File 0001-Adjust-Python-2.6-OSerror-on-EPIPE-workaround.patch of Package python-keystoneclient
From 69ca1cd48336d36fe2992f1c261baef73d1d4db6 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dirk@dmllr.de>
Date: Fri, 30 May 2014 15:06:10 +0200
Subject: [PATCH] Adjust Python 2.6 OSerror-on-EPIPE workaround
Adjust the code to raise exceptions.CertificateConfigError
when the certificates are still missing even in the Python
2.6 subprocess bug-workaround case.
Change-Id: I9fdfa830e6f9bc9e8eab496da2597e4118577ec5
Closes-Bug: #1324921
---
keystoneclient/common/cms.py | 17 ++++++++++++++---
keystoneclient/tests/test_cms.py | 7 +++----
2 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
index 7438659..85fa307 100644
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -65,6 +65,7 @@ def set_subprocess(_subprocess=None):
def _check_files_accessible(files):
err = None
+ retcode = -1
try:
for try_file in files:
with open(try_file, 'r'):
@@ -74,8 +75,19 @@ def _check_files_accessible(files):
# the given file.
err = ('Hit OSError in _process_communicate_handle_oserror()\n'
'Likely due to %s: %s') % (try_file, e.strerror)
+ # Emulate openssl behavior, which returns with code 2 when
+ # access to a file failed:
- return err
+ # You can get more from
+ # http://www.openssl.org/docs/apps/cms.html#EXIT_CODES
+ #
+ # $ openssl cms -verify -certfile not_exist_file -CAfile \
+ # not_exist_file -inform PEM -nosmimecap -nodetach \
+ # -nocerts -noattr
+ # Error opening certificate file not_exist_file
+ retcode = 2
+
+ return retcode, err
def _process_communicate_handle_oserror(process, data, files):
@@ -91,12 +103,11 @@ def _process_communicate_handle_oserror(process, data, files):
# The quick exit is typically caused by the openssl command not being
# able to read an input file, so check ourselves if can't read a file.
- err = _check_files_accessible(files)
+ retcode, err = _check_files_accessible(files)
if process.stderr:
msg = process.stderr.read()
err = err + msg.decode('utf-8')
output = ''
- retcode = -1
else:
retcode = process.poll()
if err is not None:
diff --git a/keystoneclient/tests/test_cms.py b/keystoneclient/tests/test_cms.py
index 43eba2b..8cef987 100644
--- a/keystoneclient/tests/test_cms.py
+++ b/keystoneclient/tests/test_cms.py
@@ -10,6 +10,7 @@
# License for the specific language governing permissions and limitations
# under the License.
+import errno
import os
import subprocess
@@ -77,8 +78,6 @@ class CMSTest(utils.TestCase, testresources.ResourcedTestCase):
'/no/such/file', '/no/such/key')
def test_cms_verify_token_no_oserror(self):
- import errno
-
def raise_OSError(*args):
e = OSError()
e.errno = errno.EPIPE
@@ -87,11 +86,11 @@ class CMSTest(utils.TestCase, testresources.ResourcedTestCase):
with mock.patch('subprocess.Popen.communicate', new=raise_OSError):
try:
cms.cms_verify("x", '/no/such/file', '/no/such/key')
- except subprocess.CalledProcessError as e:
+ except exceptions.CertificateConfigError as e:
self.assertIn('/no/such/file', e.output)
self.assertIn('Hit OSError ', e.output)
else:
- self.fail('Expected subprocess.CalledProcessError')
+ self.fail('Expected exceptions.CertificateConfigError')
def test_cms_verify_token_scoped(self):
cms_content = cms.token_to_cms(self.examples.SIGNED_TOKEN_SCOPED)
--
1.9.0
