;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Cyril Roelandt ;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2016, 2017, 2019, 2021 Clément Lassieur ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2018, 2022 Marius Bakke ;;; Copyright © 2020, 2021 Ricardo Wurmus ;;; Copyright © 2020 Maxim Cournoyer ;;; Copyright © 2022 Tanguy Le Carrour ;;; Copyright © 2022 Hartmut Goebel ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more detai
aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
blob: cce70b880f553b0591d0714f23949366f8ac9980 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244

From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001
From: Hilton Chain <hako@ultrarare.space>
Date: Sat, 12 Nov 2022 22:45:24 +0800
Subject: [PATCH] Replace fwdb downloader with a local file option.

Also warn about non-free software.
---
 spectre-meltdown-checker.sh | 180 +++---------------------------------
 1 file changed, 15 insertions(+), 165 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 30f760c..ce46970 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -22,8 +22,6 @@ exit_cleanup()
 	[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
 	[ -n "${kerneltmp:-}"     ] && [ -f "$kerneltmp"     ] && rm -f "$kerneltmp"
 	[ -n "${kerneltmp2:-}"    ] && [ -f "$kerneltmp2"    ] && rm -f "$kerneltmp2"
-	[ -n "${mcedb_tmp:-}"     ] && [ -f "$mcedb_tmp"     ] && rm -f "$mcedb_tmp"
-	[ -n "${intel_tmp:-}"     ] && [ -d "$intel_tmp"     ] && rm -rf "$intel_tmp"
 	[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
 	[ "${mounted_procfs:-}"  = 1 ] && umount "$procfs" 2>/dev/null
 	[ "${insmod_cpuid:-}"    = 1 ] && rmmod cpuid 2>/dev/null
@@ -93,9 +91,9 @@ show_usage()
 		--vmm [auto,yes,no]	override the detection of the presence of a hypervisor, default: auto
 		--allow-msr-write	allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
 		--cpu [#,all]		interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
-		--update-fwdb		update our local copy of the CPU microcodes versions database (using the awesome
-					MCExtractor project and the Intel firmwares GitHub repository)
-		--update-builtin-fwdb	same as --update-fwdb but update builtin DB inside the script itself
+		--with-fwdb FILE	read CPU microcode version information from FILE
+		                        Note that most CPU microcode is distributed as binaries without source -- relying on
+		                        such non-free firmware as sole protection against security vulnerabilities is ill-advised.
 		--dump-mock-data	used to mimick a CPU on an other system, mainly used to help debugging this script
 
 	Return codes:
@@ -837,147 +833,6 @@ show_header()
 	_info
 }
 
-[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
-mcedb_cache="$HOME/.mcedb"
-update_fwdb()
-{
-	show_header
-
-	set -e
-
-	if [ -r "$mcedb_cache" ]; then
-		previous_dbversion=$(awk '/^# %%% MCEDB / { print $4 }' "$mcedb_cache")
-	fi
-
-	# first, download the MCE.db from the excellent platomav's MCExtractor project
-	mcedb_tmp="$(mktemp -t smc-mcedb-XXXXXX)"
-	mcedb_url='https://github.com/platomav/MCExtractor/raw/master/MCE.db'
-	_info_nol "Fetching MCE.db from the MCExtractor project... "
-	if command -v wget >/dev/null 2>&1; then
-		wget -q "$mcedb_url" -O "$mcedb_tmp"; ret=$?
-	elif command -v curl >/dev/null 2>&1; then
-		curl -sL "$mcedb_url" -o "$mcedb_tmp"; ret=$?
-	elif command -v fetch >/dev/null 2>&1; then
-		fetch -q "$mcedb_url" -o "$mcedb_tmp"; ret=$?
-	else
-		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
-		return 1
-	fi
-	if [ "$ret" != 0 ]; then
-		echo ERROR "error $ret while downloading MCE.db"
-		return $ret
-	fi
-	echo DONE
-
-	# second, get the Intel firmwares from GitHub
-	intel_tmp="$(mktemp -d -t smc-intelfw-XXXXXX)"
-	intel_url="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip"
-	_info_nol "Fetching Intel firmwares... "
-	## https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git
-	if command -v wget >/dev/null 2>&1; then
-		wget -q "$intel_url" -O "$intel_tmp/fw.zip"; ret=$?
-	elif command -v curl >/dev/null 2>&1; then
-		curl -sL "$intel_url" -o "$intel_tmp/fw.zip"; ret=$?
-	elif command -v fetch >/dev/null 2>&1; then
-		fetch -q "$intel_url" -o "$intel_tmp/fw.zip"; ret=$?
-	else
-		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
-		return 1
-	fi
-	if [ "$ret" != 0 ]; then
-		echo ERROR "error $ret while downloading Intel firmwares"
-		return $ret
-	fi
-	echo DONE
-
-	# now extract MCEdb contents using sqlite
-	_info_nol "Extracting MCEdb data... "
-	if ! command -v sqlite3 >/dev/null 2>&1; then
-		echo ERROR "please install the \`sqlite3\` program"
-		return 1
-	fi
-	mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
-	if [ -z "$mcedb_revision" ]; then
-		echo ERROR "downloaded file seems invalid"
-		return 1
-	fi
-	sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
-	sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
-
-	echo OK "MCExtractor database revision $mcedb_revision"
-
-	# parse Intel firmwares to get their versions
-	_info_nol "Integrating Intel firmwares data to db... "
-	if ! command -v unzip >/dev/null 2>&1; then
-		echo ERROR "please install the \`unzip\` program"
-		return 1
-	fi
-	( cd "$intel_tmp" && unzip fw.zip >/dev/null; )
-	if ! [ -d "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/intel-ucode" ]; then
-		echo ERROR "expected the 'intel-ucode' folder in the downloaded zip file"
-		return 1
-	fi
-
-	if ! command -v iucode_tool >/dev/null 2>&1; then
-		if ! command -v iucode-tool >/dev/null 2>&1; then
-			echo ERROR "please install the \`iucode-tool\` program"
-			return 1
-		else
-			iucode_tool="iucode-tool"
-		fi
-	else
-		iucode_tool="iucode_tool"
-	fi
-	#  079/001: sig 0x000106c2, pf_mask 0x01, 2009-04-10, rev 0x0217, size 5120
-	#  078/004: sig 0x000106ca, pf_mask 0x10, 2009-08-25, rev 0x0107, size 5120
-	$iucode_tool -l "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/intel-ucode" | grep -wF sig | while read -r _line
-	do
-		_line=$(   echo "$_line" | tr -d ',')
-		_cpuid=$(  echo "$_line" | awk '{print $3}')
-		_cpuid=$(( _cpuid ))
-		_cpuid=$(printf "0x%08X" "$_cpuid")
-		_date=$(   echo "$_line" | awk '{print $6}' | tr -d '-')
-		_version=$(echo "$_line" | awk '{print $8}')
-		_version=$(( _version ))
-		_version=$(printf "0x%08X" "$_version")
-		_sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
-		sqlite3 "$mcedb_tmp" "$_sqlstm"
-	done
-	_intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
-	if [ -n "$_intel_timestamp" ]; then
-		# use this date, it matches the last commit date
-		_intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
-	else
-		echo "Falling back to the latest microcode date"
-		_intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
-	fi
-	echo DONE "(version $_intel_latest_date)"
-
-	dbversion="$mcedb_revision+i$_intel_latest_date"
-
-	if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
-		echo "We already have this version locally, no update needed"
-		return 0
-	fi
-
-	_info_nol "Building local database... "
-	{
-		echo "# Spectre & Meltdown Checker";
-		echo "# %%% MCEDB v$dbversion";
-		sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
-		sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD   AS t1 LEFT OUTER JOIN AMD   AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
-	} > "$mcedb_cache"
-	echo DONE "(version $dbversion)"
-
-	if [ "$1" = builtin ]; then
-		newfile=$(mktemp -t smc-builtin-XXXXXX)
-		awk '/^# %%% MCEDB / { exit }; { print }' "$0" > "$newfile"
-		awk '{ if (NR>1) { print } }' "$mcedb_cache" >> "$newfile"
-		cat "$newfile" > "$0"
-		rm -f "$newfile"
-	fi
-}
-
 parse_opt_file()
 {
 	# parse_opt_file option_name option_value
@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do
 		# deprecated, kept for compatibility
 		opt_explain=0
 		shift
-	elif [ "$1" = "--update-fwdb" ] || [ "$1" = "--update-mcedb" ]; then
-		update_fwdb
-		exit $?
-	elif [ "$1" = "--update-builtin-fwdb" ] || [ "$1" = "--update-builtin-mcedb" ]; then
-		update_fwdb builtin
-		exit $?
+	elif [ "$1" = "--with-fwdb" ] || [ "$1" = "--with-mcedb" ]; then
+	        opt_fwdb=$2
+		if [ -f "$opt_fwdb" ]; then
+		        mcedb_cache=$2
+		else
+		        echo "$0: error: --with-fwdb should be a file, got '$opt_fwdb'" >&2
+		        exit 255
+		fi
+		shift 2
 	elif [ "$1" = "--dump-mock-data" ]; then
 		opt_mock=1
 		shift
@@ -2033,21 +1891,11 @@ is_xen_domU()
 	fi
 }
 
-builtin_dbversion=$(awk '/^# %%% MCEDB / { print $4 }' "$0")
 if [ -r "$mcedb_cache" ]; then
 	# we have a local cache file, but it might be older than the builtin version we have
 	local_dbversion=$(  awk '/^# %%% MCEDB / { print $4 }' "$mcedb_cache")
-	# sort -V sorts by version number
-	older_dbversion=$(printf "%b\n%b" "$local_dbversion" "$builtin_dbversion" | sort -V | head -n1)
-	if [ "$older_dbversion" = "$builtin_dbversion" ]; then
-		mcedb_source="$mcedb_cache"
-		mcedb_info="local firmwares DB $local_dbversion"
-	fi
-fi
-# if mcedb_source is not set, either we don't have a local cached db, or it is older than the builtin db
-if [ -z "${mcedb_source:-}" ]; then
-	mcedb_source="$0"
-	mcedb_info="builtin firmwares DB $builtin_dbversion"
+	mcedb_source="$mcedb_cache"
+	mcedb_info="local firmwares DB $local_dbversion"
 fi
 read_mcedb()
 {
@@ -2063,7 +1911,9 @@ is_latest_known_ucode()
 		return 2
 	fi
 	ucode_latest="latest microcode version for your CPU model is unknown"
-	if is_intel; then
+	if [ -z "$mcedb_source" ]; then
+	        return 2
+	elif is_intel; then
 		cpu_brand_prefix=I
 	elif is_amd; then
 		cpu_brand_prefix=A
-- 
2.38.1
generated by cgit
ion)) (sha256 (base32 "00adkm465xcaxg15pncsmwxhicdj3kx4v1vcabghpmd2m0s75avk")))) (build-system python-build-system) (arguments '(#:phases (modify-phases %standard-phases (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? (invoke "stestr" "run"))))))) (propagated-inputs (list python-dateutil python-debtcollector python-oslo.config python-oslo.context python-oslo.i18n python-oslo.utils python-oslo.serialization python-pyinotify)) (native-inputs (list python-fixtures python-oslotest python-stestr python-testtools python-pbr)) (home-page "https://launchpad.net/oslo") (synopsis "Python logging library of the Oslo project") (description "The oslo.log (logging) configuration library provides standardized configuration for all OpenStack projects. It also provides custom formatters, handlers and support for context specific logging (like resource id’s etc).") (license asl2.0))) (define-public python-oslo.serialization (package (name "python-oslo.serialization") (version "4.2.0") (source (origin (method url-fetch) (uri (pypi-uri "oslo.serialization" version)) (sha256 (base32 "10sdgvyb0d3lcmb8b4l5gs40bkfbai08kvsdwp658dxd2yqf21rh")))) (build-system python-build-system) (arguments '(#:phases (modify-phases %standard-phases (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? (invoke "stestr" "run"))))))) (propagated-inputs (list python-msgpack python-oslo.utils python-pbr python-pytz)) (native-inputs ;; For tests. (list python-netaddr python-oslo.i18n python-oslotest python-stestr)) (home-page "https://launchpad.net/oslo") (synopsis "Oslo serialization library") (description "The oslo.serialization library provides support for representing objects in transmittable and storable formats, such as JSON and MessagePack.") (license asl2.0))) (define-public python-reno (package (name "python-reno") (version "2.7.0") (source (origin (method url-fetch) (uri (pypi-uri "reno" version)) (sha256 (base32 "0gwzi5dvacqx43smxl3rd1z33npn7gfhm50bvgmq90fib2q431wc")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases (add-before 'check 'init-git (lambda _ ;; reno expects a git repo (invoke "git" "init")))))) (propagated-inputs (list python-dulwich python-pbr python-pyyaml python-six)) (native-inputs `(("python-testtools" ,python-testtools) ("python-testscenarios" ,python-testscenarios) ("python-testrepository" ,python-testrepository) ("python-mock" ,python-mock) ("python-docutils" ,python-docutils) ("python-sphinx" ,python-sphinx) ("gnupg" ,gnupg) ("git" ,git-minimal))) (home-page "https://docs.openstack.org/reno/latest/") (synopsis "Release notes manager") (description "Reno is a tool for storing release notes in a git repository and building documentation from them.") (license asl2.0))) (define-public python-oslosphinx (package (name "python-oslosphinx") (version "4.18.0") (source (origin (method url-fetch) (uri (pypi-uri "oslosphinx" version)) (sha256 (base32 "1xm41857vzrzjmnyi6bqirg4i5qa61v7wxcsdc4q1nzgr3ndgz5k")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases (add-after 'unpack 'relax-requirements (lambda _ (substitute* "test-requirements.txt" (("hacking!=0.13.0,<0.14,>=0.12.0") "hacking!=0.13.0,>=0.12.0")) #t))))) (propagated-inputs (list python-requests)) (native-inputs (list python-hacking python-openstackdocstheme python-pbr python-reno python-sphinx)) (home-page "https://www.openstack.org/") (synopsis "OpenStack sphinx extensions and theme") (description "This package provides themes and extensions for Sphinx documentation from the OpenStack project.") (license asl2.0))) (define-public python-oslotest (package (name "python-oslotest") (version "4.4.1") (source (origin (method url-fetch) (uri (pypi-uri "oslotest" version)) (sha256 (base32 "0r50sz55m8ljv2vk1k7sp88iz1iqq4p9w6kb8hn8g8c50r9zdi5i")))) (build-system python-build-system) (arguments ;; The tests are disabled to avoid a circular dependency with oslo.config. `(#:tests? #f)) (propagated-inputs (list python-fixtures python-six python-subunit python-testtools)) (home-page "https://launchpad.net/oslo") (synopsis "Oslo test framework") (description "The Oslo Test framework provides common fixtures, support for debugging, and better support for mocking results.") (license asl2.0))) (define-public python-oslo.utils (package (name "python-oslo.utils") (version "4.12.0") (source (origin (method url-fetch) (uri (pypi-uri "oslo.utils" version)) (sha256 (base32 "0kfgr6lr3r34nzmkvnyywr0x3lkwpwy35m1dj4rkk3ydqvi1xaip")))) (build-system python-build-system) (arguments '(#:phases (modify-phases %standard-phases (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? (invoke "stestr" "run"))))))) (propagated-inputs (list python-debtcollector python-oslo.i18n python-iso8601 python-netaddr python-netifaces python-pbr python-packaging python-pyparsing python-pytz)) (native-inputs ;; For tests. (list python-ddt python-eventlet python-fixtures python-oslotest python-stestr python-testscenarios python-testtools)) (home-page "https://launchpad.net/oslo") (synopsis "Oslo utility library") (description "The @code{oslo.utils} library provides support for common utility type functions, such as encoding, exception handling, string manipulation, and time handling.") (license asl2.0))) (define-public python-keystoneauth1 (package (name "python-keystoneauth1") (version "5.0.0") (source (origin (method url-fetch) (uri (pypi-uri "keystoneauth1" version)) (sha256 (base32 "08s36dqxrxqx37sdl28cr7fx2iwr8wfxaa53hwq2dzcx9h25zfvf")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases (add-after 'unpack 'relax-requirements (lambda _ (substitute* "test-requirements.txt" (("hacking[<>!=].*") "hacking\n") ;; unused, code-quality checks only (("flake8-.*[<>!=]" line) (string-append "# " line)) (("pycodestyle[<>!=]" line) (string-append "# " line)) (("bandit[<>!=]" line) (string-append "# " line)) (("coverage[<>!=]" line) (string-append "# " line)) (("reno[<>!=]" line) (string-append "# " line))))) (add-before 'check 'check-setup (lambda _ ;; remove code-quality checks (delete-file "keystoneauth1/tests/unit/test_hacking_checks.py"))) (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? (invoke "stestr" "run"))))))) (propagated-inputs (list python-iso8601 python-os-service-types python-requests python-six python-stevedore)) (native-inputs (list python-betamax python-fixtures python-hacking python-lxml python-oauthlib python-oslo.config python-oslo.utils python-oslotest python-pbr python-pyyaml python-requests-kerberos python-requests-mock python-stestr python-testresources python-testtools)) (home-page "https://docs.openstack.org/keystoneauth/latest/") (synopsis "Authentication Library for OpenStack Identity") (description "Keystoneauth provides a standard way to do authentication and service requests within the OpenStack ecosystem. It is designed for use in conjunction with the existing OpenStack clients and for simplifying the process of writing new clients.") (license asl2.0))) (define-public python-keystoneclient (package (name "python-keystoneclient") (version "5.0.0") (source (origin (method url-fetch) (uri (pypi-uri "python-keystoneclient" version)) (sha256 (base32 "0gza5fx3xl3l6vrc6pnhbzhipz1fz9h98kwxqp7mmd90pwrxll0g")))) (build-system python-build-system) (arguments '(#:tests? #f ; FIXME: Many tests are failing. #:phases (modify-phases %standard-phases (add-after 'unpack 'relax-requirements (lambda _ (substitute* "test-requirements.txt" ;; unused, code-quality checks only (("hacking[<>!=]" line) (string-append "# " line)) (("flake8-.*[<>!=]" line) (string-append "# " line)) (("pycodestyle[<>!=]" line) (string-append "# " line)) (("bandit[<>!=]" line) (string-append "# " line)) (("coverage[<>!=]" line) (string-append "# " line)) (("reno[<>!=]" line) (string-append "# " line)))))))) (native-inputs (list openssl python-fixtures python-keyring python-lxml python-mock python-oauthlib python-oslotest python-pbr python-requests-mock python-stestr python-tempest-lib python-testresources python-testscenarios python-testtools)) (propagated-inputs (list python-babel python-debtcollector python-iso8601 python-keystoneauth1 python-netaddr python-oslo.config python-oslo.i18n python-oslo.serialization python-oslo.utils python-prettytable python-requests python-six python-stevedore)) (home-page "https://www.openstack.org/") (synopsis "Client Library for OpenStack Identity") (description "Python-keystoneclient is the identity service used by OpenStack for authentication (authN) and high-level authorization (authZ). It currently supports token-based authN with user/service authZ, and is scalable to support OAuth, SAML, and OpenID in future versions. Out of the box, Keystone uses SQLite for its identity store database, with the option to connect to external LDAP.") (license asl2.0))) (define-public python-swiftclient (package (name "python-swiftclient") (version "4.0.1") (source (origin (method url-fetch) (uri (pypi-uri "python-swiftclient" version)) (sha256 (base32 "1zwb4zcln454fzcnbwqhyzxb68wrsr1i2vvvrn5c7yy5k4vcfs1v")))) (build-system python-build-system) (arguments '(#:phases (modify-phases %standard-phases (add-before 'check 'relax-requirements (lambda _ (delete-file "test-requirements.txt"))) (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? (invoke "stestr" "run"))))))) (native-inputs (list python-keystoneclient python-keystoneauth1 python-openstacksdk python-stestr)) (propagated-inputs (list python-requests)) (home-page "https://www.openstack.org/") (synopsis "OpenStack Object Storage API Client Library") (description "OpenStack Object Storage (code-named Swift) creates redundant, scalable object storage using clusters of standardized servers to store petabytes of accessible data. It is not a file system or real-time data storage system, but rather a long-term storage system for a more permanent type of static data that can be retrieved, leveraged, and then updated if necessary. Primary examples of data that best fit this type of storage model are virtual machine images, photo storage, email storage and backup archiving. Having no central \"brain\" or master point of control provides greater scalability, redundancy and permanence.") (license asl2.0))) (define-public python-git-review (package (name "python-git-review") (version "2.1.0") (source (origin (method url-fetch) (uri (pypi-uri "git-review" version)) (sha256 (base32 "1mhywsbisyv028lsj2ksg4g5l8kyimpwxgwzqi08rymi8mb7fv1s")))) (build-system python-build-system) (arguments '(#:tests? #f ; tests require a running Gerrit server #:phases (modify-phases %standard-phases (add-after 'install 'wrap-program (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (git (assoc-ref inputs "git")) (openssh (assoc-ref inputs "openssh"))) (wrap-program (string-append out "/bin/git-review") `("PATH" ":" prefix ,(map (lambda (dir) (string-append dir "/bin")) (list git openssh))))) #t))))) (native-inputs (list python-pbr)) (propagated-inputs (list python-requests)) (inputs (list git openssh)) (home-page "https://docs.openstack.org/infra/git-review/") (synopsis "Command-line tool for Gerrit") (description "Git-review is a command-line tool that helps submitting Git branches to Gerrit for review, or fetching existing ones.") (license asl2.0))) (define-public python-requestsexceptions (package (name "python-requestsexceptions") (version "1.4.0") (source (origin (method url-fetch) (uri (pypi-uri "requestsexceptions" version)) (sha256 (base32 "0r9hp9yzgj8r81q5gc6r8sgxldqc09xi6ax0b7a6dw0qfv3wp5dh")))) (build-system python-build-system) (arguments '(#:tests? #f)) ; no tests (native-inputs (list python-pbr)) (home-page "https://www.openstack.org/") (synopsis "Import exceptions from potentially bundled packages in requests") (description "The Python requests library bundles the urllib3 library, however, some software distributions modify requests to remove the bundled library. This makes some operations difficult, such as suppressing the “insecure platform warning” messages that urllib emits. This package is a simple library to find the correct path to exceptions in the requests library regardless of whether they are bundled or not.") (license asl2.0))) (define-public python-openstacksdk (package (name "python-openstacksdk") (version "0.100.0") (source (origin (method url-fetch) (uri (pypi-uri "openstacksdk" version)) (sha256 (base32 "0iq7rxw59ibl6xsqh3jw56yg3zfbz3cqgx1239n6xd9iv86mcgq1")))) (build-system python-build-system) (arguments '(#:phases (modify-phases %standard-phases (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? (with-output-to-file "exclusion-list.txt" (lambda _ (display (string-append ;; tests timing out "test_create_dynamic_large_object$\n" "test_create_object_index_rax$\n" "test_create_object_skip_checksum$\n" "test_inspect_machine_inspect_failed$\n" "test_inspect_machine_wait$\n" "test_status_fails_different_attribute$\n" "test_status_match$\n" "test_status_match_different_attribute$\n" "test_status_match_with_none$\n" "test_wait_for_baremetal_node_lock_locked$\n" "test_wait_for_task_error_396$\n" "test_wait_for_task_wait$\n")))) (invoke "stestr" "run" "--exclude-list" "exclusion-list.txt"))))))) (native-inputs (list python-ddt python-hacking python-jsonschema python-pbr python-prometheus-client python-requests-mock python-statsd python-stestr python-testscenarios python-oslo.config python-oslotest)) (propagated-inputs (list python-appdirs python-cryptography python-decorator python-dogpile.cache python-importlib-metadata python-iso8601 python-jmespath python-jsonpatch python-keystoneauth1 python-munch python-netifaces python-os-service-types python-pbr ; run-time dependency actually python-pyyaml python-requestsexceptions)) (home-page "https://docs.openstack.org/openstacksdk/latest/") (synopsis "SDK for building applications to work with OpenStack") (description "This package provides a client library for building applications to work with OpenStack clouds. The SDK aims to provide a consistent and complete set of interactions with OpenStack’s many services, along with complete documentation, examples, and tools.") (license asl2.0)))