Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update python-gnupg and relax constraint #566

Merged
merged 4 commits into from
Feb 22, 2021
Merged

Update python-gnupg and relax constraint #566

merged 4 commits into from
Feb 22, 2021

Conversation

sevein
Copy link
Member

@sevein sevein commented Feb 2, 2021

We were some versions behind, in particular v0.4.4 addresses CVE-2019-6690.

It needs to be tested.

Connects to archivematica/Issues#1317.

@sevein sevein added Type: bug A flaw in the code that causes the software to produce an incorrect or unexpected result. Status: in progress Issue that is currently being worked on. Waffle label. labels Feb 2, 2021
@sevein sevein self-assigned this Feb 2, 2021
@sevein sevein requested a review from replaceafill February 16, 2021 16:38
@replaceafill
Copy link
Member

I tested this and found an issue when I run the aip-encrypt and aip-encrypt-mirror tags of the acceptance tests where the GPG space is never created. I also noticed the /administration/keys/ view raises ValueError: gnupghome should be a directory (it isn't): /var/archivematica/storage_service/.gnupg which doesn't seem familiar:

Screenshot_2021-02-16 ValueError at administration keys

I couldn't find anything in the AM or SS code that creates that directory, and then I looked at the python-gnupg changelog which lead me to a related change in 0.4.5 where the .gnupg directory is not created anymore. Someone reported a similar problem and the author answered with:

With this change, the caller is responsible for ensuring that the directory exists beforehand.

@sevein sevein force-pushed the dev/issue-1317-update-python-gnupg branch 2 times, most recently from 70c6368 to ce13c40 Compare February 21, 2021 09:51
@sevein sevein changed the title Update python-gnupg and relax constrain Update python-gnupg and relax constraint Feb 22, 2021
@sevein
Update python-gnupg and relax constraint
6cc682d
@sevein
Create .gnupg config dir
72af6c3 
python-gnupg stopped doing this, raising a ValueError when missing.
@sevein
Fix passphrased error report
7d465f8 
python-gnupg stopped reporting the passphased status. Work around it
with an additional condition that checks the standard error.
@sevein
Update black and flake8
ca1bd21
replaceafill
replaceafill approved these changes Feb 22, 2021
View reviewed changes
Copy link
Member

@replaceafill replaceafill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@sevein sevein force-pushed the dev/issue-1317-update-python-gnupg branch from ce13c40 to ca1bd21 Compare February 22, 2021 18:10
@sevein sevein removed the Status: in progress Issue that is currently being worked on. Waffle label. label Feb 22, 2021
@sevein sevein merged commit ab294f9 into qa/0.x Feb 22, 2021
@sevein sevein deleted the dev/issue-1317-update-python-gnupg branch February 22, 2021 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@replaceafill replaceafill replaceafill approved these changes

Assignees

@sevein sevein

Labels
Type: bug A flaw in the code that causes the software to produce an incorrect or unexpected result.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sevein @replaceafill