From adf0c18f10e08e1e00c3e912feff6aae94343914 Mon Sep 17 00:00:00 2001 From: John Hensley Date: Tue, 11 Jun 2019 16:35:05 -0400 Subject: [PATCH 1/4] Bundle mod_wsgi in securedrop-app-code package To move to Python 3, we need to remove the dependency on Ubuntu's libapache2-mod-wsgi package. Since the libapache2-mod-wsgi-py3 package is in the universe section, this change bundles mod_wsgi in our securedrop-app-code package. For now, we have to simply drop libapache2-mod-wsgi as a dependency of securedrop-app-code. Actually uninstalling it disables the Apache module, breaking the Apache configuration. So we're leaving it installed and modifying /etc/apache2/mods-available/wsgi.load to point to our bundled mod_wsgi. This should be safe even if libapache2-mod-wsgi is updated, as we're specifying --force-confdef and --force-confold for cron-apt upgrades. At some point when we establish more control over the state of /etc/ on SecureDrop servers and can ensure our bundled module stays configured, we'll be able to remove the libapache2-mod-wsgi package. While testing these changes in prod VMC, I ran into difficulties with direct SSH, so I tweaked the Vagrantfile to support that better. To run a mix of Python 2 and 3, we need to omit backport requirements when running under 3, so I've added environment markers to enum34 and ipaddress. Also, --generate-hashes for develop and test requirements too. --- .circleci/config.yml | 4 +- Makefile | 6 +- Vagrantfile | 36 +- admin/requirements.txt | 3 +- .../files/usr.sbin.apache2 | 11 +- .../tasks/build_securedrop_app_code_deb.yml | 19 +- .../tasks/translations.yml | 2 +- .../securedrop-app-code/debian/control | 2 +- .../securedrop-app-code/debian/postinst | 5 +- molecule/builder-xenial/Dockerfile | 10 +- .../app-code/test_securedrop_app_code.py | 34 +- molecule/testinfra/staging/app/test_appenv.py | 2 +- .../dockerfiles/xenial/python2/Dockerfile | 2 +- .../dockerfiles/xenial/python3/Dockerfile | 2 +- .../requirements/develop-requirements.in | 5 +- .../requirements/develop-requirements.txt | 687 +++++++++++++++--- .../securedrop-app-code-requirements.in | 3 + .../securedrop-app-code-requirements.txt | 14 +- securedrop/requirements/test-requirements.in | 2 +- securedrop/requirements/test-requirements.txt | 185 ++++- 20 files changed, 832 insertions(+), 202 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 35ad7b3f49..1a0b3c86a8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -63,7 +63,9 @@ jobs: - run: name: Install development dependencies - command: pip install -U -r securedrop/requirements/develop-requirements.txt + command: | + pip install -U pip + pip install -U -r securedrop/requirements/develop-requirements.txt - run: name: Run code linting diff --git a/Makefile b/Makefile index 4e7ee0e1b5..6b4621f527 100644 --- a/Makefile +++ b/Makefile @@ -103,16 +103,16 @@ safety: ## Runs `safety check` to check python dependencies for vulnerabilities .PHONY: bandit bandit: ## Run bandit with medium level excluding test-related folders pip install --upgrade pip && \ - pip install --upgrade bandit!=1.6.0 && \ + pip install --upgrade bandit!=1.6.0 && \ bandit --recursive . --exclude admin/.tox,admin/.venv,admin/.eggs,molecule,testinfra,securedrop/tests,.tox,.venv -ll .PHONY: update-pip-requirements update-pip-requirements: ## Updates all Python requirements files via pip-compile. make -C admin update-pip-requirements - pip-compile --output-file securedrop/requirements/develop-requirements.txt \ + pip-compile --generate-hashes --output-file securedrop/requirements/develop-requirements.txt \ admin/requirements-ansible.in \ securedrop/requirements/develop-requirements.in - pip-compile --output-file securedrop/requirements/test-requirements.txt \ + pip-compile --generate-hashes --output-file securedrop/requirements/test-requirements.txt \ securedrop/requirements/test-requirements.in pip-compile --generate-hashes --output-file securedrop/requirements/securedrop-app-code-requirements.txt \ securedrop/requirements/securedrop-app-code-requirements.in diff --git a/Vagrantfile b/Vagrantfile index 58e8822c9e..72cac736f7 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -11,16 +11,16 @@ Vagrant.configure("2") do |config| # so the key insertion feature should be disabled. config.ssh.insert_key = false + config.ssh.port = 22 + # The staging hosts are just like production but allow non-tor access # for the web interfaces and ssh. config.vm.define 'mon-staging', autostart: false do |staging| if ENV['SECUREDROP_SSH_OVER_TOR'] - config.ssh.host = find_ssh_aths("mon-ssh-aths") - config.ssh.proxy_command = tor_ssh_proxy_command - config.ssh.port = 22 - elsif ARGV[0] == "ssh" - config.ssh.host = "10.0.1.3" - config.ssh.port = 22 + staging.ssh.host = find_ssh_aths("mon-ssh-aths") + staging.ssh.proxy_command = tor_ssh_proxy_command + elsif ARGV[0].start_with? "ssh" + staging.ssh.host = "10.0.1.3" end staging.vm.hostname = "mon-staging" staging.vm.box = "bento/ubuntu-16.04" @@ -30,12 +30,10 @@ Vagrant.configure("2") do |config| config.vm.define 'app-staging', autostart: false do |staging| if ENV['SECUREDROP_SSH_OVER_TOR'] - config.ssh.host = find_ssh_aths("app-ssh-aths") - config.ssh.proxy_command = tor_ssh_proxy_command - config.ssh.port = 22 - elsif ARGV[0] == "ssh" - config.ssh.host = "10.0.1.2" - config.ssh.port = 22 + staging.ssh.host = find_ssh_aths("app-ssh-aths") + staging.ssh.proxy_command = tor_ssh_proxy_command + elsif ARGV[0].start_with? "ssh" + staging.ssh.host = "10.0.1.2" end staging.vm.hostname = "app-staging" staging.vm.box = "bento/ubuntu-16.04" @@ -62,9 +60,10 @@ Vagrant.configure("2") do |config| # All access to SSH and the web interfaces is only over Tor. config.vm.define 'mon-prod', autostart: false do |prod| if ENV['SECUREDROP_SSH_OVER_TOR'] - config.ssh.host = find_ssh_aths("mon-ssh-aths") - config.ssh.proxy_command = tor_ssh_proxy_command - config.ssh.port = 22 + prod.ssh.host = find_ssh_aths("mon-ssh-aths") + prod.ssh.proxy_command = tor_ssh_proxy_command + elsif ARGV[0].start_with? "ssh" + prod.ssh.host = "10.0.1.5" end prod.vm.hostname = "mon-prod" prod.vm.box = "bento/ubuntu-16.04" @@ -74,9 +73,10 @@ Vagrant.configure("2") do |config| config.vm.define 'app-prod', autostart: false do |prod| if ENV['SECUREDROP_SSH_OVER_TOR'] - config.ssh.host = find_ssh_aths("app-ssh-aths") - config.ssh.proxy_command = tor_ssh_proxy_command - config.ssh.port = 22 + prod.ssh.host = find_ssh_aths("app-ssh-aths") + prod.ssh.proxy_command = tor_ssh_proxy_command + elsif ARGV[0].start_with? "ssh" + prod.ssh.host = "10.0.1.4" end prod.vm.hostname = "app-prod" prod.vm.box = "bento/ubuntu-16.04" diff --git a/admin/requirements.txt b/admin/requirements.txt index ab3611d69a..ab462da482 100644 --- a/admin/requirements.txt +++ b/admin/requirements.txt @@ -105,7 +105,8 @@ ipaddress==1.0.19 \ # via cryptography jinja2==2.10.1 \ --hash=sha256:065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013 \ - --hash=sha256:14dd6caf1527abb21f08f86c784eac40853ba93edb79552aa1e4b8aef1b61c7b + --hash=sha256:14dd6caf1527abb21f08f86c784eac40853ba93edb79552aa1e4b8aef1b61c7b \ + # via ansible markupsafe==1.0 \ --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ # via jinja2 diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 index e70867d489..d18d396891 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/usr.sbin.apache2 @@ -72,6 +72,7 @@ /lib/x86_64-linux-gnu/libc-*.so mr, /lib/x86_64-linux-gnu/libz.so.* mr, /proc/ r, + /proc/*/fd/ r, /proc/*/mounts r, /proc/*/stat r, /proc/*/status r, @@ -96,6 +97,8 @@ /usr/lib{,32,64}/** mr, /usr/local/lib/python2.7/dist-packages/ r, /usr/local/lib/python2.7/dist-packages/** rwm, + /usr/local/lib/python3.5/dist-packages/ r, + /usr/local/lib/python3.5/dist-packages/** rwm, /usr/share/file/magic r, /usr/share/file/magic.mgc r, /usr/share/pyshared/supervisor-*-nspkg.pth r, @@ -131,6 +134,8 @@ /var/www/* rw, /var/www/journalist.wsgi r, /var/www/securedrop/ r, + /var/www/securedrop/__pycache__/ rw, + /var/www/securedrop/__pycache__/** rw, /var/www/securedrop/config.py r, /var/www/securedrop/config.pyc rw, /var/www/securedrop/crypto_util.py r, @@ -141,6 +146,7 @@ /var/www/securedrop/dictionaries/nouns.txt r, /var/www/securedrop/journalist.py r, /var/www/securedrop/journalist.pyc rw, + /var/www/securedrop/journalist_app/ r, /var/www/securedrop/journalist_app/__init__.py r, /var/www/securedrop/journalist_app/__init__.pyc rw, /var/www/securedrop/journalist_app/account.py r, @@ -159,6 +165,7 @@ /var/www/securedrop/journalist_app/main.pyc rw, /var/www/securedrop/journalist_app/utils.py r, /var/www/securedrop/journalist_app/utils.pyc rw, + /var/www/securedrop/journalist_app/__pycache__/ rw, /var/www/securedrop/journalist_app/__pycache__/** rw, /var/www/securedrop/journalist_templates/account_edit_hotp_secret.html r, /var/www/securedrop/journalist_templates/account_new_two_factor.html r, @@ -194,8 +201,10 @@ /var/www/securedrop/sdconfig.pyc rw, /var/www/securedrop/source.py r, /var/www/securedrop/source.pyc rw, + /var/www/securedrop/source_app/ r, /var/www/securedrop/source_app/__init__.py r, /var/www/securedrop/source_app/__init__.pyc rw, + /var/www/securedrop/source_app/__pycache__/ rw, /var/www/securedrop/source_app/__pycache__/** rw, /var/www/securedrop/source_app/api.py r, /var/www/securedrop/source_app/api.pyc rw, @@ -267,7 +276,7 @@ /var/www/securedrop/static/i/font-awesome/trash-black.png r, /var/www/securedrop/static/i/font-awesome/black/guard.svg r, /var/www/securedrop/static/i/font-awesome/white/guard.svg r, - /var/www/securedrop/static/i/font-awesome/white/exclamation-circle.svg r, + /var/www/securedrop/static/i/font-awesome/white/exclamation-circle.svg r, /var/www/securedrop/static/i/hand_with_fingerprint.png r, /var/www/securedrop/static/i/success_checkmark.png r, /var/www/securedrop/static/i/server_upload.png r, diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml index 5369f24883..b15b4cad3d 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml @@ -16,9 +16,21 @@ - include: sass.yml +- name: Install Debian packages required to build wheels + apt: + name: + - apache2-dev + - python3-dev + - python3-pip + - python3-wheel + state: present + +- name: Upgrade pip + shell: pip3 install --upgrade pip + - name: Create pip wheel archive for Debian package requirements. shell: | - pip wheel \ + pip3 wheel --verbose \ --no-binary :all: \ --require-hashes \ --requirement {{ securedrop_pip_requirements }} \ @@ -41,13 +53,14 @@ # integrity, we can defer to a later time. - name: Install built pip wheels for SecureDrop. shell: | - pip install {{ securedrop_wheelhouse }}/*.whl + ls -al {{ securedrop_wheelhouse }} + pip3 install {{ securedrop_wheelhouse }}/*.whl tags: - pip - name: Create new requirements based on build/installed wheels without hashes shell: - pip freeze > {{ securedrop_pip_requirements_generated }} + pip3 freeze > {{ securedrop_pip_requirements_generated }} tags: - pip diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/translations.yml b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/translations.yml index 79a5c0b5a0..4cbd3b4114 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/translations.yml +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/translations.yml @@ -4,7 +4,7 @@ shell: >- cp config.py.example config.py ; trap 'rm config.py' EXIT ; - ./i18n_tool.py --verbose translate-messages --compile + python3 ./i18n_tool.py --verbose translate-messages --compile args: chdir: "{{ securedrop_code_filtered }}" environment: diff --git a/install_files/securedrop-app-code/debian/control b/install_files/securedrop-app-code/debian/control index 81fc6c5c0e..7c808a5b80 100644 --- a/install_files/securedrop-app-code/debian/control +++ b/install_files/securedrop-app-code/debian/control @@ -6,5 +6,5 @@ Homepage: https://securedrop.org Package: securedrop-app-code Architecture: amd64 -Depends: python-pip,apparmor-utils,gnupg2,haveged,python,secure-delete,sqlite3,${dist:Depends},libapache2-mod-wsgi,libapache2-mod-xsendfile,redis-server,supervisor,securedrop-keyring,securedrop-config,libpython2.7-dev +Depends: python3-pip,apparmor-utils,gnupg2,haveged,python3,secure-delete,sqlite3,${dist:Depends},libapache2-mod-xsendfile,redis-server,supervisor,securedrop-keyring,securedrop-config,devscripts Description: Packages the SecureDrop application code pip dependencies and apparmor profiles. This package will put the apparmor profiles in enforce mode. This package does use pip to install the pip wheelhouse diff --git a/install_files/securedrop-app-code/debian/postinst b/install_files/securedrop-app-code/debian/postinst index 12761198b7..a3d4c19e19 100644 --- a/install_files/securedrop-app-code/debian/postinst +++ b/install_files/securedrop-app-code/debian/postinst @@ -124,7 +124,7 @@ case "$1" in chown -R www-data:www-data /var/lib/securedrop /var/www/securedrop - pip install --no-index --find-links=/var/securedrop/wheelhouse --upgrade \ + pip3 install --no-index --find-links=/var/securedrop/wheelhouse --upgrade \ -r /var/www/securedrop/requirements/securedrop-app-code-requirements-packaged.txt chown -R www-data:www-data /var/www/securedrop @@ -142,6 +142,9 @@ case "$1" in # the ability to send signals to unconfined peers. service apache2 stop + # Point Apache to our bundled mod_wsgi + mod_wsgi-express module-config > /etc/apache2/mods-available/wsgi.load + # If the profile was disabled enabled it. if [ -e "/etc/apparmor.d/disable/usr.sbin.apache2" ]; then rm /etc/apparmor.d/disable/usr.sbin.apache2 diff --git a/molecule/builder-xenial/Dockerfile b/molecule/builder-xenial/Dockerfile index 49cb57381d..dd3a34e007 100644 --- a/molecule/builder-xenial/Dockerfile +++ b/molecule/builder-xenial/Dockerfile @@ -6,6 +6,8 @@ LABEL org="Freedom of the Press" LABEL image_name="xenial-sd-builder-app" RUN apt-get -y update && apt-get upgrade -y && apt-get install -y \ + apache2 \ + apache2-dev \ aptitude \ debhelper \ devscripts \ @@ -19,10 +21,10 @@ RUN apt-get -y update && apt-get upgrade -y && apt-get install -y \ make \ ntp \ paxctl \ - python \ - python-dev \ - python-pip \ - python-wheel \ + python3 \ + python3-dev \ + python3-pip \ + python3-wheel \ rsync \ ruby \ secure-delete \ diff --git a/molecule/testinfra/staging/app-code/test_securedrop_app_code.py b/molecule/testinfra/staging/app-code/test_securedrop_app_code.py index 2e79d9ad72..c1f5f33c0f 100644 --- a/molecule/testinfra/staging/app-code/test_securedrop_app_code.py +++ b/molecule/testinfra/staging/app-code/test_securedrop_app_code.py @@ -15,15 +15,21 @@ def test_apache_default_docroot_is_absent(host): @pytest.mark.parametrize('package', [ - 'apparmor-utils', - 'gnupg2', - 'haveged', - 'python', - 'python-pip', - 'redis-server', - 'secure-delete', - 'sqlite3', - 'supervisor', + "apache2", + "apparmor-utils", + "devscripts", + "gnupg2", + "haveged", + "libapache2-mod-xsendfile", + "paxctld", + "python3", + "python3-pip", + "redis-server", + "secure-delete", + "securedrop-config", + "securedrop-keyring", + "sqlite3", + "supervisor", ]) def test_securedrop_application_apt_dependencies(host, package): """ @@ -34,6 +40,16 @@ def test_securedrop_application_apt_dependencies(host, package): assert host.package(package).is_installed +def test_mod_wsgi_is_ours(host): + mod_wsgi_load = host.file("/etc/apache2/mods-enabled/wsgi.load").content_string + assert mod_wsgi_load == ( + '''LoadModule wsgi_module ''' + '''"/usr/local/lib/python3.5/dist-packages/mod_wsgi/server/''' + '''mod_wsgi-py35.cpython-35m-x86_64-linux-gnu.so"\n''' + '''WSGIPythonHome "/usr"''' + ) + + def test_securedrop_application_test_locale(host): """ Ensure both SecureDrop DEFAULT_LOCALE and SUPPORTED_LOCALES are present. diff --git a/molecule/testinfra/staging/app/test_appenv.py b/molecule/testinfra/staging/app/test_appenv.py index 281ca99fa3..969badfbd4 100644 --- a/molecule/testinfra/staging/app/test_appenv.py +++ b/molecule/testinfra/staging/app/test_appenv.py @@ -7,7 +7,7 @@ @pytest.mark.parametrize('exp_pip_pkg', sdvars.pip_deps) def test_app_pip_deps(host, exp_pip_pkg): """ Ensure pip dependencies are installed """ - pip = host.pip_package.get_packages() + pip = host.pip_package.get_packages(pip_path="pip3") assert pip[exp_pip_pkg['name']]['version'] == exp_pip_pkg['version'] diff --git a/securedrop/dockerfiles/xenial/python2/Dockerfile b/securedrop/dockerfiles/xenial/python2/Dockerfile index ab3880d397..885c215aeb 100644 --- a/securedrop/dockerfiles/xenial/python2/Dockerfile +++ b/securedrop/dockerfiles/xenial/python2/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get update && \ apt-get install -y paxctl && \ { apt-get install -y libgtk2.0 || echo 'libgtk2.0 was not installed'; } && \ paxctl -cm /usr/bin/mono-sgen && dpkg-reconfigure mono-runtime-sgen && \ - apt-get install -y devscripts vim \ + apt-get install -y apache2-dev devscripts vim \ python-pip libpython2.7-dev libssl-dev secure-delete \ gnupg2 ruby redis-server git xvfb haveged curl wget \ gettext paxctl x11vnc enchant libffi-dev sqlite3 gettext sudo \ diff --git a/securedrop/dockerfiles/xenial/python3/Dockerfile b/securedrop/dockerfiles/xenial/python3/Dockerfile index 28efa791a8..6b3655086c 100644 --- a/securedrop/dockerfiles/xenial/python3/Dockerfile +++ b/securedrop/dockerfiles/xenial/python3/Dockerfile @@ -9,7 +9,7 @@ ENV USER_ID ${USER_ID:-0} RUN apt-get update && apt-get install -y paxctl && \ { apt-get install -y libgtk2.0 || echo 'libgtk2.0 was not installed'; } && \ paxctl -cm /usr/bin/mono-sgen && dpkg-reconfigure mono-runtime-sgen && \ - apt-get install -y devscripts vim \ + apt-get install -y apache2-dev devscripts vim \ python3-pip libpython3.5-dev libssl-dev secure-delete \ gnupg2 ruby redis-server git xvfb haveged curl wget \ gettext paxctl x11vnc enchant libffi-dev sqlite3 gettext sudo \ diff --git a/securedrop/requirements/develop-requirements.in b/securedrop/requirements/develop-requirements.in index c5d0991617..2d65e65905 100644 --- a/securedrop/requirements/develop-requirements.in +++ b/securedrop/requirements/develop-requirements.in @@ -5,13 +5,16 @@ boto3 docker-py # Needed for dig ansible lookup dnspython +enum34==1.1.6; python_version < "3.4" flake8 +futures; python_version < "3.0" html-linter +ipaddress==1.0.22; python_version < "3.3" molecule>2.13 # Needed for ansible network filter # http://docs.ansible.com/ansible/latest/playbooks_filters_ipaddr.html netaddr -pip-tools>=3.5.0,<4 +pip-tools>=3.8.0,<4 pyenchant pylint pytest-xdist diff --git a/securedrop/requirements/develop-requirements.txt b/securedrop/requirements/develop-requirements.txt index ad8b199e7d..f41922879c 100644 --- a/securedrop/requirements/develop-requirements.txt +++ b/securedrop/requirements/develop-requirements.txt @@ -2,117 +2,578 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --output-file securedrop/requirements/develop-requirements.txt admin/requirements-ansible.in securedrop/requirements/develop-requirements.in +# pip-compile --generate-hashes --output-file=securedrop/requirements/develop-requirements.txt admin/requirements-ansible.in securedrop/requirements/develop-requirements.in # -alabaster==0.7.10 # via sphinx -ansible-lint==3.4.23 # via molecule -ansible==2.6.14 -anyconfig==0.9.7 # via molecule -apipkg==1.4 # via execnet -argh==0.26.2 # via sphinx-autobuild, watchdog -arrow==0.10.0 # via jinja2-time -asn1crypto==0.22.0 # via cryptography -astroid==1.6.0 # via pylint -babel==2.4.0 # via sphinx -backports-abc==0.5 # via tornado -backports.functools-lru-cache==1.5 # via astroid, pylint -backports.ssl-match-hostname==3.5.0.1 # via docker-py -bandit==1.4.0 -bcrypt==3.1.3 # via paramiko -binaryornot==0.4.4 # via cookiecutter -boto3==1.5.24 -boto==2.48.0 -botocore==1.8.38 # via boto3, s3transfer -cerberus==1.2 # via molecule -certifi==2017.7.27.1 # via requests, tornado -cffi==1.10.0 # via bcrypt, cryptography, pynacl -chardet==3.0.4 # via binaryornot, requests -click-completion==0.3.1 # via molecule -click==6.7 # via click-completion, cookiecutter, git-url-parse, molecule, pip-tools, python-gilt, safety -colorama==0.3.9 # via molecule, python-gilt -configparser==3.5.0 # via flake8, pylint -cookiecutter==1.6.0 # via molecule -cryptography==2.3.1 -dnspython==1.15.0 -docker-py==1.10.6 -docker-pycreds==0.2.1 # via docker-py -docopt==0.6.2 # via html-linter, template-remover -docutils==0.14 # via botocore, sphinx -dparse==0.4.1 # via safety -enum34==1.1.6 # via astroid, cryptography, flake8 -execnet==1.4.1 # via pytest-xdist -fasteners==0.14.1 # via python-gilt -flake8==3.5.0 -future==0.16.0 # via cookiecutter -futures==3.2.0 # via s3transfer -git-url-parse==1.0.2 # via python-gilt -gitdb2==2.0.3 # via gitpython -gitpython==2.1.8 # via bandit -html-linter==0.4.0 -idna==2.5 # via cryptography, requests -imagesize==0.7.1 # via sphinx -ipaddress==1.0.22 # via cryptography, docker-py -isort==4.2.15 # via pylint -jinja2-time==0.2.0 # via cookiecutter -jinja2==2.10 # via ansible, click-completion, cookiecutter, jinja2-time, molecule, sphinx -jmespath==0.9.3 # via boto3, botocore -lazy-object-proxy==1.3.1 # via astroid -livereload==2.5.1 # via sphinx-autobuild -markupsafe==1.0 # via jinja2 -mccabe==0.6.1 # via flake8, pylint -molecule==2.19.0 -monotonic==1.4 # via fasteners -netaddr==0.7.19 -packaging==16.8 # via dparse, safety -paramiko==2.4.2 # via ansible -pathspec==0.5.5 # via yamllint -pathtools==0.1.2 # via sphinx-autobuild, watchdog -pbr==4.1.0 # via git-url-parse, molecule, python-gilt, stevedore -pexpect==4.6.0 # via molecule -pip-tools==3.5.0 -port-for==0.3.1 # via sphinx-autobuild -poyo==0.4.1 # via cookiecutter -psutil==5.4.6 # via molecule -ptyprocess==0.5.2 # via pexpect -py==1.4.34 # via pytest -pyasn1==0.3.1 # via paramiko -pycodestyle==2.3.1 # via flake8 -pycparser==2.18 # via cffi -pyenchant==2.0.0 -pyflakes==1.5.0 # via flake8 -pygments==2.2.0 # via sphinx -pylint==1.8.1 -pynacl==1.1.2 # via paramiko -pyparsing==2.2.0 # via packaging -pytest-xdist==1.18.2 -pytest==3.2.0 # via pytest-xdist, testinfra -python-dateutil==2.6.1 # via arrow, botocore -python-gilt==1.2.1 # via molecule -python-vagrant==0.5.15 -pytz==2017.2 # via babel -pyyaml==3.13 # via ansible, ansible-lint, bandit, dparse, molecule, python-gilt, sphinx-autobuild, watchdog, yamllint -requests==2.20.0 # via cookiecutter, docker-py, safety, sphinx -s3transfer==0.1.12 # via boto3 -safety==1.8.4 -sh==1.12.14 # via molecule, python-gilt -singledispatch==3.4.0.3 # via astroid, pylint, tornado -six==1.11.0 # via ansible-lint, astroid, bandit, bcrypt, click-completion, cryptography, docker-py, docker-pycreds, dparse, fasteners, git-url-parse, livereload, molecule, packaging, pip-tools, pylint, pynacl, python-dateutil, singledispatch, sphinx, stevedore, testinfra, websocket-client -smmap2==2.0.3 # via gitdb2 -snowballstemmer==1.2.1 # via sphinx -sphinx-autobuild==0.7.1 -sphinx-rtd-theme==0.2.4 -sphinx==1.6.3 -sphinxcontrib-websupport==1.0.1 # via sphinx -stevedore==1.28.0 # via bandit -tabulate==0.8.2 # via molecule -template-remover==0.1.9 # via html-linter -testinfra==1.16.0 -tornado==4.5.1 # via livereload, sphinx-autobuild -tree-format==0.1.2 # via molecule -typing==3.6.6 # via sphinx -urllib3==1.23 -watchdog==0.8.3 # via sphinx-autobuild -websocket-client==0.44.0 # via docker-py -whichcraft==0.4.1 # via cookiecutter -wrapt==1.10.11 # via astroid -yamllint==1.11.1 +alabaster==0.7.10 \ + --hash=sha256:2eef172f44e8d301d25aff8068fddd65f767a3f04b5f15b0f4922f113aa1c732 \ + --hash=sha256:37cdcb9e9954ed60912ebc1ca12a9d12178c26637abdf124e3cde2341c257fe0 \ + # via sphinx +ansible-lint==3.4.23 \ + --hash=sha256:7686dad54aab9281562a5788415af1488b9af8a5acc99c042ecb9959b6ab7a57 \ + # via molecule +ansible==2.6.14 \ + --hash=sha256:412f130f4c5d1953ccd95f01b5a4675cbff4ba225762bafb74a2f3bb6c807827 +anyconfig==0.9.7 \ + --hash=sha256:4d6016ae6eecc5e502bc7e99ae0639c5710c5c67bde5f21b06b9eaafd9ce0e7e \ + # via molecule +apipkg==1.4 \ + --hash=sha256:2e38399dbe842891fe85392601aab8f40a8f4cc5a9053c326de35a1cc0297ac6 \ + --hash=sha256:65d2aa68b28e7d31233bb2ba8eb31cda40e4671f8ac2d6b241e358c9652a74b9 \ + # via execnet +argh==0.26.2 \ + --hash=sha256:a9b3aaa1904eeb78e32394cd46c6f37ac0fb4af6dc488daa58971bdc7d7fcaf3 \ + --hash=sha256:e9535b8c84dc9571a48999094fda7f33e63c3f1b74f3e5f3ac0105a58405bb65 \ + # via sphinx-autobuild, watchdog +arrow==0.10.0 \ + --hash=sha256:805906f09445afc1f0fc80187db8fe07670e3b25cdafa09b8d8ac264a8c0c722 \ + # via jinja2-time +asn1crypto==0.22.0 \ + --hash=sha256:cbbadd640d3165ab24b06ef25d1dca09a3441611ac15f6a6b452474fdf0aed1a \ + --hash=sha256:d232509fefcfcdb9a331f37e9c9dc20441019ad927c7d2176cf18ed5da0ba097 \ + # via cryptography +astroid==1.6.0 \ + --hash=sha256:71dadba2110008e2c03f9fde662ddd2053db3c0489d0e03c94e828a0399edd4f \ + --hash=sha256:badf6917ef7eb0ade0ea6eae347aed1e3f8f4c9375a02916f5cc450b3c8a64c0 \ + # via pylint +babel==2.4.0 \ + --hash=sha256:8c98f5e5f8f5f088571f2c6bd88d530e331cbbcb95a7311a0db69d3dca7ec563 \ + --hash=sha256:e86ca5a3a6bb64b9bbb62b9dac37225ec0ab5dfaae3c2492ebd648266468042f \ + # via sphinx +backports-abc==0.5 \ + --hash=sha256:033be54514a03e255df75c5aee8f9e672f663f93abb723444caec8fe43437bde \ + --hash=sha256:52089f97fe7a9aa0d3277b220c1d730a85aefd64e1b2664696fe35317c5470a7 \ + # via tornado +backports.functools-lru-cache==1.5 \ + --hash=sha256:9d98697f088eb1b0fa451391f91afb5e3ebde16bbdb272819fd091151fda4f1a \ + --hash=sha256:f0b0e4eba956de51238e17573b7087e852dfe9854afd2e9c873f73fc0ca0a6dd \ + # via astroid, pylint +backports.ssl-match-hostname==3.7.0.1 \ + --hash=sha256:bb82e60f9fbf4c080eabd957c39f0641f0fc247d9a16e31e26d594d8f42b9fd2 \ + # via docker-py +bandit==1.4.0 \ + --hash=sha256:cb977045497f83ec3a02616973ab845c829cdab8144ce2e757fe031104a9abd4 \ + --hash=sha256:de4cc19d6ba32d6f542c6a1ddadb4404571347d83ef1ed1e7afb7d0b38e0c25b +bcrypt==3.1.3 \ + --hash=sha256:05b35b9842b009b44496fa5433ce462f69966291e50fbd471dbb427f399f748f \ + --hash=sha256:06280fe19ffbcf6cf904de25190dd6fcd313e30bc79da305f5642a8295d1616e \ + --hash=sha256:1f3054d4da7c4a84b797d9130c36425b6e28134e9e67cd47b393774ea7168a3d \ + --hash=sha256:329c547f5525808aecd77ccade9fd443e381f9d91fc8164da1dae9c195e1f1f5 \ + --hash=sha256:35cfdfa3f64f8bad68d25f261bdc60fbb9e43f164881c496cb590bf8001aad83 \ + --hash=sha256:4396a33e112907f5978d5c40ca858b79fb1f6afd1caf3f8721c1411593d83bc2 \ + --hash=sha256:47d47df72e9f0462c8065a82da7b87f4b2577eb8a3fc855bcea165c2293beb84 \ + --hash=sha256:4eb357ab2cd27f4c6151d33130c667e9245beb9d1e6779ccf7e196d4cc20ffa8 \ + --hash=sha256:5129442f3f131c1210734699ffa2b7f956786e3e943d38a3158ce174708d0296 \ + --hash=sha256:5817b2b70a074cdab74c3871a2018d6931f8ef5148844006b8868b2be26f5abe \ + --hash=sha256:5929214153af8e3e461777837e0de1a00f2ced48d921e55fb952b4d5702e1be2 \ + --hash=sha256:5dce51509227741323469b5c5ac6c6ccb2b2380800acc72e60bdf1b3359a5deb \ + --hash=sha256:60c8aa69d18ee750d3678d67a265f1cf3559eabef98f90e3e646c3ff41e8795d \ + --hash=sha256:6645c8d0ad845308de3eb9be98b6fd22a46ec5412bfc664a423e411cdd8f5488 \ + --hash=sha256:66e3e1c105c1b811cf25974ee1eff53f2ebf4203c2e2c90e4b1097a837ba4a66 \ + --hash=sha256:69dc348c0b6b34b855f3f340756b35f0398e18f0637fc815be567c664cba7d1b \ + --hash=sha256:70b69c68aede91eb96df81227c0a060ead75a008c3d7e4858dc165265d125c44 \ + --hash=sha256:73aabf7967c4dc319644c8bcfcbfe8106a475b16af481e0c12402dce2fbac44d \ + --hash=sha256:7f08048c4315f56f02dcef350c9b149a1b7a88c46d316e16a83f1f25a71323c6 \ + --hash=sha256:81eb609e0e15336ce6d6acf37a2e4a89c5a2030b76bc7a907e7010d5b4332c38 \ + --hash=sha256:84b65684f53c4b6b9d9f61d7f9306e286613187bdf46f30d9a0bbadccfde2205 \ + --hash=sha256:8b32df00118b8e7de99eb5ca78374eff1a3934ca42972a54283ddcb85d77164d \ + --hash=sha256:9c3b27bcc772958a4a051ae333de802423ebe0a5dd4e58e642e6e9d641cd7f3c \ + --hash=sha256:9cdc6fcd0eda471b66aca565ce214639f1ad1c5f3a71a205c492d04d139bb75b \ + --hash=sha256:b67e222177bfd51532955307a1ec9afd5e9c90ba2ff9561acae562d1e75c6ac1 \ + --hash=sha256:b7679e478041ad8eae3d70e73dc7f6a2e913142a5fc35a6cabfcb7af977559c1 \ + --hash=sha256:b949fd8cab330cddb101d4d5fa1b02772b887c31280f10ee4530c2090c378b13 \ + --hash=sha256:bebccf76fad01fe91426023b3a41ee991a3ab539f3d3d74b7acdb75baf111224 \ + --hash=sha256:c22f3e2c29cb592b65020605649f6d3cd4cf626e6cf97ce1843547e5ea4d5f68 \ + --hash=sha256:c68f89a235752c2c191f17ca9a5a2496cb278b57ceb3753621f502a3f576fec5 \ + --hash=sha256:c8e236eabdaf230e5c49f26c28f95bc3788ba1296765a4e1b98143741fcd779c \ + --hash=sha256:cdbcff01afda970b8d8e57633204f4501eddbe2c03932f51e7030aebddaf72d5 \ + --hash=sha256:e0d47491bd496f823c7fdfdd6154b3e68b8ddf07556210bc46d39af31035f90a \ + --hash=sha256:f05cf87b6787b19c0daf9a7b89ac98708e48903120ccc04e4120528daba280fb \ + --hash=sha256:f1255ae53392e6e3a40955fa363d9522c915d3245c83029fd7a8ef500cd5f3be \ + --hash=sha256:f2bfc588ff4e779e3659b8db348f5fb7b8192d63efc4bf15ecc50a72c820a221 \ + # via paramiko +binaryornot==0.4.4 \ + --hash=sha256:359501dfc9d40632edc9fac890e19542db1a287bbcfa58175b66658392018061 \ + --hash=sha256:b8b71173c917bddcd2c16070412e369c3ed7f0528926f70cac18a6c97fd563e4 \ + # via cookiecutter +boto3==1.5.24 \ + --hash=sha256:13f97c60392b581d6b47c377a1c41fed736ce83694539ada8e480532496399be \ + --hash=sha256:f5d62530ab6463ad13e3bd9f80bdae79106db7b693838dbab2de92b1ad8db21c +boto==2.48.0 \ + --hash=sha256:13be844158d1bd80a94c972c806ec8381b9ea72035aa06123c5db6bc6a6f3ead \ + --hash=sha256:deb8925b734b109679e3de65856018996338758f4b916ff4fe7bb62b6d7000d1 +botocore==1.8.38 \ + --hash=sha256:1e82d18c23ba0c2251404aee33483e82729e5d4b1838c528206f2ed2ba4516cd \ + --hash=sha256:aa0aa83766b1dbb23f67d807222d78ab5ba528c23be5e7ffca7d8643e6224272 \ + # via boto3, s3transfer +cerberus==1.2 \ + --hash=sha256:f5c2e048fb15ecb3c088d192164316093fcfa602a74b3386eefb2983aa7e800a \ + # via molecule +certifi==2017.7.27.1 \ + --hash=sha256:40523d2efb60523e113b44602298f0960e900388cf3bb6043f645cf57ea9e3f5 \ + --hash=sha256:54a07c09c586b0e4c619f02a5e94e36619da8e2b053e20f594348c0611803704 \ + # via requests, tornado +cffi==1.10.0 \ + --hash=sha256:1426e67e855ef7f5030c9184f4f1a9f4bfa020c31c962cd41fd129ec5aef4a6a \ + --hash=sha256:267dd2c66a5760c5f4d47e2ebcf8eeac7ef01e1ae6ae7a6d0d241a290068bc38 \ + --hash=sha256:285ab352552f52f1398c912556d4d36d4ea9b8450e5c65d03809bf9886755533 \ + --hash=sha256:446699c10f3c390633d0722bc19edbc7ac4b94761918a4a4f7908a24e86ebbd0 \ + --hash=sha256:4fc9c2ff7924b3a1fa326e1799e5dd58cac585d7fb25fe53ccaa1333b0453d65 \ + --hash=sha256:5576644b859197da7bbd8f8c7c2fb5dcc6cd505cadb42992d5f104c013f8a214 \ + --hash=sha256:562326fc7f55a59ef3fef5e82908fe938cdc4bbda32d734c424c7cd9ed73e93a \ + --hash=sha256:587a5043df4b00a2130e09fed42da02a4ed3c688bd9bf07a3ac89d2271f4fb07 \ + --hash=sha256:5de52b081a2775e76b971de9d997d85c4457fc0a09079e12d66849548ae60981 \ + --hash=sha256:7248506981eeba23888b4140a69a53c4c0c0a386abcdca61ed8dd790a73e64b9 \ + --hash=sha256:7f732ad4a30db0b39400c3f7011249f7d0701007d511bf09604729aea222871f \ + --hash=sha256:80796ea68e11624a0279d3b802f88a7fe7214122b97a15a6c97189934a2cc776 \ + --hash=sha256:937db39a1ec5af3003b16357b2042bba67c88d43bc11aaa203fa8a5924524209 \ + --hash=sha256:94fb8410c6c4fc48e7ea759d3d1d9ca561171a88d00faddd4aa0306f698ad6a0 \ + --hash=sha256:96e599b924ef009aa867f725b3249ee51d76489f484d3a45b4bd219c5ec6ed59 \ + --hash=sha256:98b89b2c57f97ce2db7aeba60db173c84871d73b40e41a11ea95de1500ddc57e \ + --hash=sha256:9a31c18ba4881a116e448c52f3f5d3e14401cf7a9c43cc88f06f2a7f5428da0e \ + --hash=sha256:9e389615bcecb8c782a87939d752340bb0a3a097e90bae54d7f0915bc12f45bd \ + --hash=sha256:a41406f6d62abcdf3eef9fd998d8dcff04fd2a7746644143045feeebd76352d1 \ + --hash=sha256:a8955265d146e86fe2ce116394be4eaf0cb40314a79b19f11c4fa574cd639572 \ + --hash=sha256:ab22285797631df3b513b2cd3ecdc51cd8e3d36788e3991d93d0759d6883b027 \ + --hash=sha256:afa7d8b8d38ad40db8713ee053d41b36d87d6ae5ec5ad36f9210b548a18dc214 \ + --hash=sha256:b3b02911eb1f6ada203b0763ba924234629b51586f72a21faacc638269f4ced5 \ + --hash=sha256:b560916546b2f209d74b82bdbc3223cee9a165b0242fa00a06dfc48a2054864a \ + --hash=sha256:b69b4557aae7de18b7c174a917fe19873529d927ac592762d9771661875bbd40 \ + --hash=sha256:bea842a0512be6a8007e585790bccd5d530520fc025ce63b03e139be373b0063 \ + --hash=sha256:c1d8b3d8dcb5c23ac1a8bf56422036f3f305a3c5a8bc8c354256579a1e2aa2c1 \ + --hash=sha256:c49187260043bd4c1d6a52186f9774f17d9b1da0a406798ebf4bfc12da166ade \ + --hash=sha256:d09ff358f75a874f69fa7d1c2b4acecf4282a950293fcfcf89aa606da8a9a500 \ + --hash=sha256:e2b7e090188833bc58b2ae03fb864c22688654ebd2096bcf38bc860c4f38a3d8 \ + --hash=sha256:e553eb489511cacf19eda6e52bc9e151316f0d721724997dda2c4d3079b778db \ + --hash=sha256:e7175287f7fe7b1cc203bb958b17db40abd732690c1e18e700f10e0843a58598 \ + --hash=sha256:e74896774e437f4715c57edeb5cf3d3a40d7727f541c2c12156617b5a15d1829 \ + --hash=sha256:e7d88fecb7b6250a1fd432e6dc64890342c372fce13dbfe4bb6f16348ad00c14 \ + --hash=sha256:ec08b88bef627ec1cea210e1608c85d3cf44893bcde74e41b7f7dbdfd2c1bad6 \ + --hash=sha256:f4019826a2dec066c909a1f483ef0dcf9325d6740cc0bd15308942b28b0930f7 \ + # via bcrypt, cryptography, pynacl +chardet==3.0.4 \ + --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \ + --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \ + # via binaryornot, requests +click-completion==0.3.1 \ + --hash=sha256:7ca12978493a7450486cef155845af4fae48744c3f97b7250a254de65c9e5e5a \ + # via molecule +click==6.7 \ + --hash=sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d \ + --hash=sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b \ + # via click-completion, cookiecutter, git-url-parse, molecule, pip-tools, python-gilt, safety +colorama==0.3.9 \ + --hash=sha256:463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda \ + --hash=sha256:48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1 \ + # via molecule, python-gilt +configparser==3.7.4 \ + --hash=sha256:8be81d89d6e7b4c0d4e44bcc525845f6da25821de80cb5e06e7e0238a2899e32 \ + --hash=sha256:da60d0014fd8c55eb48c1c5354352e363e2d30bbf7057e5e171a468390184c75 \ + # via flake8, pylint +cookiecutter==1.6.0 \ + --hash=sha256:1316a52e1c1f08db0c9efbf7d876dbc01463a74b155a0d83e722be88beda9a3e \ + --hash=sha256:ed8f54a8fc79b6864020d773ce11539b5f08e4617f353de1f22d23226f6a0d36 \ + # via molecule +cryptography==2.3.1 \ + --hash=sha256:02602e1672b62e803e08617ec286041cc453e8d43f093a5f4162095506bc0beb \ + --hash=sha256:10b48e848e1edb93c1d3b797c83c72b4c387ab0eb4330aaa26da8049a6cbede0 \ + --hash=sha256:17db09db9d7c5de130023657be42689d1a5f60502a14f6f745f6f65a6b8195c0 \ + --hash=sha256:227da3a896df1106b1a69b1e319dce218fa04395e8cc78be7e31ca94c21254bc \ + --hash=sha256:2cbaa03ac677db6c821dac3f4cdfd1461a32d0615847eedbb0df54bb7802e1f7 \ + --hash=sha256:31db8febfc768e4b4bd826750a70c79c99ea423f4697d1dab764eb9f9f849519 \ + --hash=sha256:4a510d268e55e2e067715d728e4ca6cd26a8e9f1f3d174faf88e6f2cb6b6c395 \ + --hash=sha256:6a88d9004310a198c474d8a822ee96a6dd6c01efe66facdf17cb692512ae5bc0 \ + --hash=sha256:76936ec70a9b72eb8c58314c38c55a0336a2b36de0c7ee8fb874a4547cadbd39 \ + --hash=sha256:7e3b4aecc4040928efa8a7cdaf074e868af32c58ffc9bb77e7bf2c1a16783286 \ + --hash=sha256:8168bcb08403ef144ff1fb880d416f49e2728101d02aaadfe9645883222c0aa5 \ + --hash=sha256:8229ceb79a1792823d87779959184a1bf95768e9248c93ae9f97c7a2f60376a1 \ + --hash=sha256:8a19e9f2fe69f6a44a5c156968d9fc8df56d09798d0c6a34ccc373bb186cee86 \ + --hash=sha256:8d10113ca826a4c29d5b85b2c4e045ffa8bad74fb525ee0eceb1d38d4c70dfd6 \ + --hash=sha256:be495b8ec5a939a7605274b6e59fbc35e76f5ad814ae010eb679529671c9e119 \ + --hash=sha256:dc2d3f3b1548f4d11786616cf0f4415e25b0fbecb8a1d2cd8c07568f13fdde38 \ + --hash=sha256:e4aecdd9d5a3d06c337894c9a6e2961898d3f64fe54ca920a72234a3de0f9cb3 \ + --hash=sha256:e79ab4485b99eacb2166f3212218dd858258f374855e1568f728462b0e6ee0d9 \ + --hash=sha256:f995d3667301e1754c57b04e0bae6f0fa9d710697a9f8d6712e8cca02550910f +dnspython==1.15.0 \ + --hash=sha256:40f563e1f7a7b80dc5a4e76ad75c23da53d62f1e15e6e517293b04e1f84ead7c \ + --hash=sha256:861e6e58faa730f9845aaaa9c6c832851fbf89382ac52915a51f89c71accdd31 +docker-py==1.10.6 \ + --hash=sha256:35b506e95861914fa5ad57a6707e3217b4082843b883be246190f57013948aba \ + --hash=sha256:4c2a75875764d38d67f87bc7d03f7443a3895704efc57962bdf6500b8d4bc415 +docker-pycreds==0.2.1 \ + --hash=sha256:58d2688f92de5d6f1a6ac4fe25da461232f0e0a4c1212b93b256b046b2d714a9 \ + --hash=sha256:93833a2cf280b7d8abbe1b8121530413250c6cd4ffed2c1cf085f335262f7348 \ + # via docker-py +docopt==0.6.2 \ + --hash=sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491 \ + # via html-linter, template-remover +docutils==0.14 \ + --hash=sha256:02aec4bd92ab067f6ff27a38a38a41173bf01bed8f89157768c1573f53e474a6 \ + --hash=sha256:51e64ef2ebfb29cae1faa133b3710143496eca21c530f3f71424d77687764274 \ + --hash=sha256:7a4bd47eaf6596e1295ecb11361139febe29b084a87bf005bf899f9a42edc3c6 \ + # via botocore, sphinx +dparse==0.4.1 \ + --hash=sha256:00a5fdfa900629e5159bf3600d44905b333f4059a3366f28e0dbd13eeab17b19 \ + --hash=sha256:cef95156fa0adedaf042cd42f9990974bec76f25dfeca4dc01f381a243d5aa5b \ + # via safety +enum34==1.1.6 ; python_version < "3.4" \ + --hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850 \ + --hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a \ + --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79 \ + --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1 +execnet==1.4.1 \ + --hash=sha256:d2b909c7945832e1c19cfacd96e78da68bdadc656440cfc7dfe59b766744eb8c \ + --hash=sha256:f66dd4a7519725a1b7e14ad9ae7d3df8e09b2da88062386e08e941cafc0ef3e6 \ + # via pytest-xdist +fasteners==0.14.1 \ + --hash=sha256:427c76773fe036ddfa41e57d89086ea03111bbac57c55fc55f3006d027107e18 \ + --hash=sha256:564a115ff9698767df401efca29620cbb1a1c2146b7095ebd304b79cc5807a7c \ + # via python-gilt +flake8==3.5.0 \ + --hash=sha256:7253265f7abd8b313e3892944044a365e3f4ac3fcdcfb4298f55ee9ddf188ba0 \ + --hash=sha256:c7841163e2b576d435799169b78703ad6ac1bbb0f199994fc05f700b2a90ea37 +future==0.16.0 \ + --hash=sha256:e39ced1ab767b5936646cedba8bcce582398233d6a627067d4c6a454c90cfedb \ + # via cookiecutter +futures==3.2.0 ; python_version < "3.0" \ + --hash=sha256:9ec02aa7d674acb8618afb127e27fde7fc68994c0437ad759fa094a574adb265 \ + --hash=sha256:ec0a6cb848cc212002b9828c3e34c675e0c9ff6741dc445cab6fdd4e1085d1f1 +git-url-parse==1.0.2 \ + --hash=sha256:5cec43946d06d1a35e90567473d9ffe929c38ff25fd01a1858331cd0aa265e44 \ + --hash=sha256:75d1cf1e19534678711e1a9293e6fb978461a5f734adf941cd468a802d08bbb2 \ + --hash=sha256:bf0a20c48e8552fea1218b52714be84fa31b0d73c58897e70b765d5e7a26f4cb \ + # via python-gilt +gitdb2==2.0.3 \ + --hash=sha256:b60e29d4533e5e25bb50b7678bbc187c8f6bcff1344b4f293b2ba55c85795f09 \ + --hash=sha256:cf9a4b68e8c4da8d42e48728c944ff7af2d8c9db303ac1ab32eac37aa4194b0e \ + # via gitpython +gitpython==2.1.8 \ + --hash=sha256:ad61bc25deadb535b047684d06f3654c001d9415e1971e51c9c20f5b510076e9 \ + --hash=sha256:b8367c432de995dc330b5b146c5bfdc0926b8496e100fda6692134e00c0dcdc5 \ + # via bandit +html-linter==0.4.0 \ + --hash=sha256:342dad677f2fc810a2562fde0959046ed0d8fa1387bd9e085869e908c1941191 +idna==2.5 \ + --hash=sha256:3cb5ce08046c4e3a560fc02f138d0ac63e00f8ce5901a56b32ec8b7994082aab \ + --hash=sha256:cc19709fd6d0cbfed39ea875d29ba6d4e22c0cebc510a76d6302a28385e8bb70 \ + # via cryptography, requests +imagesize==0.7.1 \ + --hash=sha256:0ab2c62b87987e3252f89d30b7cedbec12a01af9274af9ffa48108f2c13c6062 \ + --hash=sha256:6ebdc9e0ad188f9d1b2cdd9bc59cbe42bf931875e829e7a595e6b3abdc05cdfb \ + # via sphinx +ipaddress==1.0.22 ; python_version < "3.3" \ + --hash=sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794 \ + --hash=sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c +isort==4.2.15 \ + --hash=sha256:79f46172d3a4e2e53e7016e663cc7a8b538bec525c36675fcfd2767df30b3983 \ + --hash=sha256:cd5d3fc2c16006b567a17193edf4ed9830d9454cbeb5a42ac80b36ea00c23db4 \ + # via pylint +jinja2-time==0.2.0 \ + --hash=sha256:d14eaa4d315e7688daa4969f616f226614350c48730bfa1692d2caebd8c90d40 \ + --hash=sha256:d3eab6605e3ec8b7a0863df09cc1d23714908fa61aa6986a845c20ba488b4efa \ + # via cookiecutter +jinja2==2.10 \ + --hash=sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd \ + --hash=sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4 \ + # via ansible, click-completion, cookiecutter, jinja2-time, molecule, sphinx +jmespath==0.9.3 \ + --hash=sha256:6a81d4c9aa62caf061cb517b4d9ad1dd300374cd4706997aff9cd6aedd61fc64 \ + --hash=sha256:f11b4461f425740a1d908e9a3f7365c3d2e569f6ca68a2ff8bc5bcd9676edd63 \ + # via boto3, botocore +lazy-object-proxy==1.3.1 \ + --hash=sha256:0ce34342b419bd8f018e6666bfef729aec3edf62345a53b537a4dcc115746a33 \ + --hash=sha256:1b668120716eb7ee21d8a38815e5eb3bb8211117d9a90b0f8e21722c0758cc39 \ + --hash=sha256:209615b0fe4624d79e50220ce3310ca1a9445fd8e6d3572a896e7f9146bbf019 \ + --hash=sha256:27bf62cb2b1a2068d443ff7097ee33393f8483b570b475db8ebf7e1cba64f088 \ + --hash=sha256:27ea6fd1c02dcc78172a82fc37fcc0992a94e4cecf53cb6d73f11749825bd98b \ + --hash=sha256:2c1b21b44ac9beb0fc848d3993924147ba45c4ebc24be19825e57aabbe74a99e \ + --hash=sha256:2df72ab12046a3496a92476020a1a0abf78b2a7db9ff4dc2036b8dd980203ae6 \ + --hash=sha256:320ffd3de9699d3892048baee45ebfbbf9388a7d65d832d7e580243ade426d2b \ + --hash=sha256:50e3b9a464d5d08cc5227413db0d1c4707b6172e4d4d915c1c70e4de0bbff1f5 \ + --hash=sha256:5276db7ff62bb7b52f77f1f51ed58850e315154249aceb42e7f4c611f0f847ff \ + --hash=sha256:61a6cf00dcb1a7f0c773ed4acc509cb636af2d6337a08f362413c76b2b47a8dd \ + --hash=sha256:6ae6c4cb59f199d8827c5a07546b2ab7e85d262acaccaacd49b62f53f7c456f7 \ + --hash=sha256:7661d401d60d8bf15bb5da39e4dd72f5d764c5aff5a86ef52a042506e3e970ff \ + --hash=sha256:7bd527f36a605c914efca5d3d014170b2cb184723e423d26b1fb2fd9108e264d \ + --hash=sha256:7cb54db3535c8686ea12e9535eb087d32421184eacc6939ef15ef50f83a5e7e2 \ + --hash=sha256:7f3a2d740291f7f2c111d86a1c4851b70fb000a6c8883a59660d95ad57b9df35 \ + --hash=sha256:81304b7d8e9c824d058087dcb89144842c8e0dea6d281c031f59f0acf66963d4 \ + --hash=sha256:933947e8b4fbe617a51528b09851685138b49d511af0b6c0da2539115d6d4514 \ + --hash=sha256:94223d7f060301b3a8c09c9b3bc3294b56b2188e7d8179c762a1cda72c979252 \ + --hash=sha256:ab3ca49afcb47058393b0122428358d2fbe0408cf99f1b58b295cfeb4ed39109 \ + --hash=sha256:bd6292f565ca46dee4e737ebcc20742e3b5be2b01556dafe169f6c65d088875f \ + --hash=sha256:cb924aa3e4a3fb644d0c463cad5bc2572649a6a3f68a7f8e4fbe44aaa6d77e4c \ + --hash=sha256:d0fc7a286feac9077ec52a927fc9fe8fe2fabab95426722be4c953c9a8bede92 \ + --hash=sha256:ddc34786490a6e4ec0a855d401034cbd1242ef186c20d79d2166d6a4bd449577 \ + --hash=sha256:e34b155e36fa9da7e1b7c738ed7767fc9491a62ec6af70fe9da4a057759edc2d \ + --hash=sha256:e5b9e8f6bda48460b7b143c3821b21b452cb3a835e6bbd5dd33aa0c8d3f5137d \ + --hash=sha256:e81ebf6c5ee9684be8f2c87563880f93eedd56dd2b6146d8a725b50b7e5adb0f \ + --hash=sha256:eb91be369f945f10d3a49f5f9be8b3d0b93a4c2be8f8a5b83b0571b8123e0a7a \ + --hash=sha256:f460d1ceb0e4a5dcb2a652db0904224f367c9b3c1470d5a7683c0480e582468b \ + # via astroid +livereload==2.5.1 \ + --hash=sha256:422de10d7ea9467a1ba27cbaffa84c74b809d96fb1598d9de4b9b676adf35e2c \ + --hash=sha256:5ed6506f5d526ee712da9f3739c27714e6f3376f3e481728d298efceae0ec83a \ + # via sphinx-autobuild +markupsafe==1.0 \ + --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ + # via jinja2 +mccabe==0.6.1 \ + --hash=sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42 \ + --hash=sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f \ + # via flake8, pylint +molecule==2.19.0 \ + --hash=sha256:23b1b30b37998f0eb747dc06a602df59157fe78d3f6a9882dea9271d8d37cdee \ + --hash=sha256:59734fa4487e1d4b9be6f5a3c1192ac76445670bc44ee172f23ac122d90412e3 \ + --hash=sha256:9be671194019476dae73970ff92946595e7a2b7cc9c10afb0395a020b9f0fcde +monotonic==1.4 \ + --hash=sha256:0bcd2b14e3b7ee7cfde796e408176ceffa01d89646f2e532964ef2aae0c9fa3e \ + --hash=sha256:a02611d5b518cd4051bf22d21bd0ae55b3a03f2d2993a19b6c90d9d168691f84 \ + # via fasteners +netaddr==0.7.19 \ + --hash=sha256:38aeec7cdd035081d3a4c306394b19d677623bf76fa0913f6695127c7753aefd \ + --hash=sha256:56b3558bd71f3f6999e4c52e349f38660e54a7a8a9943335f73dfc96883e08ca +packaging==16.8 \ + --hash=sha256:5d50835fdf0a7edf0b55e311b7c887786504efea1177abd7e69329a8e5ea619e \ + --hash=sha256:99276dc6e3a7851f32027a68f1095cd3f77c148091b092ea867a351811cfe388 \ + # via dparse, safety +paramiko==2.4.2 \ + --hash=sha256:3c16b2bfb4c0d810b24c40155dbfd113c0521e7e6ee593d704e84b4c658a1f3b \ + --hash=sha256:a8975a7df3560c9f1e2b43dc54ebd40fd00a7017392ca5445ce7df409f900fcb \ + # via ansible +pathspec==0.5.5 \ + --hash=sha256:72c495d1bbe76674219e307f6d1c6062f2e1b0b483a5e4886435127d0df3d0d3 \ + # via yamllint +pathtools==0.1.2 \ + --hash=sha256:7c35c5421a39bb82e58018febd90e3b6e5db34c5443aaaf742b3f33d4655f1c0 \ + # via sphinx-autobuild, watchdog +pbr==4.1.0 \ + --hash=sha256:4f2b11d95917af76e936811be8361b2b19616e5ef3b55956a429ec7864378e0c \ + --hash=sha256:e0f23b61ec42473723b2fec2f33fb12558ff221ee551962f01dd4de9053c2055 \ + # via git-url-parse, molecule, python-gilt, stevedore +pexpect==4.6.0 \ + --hash=sha256:2a8e88259839571d1251d278476f3eec5db26deb73a70be5ed5dc5435e418aba \ + --hash=sha256:3fbd41d4caf27fa4a377bfd16fef87271099463e6fa73e92a52f92dfee5d425b \ + # via molecule +pip-tools==3.8.0 \ + --hash=sha256:1240b075af2aaf8231898a6cb0220a103a06182a239ebf4537920e5d02ad89c3 \ + --hash=sha256:e4f33c3c77954182ec6998d661b0c2749428d3b461c0247d28ee67493a1c90ef +port-for==0.3.1 \ + --hash=sha256:b16a84bb29c2954db44c29be38b17c659c9c27e33918dec16b90d375cc596f1c \ + # via sphinx-autobuild +poyo==0.4.1 \ + --hash=sha256:103b4ee3e1c7765098fe1cabe43f828db2e2a6079646561a2117e1a809f352d6 \ + --hash=sha256:230ec11c2f35a23410c1f0e474f09fa4e203686f40ab3adca7b039c845d8c325 \ + # via cookiecutter +psutil==5.4.6 \ + --hash=sha256:0ff2b16e9045d01edb1dd10d7fbcc184012e37f6cd38029e959f2be9c6223f50 \ + --hash=sha256:254adb6a27c888f141d2a6032ae231d8ed4fc5f7583b4c825e5f7d7c78d26d2e \ + --hash=sha256:319e12f6bae4d4d988fbff3bed792953fa3b44c791f085b0a1a230f755671ef7 \ + --hash=sha256:529ae235896efb99a6f77653a7138273ab701ec9f0343a1f5030945108dee3c4 \ + --hash=sha256:686e5a35fe4c0acc25f3466c32e716f2d498aaae7b7edc03e2305b682226bcf6 \ + --hash=sha256:6d981b4d863b20c8ceed98b8ac3d1ca7f96d28707a80845d360fa69c8fc2c44b \ + --hash=sha256:7789885a72aa3075d28d028236eb3f2b84d908f81d38ad41769a6ddc2fd81b7c \ + --hash=sha256:7f4616bcb44a6afda930cfc40215e5e9fa7c6896e683b287c771c937712fbe2f \ + --hash=sha256:7fdb3d02bfd68f508e6745021311a4a4dbfec53fca03721474e985f310e249ba \ + --hash=sha256:a9b85b335b40a528a8e2a6b549592138de8429c6296e7361892958956e6a73cf \ + --hash=sha256:dc85fad15ef98103ecc047a0d81b55bbf5fe1b03313b96e883acc2e2fa87ed5c \ + # via molecule +ptyprocess==0.5.2 \ + --hash=sha256:e64193f0047ad603b71f202332ab5527c5e52aa7c8b609704fc28c0dc20c4365 \ + --hash=sha256:e8c43b5eee76b2083a9badde89fd1bbce6c8942d1045146e100b7b5e014f4f1a \ + # via pexpect +py==1.4.34 \ + --hash=sha256:0f2d585d22050e90c7d293b6451c83db097df77871974d90efd5a30dc12fcde3 \ + --hash=sha256:2ccb79b01769d99115aa600d7eed99f524bf752bba8f041dc1c184853514655a \ + # via pytest +pyasn1==0.3.1 \ + --hash=sha256:6343473736c7e236678f79c711b89587adebb75eac6f3244b3b268b0a835d46f \ + --hash=sha256:f6e437000baec5feda6bc4c04acaf7ca25bbca76a6cbce142ebbfada12244fac \ + # via paramiko +pycodestyle==2.3.1 \ + --hash=sha256:682256a5b318149ca0d2a9185d365d8864a768a28db66a84a2ea946bcc426766 \ + --hash=sha256:6c4245ade1edfad79c3446fadfc96b0de2759662dc29d07d80a6f27ad1ca6ba9 \ + # via flake8 +pycparser==2.18 \ + --hash=sha256:99a8ca03e29851d96616ad0404b4aad7d9ee16f25c9f9708a11faf2810f7b226 \ + # via cffi +pyenchant==2.0.0 \ + --hash=sha256:b9526fc2c5f1ba0637e50200b645a7c20fb6644dbc6f6322027e7d2fbf1084a5 \ + --hash=sha256:e8000144e61551fcab9cd1b6fdccdded20e577e8d6d0985533f0b2b9c38fd952 \ + --hash=sha256:fc31cda72ace001da8fe5d42f11c26e514a91fa8c70468739216ddd8de64e2a0 +pyflakes==1.5.0 \ + --hash=sha256:aa0d4dff45c0cc2214ba158d29280f8fa1129f3e87858ef825930845146337f4 \ + --hash=sha256:cc5eadfb38041f8366128786b4ca12700ed05bbf1403d808e89d57d67a3875a7 \ + # via flake8 +pygments==2.2.0 \ + --hash=sha256:78f3f434bcc5d6ee09020f92ba487f95ba50f1e3ef83ae96b9d5ffa1bab25c5d \ + --hash=sha256:dbae1046def0efb574852fab9e90209b23f556367b5a320c0bcb871c77c3e8cc \ + # via sphinx +pylint==1.8.1 \ + --hash=sha256:3035e44e37cd09919e9edad5573af01d7c6b9c52a0ebb4781185ae7ab690458b \ + --hash=sha256:c8e59da0f2f9990eb00aad1c1de16cd7809315842ebccc3f65ca9df46213df3b +pynacl==1.1.2 \ + --hash=sha256:123c41df1db119397f2e26e9c63ca2ea853d3663e26b1c389bd3859dc1b7178a \ + --hash=sha256:1b4938a557b32e5c6b27fac79a94cf1abb70753b5462a0b577bd2a77e09dacd0 \ + --hash=sha256:301c966c1e17950e50d174ab4b2e7ef3e98ff51ad7a591152a19fe2139281eed \ + --hash=sha256:32f52b754abf07c319c04ce16905109cab44b0e7f7c79497431d3b2000f8af8c \ + --hash=sha256:3fd984580cbea8e02fc531aa32ab9487b72c30127f9e4c8db9ba3fe8950ecc93 \ + --hash=sha256:4a3be9f884df08087996516707446ba55648bbefae8428bf578fa05f20fa2ed9 \ + --hash=sha256:4c15d7cea1a313fff3f68222e682ee1f855e43c0865081cad7385066a6b57d75 \ + --hash=sha256:4d21d733a63637ddf41d0cab50135ec9f5224dd22fd10ebf5c5f5f946b833f84 \ + --hash=sha256:506bc2591968a1a7b6577075bc29a591d8fff5bdfec03b0dd926f34b75b670e5 \ + --hash=sha256:5172395dea8203ae124fd282fef3d242aa75366d66aebc0f5aab0c4753eed97b \ + --hash=sha256:53d83faf274813a5778bba1cd4cb96b79f39e44a63b1c4a4dada01a2b0eeafe8 \ + --hash=sha256:57314a7bad4bd39501dc622942f9921923673e52e126b0fc4f0214b5d25d619a \ + --hash=sha256:67b75a950dbc4025bfa549c183baa17db4096955912f385df31830e5a2121974 \ + --hash=sha256:75a427377b2088c29a44db08c796c75a9cde2f9725dd041903cfbc0f6034895c \ + --hash=sha256:7d14f18f8bc43977691276097524b9713d21b9635fea9791311261a66e4fe296 \ + --hash=sha256:813d4170f62d68236bb041cf731e8d1f34fc1006a5e5d81139bead6ddaa9d169 \ + --hash=sha256:877879903cddb5da317fe86d923f65eb28c62fd7feb79cd3402d166e401f9423 \ + --hash=sha256:9532aaa446840ece574c719ad3bbf25f60ca9871f48b5446e3f73e8b498e2398 \ + --hash=sha256:9558ef5c1ae45322c054d1d1151016e0463b4da8b5c746a675e99c5c7d8f4faa \ + --hash=sha256:99f91eb80b85fe16f70d362cfeae8eeeb108cd09a85f039fdab02164762f764b \ + --hash=sha256:b796d95704b674100bd99fc42bbde9f8f2ccddae8599a4d4bbcb518428dfbfed \ + --hash=sha256:c4ea0e3b9f3317ada56e12c7b37f6d0316900ae8b54a20d7b100d4e14350ac87 \ + --hash=sha256:c93d151efcdd7d214b1b11d781c9f1b125f0208cd06d9762bddabdfeac1cedfc \ + --hash=sha256:ca2deb968135f1400105ca902f5cef24ba6984b6a4904756498afcb9077c76f9 \ + --hash=sha256:ceb16b7977123713ad898450ca86a2dc6706a17fe4cf278ffb6b76929c186550 \ + --hash=sha256:dfc85c2b414dee700e32764559d560063825ec1470d3ee6c973e43c80a622e56 \ + --hash=sha256:f01405a5c453b866e35338c53882f7ba7069c1f4e4045ce67513ad45c796f8a5 \ + --hash=sha256:ffb74ac578b3b80b1d2d5a23a6dd7b1d6682e5fce6a7b3d21b46b180a5546055 \ + # via paramiko +pyparsing==2.2.0 \ + --hash=sha256:0832bcf47acd283788593e7a0f542407bd9550a55a8a8435214a1960e04bcb04 \ + --hash=sha256:fee43f17a9c4087e7ed1605bd6df994c6173c1e977d7ade7b651292fab2bd010 \ + # via packaging +pytest-xdist==1.18.2 \ + --hash=sha256:10468377901b80255cf192c4603a94ffe8b1f071f5c912868da5f5cb91170dae +pytest==3.2.0 \ + --hash=sha256:0225cf10b9e173f84729d5f4648211458a222c6e53a77a85e104bc5f31c244ee \ + --hash=sha256:d994b4f28c6d449a467ad3d336544945a0dcf350e3b7b301219547ef5aa8125e \ + # via pytest-xdist, testinfra +python-dateutil==2.6.1 \ + --hash=sha256:891c38b2a02f5bb1be3e4793866c8df49c7d19baabf9c1bad62547e0b4866aca \ + --hash=sha256:95511bae634d69bc7329ba55e646499a842bc4ec342ad54a8cdb65645a0aad3c \ + # via arrow, botocore +python-gilt==1.2.1 \ + --hash=sha256:4fd58c128635d1f4a8c93305e648f23379ce56e23624e4c5479427fcd2d5656e \ + --hash=sha256:c7321ef1a8efddbdef657b4fd21c3eaf1b4cb24a9656d97b73a444b1feb2067a \ + --hash=sha256:e23a45a6905e6bb7aec3ff7652b48309933a6991fad4546d9e793ac7e0513f8a \ + # via molecule +python-vagrant==0.5.15 \ + --hash=sha256:af9a8a9802d382d45dbea96aa3cfbe77c6e6ad65b3fe7b7c799d41ab988179c6 +pytz==2017.2 \ + --hash=sha256:d1d6729c85acea5423671382868627129432fba9a89ecbb248d8d1c7a9f01c67 \ + --hash=sha256:f5c056e8f62d45ba8215e5cb8f50dfccb198b4b9fbea8500674f3443e4689589 \ + # via babel +pyyaml==3.13 \ + --hash=sha256:3d7da3009c0f3e783b2c873687652d83b1bbfd5c88e9813fb7e5b03c0dd3108b \ + --hash=sha256:3ef3092145e9b70e3ddd2c7ad59bdd0252a94dfe3949721633e41344de00a6bf \ + --hash=sha256:40c71b8e076d0550b2e6380bada1f1cd1017b882f7e16f09a65be98e017f211a \ + --hash=sha256:558dd60b890ba8fd982e05941927a3911dc409a63dcb8b634feaa0cda69330d3 \ + --hash=sha256:a7c28b45d9f99102fa092bb213aa12e0aaf9a6a1f5e395d36166639c1f96c3a1 \ + --hash=sha256:aa7dd4a6a427aed7df6fb7f08a580d68d9b118d90310374716ae90b710280af1 \ + --hash=sha256:bc558586e6045763782014934bfaf39d48b8ae85a2713117d16c39864085c613 \ + --hash=sha256:d46d7982b62e0729ad0175a9bc7e10a566fc07b224d2c79fafb5e032727eaa04 \ + --hash=sha256:d5eef459e30b09f5a098b9cea68bebfeb268697f78d647bd255a085371ac7f3f \ + --hash=sha256:e01d3203230e1786cd91ccfdc8f8454c8069c91bee3962ad93b87a4b2860f537 \ + --hash=sha256:e170a9e6fcfd19021dd29845af83bb79236068bf5fd4df3327c1be18182b2531 \ + # via ansible, ansible-lint, bandit, dparse, molecule, python-gilt, sphinx-autobuild, watchdog, yamllint +requests==2.20.0 \ + --hash=sha256:99dcfdaaeb17caf6e526f32b6a7b780461512ab3f1d992187801694cba42770c \ + --hash=sha256:a84b8c9ab6239b578f22d1c21d51b696dcfe004032bb80ea832398d6909d7279 \ + # via cookiecutter, docker-py, safety, sphinx +s3transfer==0.1.12 \ + --hash=sha256:10891b246296e0049071d56c32953af05cea614dca425a601e4c0be35990121e \ + --hash=sha256:23c156ca4d64b022476c92c44bf938bef71af9ce0dcd8fd6585e7bce52f66e47 \ + # via boto3 +safety==1.8.4 \ + --hash=sha256:399511524f47230d5867f1eb75548f9feefb7a2711a4985cb5be0e034f87040f \ + --hash=sha256:69b970918324865dcd7b92337e07152a0ea1ceecaf92f4d3b38529ee0ca83441 +sh==1.12.14 \ + --hash=sha256:ae3258c5249493cebe73cb4e18253a41ed69262484bad36fdb3efcb8ad8870bb \ + --hash=sha256:b52bf5833ed01c7b5c5fb73a7f71b3d98d48e9b9b8764236237bdc7ecae850fc \ + # via molecule, python-gilt +singledispatch==3.4.0.3 \ + --hash=sha256:5b06af87df13818d14f08a028e42f566640aef80805c3b50c5056b086e3c2b9c \ + --hash=sha256:833b46966687b3de7f438c761ac475213e53b306740f1abfaa86e1d1aae56aa8 \ + # via astroid, pylint, tornado +six==1.11.0 \ + --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9 \ + --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb \ + # via ansible-lint, astroid, bandit, bcrypt, click-completion, cryptography, docker-py, docker-pycreds, dparse, fasteners, git-url-parse, livereload, molecule, packaging, pip-tools, pylint, pynacl, python-dateutil, singledispatch, sphinx, stevedore, testinfra, websocket-client +smmap2==2.0.3 \ + --hash=sha256:b78ee0f1f5772d69ff50b1cbdb01b8c6647a8354f02f23b488cf4b2cfc923956 \ + --hash=sha256:c7530db63f15f09f8251094b22091298e82bf6c699a6b8344aaaef3f2e1276c3 \ + # via gitdb2 +snowballstemmer==1.2.1 \ + --hash=sha256:919f26a68b2c17a7634da993d91339e288964f93c274f1343e3bbbe2096e1128 \ + --hash=sha256:9f3bcd3c401c3e862ec0ebe6d2c069ebc012ce142cce209c098ccb5b09136e89 \ + # via sphinx +sphinx-autobuild==0.7.1 \ + --hash=sha256:66388f81884666e3821edbe05dd53a0cfb68093873d17320d0610de8db28c74e \ + --hash=sha256:e60aea0789cab02fa32ee63c7acae5ef41c06f1434d9fd0a74250a61f5994692 +sphinx-rtd-theme==0.2.4 \ + --hash=sha256:2df74b8ff6fae6965c527e97cca6c6c944886aae474b490e17f92adfbe843417 \ + --hash=sha256:62ee4752716e698bad7de8a18906f42d33664128eea06c46b718fc7fbd1a9f5c +sphinx==1.6.3 \ + --hash=sha256:3ea0faf3e152a0e40372d8495c8cbd59e93f89266231c367d8098ec0dfede98f \ + --hash=sha256:af8bdb8c714552b77d01d4536e3d6d2879d6cb9d25423d29163d5788e27046e6 +sphinxcontrib-websupport==1.0.1 \ + --hash=sha256:7a85961326aa3a400cd4ad3c816d70ed6f7c740acd7ce5d78cd0a67825072eb9 \ + --hash=sha256:f4932e95869599b89bf4f80fc3989132d83c9faa5bf633e7b5e0c25dffb75da2 \ + # via sphinx +stevedore==1.28.0 \ + --hash=sha256:e3d96b2c4e882ec0c1ff95eaebf7b575a779fd0ccb4c741b9832bed410d58b3d \ + --hash=sha256:f1c7518e7b160336040fee272174f1f7b29a46febb3632502a8f2055f973d60b \ + # via bandit +tabulate==0.8.2 \ + --hash=sha256:e4ca13f26d0a6be2a2915428dc21e732f1e44dad7f76d7030b2ef1ec251cf7f2 \ + # via molecule +template-remover==0.1.9 \ + --hash=sha256:480f1ce63f56affac1edb29356afcca1260e8409cd928fcf9438fc149df5ff41 \ + # via html-linter +testinfra==1.16.0 \ + --hash=sha256:499ba7201d1a0f418fa0318bf2ae28142893c4f9d49ab24af21441fdb529292f \ + --hash=sha256:da1d0d1ffd68935b950b7b83833d863436ea75398a5cbdc0d0ab9e61132e2088 +tornado==4.5.1 \ + --hash=sha256:0a6894559e62a186d6cc20f1c0e7318f83ae8e28922d75c4b6f83d42cc91d8b1 \ + --hash=sha256:2b4618010625bcf01f187eec3148c6a3db76a2a900f7dde416330fc413274df1 \ + --hash=sha256:c3f4456f0ab9e62dab7ede834dcf4c89082238e97b3e67a9196572c076e716aa \ + --hash=sha256:db0904a28253cfe53e7dedc765c71596f3c53bb8a866ae50123320ec1a7b73fd \ + --hash=sha256:fb0883ae46da958d06fda2e3be6c033825a0b8603c493df8a69c0237055308d9 \ + # via livereload, sphinx-autobuild +tree-format==0.1.2 \ + --hash=sha256:a538523aa78ae7a4b10003b04f3e1b37708e0e089d99c9d3b9e1c71384c9a7f9 \ + --hash=sha256:b5056228dbedde1fb81b79f71fb0c23c98e9d365230df9b29af76e8d8003de11 \ + # via molecule +typing==3.6.6 \ + --hash=sha256:4027c5f6127a6267a435201981ba156de91ad0d1d98e9ddc2aa173453453492d \ + --hash=sha256:57dcf675a99b74d64dacf6fba08fb17cf7e3d5fdff53d4a30ea2a5e7e52543d4 \ + --hash=sha256:a4c8473ce11a65999c8f59cb093e70686b6c84c98df58c1dae9b3b196089858a \ + # via sphinx +urllib3==1.23 \ + --hash=sha256:a68ac5e15e76e7e5dd2b8f94007233e01effe3e50e8daddf69acfd81cb686baf \ + --hash=sha256:b5725a0bd4ba422ab0e66e89e030c806576753ea3ee08554382c14e685d117b5 +watchdog==0.8.3 \ + --hash=sha256:7e65882adb7746039b6f3876ee174952f8eaaa34491ba34333ddf1fe35de4162 \ + # via sphinx-autobuild +websocket-client==0.44.0 \ + --hash=sha256:15f585566e2ea7459136a632b9785aa081093064391878a448c382415e948d72 \ + --hash=sha256:91222bb3a22ba989ac87eec9121655f295dcb746b6207c5576ffa549ab69302c \ + # via docker-py +whichcraft==0.4.1 \ + --hash=sha256:9e0d51c9387cb7e9f28b7edb549e6a03da758f7784f991eb4397d7f7808c57fd \ + --hash=sha256:cd0e10b58960ab877d9f273cd28788730936c3cdaceec2dafad97c7cf3067d46 \ + # via cookiecutter +wrapt==1.10.11 \ + --hash=sha256:d4d560d479f2c21e1b5443bbd15fe7ec4b37fe7e53d335d3b9b0a7b1226fe3c6 \ + # via astroid +yamllint==1.11.1 \ + --hash=sha256:93e255e4bd96c7c0850bf182b09f6b35625130f15b37a0e03d8bf378d747081c \ + --hash=sha256:e9b7dec24921ef13180902e5dbcaae9157c773e3e3e2780ef77d3a4dd67d799f + +# WARNING: The following packages were not pinned, but pip requires them to be +# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. +# pip==19.1.1 # via safety +# setuptools==41.0.1 # via ansible, pytest, sphinx diff --git a/securedrop/requirements/securedrop-app-code-requirements.in b/securedrop/requirements/securedrop-app-code-requirements.in index 4484cca207..a015784d72 100644 --- a/securedrop/requirements/securedrop-app-code-requirements.in +++ b/securedrop/requirements/securedrop-app-code-requirements.in @@ -1,13 +1,16 @@ alembic argon2_cffi cryptography>2.3 +enum34==1.1.6; python_version < "3.4" Flask-Assets Flask-Babel Flask-SQLAlchemy Flask-WTF Flask>0.12.2 +ipaddress==1.0.22; python_version < "3.3" Jinja2>=2.10.1 jsmin +mod_wsgi passlib pretty-bad-protocol>=3.1.1 psutil diff --git a/securedrop/requirements/securedrop-app-code-requirements.txt b/securedrop/requirements/securedrop-app-code-requirements.txt index ecf5bb481f..330425eaf5 100644 --- a/securedrop/requirements/securedrop-app-code-requirements.txt +++ b/securedrop/requirements/securedrop-app-code-requirements.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --generate-hashes --output-file securedrop/requirements/securedrop-app-code-requirements.txt securedrop/requirements/securedrop-app-code-requirements.in +# pip-compile --generate-hashes --output-file=securedrop/requirements/securedrop-app-code-requirements.txt securedrop/requirements/securedrop-app-code-requirements.in # alembic==0.9.9 \ --hash=sha256:85bd3ea7633024e4930900bc64fb58f9742dedbc6ebb6ecf25be2ea9a3c1b32e @@ -96,12 +96,11 @@ cryptography==2.6.1 \ --hash=sha256:d4afbb0840f489b60f5a580a41a1b9c3622e08ecb5eec8614d4fb4cd914c4460 \ --hash=sha256:d9ed28030797c00f4bc43c86bf819266c76a5ea61d006cd4078a93ebf7da6bfd \ --hash=sha256:e603aa7bb52e4e8ed4119a58a03b60323918467ef209e6ff9db3ac382e5cf2c6 -enum34==1.1.6 \ +enum34==1.1.6 ; python_version < "3.4" \ --hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850 \ --hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a \ --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79 \ - --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1 \ - # via argon2-cffi, cryptography + --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1 flask-assets==0.12 \ --hash=sha256:6031527b89fb3509d1581d932affa5a79dd348cfffb58d0aef99a43461d47847 flask-babel==0.11.2 \ @@ -116,10 +115,9 @@ flask-wtf==0.14.2 \ flask==1.0.2 \ --hash=sha256:2271c0070dbcb5275fad4a82e29f23ab92682dc45f9dfbc22c02ba9b9322ce48 \ --hash=sha256:a080b744b7e345ccfcbc77954861cb05b3c63786e93f2b3875e0913d44b43f05 -ipaddress==1.0.22 \ +ipaddress==1.0.22 ; python_version < "3.3" \ --hash=sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794 \ - --hash=sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c \ - # via cryptography + --hash=sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c itsdangerous==0.24 \ --hash=sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519 \ # via flask @@ -134,6 +132,8 @@ mako==1.0.7 \ markupsafe==1.0 \ --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ # via jinja2, mako +mod-wsgi==4.6.6 \ + --hash=sha256:9e2fb209eb7c88f12b12fc6401db9cdc04eb9ef5baa156f07467dda12c0fbbad passlib==1.7.1 \ --hash=sha256:3d948f64138c25633613f303bcc471126eae67c04d5e3f6b7b8ce6242f8653e0 \ --hash=sha256:43526aea08fa32c6b6dbbbe9963c4c767285b78147b7437597f992812f69d280 diff --git a/securedrop/requirements/test-requirements.in b/securedrop/requirements/test-requirements.in index 3041283f5c..0d788d1e16 100644 --- a/securedrop/requirements/test-requirements.in +++ b/securedrop/requirements/test-requirements.in @@ -2,7 +2,7 @@ beautifulsoup4 blinker Flask-Testing mock -pip-tools>=3.5.0,<4 +pip-tools>=3.8.0,<4 py pytest pytest-cov diff --git a/securedrop/requirements/test-requirements.txt b/securedrop/requirements/test-requirements.txt index 0cf524640e..d58298b812 100644 --- a/securedrop/requirements/test-requirements.txt +++ b/securedrop/requirements/test-requirements.txt @@ -2,38 +2,155 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --output-file securedrop/requirements/test-requirements.txt securedrop/requirements/test-requirements.in +# pip-compile --generate-hashes --output-file=securedrop/requirements/test-requirements.txt securedrop/requirements/test-requirements.in # -attrs==17.4.0 # via hypothesis, pytest -beautifulsoup4==4.6.0 -blinker==1.4 -certifi==2018.11.29 # via requests -chardet==3.0.4 # via requests -click==6.7 # via flask, pip-tools -coverage==4.4.2 # via pytest-cov -enum34==1.1.6 # via hypothesis -easyprocess==0.2.3 # via pyvirtualdisplay -flask-testing==0.7.1 -flask==1.0.2 # via flask-testing -funcsigs==1.0.2 # via mock, pytest -hypothesis==4.22.2 -idna==2.8 # via requests -itsdangerous==0.24 # via flask -jinja2==2.10.1 # via flask -markupsafe==1.0 # via jinja2 -mock==2.0.0 -pbr==3.1.1 # via mock -pip-tools==3.5.0 -pluggy==0.6.0 # via pytest -py==1.5.2 -pysocks==1.6.8 # via requests -pytest-cov==2.5.1 -pytest-mock==1.7.1 -pytest==3.3.2 -pyvirtualdisplay==0.2.1 -requests[socks]==2.21.0 -selenium==3.141.0 -six==1.11.0 # via mock, pip-tools, pytest -tbselenium==0.4.2 -urllib3==1.24.1 # via requests, selenium -werkzeug==0.14.1 # via flask +attrs==17.4.0 \ + --hash=sha256:1c7960ccfd6a005cd9f7ba884e6316b5e430a3f1a6c37c5f87d8b43f83b54ec9 \ + --hash=sha256:a17a9573a6f475c99b551c0e0a812707ddda1ec9653bed04c13841404ed6f450 \ + # via hypothesis, pytest +beautifulsoup4==4.6.0 \ + --hash=sha256:11a9a27b7d3bddc6d86f59fb76afb70e921a25ac2d6cc55b40d072bd68435a76 \ + --hash=sha256:7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11 \ + --hash=sha256:808b6ac932dccb0a4126558f7dfdcf41710dd44a4ef497a0bb59a77f9f078e89 +blinker==1.4 \ + --hash=sha256:471aee25f3992bd325afa3772f1063dbdbbca947a041b8b89466dc00d606f8b6 +certifi==2018.11.29 \ + --hash=sha256:47f9c83ef4c0c621eaef743f133f09fa8a74a9b75f037e8624f83bd1b6626cb7 \ + --hash=sha256:993f830721089fef441cdfeb4b2c8c9df86f0c63239f06bd025a76a7daddb033 \ + # via requests +chardet==3.0.4 \ + --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \ + --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \ + # via requests +click==6.7 \ + --hash=sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d \ + --hash=sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b \ + # via flask, pip-tools +coverage==4.4.2 \ + --hash=sha256:007eeef7e23f9473622f7d94a3e029a45d55a92a1f083f0f3512f5ab9a669b05 \ + --hash=sha256:079248312838c4c8f3494934ab7382a42d42d5f365f0cf7516f938dbb3f53f3f \ + --hash=sha256:17307429935f96c986a1b1674f78079528833410750321d22b5fb35d1883828e \ + --hash=sha256:2ad357d12971e77360034c1596011a03f50c0f9e1ecd12e081342b8d1aee2236 \ + --hash=sha256:2e1a5c6adebb93c3b175103c2f855eda957283c10cf937d791d81bef8872d6ca \ + --hash=sha256:309d91bd7a35063ec7a0e4d75645488bfab3f0b66373e7722f23da7f5b0f34cc \ + --hash=sha256:358d635b1fc22a425444d52f26287ae5aea9e96e254ff3c59c407426f44574f4 \ + --hash=sha256:3f4d0b3403d3e110d2588c275540649b1841725f5a11a7162620224155d00ba2 \ + --hash=sha256:493082f104b5ca920e97a485913de254cbe351900deed72d4264571c73464cd0 \ + --hash=sha256:4c4f368ffe1c2e7602359c2c50233269f3abe1c48ca6b288dcd0fb1d1c679733 \ + --hash=sha256:5ff16548492e8a12e65ff3d55857ccd818584ed587a6c2898a9ebbe09a880674 \ + --hash=sha256:66f393e10dd866be267deb3feca39babba08ae13763e0fc7a1063cbe1f8e49f6 \ + --hash=sha256:700d7579995044dc724847560b78ac786f0ca292867447afda7727a6fbaa082e \ + --hash=sha256:81912cfe276e0069dca99e1e4e6be7b06b5fc8342641c6b472cb2fed7de7ae18 \ + --hash=sha256:82cbd3317320aa63c65555aa4894bf33a13fb3a77f079059eb5935eea415938d \ + --hash=sha256:845fddf89dca1e94abe168760a38271abfc2e31863fbb4ada7f9a99337d7c3dc \ + --hash=sha256:87d942863fe74b1c3be83a045996addf1639218c2cb89c5da18c06c0fe3917ea \ + --hash=sha256:9721f1b7275d3112dc7ccf63f0553c769f09b5c25a26ee45872c7f5c09edf6c1 \ + --hash=sha256:a7cfaebd8f24c2b537fa6a271229b051cdac9c1734bb6f939ccfc7c055689baa \ + --hash=sha256:b0059630ca5c6b297690a6bf57bf2fdac1395c24b7935fd73ee64190276b743b \ + --hash=sha256:bd4800e32b4c8d99c3a2c943f1ac430cbf80658d884123d19639bcde90dad44a \ + --hash=sha256:cdd92dd9471e624cd1d8c1a2703d25f114b59b736b0f1f659a98414e535ffb3d \ + --hash=sha256:d00e29b78ff610d300b2c37049a41234d48ea4f2d2581759ebcf67caaf731c31 \ + --hash=sha256:d1ee76f560c3c3e8faada866a07a32485445e16ed2206ac8378bd90dadffb9f0 \ + --hash=sha256:dd707a21332615108b736ef0b8513d3edaf12d2a7d5fc26cd04a169a8ae9b526 \ + --hash=sha256:e3ba9b14607c23623cf38f90b23f5bed4a3be87cbfa96e2e9f4eabb975d1e98b \ + --hash=sha256:e9a0e1caed2a52f15c96507ab78a48f346c05681a49c5b003172f8073da6aa6b \ + --hash=sha256:eea9135432428d3ca7ee9be86af27cb8e56243f73764a9b6c3e0bda1394916be \ + --hash=sha256:f29841e865590af72c4b90d7b5b8e93fd560f5dea436c1d5ee8053788f9285de \ + --hash=sha256:f3a5c6d054c531536a83521c00e5d4004f1e126e2e2556ce399bef4180fbe540 \ + --hash=sha256:f87f522bde5540d8a4b11df80058281ac38c44b13ce29ced1e294963dd51a8f8 \ + --hash=sha256:f8c55dd0f56d3d618dfacf129e010cbe5d5f94b6951c1b2f13ab1a2f79c284da \ + # via pytest-cov +easyprocess==0.2.3 \ + --hash=sha256:94e241cadc9a46f55b5c06000df85618849602e7e1865b8de87576b90a22e61f \ + # via pyvirtualdisplay +enum34==1.1.6 \ + --hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850 \ + --hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a \ + --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79 \ + --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1 \ + # via hypothesis +flask-testing==0.7.1 \ + --hash=sha256:dc076623d7d850653a018cb64f500948334c8aeb6b10a5a842bf1bcfb98122bc +flask==1.0.2 \ + --hash=sha256:2271c0070dbcb5275fad4a82e29f23ab92682dc45f9dfbc22c02ba9b9322ce48 \ + --hash=sha256:a080b744b7e345ccfcbc77954861cb05b3c63786e93f2b3875e0913d44b43f05 \ + # via flask-testing +funcsigs==1.0.2 \ + --hash=sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca \ + --hash=sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50 \ + # via mock, pytest +hypothesis==4.22.2 \ + --hash=sha256:7d504c4de30ec2bf9e9421e6dacb76666266bc584440b3fda4ba3ae7ecb8d2fc \ + --hash=sha256:ce7c4a46823f73e9ef548f10963095bf82c787646a09d1886979f007c74b07cc \ + --hash=sha256:e97ef0a17a6dfb3873aa7e4ef3e6398d5b5ee7fbc5923f2cebfa4a1d5f9eb44b +idna==2.8 \ + --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \ + --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c \ + # via requests +itsdangerous==0.24 \ + --hash=sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519 \ + # via flask +jinja2==2.10.1 \ + --hash=sha256:065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013 \ + --hash=sha256:14dd6caf1527abb21f08f86c784eac40853ba93edb79552aa1e4b8aef1b61c7b \ + # via flask +markupsafe==1.0 \ + --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ + # via jinja2 +mock==2.0.0 \ + --hash=sha256:5ce3c71c5545b472da17b72268978914d0252980348636840bd34a00b5cc96c1 \ + --hash=sha256:b158b6df76edd239b8208d481dc46b6afd45a846b7812ff0ce58971cf5bc8bba +pbr==3.1.1 \ + --hash=sha256:05f61c71aaefc02d8e37c0a3eeb9815ff526ea28b3b76324769e6158d7f95be1 \ + --hash=sha256:60c25b7dfd054ef9bb0ae327af949dd4676aa09ac3a9471cdc871d8a9213f9ac \ + # via mock +pip-tools==3.8.0 \ + --hash=sha256:1240b075af2aaf8231898a6cb0220a103a06182a239ebf4537920e5d02ad89c3 \ + --hash=sha256:e4f33c3c77954182ec6998d661b0c2749428d3b461c0247d28ee67493a1c90ef +pluggy==0.6.0 \ + --hash=sha256:7f8ae7f5bdf75671a718d2daf0a64b7885f74510bcd98b1a0bb420eb9a9d0cff \ + --hash=sha256:d345c8fe681115900d6da8d048ba67c25df42973bda370783cd58826442dcd7c \ + --hash=sha256:e160a7fcf25762bb60efc7e171d4497ff1d8d2d75a3d0df7a21b76821ecbf5c5 \ + # via pytest +py==1.5.2 \ + --hash=sha256:8cca5c229d225f8c1e3085be4fcf306090b00850fefad892f9d96c7b6e2f310f \ + --hash=sha256:ca18943e28235417756316bfada6cd96b23ce60dd532642690dcfdaba988a76d +pysocks==1.6.8 \ + --hash=sha256:3fe52c55890a248676fd69dc9e3c4e811718b777834bcaab7a8125cf9deac672 \ + # via requests +pytest-cov==2.5.1 \ + --hash=sha256:03aa752cf11db41d281ea1d807d954c4eda35cfa1b21d6971966cc041bbf6e2d \ + --hash=sha256:890fe5565400902b0c78b5357004aab1c814115894f4f21370e2433256a3eeec +pytest-mock==1.7.1 \ + --hash=sha256:03a2fea79d0a83a8de2e77e92afe5f0a5ca99a58cc68f843f9a74de34800a943 \ + --hash=sha256:b879dff61e31fcd4727c227c182f15f222a155293cc64ed5a02d55e0020cf949 +pytest==3.3.2 \ + --hash=sha256:53548280ede7818f4dc2ad96608b9f08ae2cc2ca3874f2ceb6f97e3583f25bc4 \ + --hash=sha256:b84878865558194630c6147f44bdaef27222a9f153bbd4a08908b16bf285e0b1 +pyvirtualdisplay==0.2.1 \ + --hash=sha256:012883851a992f9c53f0dc6a512765a95cf241bdb734af79e6bdfef95c6e9982 +requests[socks]==2.22.0 \ + --hash=sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4 \ + --hash=sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31 +selenium==3.141.0 \ + --hash=sha256:2d7131d7bc5a5b99a2d9b04aaf2612c411b03b8ca1b1ee8d3de5845a9be2cb3c \ + --hash=sha256:deaf32b60ad91a4611b98d8002757f29e6f2c2d5fcaf202e1c9ad06d6772300d +six==1.11.0 \ + --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9 \ + --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb \ + # via mock, pip-tools, pytest +tbselenium==0.4.2 \ + --hash=sha256:9f39b7285103442cc389623e1dedc3ef08b1475afd5076bba1d947d92a348d0b \ + --hash=sha256:e24ff69f610ca294093f399099407124c7ffc6a8325e7d9ca19e93ffc5eb91df +urllib3==1.24.1 \ + --hash=sha256:61bf29cada3fc2fbefad4fdf059ea4bd1b4a86d2b6d15e1c7c0b582b9752fe39 \ + --hash=sha256:de9529817c93f27c8ccbfead6985011db27bd0ddfcdb2d86f3f663385c6a9c22 \ + # via requests, selenium +werkzeug==0.14.1 \ + --hash=sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c \ + --hash=sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b \ + # via flask + +# WARNING: The following packages were not pinned, but pip requires them to be +# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. +# setuptools==41.0.1 # via pytest From 381568003652adc2a98c78dba0859119ac6732e9 Mon Sep 17 00:00:00 2001 From: John Hensley Date: Thu, 13 Jun 2019 16:25:15 -0400 Subject: [PATCH 2/4] Improvements to requirements handling. Pin libapache2-mod-wsgi. Pin libapache2-mod-wsgi so an update can't stop the use of our bundled mod_wsgi. Remove Python 2 backports from securedrop-app-code requirements, and run update-pip-requirements with the securedrop-app-code requirements being updated with Python 3 in a container. When building the securedrop-app-code package: - Stop upgrading pip. - Capture the pip requirements without hashes by transforming the input requirements file instead of running pip freeze, which was pulling in extra dependencies that weren't listed in the Debian control file for securedrop-app-code, so could break its installation. - Remove the parsing of "pip3 wheel" output to determine success; it could mask errors that didn't produce the expected message. --- .gitignore | 3 ++- Makefile | 5 +++-- .../tasks/build_securedrop_app_code_deb.yml | 14 ++++---------- install_files/securedrop-app-code/debian/control | 2 +- .../securedrop-app-code-requirements.in | 2 -- .../securedrop-app-code-requirements.txt | 10 +--------- 6 files changed, 11 insertions(+), 25 deletions(-) diff --git a/.gitignore b/.gitignore index 748d996fb8..5cd4862598 100644 --- a/.gitignore +++ b/.gitignore @@ -50,6 +50,7 @@ __pycache__/ .Python env/ build/*.deb +build/xenial develop-eggs/ dist/ downloads/ @@ -99,7 +100,7 @@ docs/_build/ .env # virtualenv -.venv/ +.venv*/ venv/ ENV/ diff --git a/Makefile b/Makefile index 6b4621f527..96cb84fe00 100644 --- a/Makefile +++ b/Makefile @@ -114,8 +114,9 @@ update-pip-requirements: ## Updates all Python requirements files via pip-compil securedrop/requirements/develop-requirements.in pip-compile --generate-hashes --output-file securedrop/requirements/test-requirements.txt \ securedrop/requirements/test-requirements.in - pip-compile --generate-hashes --output-file securedrop/requirements/securedrop-app-code-requirements.txt \ - securedrop/requirements/securedrop-app-code-requirements.in + PYTHON_VERSION=3 securedrop/bin/dev-shell pip-compile --generate-hashes \ + --output-file requirements/securedrop-app-code-requirements.txt \ + requirements/securedrop-app-code-requirements.in .PHONY: libvirt-share libvirt-share: ## Configure ACLs to allow RWX for libvirt VM (e.g. Admin Workstation) diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml index b15b4cad3d..8639bde55d 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml @@ -25,17 +25,13 @@ - python3-wheel state: present -- name: Upgrade pip - shell: pip3 install --upgrade pip - - name: Create pip wheel archive for Debian package requirements. shell: | - pip3 wheel --verbose \ + pip3 wheel \ --no-binary :all: \ --require-hashes \ --requirement {{ securedrop_pip_requirements }} \ - --wheel-dir {{ securedrop_wheelhouse }} 2>&1 | tee /tmp/w.out - ! grep -i --quiet 'Failed to build' /tmp/w.out + --wheel-dir {{ securedrop_wheelhouse }} 2>&1 register: wheel_build_output tags: pip @@ -52,15 +48,13 @@ # built wheels change. Since the deb package itself is signed (providing # integrity, we can defer to a later time. - name: Install built pip wheels for SecureDrop. - shell: | - ls -al {{ securedrop_wheelhouse }} - pip3 install {{ securedrop_wheelhouse }}/*.whl + shell: pip3 install {{ securedrop_wheelhouse }}/*.whl tags: - pip - name: Create new requirements based on build/installed wheels without hashes shell: - pip3 freeze > {{ securedrop_pip_requirements_generated }} + grep -v -e '--hash' -e '^\s*#' {{ securedrop_pip_requirements }} | awk '{print $1}' > {{ securedrop_pip_requirements_generated }} tags: - pip diff --git a/install_files/securedrop-app-code/debian/control b/install_files/securedrop-app-code/debian/control index 7c808a5b80..7ef3d40e5f 100644 --- a/install_files/securedrop-app-code/debian/control +++ b/install_files/securedrop-app-code/debian/control @@ -6,5 +6,5 @@ Homepage: https://securedrop.org Package: securedrop-app-code Architecture: amd64 -Depends: python3-pip,apparmor-utils,gnupg2,haveged,python3,secure-delete,sqlite3,${dist:Depends},libapache2-mod-xsendfile,redis-server,supervisor,securedrop-keyring,securedrop-config,devscripts +Depends: ${dist:Depends}, apparmor-utils, gnupg2, haveged, libapache2-mod-xsendfile, libapache2-mod-wsgi (= 4.3.0-1.1build1), python3, python3-dev, python3-pip, redis-server, secure-delete, securedrop-config, securedrop-keyring, sqlite3, supervisor Description: Packages the SecureDrop application code pip dependencies and apparmor profiles. This package will put the apparmor profiles in enforce mode. This package does use pip to install the pip wheelhouse diff --git a/securedrop/requirements/securedrop-app-code-requirements.in b/securedrop/requirements/securedrop-app-code-requirements.in index a015784d72..017f8b0f1c 100644 --- a/securedrop/requirements/securedrop-app-code-requirements.in +++ b/securedrop/requirements/securedrop-app-code-requirements.in @@ -1,13 +1,11 @@ alembic argon2_cffi cryptography>2.3 -enum34==1.1.6; python_version < "3.4" Flask-Assets Flask-Babel Flask-SQLAlchemy Flask-WTF Flask>0.12.2 -ipaddress==1.0.22; python_version < "3.3" Jinja2>=2.10.1 jsmin mod_wsgi diff --git a/securedrop/requirements/securedrop-app-code-requirements.txt b/securedrop/requirements/securedrop-app-code-requirements.txt index 330425eaf5..13dd99821a 100644 --- a/securedrop/requirements/securedrop-app-code-requirements.txt +++ b/securedrop/requirements/securedrop-app-code-requirements.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --generate-hashes --output-file=securedrop/requirements/securedrop-app-code-requirements.txt securedrop/requirements/securedrop-app-code-requirements.in +# pip-compile --generate-hashes --output-file=requirements/securedrop-app-code-requirements.txt requirements/securedrop-app-code-requirements.in # alembic==0.9.9 \ --hash=sha256:85bd3ea7633024e4930900bc64fb58f9742dedbc6ebb6ecf25be2ea9a3c1b32e @@ -96,11 +96,6 @@ cryptography==2.6.1 \ --hash=sha256:d4afbb0840f489b60f5a580a41a1b9c3622e08ecb5eec8614d4fb4cd914c4460 \ --hash=sha256:d9ed28030797c00f4bc43c86bf819266c76a5ea61d006cd4078a93ebf7da6bfd \ --hash=sha256:e603aa7bb52e4e8ed4119a58a03b60323918467ef209e6ff9db3ac382e5cf2c6 -enum34==1.1.6 ; python_version < "3.4" \ - --hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850 \ - --hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a \ - --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79 \ - --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1 flask-assets==0.12 \ --hash=sha256:6031527b89fb3509d1581d932affa5a79dd348cfffb58d0aef99a43461d47847 flask-babel==0.11.2 \ @@ -115,9 +110,6 @@ flask-wtf==0.14.2 \ flask==1.0.2 \ --hash=sha256:2271c0070dbcb5275fad4a82e29f23ab92682dc45f9dfbc22c02ba9b9322ce48 \ --hash=sha256:a080b744b7e345ccfcbc77954861cb05b3c63786e93f2b3875e0913d44b43f05 -ipaddress==1.0.22 ; python_version < "3.3" \ - --hash=sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794 \ - --hash=sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c itsdangerous==0.24 \ --hash=sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519 \ # via flask From b27ef8d8cc38aa2fe0662659d3663f7d44e70de4 Mon Sep 17 00:00:00 2001 From: John Hensley Date: Fri, 14 Jun 2019 14:39:26 -0400 Subject: [PATCH 3/4] Use cron-apt in upgrade test. Drop python3-dev dependency. --- install_files/securedrop-app-code/debian/control | 2 +- molecule/upgrade/side_effect.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/install_files/securedrop-app-code/debian/control b/install_files/securedrop-app-code/debian/control index 7ef3d40e5f..8a77a6a4aa 100644 --- a/install_files/securedrop-app-code/debian/control +++ b/install_files/securedrop-app-code/debian/control @@ -6,5 +6,5 @@ Homepage: https://securedrop.org Package: securedrop-app-code Architecture: amd64 -Depends: ${dist:Depends}, apparmor-utils, gnupg2, haveged, libapache2-mod-xsendfile, libapache2-mod-wsgi (= 4.3.0-1.1build1), python3, python3-dev, python3-pip, redis-server, secure-delete, securedrop-config, securedrop-keyring, sqlite3, supervisor +Depends: ${dist:Depends}, apparmor-utils, gnupg2, haveged, libapache2-mod-xsendfile, libapache2-mod-wsgi (= 4.3.0-1.1build1), python3, python3-pip, redis-server, secure-delete, securedrop-config, securedrop-keyring, sqlite3, supervisor Description: Packages the SecureDrop application code pip dependencies and apparmor profiles. This package will put the apparmor profiles in enforce mode. This package does use pip to install the pip wheelhouse diff --git a/molecule/upgrade/side_effect.yml b/molecule/upgrade/side_effect.yml index 5e6a0c78d8..484c0090c3 100644 --- a/molecule/upgrade/side_effect.yml +++ b/molecule/upgrade/side_effect.yml @@ -1,12 +1,12 @@ --- -- name: Perform apt upgrades +- name: Simulate cron-apt upgrade hosts: securedrop become: yes tasks: - - name: Perform safe upgrade - apt: - update_cache: yes - upgrade: yes + - name: Run cron-apt + shell: cron-apt -i -s + - name: Update apt cache + shell: apt update - name: Lay out app testing deps hosts: securedrop_application_server From 6b73b273ce3ff6fd8b721dcc89e9345c4810f736 Mon Sep 17 00:00:00 2001 From: John Hensley Date: Fri, 14 Jun 2019 16:16:37 -0400 Subject: [PATCH 4/4] Hack to get securedrop-app-code installed via cron-apt --- .../securedrop-config/etc/cron-apt/action.d/0-app-code | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 install_files/securedrop-config/etc/cron-apt/action.d/0-app-code diff --git a/install_files/securedrop-config/etc/cron-apt/action.d/0-app-code b/install_files/securedrop-config/etc/cron-apt/action.d/0-app-code new file mode 100644 index 0000000000..4e281f86b7 --- /dev/null +++ b/install_files/securedrop-config/etc/cron-apt/action.d/0-app-code @@ -0,0 +1,2 @@ +update +install -y securedrop-app-code