From 9eb2cdbc528d8148a26aaecab1f2a7855b777c52 Mon Sep 17 00:00:00 2001 From: Kevin O'Gorman Date: Thu, 17 Sep 2020 11:06:21 -0400 Subject: [PATCH] skipping prod iptables tests, adding paramiko to test deps, updating grsec kernel string --- admin/bootstrap.py | 8 ++--- admin/requirements-testinfra.in | 1 + admin/requirements-testinfra.txt | 34 +++++++++++++++++++++- admin/securedrop_admin/__init__.py | 2 +- molecule/testinfra/app/test_app_network.py | 1 + molecule/testinfra/mon/test_mon_network.py | 1 + molecule/testinfra/vars/prod.yml | 2 +- 7 files changed, 41 insertions(+), 8 deletions(-) diff --git a/admin/bootstrap.py b/admin/bootstrap.py index 84fae98de9..613184ea84 100755 --- a/admin/bootstrap.py +++ b/admin/bootstrap.py @@ -197,7 +197,6 @@ def envsetup(args, virtualenv_dir=VENV_DIR): else: sdlog.info("Virtualenv already exists, not creating") - if args.t: install_pip_dependencies(args, pip_install_cmd=[ os.path.join(VENV_DIR, 'bin', 'pip3'), @@ -205,8 +204,8 @@ def envsetup(args, virtualenv_dir=VENV_DIR): '--no-deps', '-r', os.path.join(DIR, 'requirements-testinfra.txt'), '--require-hashes', - '-U', '--upgrade-strategy', 'only-if-needed',], - desc="additional dependencies") + '-U', '--upgrade-strategy', 'only-if-needed', ], + desc="dependencies with verification support") else: install_pip_dependencies(args) @@ -238,7 +237,7 @@ def install_pip_dependencies(args, pip_install_cmd=[ '-r', os.path.join(DIR, 'requirements.txt'), '--require-hashes', # Make sure to upgrade packages only if necessary. - '-U', '--upgrade-strategy', 'only-if-needed',], + '-U', '--upgrade-strategy', 'only-if-needed', ], desc="Python dependencies" ): """ @@ -262,7 +261,6 @@ def install_pip_dependencies(args, pip_install_cmd=[ sdlog.info("{} for securedrop-admin are up-to-date".format(desc)) - def parse_argv(argv): parser = argparse.ArgumentParser() parser.add_argument('-v', action='store_true', default=False, diff --git a/admin/requirements-testinfra.in b/admin/requirements-testinfra.in index 6b5013bc74..0d83263d48 100644 --- a/admin/requirements-testinfra.in +++ b/admin/requirements-testinfra.in @@ -1,3 +1,4 @@ pytest==3.2.0 testinfra==3.2.0 pytest-xdist==1.18.2 +paramiko==2.6.0 diff --git a/admin/requirements-testinfra.txt b/admin/requirements-testinfra.txt index 47cc901f20..b66bfc480f 100644 --- a/admin/requirements-testinfra.txt +++ b/admin/requirements-testinfra.txt @@ -10,6 +10,15 @@ apipkg==1.5 \ --hash=sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6 \ --hash=sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c \ # via execnet +bcrypt==3.2.0 \ + --hash=sha256:5b93c1726e50a93a033c36e5ca7fdcd29a5c7395af50a6892f5d9e7c6cfbfb29 \ + --hash=sha256:63d4e3ff96188e5898779b6057878fecf3f11cfe6ec3b313ea09955d587ec7a7 \ + --hash=sha256:81fec756feff5b6818ea7ab031205e1d323d8943d237303baca2c5f9c7846f34 \ + --hash=sha256:a67fb841b35c28a59cebed05fbd3e80eea26e6d75851f0574a9273c80f3e9b55 \ + --hash=sha256:c95d4cbebffafcdd28bd28bb4e25b31c50f6da605c81ffd9ad8a3d1b2ab7b1b6 \ + --hash=sha256:cd1ea2ff3038509ea95f687256c46b79f5fc382ad0aa3664d200047546d511d1 \ + --hash=sha256:cdcdcb3972027f83fe24a48b1e90ea4b584d35f1cc279d76de6fc4b13376239d \ + # via paramiko cffi==1.14.3 \ --hash=sha256:005f2bfe11b6745d726dbb07ace4d53f057de66e336ff92d61b8c7e9c8f4777d \ --hash=sha256:09e96138280241bd355cd585148dec04dbbedb4f46128f340d696eaafc82dd7b \ @@ -47,7 +56,7 @@ cffi==1.14.3 \ --hash=sha256:f4eae045e6ab2bb54ca279733fe4eb85f1effda392666308250714e01907f394 \ --hash=sha256:f92cdecb618e5fa4658aeb97d5eb3d2f47aa94ac6477c6daf0f306c5a3b9e6b1 \ --hash=sha256:f92f789e4f9241cd262ad7a555ca2c648a98178a953af117ef7fad46aa1d5591 \ - # via cryptography + # via bcrypt, cryptography, pynacl cryptography==3.1 \ --hash=sha256:10c9775a3f31610cf6b694d1fe598f2183441de81cedcf1814451ae53d71b13a \ --hash=sha256:180c9f855a8ea280e72a5d61cf05681b230c2dce804c48e9b2983f491ecc44ed \ @@ -116,6 +125,9 @@ markupsafe==1.1.1 \ netaddr==0.8.0 \ --hash=sha256:9666d0232c32d2656e5e5f8d735f58fd6c7457ce52fc21c98d45f2af78f990ac \ --hash=sha256:d6cc57c7a07b1d9d2e917aa8b36ae8ce61c35ba3fcd1b83ca31c5a0ee2b5a243 +paramiko==2.6.0 \ + --hash=sha256:99f0179bdc176281d21961a003ffdb2ec369daac1a1007241f53374e376576cf \ + --hash=sha256:f4b2edfa0d226b70bd4ca31ea7e389325990283da23465d572ed1f70a7583041 prompt_toolkit==2.0.9 \ --hash=sha256:11adf3389a996a6d45cc277580d0d53e8a5afd281d0c9ec71b28e6f121463780 \ --hash=sha256:2519ad1d8038fd5fc8e770362237ad0364d16a7650fb5724af6997ed5515e3c1 \ @@ -128,6 +140,26 @@ pycparser==2.20 \ --hash=sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0 \ --hash=sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 \ # via cffi +pynacl==1.4.0 \ + --hash=sha256:06cbb4d9b2c4bd3c8dc0d267416aaed79906e7b33f114ddbf0911969794b1cc4 \ + --hash=sha256:11335f09060af52c97137d4ac54285bcb7df0cef29014a1a4efe64ac065434c4 \ + --hash=sha256:2fe0fc5a2480361dcaf4e6e7cea00e078fcda07ba45f811b167e3f99e8cff574 \ + --hash=sha256:30f9b96db44e09b3304f9ea95079b1b7316b2b4f3744fe3aaecccd95d547063d \ + --hash=sha256:4e10569f8cbed81cb7526ae137049759d2a8d57726d52c1a000a3ce366779634 \ + --hash=sha256:511d269ee845037b95c9781aa702f90ccc36036f95d0f31373a6a79bd8242e25 \ + --hash=sha256:537a7ccbea22905a0ab36ea58577b39d1fa9b1884869d173b5cf111f006f689f \ + --hash=sha256:54e9a2c849c742006516ad56a88f5c74bf2ce92c9f67435187c3c5953b346505 \ + --hash=sha256:757250ddb3bff1eecd7e41e65f7f833a8405fede0194319f87899690624f2122 \ + --hash=sha256:7757ae33dae81c300487591c68790dfb5145c7d03324000433d9a2c141f82af7 \ + --hash=sha256:7c6092102219f59ff29788860ccb021e80fffd953920c4a8653889c029b2d420 \ + --hash=sha256:8122ba5f2a2169ca5da936b2e5a511740ffb73979381b4229d9188f6dcb22f1f \ + --hash=sha256:9c4a7ea4fb81536c1b1f5cc44d54a296f96ae78c1ebd2311bd0b60be45a48d96 \ + --hash=sha256:c914f78da4953b33d4685e3cdc7ce63401247a21425c16a39760e282075ac4a6 \ + --hash=sha256:cd401ccbc2a249a47a3a1724c2918fcd04be1f7b54eb2a5a71ff915db0ac51c6 \ + --hash=sha256:d452a6746f0a7e11121e64625109bc4468fc3100452817001dbe018bb8b08514 \ + --hash=sha256:ea6841bc3a76fa4942ce00f3bda7d436fda21e2d91602b9e21b7ca9ecab8f3ff \ + --hash=sha256:f8851ab9041756003119368c1e6cd0b9c631f46d686b3904b18c0139f4419f80 \ + # via paramiko pytest-xdist==1.18.2 \ --hash=sha256:10468377901b80255cf192c4603a94ffe8b1f071f5c912868da5f5cb91170dae pytest==3.2.0 \ diff --git a/admin/securedrop_admin/__init__.py b/admin/securedrop_admin/__init__.py index 5ac1b0eac5..c2a1ca7b5d 100755 --- a/admin/securedrop_admin/__init__.py +++ b/admin/securedrop_admin/__init__.py @@ -1060,7 +1060,7 @@ class ArgParseFormatterCombo(argparse.ArgumentDefaultsHelpFormatter, parse_reset_ssh.set_defaults(func=reset_admin_access) parse_verify = subparsers.add_parser('verify', - help=verify_install.__doc__) + help=verify_install.__doc__) parse_verify.set_defaults(func=verify_install) args = parser.parse_args(argv) diff --git a/molecule/testinfra/app/test_app_network.py b/molecule/testinfra/app/test_app_network.py index e84a7098c5..e2fb69ce05 100644 --- a/molecule/testinfra/app/test_app_network.py +++ b/molecule/testinfra/app/test_app_network.py @@ -9,6 +9,7 @@ testinfra_hosts = [securedrop_test_vars.app_hostname] +@pytest.mark.skip_in_prod def test_app_iptables_rules(host): # Build a dict of variables to pass to jinja for iptables comparison diff --git a/molecule/testinfra/mon/test_mon_network.py b/molecule/testinfra/mon/test_mon_network.py index 01ec6d5bd3..ac0994b657 100644 --- a/molecule/testinfra/mon/test_mon_network.py +++ b/molecule/testinfra/mon/test_mon_network.py @@ -9,6 +9,7 @@ testinfra_hosts = [securedrop_test_vars.monitor_hostname] +@pytest.mark.skip_in_prod def test_mon_iptables_rules(host): # Build a dict of variables to pass to jinja for iptables comparison diff --git a/molecule/testinfra/vars/prod.yml b/molecule/testinfra/vars/prod.yml index ee6c7ec135..70a2ca0515 100644 --- a/molecule/testinfra/vars/prod.yml +++ b/molecule/testinfra/vars/prod.yml @@ -197,4 +197,4 @@ log_events_with_ossec_alerts: rule_id: "400700" fpf_apt_repo_url: "https://apt.freedom.press" -grsec_version: "4.14.175" +grsec_version: "4.14.188"