[openstack-heat] readd PBR and migration patches
Ryan Brown
ryansb at fedoraproject.org
Tue Sep 9 18:08:47 UTC 2014
commit 243ffcea994cb541f94dcf8774067a8832bbefd7
Author: Ryan S. Brown <rybrown at redhat.com>
Date: Tue Sep 9 14:08:42 2014 -0400
readd PBR and migration patches
0001-remove-pbr-runtime-dependency.patch | 30 ++++++++
...bility-patch-to-allow-smooth-migration-aw.patch | 70 ++++++++++++++++++++
openstack-heat.spec | 3 +
3 files changed, 103 insertions(+), 0 deletions(-)
---
diff --git a/0001-remove-pbr-runtime-dependency.patch b/0001-remove-pbr-runtime-dependency.patch
new file mode 100644
index 0000000..46ff786
--- /dev/null
+++ b/0001-remove-pbr-runtime-dependency.patch
@@ -0,0 +1,30 @@
+From 185006cecf9e6f18d1182725894f8966ac116d5b Mon Sep 17 00:00:00 2001
+From: Jeff Peeler <jpeeler at redhat.com>
+Date: Mon, 14 Oct 2013 14:30:34 -0400
+Subject: [PATCH] remove pbr runtime dependency
+
+---
+ heat/version.py | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/heat/version.py b/heat/version.py
+index a8cd2d7..5383da8 100644
+--- a/heat/version.py
++++ b/heat/version.py
+@@ -12,6 +12,14 @@
+ # under the License.
+
+
+-import pbr.version
++class VersionInfo(object):
++ release = 'REDHATHEATRELEASE'
++ version = 'REDHATHEATVERSION'
+
+-version_info = pbr.version.VersionInfo('heat')
++ def version_string(self):
++ return self.version
++
++ def release_string(self):
++ return self.release
++
++version_info = VersionInfo()
diff --git a/0002-Add-compatability-patch-to-allow-smooth-migration-aw.patch b/0002-Add-compatability-patch-to-allow-smooth-migration-aw.patch
new file mode 100644
index 0000000..d21a3f2
--- /dev/null
+++ b/0002-Add-compatability-patch-to-allow-smooth-migration-aw.patch
@@ -0,0 +1,70 @@
+From 3afae514cc22a30acc5a3dae76ec2a6ca3c83f9f Mon Sep 17 00:00:00 2001
+From: Jeff Peeler <jpeeler at redhat.com>
+Date: Sat, 21 Jun 2014 00:28:04 -0400
+Subject: [PATCH] Add compatability patch to allow smooth migration away from
+ M2Crypto
+
+For many releases, Fedora has shipped with the encryption routines
+reimplemented using M2Crypto. We are now aligning with upstream which
+uses PyCrypto. However, we must still allow decryption of existing
+entries in the database, so this patch will remain until at least
+the next release.
+---
+ heat/common/crypt.py | 43 ++++++++++++++++++++++++++++++-------------
+ 1 file changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/heat/common/crypt.py b/heat/common/crypt.py
+index 0defb10..0c1e14e 100644
+--- a/heat/common/crypt.py
++++ b/heat/common/crypt.py
+@@ -44,20 +44,37 @@ def oslo_decrypt_v1(auth_info):
+ return sym.decrypt(cfg.CONF.auth_encryption_key[:32],
+ auth_info, b64decode=True)
+
++#This is here for testing verification purposes related to the comment below
++#def heat_encrypt(auth_info):
++# import M2Crypto
++# from os import urandom
++# iv = urandom(16)
++# cipher = M2Crypto.EVP.Cipher(alg='aes_128_cbc', key_as_bytes=False, padding=True,
++# key=cfg.CONF.auth_encryption_key[:32], iv=iv,
++# op=1) # 1 is encode
++# update = cipher.update(auth_info)
++# final = cipher.final()
++# res = base64.b64encode(iv + update + final)
++# return 'heat_decrypt', res
+
+ def heat_decrypt(auth_info):
+- """Decrypt function for data that has been encrypted using an older
+- version of Heat.
+- Note: the encrypt function returns the function that is needed to
+- decrypt the data. The database then stores this. When the data is
+- then retrieved (potentially by a later version of Heat) the decrypt
+- function must still exist. So whilst it may seem that this function
+- is not referenced, it will be referenced from the database.
+- """
++ # This is an AES specific version of oslo decrypt, reimplementing the
++ # commented out code below. The main differences are a different key size
++ # and different padding to be compatible with our old m2crypto based
++ # heat_encrypt. This patch will be dropped in a few releases since once
++ # people upgrade, the new encrypt method will be used making this
++ # decryption method no longer necessary.
++ #sym = utils.SymmetricCrypto()
++ #return sym.decrypt(cfg.CONF.auth_encryption_key[:16],
++ # auth_info, b64decode=True)
++
+ if auth_info is None:
+ return None
+- auth = base64.b64decode(auth_info)
+- iv = auth[:AES.block_size]
+- cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
+- res = cipher.decrypt(auth[AES.block_size:])
+- return res
++ auth_info = base64.b64decode(auth_info)
++ iv = auth_info[:AES.block_size]
++ # Note: MUST send in 16 bytes long key for AES-128
++ cipher = AES.new(cfg.CONF.auth_encryption_key[:16], AES.MODE_CBC, iv)
++ padded = cipher.decrypt(auth_info[AES.block_size:])
++ l = ord(padded[-1])
++ plain = padded[:-l]
++ return plain
diff --git a/openstack-heat.spec b/openstack-heat.spec
index 27f537a..c393795 100644
--- a/openstack-heat.spec
+++ b/openstack-heat.spec
@@ -33,6 +33,9 @@ Source20: heat-dist.conf
#
# patches_base=2014.2.b3+0
#
+Patch0001: 0001-remove-pbr-runtime-dependency.patch
+Patch0002: 0002-Add-compatability-patch-to-allow-smooth-migration-aw.patch
+
BuildArch: noarch
BuildRequires: git
More information about the scm-commits
mailing list