From 3dea0e31759b6c2a2c7b46647827a72f7a20dafd Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Tue, 28 Apr 2020 22:55:50 -0400 Subject: [PATCH 01/11] Properly handle libcrypto library search on macOS. macOS has been steadily moving towards requiring programmers to directly link against the library version they prefer and forbidding linking against unversioned libraries. With Catalina this has moved from simply logging a warning when a programmer links against an unversioned library (typically a stub) to outright crashing with a pretty clear error. In an effort to honor Apple's intentions but not completely reimplement their dlopen methods, this change takes advantage of Apple's library naming scheme to load the most recent versioned dylib while ignoring the unversioned stub. Fixes: #55084 Signed-off-by: Thomas J. Gallen --- salt/utils/rsax931.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/salt/utils/rsax931.py b/salt/utils/rsax931.py index e3c68f8c8823..e87abaa4d89e 100644 --- a/salt/utils/rsax931.py +++ b/salt/utils/rsax931.py @@ -50,6 +50,18 @@ def _load_libcrypto(): "/opt/tools/lib/libcrypto.so*" ) lib = lib[0] if len(lib) > 0 else None + elif salt.utils.platform.is_darwin(): + # Find versioned libraries in system locations, being careful to + # avoid the unversioned stub which is no longer permitted. + lib = glob.glob("/usr/lib/libcrypto.*.dylib") + if lib: + # Sort so as to prefer the newest version. + lib = list(reversed(sorted(lib))) + else: + # Find library symlinks in Homebrew locations. + lib = glob.glob("/usr/local/opt/openssl/lib/libcrypto.dylib") + lib = lib or glob.glob("/usr/local/opt/openssl@*/lib/libcrypto.dylib") + lib = lib[0] if lib else None if not lib and salt.utils.platform.is_aix(): if os.path.isdir("/opt/salt/lib"): # preference for Salt installed fileset From 60aa9b5f070d0a9656f05f8bf960645d0bb133ad Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Wed, 29 Apr 2020 19:40:45 -0400 Subject: [PATCH 02/11] Split _load_libcrypto for testing. _load_libcrypto has been split into _find_libcrypto and _load_libcrypto so as to allow for easier testing. _load_libcrypto is now actually a 1 liner. Signed-off-by: Thomas J. Gallen --- salt/utils/rsax931.py | 64 +++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 33 deletions(-) diff --git a/salt/utils/rsax931.py b/salt/utils/rsax931.py index e87abaa4d89e..59f90fdcc1d7 100644 --- a/salt/utils/rsax931.py +++ b/salt/utils/rsax931.py @@ -24,35 +24,35 @@ OPENSSL_INIT_NO_LOAD_CONFIG = 0x00000080 -def _load_libcrypto(): +def _find_libcrypto(): """ - Load OpenSSL libcrypto + Find the path (or return the short name) of libcrypto. """ if sys.platform.startswith("win"): - # cdll.LoadLibrary on windows requires an 'str' argument - return cdll.LoadLibrary( - str("libeay32") - ) # future lint: disable=blacklisted-function + lib = [str("libeay32")] elif getattr(sys, "frozen", False) and salt.utils.platform.is_smartos(): - return cdll.LoadLibrary( - glob.glob(os.path.join(os.path.dirname(sys.executable), "libcrypto.so*"))[0] - ) + lib = glob.glob(os.path.join(os.path.dirname(sys.executable), "libcrypto.so*")) else: lib = find_library("crypto") - if not lib and salt.utils.platform.is_sunos(): - # Solaris-like distribution that use pkgsrc have - # libraries in a non standard location. - # (SmartOS, OmniOS, OpenIndiana, ...) - # This could be /opt/tools/lib (Global Zone) - # or /opt/local/lib (non-Global Zone), thus the - # two checks below - lib = glob.glob("/opt/local/lib/libcrypto.so*") + glob.glob( - "/opt/tools/lib/libcrypto.so*" - ) - lib = lib[0] if len(lib) > 0 else None + if not lib: + if salt.utils.platform.is_sunos(): + # Solaris-like distribution that use pkgsrc have libraries + # in a non standard location. + # (SmartOS, OmniOS, OpenIndiana, ...) + # This could be /opt/tools/lib (Global Zone) or + # /opt/local/lib (non-Global Zone), thus the two checks + # below + lib = glob.glob("/opt/local/lib/libcrypto.so*") + lib = lib or glob.glob("/opt/tools/lib/libcrypto.so*") + elif salt.utils.platform.is_aix(): + if os.path.isdir("/opt/salt/lib"): + # preference for Salt installed fileset + lib = glob.glob("/opt/salt/lib/libcrypto.so*") + else: + lib = glob.glob("/opt/freeware/lib/libcrypto.so*") elif salt.utils.platform.is_darwin(): - # Find versioned libraries in system locations, being careful to - # avoid the unversioned stub which is no longer permitted. + # Find versioned libraries in system locations, being careful + # to avoid the unversioned stub which is no longer permitted. lib = glob.glob("/usr/lib/libcrypto.*.dylib") if lib: # Sort so as to prefer the newest version. @@ -61,18 +61,16 @@ def _load_libcrypto(): # Find library symlinks in Homebrew locations. lib = glob.glob("/usr/local/opt/openssl/lib/libcrypto.dylib") lib = lib or glob.glob("/usr/local/opt/openssl@*/lib/libcrypto.dylib") - lib = lib[0] if lib else None - if not lib and salt.utils.platform.is_aix(): - if os.path.isdir("/opt/salt/lib"): - # preference for Salt installed fileset - lib = glob.glob("/opt/salt/lib/libcrypto.so*") - lib = lib[0] if len(lib) > 0 else None - else: - lib = glob.glob("/opt/freeware/lib/libcrypto.so*") - lib = lib[0] if len(lib) > 0 else None - if lib: - return cdll.LoadLibrary(lib) + if not lib: raise OSError("Cannot locate OpenSSL libcrypto") + return lib[0] + + +def _load_libcrypto(): + """ + Attempt to load libcrypto. + """ + return cdll.LoadLibrary(_find_libcrypto()) def _init_libcrypto(): From 19f60e85a10949716ee688983143ffb772a8666b Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Wed, 29 Apr 2020 20:16:33 -0400 Subject: [PATCH 03/11] Fix a typo by making things simpler. I forgot to either wrap find_library in a list or pop off the first glob result, and after already wrapping the short name for Windows, switching to just popping off the first glob result just felt less dirty. Signed-off-by: Thomas J. Gallen --- salt/utils/rsax931.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/salt/utils/rsax931.py b/salt/utils/rsax931.py index 59f90fdcc1d7..21733fa00a60 100644 --- a/salt/utils/rsax931.py +++ b/salt/utils/rsax931.py @@ -29,9 +29,10 @@ def _find_libcrypto(): Find the path (or return the short name) of libcrypto. """ if sys.platform.startswith("win"): - lib = [str("libeay32")] + lib = str("libeay32") elif getattr(sys, "frozen", False) and salt.utils.platform.is_smartos(): lib = glob.glob(os.path.join(os.path.dirname(sys.executable), "libcrypto.so*")) + lib = lib[0] if lib else None else: lib = find_library("crypto") if not lib: @@ -44,12 +45,14 @@ def _find_libcrypto(): # below lib = glob.glob("/opt/local/lib/libcrypto.so*") lib = lib or glob.glob("/opt/tools/lib/libcrypto.so*") + lib = lib[0] if lib else None elif salt.utils.platform.is_aix(): if os.path.isdir("/opt/salt/lib"): # preference for Salt installed fileset lib = glob.glob("/opt/salt/lib/libcrypto.so*") else: lib = glob.glob("/opt/freeware/lib/libcrypto.so*") + lib = lib[0] if lib else None elif salt.utils.platform.is_darwin(): # Find versioned libraries in system locations, being careful # to avoid the unversioned stub which is no longer permitted. @@ -61,9 +64,10 @@ def _find_libcrypto(): # Find library symlinks in Homebrew locations. lib = glob.glob("/usr/local/opt/openssl/lib/libcrypto.dylib") lib = lib or glob.glob("/usr/local/opt/openssl@*/lib/libcrypto.dylib") + lib = lib[0] if lib else None if not lib: raise OSError("Cannot locate OpenSSL libcrypto") - return lib[0] + return lib def _load_libcrypto(): From 8cdba5f505dad05f86d0f848fca1191ae66c5395 Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Thu, 30 Apr 2020 19:11:45 -0400 Subject: [PATCH 04/11] Add partial tests for salt.utils.rsax931. Add tests for both _find_libcrypto and _load_libcrypto. Mocking was used for the OSError test as it's possible to pass _find_libcrypto with as little as a find_library call. As a caveat, there is currently no way to catch an unversioned dylib being passed to _load_libcrypto on Darwin (from _find_libcrypto) as that would require we parse Mach-O binaries, so for the moment we'll assume that Apple will continue to name libraries sensibly. Signed-off-by: Thomas J. Gallen --- tests/unit/utils/test_rsax931.py | 80 +++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index 6b840370e16f..2268089e6a0b 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -5,12 +5,23 @@ # python libs from __future__ import absolute_import, print_function, unicode_literals +import ctypes +import fnmatch +import glob +import sys # salt libs -from salt.utils.rsax931 import RSAX931Signer, RSAX931Verifier +from salt.utils.rsax931 import ( + _find_libcrypto, + _load_libcrypto, + RSAX931Signer, + RSAX931Verifier, +) +import salt.utils.platform # salt testing libs from tests.support.unit import TestCase +from tests.support.mock import patch class RSAX931Test(TestCase): @@ -108,3 +119,70 @@ def test_verifier(self): msg = verifier.verify(RSAX931Test.hello_world_sig) self.assertEqual(RSAX931Test.hello_world, msg) + + def test_find_libcrypto(self): + """ + Test _find_libcrypto. + """ + # Test supported systems. + lib_path = _find_libcrypto() + self.assertFalse(not lib_path) + if sys.platform.startswith("win"): + # For Microsoft Windows variants. + self.assertEqual(lib_path, "libeay32") + elif getattr(sys, "frozen", False) and salt.utils.platform.is_smartos(): + # For SmartOS. + self.assertTrue( + fnmatch.fnmatch( + lib_path, + os.path.join(os.path.dirname(sys.executable), "libcrypto*"), + ) + ) + elif not lib_path: + if salt.utils.platform.is_sunos(): + # For Solaris-like distributions. + passed = False + for i in ( + "/opt/local/lib/libcrypto.so*", + "/opt/tools/lib/libcrypto.so*", + ): + if fnmatch.fnmatch(lib_path, i): + passed = True + break + self.assertTrue(passed) + elif salt.utils.platform.is_aix(): + # For IBM AIX. + if os.path.isdir("/opt/salt/lib"): + self.assertTrue(fnmatch.fnmatch("/opt/salt/lib/libcrypto.so*")) + else: + self.assertTrue(fnmatch.fnmatch("/opt/freeware/lib/libcrypto.so*")) + elif salt.utils.platform.is_darwin(): + # For Darwin distributions/macOS. + passed = False + for i in ( + "/usr/lib/libcrypto.*.dylib", + "/usr/local/opt/openssl/lib/libcrypto.dylib", + "/usr/local/opt/openssl@*/lib/libcrypto.dylib", + ): + if fnmatch.fnmatch(lib_path, i): + passed = True + break + self.assertTrue(passed) + # Test unsupported systems. + with patch.object(sys, "platform", "unknown"), patch.object( + glob, "glob", lambda a: [] + ), self.assertRaises(OSError): + _find_libcrypto() + + def test_load_libcrypto(self): + """ + Test _load_libcrypto. + """ + lib = _load_libcrypto() + self.assertTrue(isinstance(lib, ctypes.CDLL)) + # Try to cover both pre and post OpenSSL 1.1. + self.assertTrue( + hasattr(lib, "OpenSSL_version_num") + or hasattr(lib, "OPENSSL_init_crypto") + or hasattr(lib, "OPENSSL_no_config") + ) From 102971ec70a3696d906bef9462e78fcd3cccde4f Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Thu, 30 Apr 2020 19:53:55 -0400 Subject: [PATCH 05/11] Fix typoes; forgot to lint. The pre-commit step does things I basically already do anyway but I forgot to consult pylint this time, sorry about that! Signed-off-by: Thomas J. Gallen --- tests/unit/utils/test_rsax931.py | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index 2268089e6a0b..de10b6b7720e 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -5,23 +5,26 @@ # python libs from __future__ import absolute_import, print_function, unicode_literals + import ctypes +import ctypes.util import fnmatch import glob +import os import sys # salt libs from salt.utils.rsax931 import ( - _find_libcrypto, - _load_libcrypto, RSAX931Signer, RSAX931Verifier, + _find_libcrypto, + _load_libcrypto, ) import salt.utils.platform +from tests.support.mock import patch # salt testing libs from tests.support.unit import TestCase -from tests.support.mock import patch class RSAX931Test(TestCase): @@ -153,9 +156,13 @@ def test_find_libcrypto(self): elif salt.utils.platform.is_aix(): # For IBM AIX. if os.path.isdir("/opt/salt/lib"): - self.assertTrue(fnmatch.fnmatch("/opt/salt/lib/libcrypto.so*")) + self.assertTrue( + fnmatch.fnmatch(lib_path, "/opt/salt/lib/libcrypto.so*") + ) else: - self.assertTrue(fnmatch.fnmatch("/opt/freeware/lib/libcrypto.so*")) + self.assertTrue( + fnmatch.fnmatch(lib_path, "/opt/freeware/lib/libcrypto.so*") + ) elif salt.utils.platform.is_darwin(): # For Darwin distributions/macOS. passed = False @@ -171,7 +178,9 @@ def test_find_libcrypto(self): # Test unsupported systems. with patch.object(sys, "platform", "unknown"), patch.object( glob, "glob", lambda a: [] - ), self.assertRaises(OSError): + ), patch.object(ctypes.util, "find_library", lambda: None), self.assertRaises( + OSError + ): _find_libcrypto() def test_load_libcrypto(self): From e58ae8de2fbd5de35f492a76eff180ce32192d6e Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Thu, 30 Apr 2020 20:42:31 -0400 Subject: [PATCH 06/11] Satisfy patch import requirements. Imports need to be identical between the test target and source or you end up calling the orignal callable and not the patched one. Has now been debugged and tested on a Fedora 32 VM. Signed-off-by: Thomas J. Gallen --- salt/utils/rsax931.py | 4 ++-- tests/unit/utils/test_rsax931.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/utils/rsax931.py b/salt/utils/rsax931.py index 21733fa00a60..54e782085a38 100644 --- a/salt/utils/rsax931.py +++ b/salt/utils/rsax931.py @@ -12,7 +12,7 @@ # Import 3rd-party libs from ctypes import c_char_p, c_int, c_void_p, cdll, create_string_buffer, pointer -from ctypes.util import find_library +import ctypes.util # Import Salt libs import salt.utils.platform @@ -34,7 +34,7 @@ def _find_libcrypto(): lib = glob.glob(os.path.join(os.path.dirname(sys.executable), "libcrypto.so*")) lib = lib[0] if lib else None else: - lib = find_library("crypto") + lib = ctypes.util.find_library("crypto") if not lib: if salt.utils.platform.is_sunos(): # Solaris-like distribution that use pkgsrc have libraries diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index de10b6b7720e..4e73c6652aec 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -178,7 +178,7 @@ def test_find_libcrypto(self): # Test unsupported systems. with patch.object(sys, "platform", "unknown"), patch.object( glob, "glob", lambda a: [] - ), patch.object(ctypes.util, "find_library", lambda: None), self.assertRaises( + ), patch.object(ctypes.util, "find_library", lambda a: None), self.assertRaises( OSError ): _find_libcrypto() From af7b94f72ac1079163fc6708eb90d6e1afedfa95 Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Thu, 30 Apr 2020 22:21:24 -0400 Subject: [PATCH 07/11] Satisfy isort to finish off pre-commit. As I'm writing this all on macOS 10.15 (Catalina) and the long standing issues with timelib have yet to be solved, I can't actually use the pre-commit hooks as intended. That means that, unfortunately, I need to add pre-commit hooks, run them/commit, remove pre-commit hooks, then actually commit. Would be nice to get that fixed. Signed-off-by: Thomas J. Gallen --- salt/utils/rsax931.py | 2 +- tests/unit/utils/test_rsax931.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/utils/rsax931.py b/salt/utils/rsax931.py index 54e782085a38..c60ef6ba0ed3 100644 --- a/salt/utils/rsax931.py +++ b/salt/utils/rsax931.py @@ -6,13 +6,13 @@ # Import Python libs from __future__ import absolute_import, print_function, unicode_literals +import ctypes.util import glob import os import sys # Import 3rd-party libs from ctypes import c_char_p, c_int, c_void_p, cdll, create_string_buffer, pointer -import ctypes.util # Import Salt libs import salt.utils.platform diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index 4e73c6652aec..10d464bb8e8b 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -13,6 +13,8 @@ import os import sys +import salt.utils.platform + # salt libs from salt.utils.rsax931 import ( RSAX931Signer, @@ -20,7 +22,6 @@ _find_libcrypto, _load_libcrypto, ) -import salt.utils.platform from tests.support.mock import patch # salt testing libs From eb242d45652329739f712f4588e62dd718c8c550 Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Mon, 11 May 2020 08:33:25 -0400 Subject: [PATCH 08/11] Break up find_libcrypto tests by OS. One large test for find_libcrypto has been converted to 1 test per OS. This also gave me a moment to mentally recompile some of the tests I wrote at 1 AM for platforms we can't test in the first place, which lead to stripping out some useless conditionals that made no sense. Signed-off-by: Thomas J. Gallen --- tests/unit/utils/test_rsax931.py | 151 ++++++++++++++++++++----------- 1 file changed, 98 insertions(+), 53 deletions(-) diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index 10d464bb8e8b..f2b032a78414 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -25,7 +25,7 @@ from tests.support.mock import patch # salt testing libs -from tests.support.unit import TestCase +from tests.support.unit import TestCase, skipIf class RSAX931Test(TestCase): @@ -124,69 +124,114 @@ def test_verifier(self): msg = verifier.verify(RSAX931Test.hello_world_sig) self.assertEqual(RSAX931Test.hello_world, msg) - def test_find_libcrypto(self): + # test_find_libcrypto_win32 (method) + # {{{ + @skipIf(not salt.utils.platform.is_windows(), "Host OS is not Windows.") + def test_find_libcrypto_win32(self): """ - Test _find_libcrypto. + Test find_libcrypto on Windows hosts. """ - # Test supported systems. lib_path = _find_libcrypto() self.assertFalse(not lib_path) - if sys.platform.startswith("win"): - # For Microsoft Windows variants. - self.assertEqual(lib_path, "libeay32") - elif getattr(sys, "frozen", False) and salt.utils.platform.is_smartos(): - # For SmartOS. + self.assertEqual(lib_path, "libeay32") + + # }}} + + # test_find_libcrypto_smartos (method) + # {{{ + @skipIf( + not getattr(sys, "frozen", False) and not salt.utils.platform.is_smartos(), + "Host OS is not SmartOS.", + ) + def test_find_libcrypto_smartos(self): + """ + Test find_libcrypto on a SmartOS host. + """ + lib_path = _find_libcrypto() + self.assertFalse(not lib_path) + self.assertTrue( + fnmatch.fnmatch( + lib_path, os.path.join(os.path.dirname(sys.executable), "libcrypto*") + ) + ) + + # }}} + + # test_find_libcrypto_sunos (method) + # {{{ + @skipIf(not salt.utils.platform.is_sunos(), "Host OS is not Solaris-like.") + def test_find_libcrypto_sunos(self): + """ + Test find_libcrypto on a Solaris-like host. + """ + lib_path = _find_libcrypto() + self.assertFalse(not lib_path) + passed = False + for i in ("/opt/local/lib/libcrypto.so*", "/opt/tools/lib/libcrypto.so*"): + if fnmatch.fnmatch(lib_path, i): + passed = True + break + self.assertTrue(passed) + + # }}} + + # test_find_libcrypto_aix (method) + # {{{ + @skipIf(not salt.utils.platform.is_aix(), "Host OS is not IBM AIX.") + def test_find_libcrypto_aix(self): + """ + Test find_libcrypto on an IBM AIX host. + """ + lib_path = _find_libcrypto() + self.assertFalse(not lib_path) + if os.path.isdir("/opt/salt/lib"): + self.assertTrue(fnmatch.fnmatch(lib_path, "/opt/salt/lib/libcrypto.so*")) + else: self.assertTrue( - fnmatch.fnmatch( - lib_path, - os.path.join(os.path.dirname(sys.executable), "libcrypto*"), - ) + fnmatch.fnmatch(lib_path, "/opt/freeware/lib/libcrypto.so*") ) - elif not lib_path: - if salt.utils.platform.is_sunos(): - # For Solaris-like distributions. - passed = False - for i in ( - "/opt/local/lib/libcrypto.so*", - "/opt/tools/lib/libcrypto.so*", - ): - if fnmatch.fnmatch(lib_path, i): - passed = True - break - self.assertTrue(passed) - elif salt.utils.platform.is_aix(): - # For IBM AIX. - if os.path.isdir("/opt/salt/lib"): - self.assertTrue( - fnmatch.fnmatch(lib_path, "/opt/salt/lib/libcrypto.so*") - ) - else: - self.assertTrue( - fnmatch.fnmatch(lib_path, "/opt/freeware/lib/libcrypto.so*") - ) - elif salt.utils.platform.is_darwin(): - # For Darwin distributions/macOS. - passed = False - for i in ( - "/usr/lib/libcrypto.*.dylib", - "/usr/local/opt/openssl/lib/libcrypto.dylib", - "/usr/local/opt/openssl@*/lib/libcrypto.dylib", - ): - if fnmatch.fnmatch(lib_path, i): - passed = True - break - self.assertTrue(passed) - # Test unsupported systems. - with patch.object(sys, "platform", "unknown"), patch.object( - glob, "glob", lambda a: [] - ), patch.object(ctypes.util, "find_library", lambda a: None), self.assertRaises( - OSError + + # }}} + + # test_find_libcrypto_darwin (method) + # {{{ + @skipIf(not salt.utils.platform.is_darwin(), "Host OS is not Darwin-like or macOS.") + def test_find_libcrypto_darwin(self): + """ + Test find_libcrypto on a Darwin-like or macOS host. + """ + lib_path = _find_libcrypto() + self.assertFalse(not lib_path) + passed = False + for i in ( + "/usr/lib/libcrypto.*.dylib", + "/usr/local/opt/openssl/lib/libcrypto.dylib", + "/usr/local/opt/openssl@*/lib/libcrypto.dylib", ): + if fnmatch.fnmatch(lib_path, i): + passed = True + break + self.assertTrue(passed) + + # }}} + + # test_find_libcrypto_unsupported (method) + # {{{ + @patch.object(ctypes.util, "find_library", lambda a: None) + @patch.object(glob, "glob", lambda a: []) + @patch.object(sys, "platform", "unknown") + def test_find_libcrypto_unsupported(self): + """ + Ensure that find_libcrypto works correctly on an unsupported host OS. + """ + with self.assertRaises(OSError): _find_libcrypto() + # }}} + def test_load_libcrypto(self): """ - Test _load_libcrypto. + Test _load_libcrypto generically. """ lib = _load_libcrypto() self.assertTrue(isinstance(lib, ctypes.CDLL)) From a635e908184ebf5d3bca1c5e5c5a7170eff1f918 Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Mon, 11 May 2020 08:42:07 -0400 Subject: [PATCH 09/11] Remove Vim markers. Sorry, force of habit. Signed-off-by: Thomas J. Gallen --- tests/unit/utils/test_rsax931.py | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index f2b032a78414..1dc7e1e67828 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -124,8 +124,6 @@ def test_verifier(self): msg = verifier.verify(RSAX931Test.hello_world_sig) self.assertEqual(RSAX931Test.hello_world, msg) - # test_find_libcrypto_win32 (method) - # {{{ @skipIf(not salt.utils.platform.is_windows(), "Host OS is not Windows.") def test_find_libcrypto_win32(self): """ @@ -135,10 +133,6 @@ def test_find_libcrypto_win32(self): self.assertFalse(not lib_path) self.assertEqual(lib_path, "libeay32") - # }}} - - # test_find_libcrypto_smartos (method) - # {{{ @skipIf( not getattr(sys, "frozen", False) and not salt.utils.platform.is_smartos(), "Host OS is not SmartOS.", @@ -155,10 +149,6 @@ def test_find_libcrypto_smartos(self): ) ) - # }}} - - # test_find_libcrypto_sunos (method) - # {{{ @skipIf(not salt.utils.platform.is_sunos(), "Host OS is not Solaris-like.") def test_find_libcrypto_sunos(self): """ @@ -173,10 +163,6 @@ def test_find_libcrypto_sunos(self): break self.assertTrue(passed) - # }}} - - # test_find_libcrypto_aix (method) - # {{{ @skipIf(not salt.utils.platform.is_aix(), "Host OS is not IBM AIX.") def test_find_libcrypto_aix(self): """ @@ -191,10 +177,6 @@ def test_find_libcrypto_aix(self): fnmatch.fnmatch(lib_path, "/opt/freeware/lib/libcrypto.so*") ) - # }}} - - # test_find_libcrypto_darwin (method) - # {{{ @skipIf(not salt.utils.platform.is_darwin(), "Host OS is not Darwin-like or macOS.") def test_find_libcrypto_darwin(self): """ @@ -213,10 +195,6 @@ def test_find_libcrypto_darwin(self): break self.assertTrue(passed) - # }}} - - # test_find_libcrypto_unsupported (method) - # {{{ @patch.object(ctypes.util, "find_library", lambda a: None) @patch.object(glob, "glob", lambda a: []) @patch.object(sys, "platform", "unknown") @@ -227,8 +205,6 @@ def test_find_libcrypto_unsupported(self): with self.assertRaises(OSError): _find_libcrypto() - # }}} - def test_load_libcrypto(self): """ Test _load_libcrypto generically. From de2ca3ec27657005671f0902faa347927b112ea5 Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Mon, 11 May 2020 08:49:05 -0400 Subject: [PATCH 10/11] Remove useless falsy check. Removed a useless falsy check. It will never return none, it would raise an OSError, and there's a separate test for that. Signed-off-by: Thomas J. Gallen --- tests/unit/utils/test_rsax931.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index 1dc7e1e67828..018ae4760915 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -130,7 +130,6 @@ def test_find_libcrypto_win32(self): Test find_libcrypto on Windows hosts. """ lib_path = _find_libcrypto() - self.assertFalse(not lib_path) self.assertEqual(lib_path, "libeay32") @skipIf( @@ -142,7 +141,6 @@ def test_find_libcrypto_smartos(self): Test find_libcrypto on a SmartOS host. """ lib_path = _find_libcrypto() - self.assertFalse(not lib_path) self.assertTrue( fnmatch.fnmatch( lib_path, os.path.join(os.path.dirname(sys.executable), "libcrypto*") @@ -155,7 +153,6 @@ def test_find_libcrypto_sunos(self): Test find_libcrypto on a Solaris-like host. """ lib_path = _find_libcrypto() - self.assertFalse(not lib_path) passed = False for i in ("/opt/local/lib/libcrypto.so*", "/opt/tools/lib/libcrypto.so*"): if fnmatch.fnmatch(lib_path, i): @@ -169,7 +166,6 @@ def test_find_libcrypto_aix(self): Test find_libcrypto on an IBM AIX host. """ lib_path = _find_libcrypto() - self.assertFalse(not lib_path) if os.path.isdir("/opt/salt/lib"): self.assertTrue(fnmatch.fnmatch(lib_path, "/opt/salt/lib/libcrypto.so*")) else: @@ -183,7 +179,6 @@ def test_find_libcrypto_darwin(self): Test find_libcrypto on a Darwin-like or macOS host. """ lib_path = _find_libcrypto() - self.assertFalse(not lib_path) passed = False for i in ( "/usr/lib/libcrypto.*.dylib", From df3ec2e62b3aa5d7afdcda9b75a60c38de26fb32 Mon Sep 17 00:00:00 2001 From: "Thomas J. Gallen" Date: Wed, 20 May 2020 01:38:30 -0400 Subject: [PATCH 11/11] Fix typo: find_libcrypto > _find_libcrypto. Fix a small typo to give CI a kick. Signed-off-by: Thomas J. Gallen --- tests/unit/utils/test_rsax931.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/unit/utils/test_rsax931.py b/tests/unit/utils/test_rsax931.py index 018ae4760915..85d5e4e32f7d 100644 --- a/tests/unit/utils/test_rsax931.py +++ b/tests/unit/utils/test_rsax931.py @@ -127,7 +127,7 @@ def test_verifier(self): @skipIf(not salt.utils.platform.is_windows(), "Host OS is not Windows.") def test_find_libcrypto_win32(self): """ - Test find_libcrypto on Windows hosts. + Test _find_libcrypto on Windows hosts. """ lib_path = _find_libcrypto() self.assertEqual(lib_path, "libeay32") @@ -138,7 +138,7 @@ def test_find_libcrypto_win32(self): ) def test_find_libcrypto_smartos(self): """ - Test find_libcrypto on a SmartOS host. + Test _find_libcrypto on a SmartOS host. """ lib_path = _find_libcrypto() self.assertTrue( @@ -150,7 +150,7 @@ def test_find_libcrypto_smartos(self): @skipIf(not salt.utils.platform.is_sunos(), "Host OS is not Solaris-like.") def test_find_libcrypto_sunos(self): """ - Test find_libcrypto on a Solaris-like host. + Test _find_libcrypto on a Solaris-like host. """ lib_path = _find_libcrypto() passed = False @@ -163,7 +163,7 @@ def test_find_libcrypto_sunos(self): @skipIf(not salt.utils.platform.is_aix(), "Host OS is not IBM AIX.") def test_find_libcrypto_aix(self): """ - Test find_libcrypto on an IBM AIX host. + Test _find_libcrypto on an IBM AIX host. """ lib_path = _find_libcrypto() if os.path.isdir("/opt/salt/lib"): @@ -176,7 +176,7 @@ def test_find_libcrypto_aix(self): @skipIf(not salt.utils.platform.is_darwin(), "Host OS is not Darwin-like or macOS.") def test_find_libcrypto_darwin(self): """ - Test find_libcrypto on a Darwin-like or macOS host. + Test _find_libcrypto on a Darwin-like or macOS host. """ lib_path = _find_libcrypto() passed = False @@ -195,7 +195,7 @@ def test_find_libcrypto_darwin(self): @patch.object(sys, "platform", "unknown") def test_find_libcrypto_unsupported(self): """ - Ensure that find_libcrypto works correctly on an unsupported host OS. + Ensure that _find_libcrypto works correctly on an unsupported host OS. """ with self.assertRaises(OSError): _find_libcrypto()