mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-05 12:26:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

community/ceph18: upgrade to 18.2.1

Browse Source
This commit is contained in:
Duncan Bellamy 2023-11-15 06:46:19 +00:00 committed by omni
parent f13508c1b9
commit fa977464cf
4 changed files with 298 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
community/ceph18/10-isal.patch
View File

@ -231,3 +231,38 @@ diff -Nurp a/src/erasure-code/isa/CMakeLists.txt b/src/erasure-code/isa/CMakeLis
set_target_properties(ec_isa PROPERTIES
INSTALL_RPATH "")
install(TARGETS ec_isa DESTINATION ${erasure_plugin_dir})
diff -Nurp a/src/erasure-code/isa/ErasureCodeIsa.cc b/src/erasure-code/isa/ErasureCodeIsa.cc
--- a/src/erasure-code/isa/ErasureCodeIsa.cc 2023-10-10 11:01:53.784963054 +0000
+++ b/src/erasure-code/isa/ErasureCodeIsa.cc 2023-10-10 11:02:22.213371017 +0000
@@ -25,7 +25,7 @@ using namespace ceph;
// -----------------------------------------------------------------------------
extern "C" {
-#include "isa-l/include/erasure_code.h"
+#include "isa-l/erasure_code.h"
}
// -----------------------------------------------------------------------------
#define dout_context g_ceph_context
--- a/src/compressor/zlib/ZlibCompressor.cc
+++ b/src/compressor/zlib/ZlibCompressor.cc
@@ -16,7 +16,7 @@
#include "common/debug.h"
#include "ZlibCompressor.h"
#include "osd/osd_types.h"
-#include "isa-l/include/igzip_lib.h"
+#include "isa-l/igzip_lib.h"
// -----------------------------------------------------------------------------
#include <zlib.h>
--- a/src/compressor/zstd/ZstdCompressor.h
+++ b/src/compressor/zstd/ZstdCompressor.h
@@ -16,7 +16,7 @@
#define CEPH_ZSTDCOMPRESSOR_H
#define ZSTD_STATIC_LINKING_ONLY
-#include "zstd/lib/zstd.h"
+#include "zstd.h"
#include "include/buffer.h"
#include "include/encoding.h"

26
community/ceph18/47-bcrypt.patch Normal file
View File

@ -0,0 +1,26 @@
https://gitlab.alpinelinux.org/alpine/aports/-/issues/15620
diff -Nurp a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py
--- a/src/pybind/mgr/dashboard/services/access_control.py 2024-01-03 00:12:46.140405728 +0000
+++ b/src/pybind/mgr/dashboard/services/access_control.py 2024-01-03 00:14:22.825611708 +0000
@@ -12,7 +12,7 @@ from datetime import datetime, timedelta
from string import ascii_lowercase, ascii_uppercase, digits, punctuation
from typing import List, Optional, Sequence
-import bcrypt
+import bcrypt_ceph as bcrypt
from mgr_module import CLICheckNonemptyFileInput, CLIReadCommand, CLIWriteCommand
from mgr_util import password_hash
diff -Nurp a/src/pybind/mgr/mgr_util.py b/src/pybind/mgr/mgr_util.py
--- a/src/pybind/mgr/mgr_util.py 2024-01-03 00:11:59.903829031 +0000
+++ b/src/pybind/mgr/mgr_util.py 2024-01-03 00:13:56.113278518 +0000
@@ -3,7 +3,7 @@ import os
if 'UNITTEST' in os.environ:
import tests
-import bcrypt
+import bcrypt_ceph as bcrypt
import cephfs
import contextlib
import datetime

225
community/ceph18/47-remove-py-jwt.patch Normal file
View File

@ -0,0 +1,225 @@
https://gitlab.alpinelinux.org/alpine/aports/-/issues/15620
diff --git a/ceph.spec.in b/ceph.spec.in
index 3807f48280e95..9aa2432dcd480 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -414,7 +414,6 @@ BuildRequires: xmlsec1-nss
BuildRequires: xmlsec1-openssl
BuildRequires: xmlsec1-openssl-devel
BuildRequires: python%{python3_pkgversion}-cherrypy
-BuildRequires: python%{python3_pkgversion}-jwt
BuildRequires: python%{python3_pkgversion}-routes
BuildRequires: python%{python3_pkgversion}-scipy
BuildRequires: python%{python3_pkgversion}-werkzeug
@@ -427,7 +426,6 @@ BuildRequires: libxmlsec1-1
BuildRequires: libxmlsec1-nss1
BuildRequires: libxmlsec1-openssl1
BuildRequires: python%{python3_pkgversion}-CherryPy
-BuildRequires: python%{python3_pkgversion}-PyJWT
BuildRequires: python%{python3_pkgversion}-Routes
BuildRequires: python%{python3_pkgversion}-Werkzeug
BuildRequires: python%{python3_pkgversion}-numpy-devel
@@ -629,7 +627,6 @@ Requires: ceph-prometheus-alerts = %{_epoch_prefix}%{version}-%{release}
Requires: python%{python3_pkgversion}-setuptools
%if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
Requires: python%{python3_pkgversion}-cherrypy
-Requires: python%{python3_pkgversion}-jwt
Requires: python%{python3_pkgversion}-routes
Requires: python%{python3_pkgversion}-werkzeug
%if 0%{?weak_deps}
@@ -638,7 +635,6 @@ Recommends: python%{python3_pkgversion}-saml
%endif
%if 0%{?suse_version}
Requires: python%{python3_pkgversion}-CherryPy
-Requires: python%{python3_pkgversion}-PyJWT
Requires: python%{python3_pkgversion}-Routes
Requires: python%{python3_pkgversion}-Werkzeug
Recommends: python%{python3_pkgversion}-python3-saml
diff --git a/debian/control b/debian/control
index 5ae413ce774ab..f1bdec95a2efd 100644
--- a/debian/control
+++ b/debian/control
@@ -91,7 +91,6 @@ Build-Depends: automake,
python3-all-dev,
python3-cherrypy3,
python3-natsort,
- python3-jwt <pkg.ceph.check>,
python3-pecan <pkg.ceph.check>,
python3-bcrypt <pkg.ceph.check>,
tox <pkg.ceph.check>,
diff --git a/src/pybind/mgr/dashboard/constraints.txt b/src/pybind/mgr/dashboard/constraints.txt
index 55f81c92dec06..fd6141048800a 100644
--- a/src/pybind/mgr/dashboard/constraints.txt
+++ b/src/pybind/mgr/dashboard/constraints.txt
@@ -1,6 +1,5 @@
CherryPy~=13.1
more-itertools~=8.14
-PyJWT~=2.0
bcrypt~=3.1
python3-saml~=1.4
requests~=2.26
diff --git a/src/pybind/mgr/dashboard/exceptions.py b/src/pybind/mgr/dashboard/exceptions.py
index 96cbc52335613..d396a38d2c3a2 100644
--- a/src/pybind/mgr/dashboard/exceptions.py
+++ b/src/pybind/mgr/dashboard/exceptions.py
@@ -121,3 +121,15 @@ class GrafanaError(Exception):
class PasswordPolicyException(Exception):
pass
+
+
+class ExpiredSignatureError(Exception):
+ pass
+
+
+class InvalidTokenError(Exception):
+ pass
+
+
+class InvalidAlgorithmError(Exception):
+ pass
diff --git a/src/pybind/mgr/dashboard/requirements.txt b/src/pybind/mgr/dashboard/requirements.txt
index 8003d62a5523f..292971819c9c6 100644
--- a/src/pybind/mgr/dashboard/requirements.txt
+++ b/src/pybind/mgr/dashboard/requirements.txt
@@ -1,7 +1,6 @@
bcrypt
CherryPy
more-itertools
-PyJWT
pyopenssl
requests
Routes
diff --git a/src/pybind/mgr/dashboard/services/auth.py b/src/pybind/mgr/dashboard/services/auth.py
index f13963abffdd4..3c6002312524d 100644
--- a/src/pybind/mgr/dashboard/services/auth.py
+++ b/src/pybind/mgr/dashboard/services/auth.py
@@ -1,17 +1,19 @@
# -*- coding: utf-8 -*-
+import base64
+import hashlib
+import hmac
import json
import logging
import os
import threading
import time
import uuid
-from base64 import b64encode
import cherrypy
-import jwt
from .. import mgr
+from ..exceptions import ExpiredSignatureError, InvalidAlgorithmError, InvalidTokenError
from .access_control import LocalAuthenticator, UserDoesNotExist
cherrypy.config.update({
@@ -33,7 +35,7 @@ class JwtManager(object):
@staticmethod
def _gen_secret():
secret = os.urandom(16)
- return b64encode(secret).decode('utf-8')
+ return base64.b64encode(secret).decode('utf-8')
@classmethod
def init(cls):
@@ -45,6 +47,54 @@ def init(cls):
mgr.set_store('jwt_secret', secret)
cls._secret = secret
+ @classmethod
+ def array_to_base64_string(cls, message):
+ jsonstr = json.dumps(message, sort_keys=True).replace(" ", "")
+ string_bytes = base64.urlsafe_b64encode(bytes(jsonstr, 'UTF-8'))
+ return string_bytes.decode('UTF-8').replace("=", "")
+
+ @classmethod
+ def encode(cls, message, secret):
+ header = {"alg": cls.JWT_ALGORITHM, "typ": "JWT"}
+ base64_header = cls.array_to_base64_string(header)
+ base64_message = cls.array_to_base64_string(message)
+ base64_secret = base64.urlsafe_b64encode(hmac.new(
+ bytes(secret, 'UTF-8'),
+ msg=bytes(base64_header + "." + base64_message, 'UTF-8'),
+ digestmod=hashlib.sha256
+ ).digest()).decode('UTF-8').replace("=", "")
+ return base64_header + "." + base64_message + "." + base64_secret
+
+ @classmethod
+ def decode(cls, message, secret):
+ split_message = message.split(".")
+ base64_header = split_message[0]
+ base64_message = split_message[1]
+ base64_secret = split_message[2]
+
+ decoded_header = json.loads(base64.urlsafe_b64decode(base64_header))
+
+ if decoded_header['alg'] != cls.JWT_ALGORITHM:
+ raise InvalidAlgorithmError()
+
+ incoming_secret = base64.urlsafe_b64encode(hmac.new(
+ bytes(secret, 'UTF-8'),
+ msg=bytes(base64_header + "." + base64_message, 'UTF-8'),
+ digestmod=hashlib.sha256
+ ).digest()).decode('UTF-8').replace("=", "")
+
+ if base64_secret != incoming_secret:
+ raise InvalidTokenError()
+
+ # We add ==== as padding to ignore the requirement to have correct padding in
+ # the urlsafe_b64decode method.
+ decoded_message = json.loads(base64.urlsafe_b64decode(base64_message + "===="))
+ now = int(time.time())
+ if decoded_message['exp'] < now:
+ raise ExpiredSignatureError()
+
+ return decoded_message
+
@classmethod
def gen_token(cls, username):
if not cls._secret:
@@ -59,13 +109,13 @@ def gen_token(cls, username):
'iat': now,
'username': username
}
- return jwt.encode(payload, cls._secret, algorithm=cls.JWT_ALGORITHM) # type: ignore
+ return cls.encode(payload, cls._secret) # type: ignore
@classmethod
def decode_token(cls, token):
if not cls._secret:
cls.init()
- return jwt.decode(token, cls._secret, algorithms=cls.JWT_ALGORITHM) # type: ignore
+ return cls.decode(token, cls._secret) # type: ignore
@classmethod
def get_token_from_header(cls):
@@ -99,8 +149,8 @@ def get_username(cls):
@classmethod
def get_user(cls, token):
try:
- dtoken = JwtManager.decode_token(token)
- if not JwtManager.is_blocklisted(dtoken['jti']):
+ dtoken = cls.decode_token(token)
+ if not cls.is_blocklisted(dtoken['jti']):
user = AuthManager.get_user(dtoken['username'])
if user.last_update <= dtoken['iat']:
return user
@@ -110,10 +160,12 @@ def get_user(cls, token):
)
else:
cls.logger.debug('Token is block-listed') # type: ignore
- except jwt.ExpiredSignatureError:
+ except ExpiredSignatureError:
cls.logger.debug("Token has expired") # type: ignore
- except jwt.InvalidTokenError:
+ except InvalidTokenError:
cls.logger.debug("Failed to decode token") # type: ignore
+ except InvalidAlgorithmError:
+ cls.logger.debug("Only the HS256 algorithm is supported.") # type: ignore
except UserDoesNotExist:
cls.logger.debug( # type: ignore
"Invalid token: user %s does not exist", dtoken['username']

20
community/ceph18/APKBUILD
View File

@ -3,8 +3,8 @@
# Contributor: Duncan Bellamy <dunk@denkimushi.com>
# Maintainer: Duncan Bellamy <dunk@denkimushi.com>
_pkgname=ceph
pkgver=18.2.0
pkgrel=9
pkgver=18.2.1
pkgrel=0
_majorver=${pkgver%%.*}
pkgname=$_pkgname$_majorver
pkgdesc="Ceph is a distributed object store and file system, version $_majorver"
@ -12,7 +12,6 @@ pkgusers="ceph"
pkggroups="ceph"
url="https://ceph.io/en/"
# 32-bit: needs more patching specific to 32bit builds
# riscv64: dashboard build runs out of memory
arch="all !armhf !armv7 !x86"
# https://github.com/ceph/ceph/blob/master/COPYING
license="LGPL-2.1-only AND LGPL-2.0-or-later AND GPL-2.0-only AND GPL-3.0-only AND CC-BY-SA-1.0 AND BSL-1.0 AND GPL-2.0-or-later WITH Autoconf-exception-2.0 AND BSD-3-Clause AND MIT AND custom"
@ -41,9 +40,8 @@ _ceph_test_deps="
xmlstarlet
"
_dashboard_deps="
py3-bcrypt
py3-bcrypt-ceph
py3-cherrypy
py3-jwt
py3-more-itertools
py3-openssl
py3-prettytable
@ -52,7 +50,7 @@ _dashboard_deps="
py3-yaml
"
_mgr_modules_deps="
py3-bcrypt
py3-bcrypt-ceph
py3-cherrypy
py3-dateutil
py3-natsort
@ -153,9 +151,12 @@ source="https://download.ceph.com/tarballs/ceph-$pkgver.tar.gz
21-yarn.patch
35-fix_ErasureCodeShec.patch
46-statx.patch
47-bcrypt.patch
47-remove-py-jwt.patch
boost-1.81.patch
gcc13.patch
ceph-18.2.0-fmt10-fixes.patch
$pkgname-rook-$pkgver.patch::https://github.com/ceph/ceph/pull/54521/commits/1f4a4bd88dbaf7bb621ae3ca6989d36656ae1d4e.patch
"
# to prevent things from installing wrong ceph libs, since they have the same SOMAJOR
sonameprefix="ceph$_majorver:so:"
@ -722,11 +723,11 @@ _default_replace_majorversion() {
}
sha512sums="
fe6a3ca4227cc05b5effc33a02670c466583ec9e4c7c025241248223992254e6e6551d7db486d5ead36bf0ba922d54e0aabc2aaf456d4593679376ec88bd971a ceph-18.2.0.tar.gz
88e1c18bc6c824b6203cf026cca4c9409000e7cf5b2b986e22ab74d2790d8b93d91556bd3af15a320dbdd0cf2302308f0b2c75fd1243bc5a65f76fc6b3d70736 ceph-18.2.1.tar.gz
110bdbcb40216c7ed155a8d23020784741b4992d895f4f04a146d275506e4e68053854d3b063b41e9c9b3e3e4f95b6b90602f92c185c853c0d8f47ad0c6b7121 ceph.confd
ce5f162501f6b67fe254546dddf880d1a5b1d1a0fa69e0b1918de17e8da45c5c6124512b8cbd98b76f29d931403de0d11c5ffd330ed8ee1f4dc75bb04baecae3 ceph.initd
7e22028109cccffe026899ea20b02f8077261d5f6fcd69fe627179712c85820ff7b66992d191f634233d0138513ec064deb759a2422b15b94a69ab2892c2da1b 10-isal_crypto.patch
b50e99c4d92f0e7d9035b716963e9190d0842e71c8990d79dba880f8e86a39610cab9787fded305eec25d1c974540d9d7418a2014bdc1d2736d180d0a5f16ff1 10-isal.patch
c2efcf108708bc1212c4433f41a22b66a92cb44c1500afe233583dfd936ed977b223dfdcfd501b66b16663db507637e4ac6c6d8ef00a3fe57c243a3b3ad9f47c 10-isal.patch
94687578411bf0de1b17555ed81c188c88ea63ac4a25993bd8fde9cf68afbbfbdec7b2d7c54fdcfbd4aed4eb78754e8061c308955596cbe037ff15b575874cc6 10-musl-fixes.patch
211e6f5f8fc962878196ec917984781eb4a8a9495bcc8d1729b34ac66abd2d4a0b7388ae2caee9d5deb664d54860d120a37215924625e82eac9bfca16179667a 11-dump_time_header_impl.patch
253a7bf9fa6a68547f2c9269570be86aa659ef75ab0ed4c9d1a53be70de1ca6079508f19fe5ddb02ed9edda349e121037f8ed4d6b5b0e640edaab863ce6b280d 11-parse_rfc1123_alt.patch
@ -736,7 +737,10 @@ b50e99c4d92f0e7d9035b716963e9190d0842e71c8990d79dba880f8e86a39610cab9787fded305e
b947a8f13e08b1cfaad82906ac04fa875c651cff660e64c43c7ba52eedb2a79fb2dc276f8e3ac9ee7d1264414bcee78640ec0cfc31600394313ddb0c6baf76c8 21-yarn.patch
abb3cab9c01cc3d6d42a9858678059a8c9c43bda2649bf97b489fdc205eb10ae27f9fb7302062e0fb41f5cffddbfc2ae529130569034f373732a0a5d33aba86e 35-fix_ErasureCodeShec.patch
f589c85baca2654e54ebd986ddda70a9b38116332c7c10aa5b75cd8a9c37e8d157baf0ad9ac91e36750046e7554d6831d93cb16d3967b5986155b8f38cff66c5 46-statx.patch
71ffe6f3263b3546bb3d3593981a288ee8136d44f8c1e734ecfae65b71ea3f7c91e6040c337f237fa41269328378c955e93ed13b9d35e0ad8efd785b75d0f595 47-bcrypt.patch
62032b400787ceb63418b20cb305ca97c71ccdbf6169a726b814c063fa816ac6945fd29d13eb8eec74152663b949b832f0dbd7cf7f869893b2e270661e8affa1 47-remove-py-jwt.patch
ad71fda050df8658d653f9131855c28ff889395dfcc70a3124575c8b063c8e84eca7eb390232b6ee5a05238c4f953c5b55af7e961b1a99360696097a702686cd boost-1.81.patch
afef1cc7e43f500d95d2ffd1687cfcb756e9d8dec729186a25d513d4401b38f00edac922562a161575b1da1a65ded3e99d01cf34f9bc329f6d08cf2b896acd0c gcc13.patch
869b61692b3c7854dc205dab8ee0d361b8b26eef6fe7d703f58575e31ba4839736d55c95bd55327ac98c5d6da46709c1e0991f5586483bd835251e017a322055 ceph-18.2.0-fmt10-fixes.patch
fcd138a08e669dc9e79ad6a1eb0f79679744a76e0a5fc26114b0093f3438355c23b088d432e6aa13131aee2db807278450fe198603d94d7af8e252da82fcc3b4 ceph18-rook-18.2.1.patch
"