Show inline comments

@@ @@ -92,7 +92,7 @@ def test_server_command_issues_server_certificate(tmpdir): @@
     # about the generated key.
     assert exit_code == 0
     assert stderr == ""
     assert "Private-Key: (2048 bit)" in stdout
+    assert "Private-Key: (2048 bit, 2 primes)" in stdout
     # John then has a look at the generated certificate file.
     stdout, stderr, exit_code = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/server/myserver.cert.pem')

provision.sh

➞

Show inline comments

@@ @@ -21,13 +21,13 @@ apt-get update -qq @@
 apt-get install -qq -y git virtualenv
 # Install Python build dependencies.
-apt-get install -qq -y make build-essential libssl1.0-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev xz-utils tk-dev libxml2-dev libffi-dev
+apt-get install -qq -y make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev xz-utils tk-dev libxml2-dev libffi-dev
 # Import public keys for validating Python releases.
 sudo -i -u vagrant gpg -q --import /vagrant/provision/python_releases_signing_keys.pub
 # Download and build additional Python versions.
-python_versions=("3.5.10" "3.6.12" "3.7.9" "3.8.6" "3.9.0")
+python_versions=("3.8.18" "3.9.18")
 work_directory="/home/vagrant/src"
 echo "Setting-up work directory."

Changeset was too big and was cut off... Show full diff anyway

0 comments (0 inline, 0 general)