[CalendarServer-changes] [15217] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Fri Oct 23 12:37:48 PDT 2015
Revision: 15217
http://trac.calendarserver.org//changeset/15217
Author: cdaboo at apple.com
Date: 2015-10-23 12:37:48 -0700 (Fri, 23 Oct 2015)
Log Message:
-----------
Support for pySecureTransport in addition to pyOpenSSL.
Modified Paths:
--------------
CalendarServer/trunk/bin/_build.sh
CalendarServer/trunk/calendarserver/push/applepush.py
CalendarServer/trunk/calendarserver/push/util.py
CalendarServer/trunk/calendarserver/tap/caldav.py
CalendarServer/trunk/calendarserver/tap/util.py
CalendarServer/trunk/conf/caldavd-apple.plist
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/conf/localservers-test.xml
CalendarServer/trunk/requirements-dev.txt
CalendarServer/trunk/setup.py
CalendarServer/trunk/support/_cache_deps
CalendarServer/trunk/twistedcaldav/client/pool.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
Added Paths:
-----------
CalendarServer/trunk/lib-patches/Twisted/
CalendarServer/trunk/lib-patches/Twisted/securetransport.patch
CalendarServer/trunk/requirements-cs.txt
CalendarServer/trunk/requirements-default.txt
CalendarServer/trunk/requirements-osx.txt
CalendarServer/trunk/requirements-twisted-default.txt
CalendarServer/trunk/requirements-twisted-osx.txt
Removed Paths:
-------------
CalendarServer/trunk/requirements-stable.txt
Modified: CalendarServer/trunk/bin/_build.sh
===================================================================
--- CalendarServer/trunk/bin/_build.sh 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/bin/_build.sh 2015-10-23 19:37:48 UTC (rev 15217)
@@ -92,7 +92,6 @@
conditional_set do_get "true";
conditional_set do_setup "true";
conditional_set force_setup "false";
- conditional_set requirements "${wd}/requirements-dev.txt"
conditional_set virtualenv_opts "";
dev_home="${wd}/.develop";
@@ -159,6 +158,19 @@
else
hash () { echo "INTERNAL ERROR: No hash function."; exit 1; }
fi;
+
+ default_requirements="${wd}/requirements-default.txt";
+ use_openssl="true"
+ if [ -z "${USE_OPENSSL-}" ]; then
+ case "$(uname -s)" in
+ Darwin)
+ default_requirements="${wd}/requirements-osx.txt";
+ use_openssl="false"
+ ;;
+ esac;
+ fi;
+ conditional_set requirements "${default_requirements}"
+
}
@@ -475,27 +487,29 @@
# The OpenSSL version number is special. Our strategy is to get the integer
# value of OPENSSL_VERSION_NUBMER for use in inequality comparison.
- ruler;
+ if [ ${use_openssl} == "true" ]; then
+ ruler;
- local min_ssl_version="9470463"; # OpenSSL 0.9.8zf
+ local min_ssl_version="9470463"; # OpenSSL 0.9.8zf
- local ssl_version="$(c_macro openssl/ssl.h OPENSSL_VERSION_NUMBER)";
- if [ -z "${ssl_version}" ]; then ssl_version="0x0"; fi;
- ssl_version="$("${bootstrap_python}" -c "print ${ssl_version}")";
+ local ssl_version="$(c_macro openssl/ssl.h OPENSSL_VERSION_NUMBER)";
+ if [ -z "${ssl_version}" ]; then ssl_version="0x0"; fi;
+ ssl_version="$("${bootstrap_python}" -c "print ${ssl_version}")";
- if [ "${ssl_version}" -ge "${min_ssl_version}" ]; then
- using_system "OpenSSL";
- else
- local v="0.9.8zf";
- local n="openssl";
- local p="${n}-${v}";
+ if [ "${ssl_version}" -ge "${min_ssl_version}" ]; then
+ using_system "OpenSSL";
+ else
+ local v="0.9.8zf";
+ local n="openssl";
+ local p="${n}-${v}";
- # use 'config' instead of 'configure'; 'make' instead of 'jmake'.
- # also pass 'shared' to config to build shared libs.
- c_dependency -c "config" -m "c69a4a679233f7df189e1ad6659511ec" \
- -p "make depend" -b "make" \
- "openssl" "${p}" \
- "http://www.openssl.org/source/${p}.tar.gz" "shared";
+ # use 'config' instead of 'configure'; 'make' instead of 'jmake'.
+ # also pass 'shared' to config to build shared libs.
+ c_dependency -c "config" -m "c69a4a679233f7df189e1ad6659511ec" \
+ -p "make depend" -b "make" \
+ "openssl" "${p}" \
+ "http://www.openssl.org/source/${p}.tar.gz" "shared";
+ fi;
fi;
@@ -689,7 +703,14 @@
fi;
done;
+ ruler "Patching Python requirements";
echo "";
+ if [ ! -e "${dev_patches}/Twisted" ]; then
+ apply_patches "Twisted" "${py_virtualenv}/lib/python2.7/site-packages"
+ touch "${dev_patches}/Twisted";
+ fi;
+
+ echo "";
}
Modified: CalendarServer/trunk/calendarserver/push/applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/applepush.py 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/calendarserver/push/applepush.py 2015-10-23 19:37:48 UTC (rev 15217)
@@ -124,6 +124,7 @@
settings[protocol]["PrivateKeyPath"],
chainPath=settings[protocol]["AuthorityChainPath"],
passphrase=settings[protocol]["Passphrase"],
+ keychainIdentity=settings[protocol]["KeychainIdentity"],
staggerNotifications=settings["EnableStaggering"],
staggerSeconds=settings["StaggerSeconds"],
testConnector=providerTestConnector,
@@ -144,6 +145,7 @@
settings[protocol]["PrivateKeyPath"],
chainPath=settings[protocol]["AuthorityChainPath"],
passphrase=settings[protocol]["Passphrase"],
+ keychainIdentity=settings[protocol]["KeychainIdentity"],
testConnector=feedbackTestConnector,
reactor=reactor,
)
@@ -511,7 +513,7 @@
def __init__(
self, host, port, certPath, keyPath, chainPath="",
- passphrase="", sslMethod="TLSv1_METHOD", testConnector=None,
+ passphrase="", keychainIdentity="", sslMethod="TLSv1_METHOD", testConnector=None,
reactor=None
):
@@ -521,6 +523,7 @@
self.keyPath = keyPath
self.chainPath = chainPath
self.passphrase = passphrase
+ self.keychainIdentity = keychainIdentity
self.sslMethod = sslMethod
self.testConnector = testConnector
@@ -543,6 +546,7 @@
self.certPath,
certificateChainFile=self.chainPath,
passwdCallback=passwdCallback,
+ keychainIdentity=self.keychainIdentity,
sslmethod=getattr(OpenSSL.SSL, self.sslMethod)
)
connect(GAIEndpoint(self.reactor, self.host, self.port, context),
@@ -554,14 +558,15 @@
def __init__(
self, store, host, port, certPath, keyPath, chainPath="",
- passphrase="", sslMethod="TLSv1_METHOD",
+ passphrase="", keychainIdentity="", sslMethod="TLSv1_METHOD",
staggerNotifications=False, staggerSeconds=3,
testConnector=None, reactor=None
):
APNConnectionService.__init__(
self, host, port, certPath, keyPath,
- chainPath=chainPath, passphrase=passphrase, sslMethod=sslMethod,
+ chainPath=chainPath, passphrase=passphrase,
+ keychainIdentity=keychainIdentity, sslMethod=sslMethod,
testConnector=testConnector, reactor=reactor)
self.store = store
@@ -775,13 +780,15 @@
def __init__(
self, store, updateSeconds, host, port,
- certPath, keyPath, chainPath="", passphrase="", sslMethod="TLSv1_METHOD",
+ certPath, keyPath, chainPath="",
+ passphrase="", keychainIdentity="", sslMethod="TLSv1_METHOD",
testConnector=None, reactor=None
):
APNConnectionService.__init__(
self, host, port, certPath, keyPath,
- chainPath=chainPath, passphrase=passphrase, sslMethod=sslMethod,
+ chainPath=chainPath, passphrase=passphrase,
+ keychainIdentity=keychainIdentity, sslMethod=sslMethod,
testConnector=testConnector, reactor=reactor)
self.store = store
Modified: CalendarServer/trunk/calendarserver/push/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/util.py 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/calendarserver/push/util.py 2015-10-23 19:37:48 UTC (rev 15217)
@@ -41,7 +41,34 @@
@return: C{str} topic, or empty string if value is not found
"""
certData = open(certPath).read()
- x509 = crypto.load_certificate(crypto.FILETYPE_PEM, certData)
+ return getAPNTopicFromX509(crypto.load_certificate(crypto.FILETYPE_PEM, certData))
+
+
+
+def getAPNTopicFromIdentity(identity):
+ """
+ Given a keychain identity certificate, extract the UID value portion of the
+ subject, which in this context is used for the associated APN topic.
+
+ @param identity: keychain identity to lookup
+ @type identity: C{str}
+
+ @return: C{str} topic, or empty string if value is not found
+ """
+ return getAPNTopicFromX509(crypto.load_certificate(None, identity))
+
+
+
+def getAPNTopicFromX509(x509):
+ """
+ Given an L{X509} certificate, extract the UID value portion of the
+ subject, which in this context is used for the associated APN topic.
+
+ @param x509: the certificate
+ @type x509: L{X509}
+
+ @return: C{str} topic, or empty string if value is not found
+ """
subject = x509.get_subject()
components = subject.get_components()
for name, value in components:
Modified: CalendarServer/trunk/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/caldav.py 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py 2015-10-23 19:37:48 UTC (rev 15217)
@@ -835,6 +835,7 @@
config.SSLCertificate,
certificateChainFile=config.SSLAuthorityChain,
passwdCallback=getSSLPassphrase,
+ keychainIdentity=config.SSLKeychainIdentity,
sslmethod=getattr(OpenSSL.SSL, config.SSLMethod),
ciphers=config.SSLCiphers.strip(),
verifyClient=config.Authentication.ClientCertificate.Enabled,
Modified: CalendarServer/trunk/calendarserver/tap/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/util.py 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2015-10-23 19:37:48 UTC (rev 15217)
@@ -33,7 +33,7 @@
from calendarserver.provision.root import RootResource
from calendarserver.push.applepush import APNSubscriptionResource
from calendarserver.push.notifier import NotifierFactory
-from calendarserver.push.util import getAPNTopicFromCertificate
+from calendarserver.push.util import getAPNTopicFromCertificate, getAPNTopicFromIdentity
from calendarserver.tools import diagnose
from calendarserver.tools.util import checkDirectory
from calendarserver.webadmin.landing import WebAdminLandingResource
@@ -1301,7 +1301,18 @@
and that it's valid.
"""
- if config.SSLCertificate:
+ if hasattr(OpenSSL, "__SecureTransport__"):
+ if config.SSLKeychainIdentity:
+ # Fall through to see if we can load the identity from the keychain
+ certificate_title = "Keychain: {}".format(config.SSLKeychainIdentity)
+ else:
+ message = (
+ "No Keychain Identity was set for TLS"
+ )
+ postAlert("MissingKeychainIdentityAlert", [])
+ return False, message
+
+ elif config.SSLCertificate:
if not os.path.exists(config.SSLCertificate):
message = (
"The configured TLS certificate ({cert}) is missing".format(
@@ -1310,34 +1321,44 @@
)
postAlert("MissingCertificateAlert", ["path", config.SSLCertificate])
return False, message
+
+ length = os.stat(config.SSLCertificate).st_size
+ if length == 0:
+ message = (
+ "The configured TLS certificate ({cert}) is empty".format(
+ cert=config.SSLCertificate
+ )
+ )
+ return False, message
+ certificate_title = config.SSLCertificate
else:
return True, "TLS disabled"
- length = os.stat(config.SSLCertificate).st_size
- if length == 0:
- message = (
- "The configured TLS certificate ({cert}) is empty".format(
- cert=config.SSLCertificate
- )
- )
- return False, message
-
try:
ChainingOpenSSLContextFactory(
config.SSLPrivateKey,
config.SSLCertificate,
certificateChainFile=config.SSLAuthorityChain,
passwdCallback=getSSLPassphrase,
+ keychainIdentity=config.SSLKeychainIdentity,
sslmethod=getattr(OpenSSL.SSL, config.SSLMethod),
ciphers=config.SSLCiphers.strip()
)
except Exception as e:
- message = (
- "The configured TLS certificate ({cert}) cannot be used: {reason}".format(
- cert=config.SSLCertificate,
- reason=str(e)
+ if hasattr(OpenSSL, "__SecureTransport__"):
+ message = (
+ "The configured TLS Keychain Identity ({cert}) cannot be used: {reason}".format(
+ cert=certificate_title,
+ reason=str(e)
+ )
)
- )
+ else:
+ message = (
+ "The configured TLS certificate ({cert}) cannot be used: {reason}".format(
+ cert=certificate_title,
+ reason=str(e)
+ )
+ )
return False, message
return True, "TLS enabled"
@@ -1358,39 +1379,62 @@
protoConfig = config.Notifications.Services.APNS[protocol]
# Verify the cert exists
- if not os.path.exists(protoConfig.CertificatePath):
- message = (
- "The {proto} APNS certificate ({cert}) is missing".format(
- proto=protocol,
- cert=protoConfig.CertificatePath
+ if hasattr(OpenSSL, "__SecureTransport__"):
+ if protoConfig.KeychainIdentity:
+ # Verify we can extract the topic
+ if not protoConfig.Topic:
+ topic = getAPNTopicFromIdentity(protoConfig.KeychainIdentity)
+ protoConfig.Topic = topic
+ if not protoConfig.Topic:
+ postAlert("PushNotificationKeychainIdentityAlert", [])
+ message = "Cannot extract APN topic"
+ return False, message
+
+ # Fall through to see if we can load the identity from the keychain
+ certificate_title = "Keychain: {}".format(protoConfig.KeychainIdentity)
+ else:
+ message = (
+ "No {proto} APNS Keychain Identity was set".format(
+ proto=protocol,
+ )
)
- )
- postAlert("PushNotificationCertificateAlert", [])
- return False, message
+ postAlert("MissingKeychainIdentityAlert", [])
+ return False, message
- # Verify we can extract the topic
- if not protoConfig.Topic:
- topic = getAPNTopicFromCertificate(protoConfig.CertificatePath)
- protoConfig.Topic = topic
- if not protoConfig.Topic:
- postAlert("PushNotificationCertificateAlert", [])
- message = "Cannot extract APN topic"
- return False, message
+ else:
+ if not os.path.exists(protoConfig.CertificatePath):
+ message = (
+ "The {proto} APNS certificate ({cert}) is missing".format(
+ proto=protocol,
+ cert=protoConfig.CertificatePath
+ )
+ )
+ postAlert("PushNotificationCertificateAlert", [])
+ return False, message
- # Verify we can acquire the passphrase
- if not protoConfig.Passphrase:
- try:
- passphrase = getPasswordFromKeychain(accountName)
- protoConfig.Passphrase = passphrase
- except KeychainAccessError:
- # The system doesn't support keychain
- pass
- except KeychainPasswordNotFound:
- # The password doesn't exist in the keychain.
+ # Verify we can extract the topic
+ if not protoConfig.Topic:
+ topic = getAPNTopicFromCertificate(protoConfig.CertificatePath)
+ protoConfig.Topic = topic
+ if not protoConfig.Topic:
postAlert("PushNotificationCertificateAlert", [])
- message = "Cannot retrieve APN passphrase from keychain"
+ message = "Cannot extract APN topic"
return False, message
+ # Verify we can acquire the passphrase
+ if not protoConfig.Passphrase:
+ try:
+ passphrase = getPasswordFromKeychain(accountName)
+ protoConfig.Passphrase = passphrase
+ except KeychainAccessError:
+ # The system doesn't support keychain
+ pass
+ except KeychainPasswordNotFound:
+ # The password doesn't exist in the keychain.
+ postAlert("PushNotificationCertificateAlert", [])
+ message = "Cannot retrieve APN passphrase from keychain"
+ return False, message
+
# Let OpenSSL try to use the cert
try:
if protoConfig.Passphrase:
@@ -1403,16 +1447,26 @@
protoConfig.CertificatePath,
certificateChainFile=protoConfig.AuthorityChainPath,
passwdCallback=passwdCallback,
+ keychainIdentity=protoConfig.KeychainIdentity,
sslmethod=getattr(OpenSSL.SSL, "TLSv1_METHOD"),
)
except Exception as e:
- message = (
- "The {proto} APNS certificate ({cert}) cannot be used: {reason}".format(
- proto=protocol,
- cert=protoConfig.CertificatePath,
- reason=str(e)
+ if hasattr(OpenSSL, "__SecureTransport__"):
+ message = (
+ "The {proto} APNS Keychain Identity ({cert}) cannot be used: {reason}".format(
+ proto=protocol,
+ cert=certificate_title,
+ reason=str(e)
+ )
)
- )
+ else:
+ message = (
+ "The {proto} APNS certificate ({cert}) cannot be used: {reason}".format(
+ proto=protocol,
+ cert=certificate_title,
+ reason=str(e)
+ )
+ )
postAlert("PushNotificationCertificateAlert", [])
return False, message
Modified: CalendarServer/trunk/conf/caldavd-apple.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-apple.plist 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/conf/caldavd-apple.plist 2015-10-23 19:37:48 UTC (rev 15217)
@@ -353,19 +353,11 @@
SSL/TLS
-->
- <!-- Public key -->
- <key>SSLCertificate</key>
+ <!-- Keychain identity to use instead of cert files -->
+ <key>SSLKeychainIdentity</key>
<string></string>
- <!-- SSL authority chain (for intermediate certs) -->
- <key>SSLAuthorityChain</key>
- <string></string>
- <!-- Private key -->
- <key>SSLPrivateKey</key>
- <string></string>
-
-
<!--
Process management
-->
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2015-10-23 19:37:48 UTC (rev 15217)
@@ -573,7 +573,11 @@
<key>SSLPrivateKey</key>
<string>twistedcaldav/test/data/server.pem</string>
+ <!-- Keychain identity to use instead of cert files -->
+ <key>SSLKeychainIdentity</key>
+ <string>org.calendarserver.test</string>
+
<!--
Process management
-->
Modified: CalendarServer/trunk/conf/localservers-test.xml
===================================================================
--- CalendarServer/trunk/conf/localservers-test.xml 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/conf/localservers-test.xml 2015-10-23 19:37:48 UTC (rev 15217)
@@ -21,7 +21,7 @@
<servers>
<server>
<id>A</id>
- <uri>http://localhost:8008</uri>
+ <uri>https://localhost:8443</uri>
<allowed-from>127.0.0.1</allowed-from>
<allowed-from>::1</allowed-from>
<allowed-from>::ffff:127.0.0.1</allowed-from>
@@ -29,7 +29,7 @@
</server>
<server>
<id>B</id>
- <uri>http://localhost:8108</uri>
+ <uri>https://localhost:8543</uri>
<allowed-from>127.0.0.1</allowed-from>
<allowed-from>::1</allowed-from>
<allowed-from>::ffff:127.0.0.1</allowed-from>
Added: CalendarServer/trunk/lib-patches/Twisted/securetransport.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/securetransport.patch (rev 0)
+++ CalendarServer/trunk/lib-patches/Twisted/securetransport.patch 2015-10-23 19:37:48 UTC (rev 15217)
@@ -0,0 +1,31 @@
+Index: twisted/internet/_sslverify.py
+===================================================================
+--- twisted/internet/_sslverify.py (revision 45115)
++++ twisted/internet/_sslverify.py (working copy)
+@@ -162,7 +162,9 @@
+
+ major, minor = list(int(part) for part in lib.__version__.split("."))[:2]
+
+- if (major, minor) >= (0, 12):
++ if hasattr(lib, "__SecureTransport__"):
++ pass
++ elif (major, minor) >= (0, 12):
+ try:
+ from service_identity import VerificationError
+ from service_identity.pyopenssl import verify_hostname
+
+Index: twisted/protocols/tls.py
+===================================================================
+--- twisted/protocols/tls.py (revision 45115)
++++ twisted/protocols/tls.py (working copy)
+@@ -660,7 +660,9 @@
+ @rtype: L{OpenSSL.SSL.Connection}
+ """
+ context = self._oldStyleContextFactory.getContext()
+- return Connection(context, None)
++ connection = Connection(context, None)
++ connection.set_app_data(protocol)
++ return connection
+
+
+ def serverConnectionForTLS(self, protocol):
Added: CalendarServer/trunk/requirements-cs.txt
===================================================================
--- CalendarServer/trunk/requirements-cs.txt (rev 0)
+++ CalendarServer/trunk/requirements-cs.txt 2015-10-23 19:37:48 UTC (rev 15217)
@@ -0,0 +1,39 @@
+##
+# Main CalendarServer dependency (does not include Twisted)
+##
+
+--editable . # calendarserver
+
+ zope.interface==4.1.2
+
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/twext/trunk@15216#egg=twextpy
+ #cffi==1.3.0
+ # pycparser==2.13
+ #twisted
+
+ # [LDAP] extra
+ python-ldap==2.4.19
+ #setuptools
+
+ # [DAL] extra
+ sqlparse==0.1.14 # Compat issue in 0.1.15; fix before updating
+
+ # [OpenDirectory] extra
+ #pyobjc-framework-OpenDirectory # Use system module
+
+ # [Postgres] extra
+ pg8000==1.10.2
+
+ # [Oracle] extra
+ #cx_Oracle==5.2 # Needs manual patch
+
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk@15140#egg=kerberos
+
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/PyCalendar/trunk@15020#egg=pycalendar
+ python-dateutil==1.5 # Note: v2.0+ is for Python 3
+ pytz==2015.4
+
+ psutil==2.2.1
+ setproctitle==1.1.8
+ # xattr==0.7.5 # Only needed for upgrades from ancient versions. Added in _cache_deps.
+ #cffi
Added: CalendarServer/trunk/requirements-default.txt
===================================================================
--- CalendarServer/trunk/requirements-default.txt (rev 0)
+++ CalendarServer/trunk/requirements-default.txt 2015-10-23 19:37:48 UTC (rev 15217)
@@ -0,0 +1,7 @@
+##
+# Set of dependencies for non-OS X systems.
+##
+
+--requirement requirements-cs.txt
+--requirement requirements-twisted-default.txt
+--requirement requirements-dev.txt
Modified: CalendarServer/trunk/requirements-dev.txt
===================================================================
--- CalendarServer/trunk/requirements-dev.txt 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/requirements-dev.txt 2015-10-23 19:37:48 UTC (rev 15217)
@@ -1,6 +1,3 @@
-# Get master requirements
---requirement requirements-stable.txt
-
# Additional dependencies for development and testing
pyflakes
docutils
Added: CalendarServer/trunk/requirements-osx.txt
===================================================================
--- CalendarServer/trunk/requirements-osx.txt (rev 0)
+++ CalendarServer/trunk/requirements-osx.txt 2015-10-23 19:37:48 UTC (rev 15217)
@@ -0,0 +1,7 @@
+##
+# Set of dependencies for OS X systems.
+##
+
+--requirement requirements-cs.txt
+--requirement requirements-twisted-osx.txt
+--requirement requirements-dev.txt
Deleted: CalendarServer/trunk/requirements-stable.txt
===================================================================
--- CalendarServer/trunk/requirements-stable.txt 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/requirements-stable.txt 2015-10-23 19:37:48 UTC (rev 15217)
@@ -1,80 +0,0 @@
-##
-#
-# Specify specific versions of our dependencies here.
-#
-##
-#
-# This defines the versions of dependencies that we are developing and
-# testing with.
-#
-# Other versions of dependencies are likely to work in most cases, but
-# here you can see what our automated builds are using, so this
-# combination is known to work.
-#
-##
-#
-# This file should contain every module in the output of:
-# ./bin/dependencies -a
-#
-##
-
---editable . # calendarserver
-
- zope.interface==4.1.2
-
- Twisted==15.2.1
- #zope.interface
-
- # NOTE: Twisted also uses pyOpenSSL, pycrypto and service_identity,
- # but doesn't specify them as dependencies, so that are explicitly
- # added to calendarserver.
- #pyOpenSSL
- service_identity==14.0.0
- characteristic==14.3.0
- pyasn1==0.1.7
- pyasn1-modules==0.0.5
- #pyOpenSSL
- pycrypto==2.6.1
-
- --editable svn+http://svn.calendarserver.org/repository/calendarserver/twext/trunk@15169#egg=twextpy
- cffi==1.1.0
- pycparser==2.13
- #twisted
-
- # [LDAP] extra
- python-ldap==2.4.19
- #setuptools
-
- # [DAL] extra
- sqlparse==0.1.14 # Compat issue in 0.1.15; fix before updating
-
- # [OpenDirectory] extra
- #pyobjc-framework-OpenDirectory # Use system module
-
- # [Postgres] extra
- pg8000==1.10.2
-
- # [Oracle] extra
- #cx_Oracle==5.2 # Needs manual patch
-
- pyOpenSSL==0.14
- cryptography==0.9
- idna
- #pyasn1
- #cffi
- enum34==1.0.4
- ipaddress
- setuptools==17.0
- #six
- six==1.9.0
-
- --editable svn+http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk@15140#egg=kerberos
-
- --editable svn+http://svn.calendarserver.org/repository/calendarserver/PyCalendar/trunk@15020#egg=pycalendar
- python-dateutil==1.5 # Note: v2.0+ is for Python 3
- pytz==2015.4
-
- psutil==2.2.1
- setproctitle==1.1.8
- # xattr==0.7.5 # Only needed for upgrades from ancient versions. Added in _cache_deps.
- #cffi
Added: CalendarServer/trunk/requirements-twisted-default.txt
===================================================================
--- CalendarServer/trunk/requirements-twisted-default.txt (rev 0)
+++ CalendarServer/trunk/requirements-twisted-default.txt 2015-10-23 19:37:48 UTC (rev 15217)
@@ -0,0 +1,29 @@
+##
+# Twisted dependency for non-OS X systems (uses pyOpenSSL).
+##
+
+
+Twisted==15.2.1
+ #zope.interface
+
+ # NOTE: Twisted also uses pyOpenSSL, pycrypto and service_identity,
+ # but doesn't specify them as dependencies, so that are explicitly
+ # added to calendarserver.
+ #pyOpenSSL
+ service_identity==14.0.0
+ characteristic==14.3.0
+ pyasn1==0.1.7
+ pyasn1-modules==0.0.5
+ #pyOpenSSL
+ pycrypto==2.6.1
+
+ pyOpenSSL==0.14
+ cryptography==0.9
+ idna
+ #pyasn1
+ #cffi
+ enum34==1.0.4
+ ipaddress
+ setuptools==17.0
+ #six
+ six==1.9.0
Added: CalendarServer/trunk/requirements-twisted-osx.txt
===================================================================
--- CalendarServer/trunk/requirements-twisted-osx.txt (rev 0)
+++ CalendarServer/trunk/requirements-twisted-osx.txt 2015-10-23 19:37:48 UTC (rev 15217)
@@ -0,0 +1,14 @@
+##
+# Twisted dependency for OS X systems (uses pySecureTransport).
+##
+
+Twisted==15.2.1
+ #zope.interface
+ pycrypto==2.6.1
+
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/OSXFrameworks/trunk@15215#egg=osxframeworks
+ cffi==1.3.0
+ pycparser==2.13
+
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/PySecureTransport/trunk@15213#egg=pysecuretransport
+
Modified: CalendarServer/trunk/setup.py
===================================================================
--- CalendarServer/trunk/setup.py 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/setup.py 2015-10-23 19:37:48 UTC (rev 15217)
@@ -18,13 +18,13 @@
from __future__ import print_function
-import os
from os.path import dirname, basename, abspath, join as joinpath, normpath
-import subprocess
-
-import errno
from setuptools import setup, find_packages as setuptools_find_packages
from xml.etree import ElementTree
+import errno
+import os
+import subprocess
+import sys
base_version = "8.0"
@@ -326,8 +326,6 @@
"twextpy",
# Security frameworks
- "pyOpenSSL>=0.14", # also for Twisted
- "service_identity", # for Twisted
"pycrypto", # for Twisted
"kerberos",
@@ -346,6 +344,17 @@
"setproctitle",
]
+if sys.platform == "darwin":
+ install_requirements.extend([
+ "OSXFrameworks",
+ "pySecureTransport",
+ ])
+else:
+ install_requirements.extend([
+ "pyOpenSSL>=0.14", # also for Twisted
+ "service_identity", # for Twisted
+ ])
+
extras_requirements = {
"LDAP": ["twextpy[LDAP]"],
"OpenDirectory": ["twextpy[OpenDirectory]"],
Modified: CalendarServer/trunk/support/_cache_deps
===================================================================
--- CalendarServer/trunk/support/_cache_deps 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/support/_cache_deps 2015-10-23 19:37:48 UTC (rev 15217)
@@ -28,7 +28,7 @@
export PATH="/Applications/Server.app/Contents/ServerRoot/usr/bin:${PATH}";
-requirements="${wd}/requirements-stable.txt";
+requirements="${wd}/requirements-osx.txt";
extra_features="OpenDirectory,Postgres";
Modified: CalendarServer/trunk/twistedcaldav/client/pool.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/client/pool.py 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/twistedcaldav/client/pool.py 2015-10-23 19:37:48 UTC (rev 15217)
@@ -424,8 +424,9 @@
"""
from twistedcaldav.config import config
return ChainingOpenSSLContextFactory(
- config.SSLPrivateKey, config.SSLCertificate,
- certificateChainFile=config.SSLAuthorityChain,
+ "", "",
+ certificateChainFile="",
+ keychainIdentity="",
sslmethod=getattr(OpenSSL.SSL, config.SSLMethod)
)
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-10-23 19:26:11 UTC (rev 15216)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-10-23 19:37:48 UTC (rev 15217)
@@ -464,11 +464,12 @@
#
# SSL/TLS
#
- "SSLCertificate" : "", # Public key
- "SSLPrivateKey" : "", # Private key
- "SSLAuthorityChain" : "", # Certificate Authority Chain
- "SSLPassPhraseDialog": "/etc/apache2/getsslpassphrase",
- "SSLCertAdmin" : "/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin",
+ "SSLCertificate" : "", # Public key
+ "SSLPrivateKey" : "", # Private key
+ "SSLAuthorityChain" : "", # Certificate Authority Chain
+ "SSLPassPhraseDialog" : "/etc/apache2/getsslpassphrase",
+ "SSLCertAdmin" : "/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin",
+ "SSLKeychainIdentity" : "", # Keychain identity to use in place of cert files
#
# Process management
@@ -843,6 +844,7 @@
"PrivateKeyPath" : "Certificates/apns:com.apple.calendar.key.pem",
"AuthorityChainPath" : "Certificates/apns:com.apple.calendar.chain.pem",
"Passphrase" : "",
+ "KeychainIdentity" : "apns:com.apple.calendar",
"Topic" : "",
},
"CardDAV" : {
@@ -850,6 +852,7 @@
"PrivateKeyPath" : "Certificates/apns:com.apple.contact.key.pem",
"AuthorityChainPath" : "Certificates/apns:com.apple.contact.chain.pem",
"Passphrase" : "",
+ "KeychainIdentity" : "apns:com.apple.contact",
"Topic" : "",
},
},
@@ -1731,9 +1734,10 @@
service[direction].Username,
service[direction].Server
)
- password = getPasswordFromKeychain(account)
- service[direction]["Password"] = password
- log.info("iMIP %s password successfully retreived from keychain" % (direction,))
+ if not service[direction]["Password"]:
+ password = getPasswordFromKeychain(account)
+ service[direction]["Password"] = password
+ log.info("iMIP %s password successfully retrieved from keychain" % (direction,))
except KeychainAccessError:
# The system doesn't support keychain
pass
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20151023/c4c50506/attachment-0001.html>
More information about the calendarserver-changes
mailing list