From 6d0a0bbdffa0fde376fa13a731644dd010132a9e Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Mon, 19 Sep 2022 17:57:06 -0400 Subject: kuksa-viss-client: add Python 3.10 support patch Add backported patch from upstream to support latest Python 3.10.x in the kuksa-viss-client recipe, replacing my previous local change which no longer seems sufficient with 3.10.4. Bug-AGL: SPEC-4566 Signed-off-by: Scott Murray Change-Id: Ibeddb507b620d6700f807c92f77d7ee392e6014a --- ...-kuksa-viss-client-to-support-Python-3.10.patch | 57 ++++++++++++++++++++++ ...uksa_viss_client-fix-SSL-context-creation.patch | 36 -------------- 2 files changed, 57 insertions(+), 36 deletions(-) create mode 100644 recipes-connectivity/kuksa-val/kuksa-viss-client/0001-Update-kuksa-viss-client-to-support-Python-3.10.patch delete mode 100644 recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch (limited to 'recipes-connectivity/kuksa-val/kuksa-viss-client') diff --git a/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-Update-kuksa-viss-client-to-support-Python-3.10.patch b/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-Update-kuksa-viss-client-to-support-Python-3.10.patch new file mode 100644 index 000000000..f1813e586 --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-Update-kuksa-viss-client-to-support-Python-3.10.patch @@ -0,0 +1,57 @@ +From 9c0d93ef3b7266037a1c8fe7e49790f9119dae28 Mon Sep 17 00:00:00 2001 +From: Erik Jaegervall +Date: Wed, 31 Aug 2022 14:41:07 +0200 +Subject: [PATCH] Update kuksa-viss-client to support Python 3.10 + +SSH checks in Python 3.10 are stricter. +Using current version with Python 3.10 gives the following error: + +Disconnected!! Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:801) + +Changing to default context (i.e. implictly Purpose.SERVER_AUTH) +Also ignoring hostname check as certificate does not include correct hostname +Updating Docker build to use Python 3.10 + +Signed-off-by: Erik Jaegervall + +Upstream-Status: Backport [https://github.com/eclipse/kuksa.val/commit/9c0d93ef3b7266037a1c8fe7e49790f9119dae28] +Signed-off-by: Scott Murray +--- + kuksa_viss_client/Dockerfile | 2 +- + kuksa_viss_client/__init__.py | 5 ++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/kuksa_viss_client/Dockerfile b/kuksa_viss_client/Dockerfile +index ae62e50..bf0f49e 100644 +--- a/kuksa_viss_client/Dockerfile ++++ b/kuksa_viss_client/Dockerfile +@@ -18,7 +18,7 @@ RUN python -m build + RUN mkdir /kuksa_viss_client + RUN pip install --target /kuksa_viss_client --no-cache-dir dist/*.whl + +-FROM python:3.8-alpine ++FROM python:3.10-alpine + + COPY --from=build /kuksa_viss_client /kuksa_viss_client + ENV PYTHONUNBUFFERED=yes +diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py +index 69cc996..ab29fb9 100644 +--- a/kuksa_viss_client/__init__.py ++++ b/kuksa_viss_client/__init__.py +@@ -227,9 +227,12 @@ class KuksaClientThread(threading.Thread): + + async def mainLoop(self): + if not self.insecure: +- context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ++ context = ssl.create_default_context() + context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile) + context.load_verify_locations(cafile=self.cacertificate) ++ # Certificates in ../kuksa_certificates does not contain the IP address used for ++ # connection to server so hostname check must be disabled ++ context.check_hostname = False + try: + print("connect to wss://"+self.serverIP+":"+str(self.serverPort)) + async with websockets.connect("wss://"+self.serverIP+":"+str(self.serverPort), ssl=context) as ws: +-- +2.34.1 + diff --git a/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch b/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch deleted file mode 100644 index 5617eee9d..000000000 --- a/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ad534490eb71b16dfe53a6fced6267f0ea58b939 Mon Sep 17 00:00:00 2001 -From: Scott Murray -Date: Mon, 11 Jul 2022 16:04:11 -0400 -Subject: [PATCH] kuksa_viss_client: fix SSL context creation - -With the newer Python and OpenSSL in Yocto kirkstone, specifying -ssl.Purpose.CLIENT_AUTH when creating the SSL context for the -connection results in the error: - - Cannot create a client socket with a PROTOCOL_TLS_SERVER context - -when trying to connect to a server with the client library. The fix -is to instead use ssl.Purpose.SERVER_AUTH, since the context will be -used by the client to validate the server certificate. - -Signed-off-by: Scott Murray ---- - kuksa_viss_client/__init__.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py -index 69cc996..df7a540 100644 ---- a/kuksa_viss_client/__init__.py -+++ b/kuksa_viss_client/__init__.py -@@ -227,7 +227,7 @@ class KuksaClientThread(threading.Thread): - - async def mainLoop(self): - if not self.insecure: -- context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) -+ context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) - context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile) - context.load_verify_locations(cafile=self.cacertificate) - try: --- -2.35.3 - -- cgit 1.2.3-korg