Merge pull request #6 from sovrin-foundation/rc-1.12.6.rc1

[RC1-1.12.6] Release candidate for 1.12.6 stable

indy_node/__version__.json

@@ -1 +1 @@
-[1, 12, 5, "", ""]
+[1, 12, 6, "rc", "1"]

indy_node/test/node_control_utils/test_node_control_util.py

@@ -162,12 +162,119 @@ def test_generated_cmd_get_info_from_package_manager(catch_generated_commands):
     assert len(generated_commands) == 1
     assert generated_commands[0] == "apt-cache show {}".format(" ".join(packages))
 
-
+# apt update is successful
 def test_generated_cmd_update_package_cache(catch_generated_commands):
     NodeControlUtil.update_package_cache()
     assert len(generated_commands) == 1
     assert generated_commands[0] == "apt update"
 
+# apt update fails
+# apt update dependencies don't need to be upgraded, i.e. only key update is performed.
+def test_generated_cmd_update_package_cache_2(monkeypatch):
+    run_shell_script_counter = 0
+    commands = []
+
+    def _run_shell_script(command, *args, **kwargs):
+        nonlocal run_shell_script_counter
+        run_shell_script_counter += 1
+        commands.append(command)
+
+        if run_shell_script_counter == 1:
+            raise ShellError(100, "apt update")
+
+        return ''
+
+    def _f(command, *args, **kwargs):
+        commands.append(command)
+        return ''
+
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_script', _run_shell_script)
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_script_extended', _f)
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_command', _f)
+
+    NodeControlUtil.update_package_cache()
+    assert len(commands) == 4
+    assert commands[0] == "apt update"
+    assert commands[1] == "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88"
+    assert commands[2] == "apt list --upgradable"
+    assert commands[3] == "apt update"
+
+
+# apt update fails
+# apt update dependencies need to be upgraded
+def test_generated_cmd_update_package_cache_3(monkeypatch):
+    run_shell_script_counter = 0
+    commands = []
+
+    def _run_shell_script(command, *args, **kwargs):
+        nonlocal run_shell_script_counter
+        run_shell_script_counter += 1
+        commands.append(command)
+
+        if run_shell_script_counter == 1:
+            raise ShellError(100, "apt update")
+
+        return ''
+
+    def _run_shell_command(command, *args, **kwargs):
+        commands.append(command)
+        return """libgnutls-openssl27/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7]
+libgnutls30/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7]
+liblxc1/xenial-updates 2.0.11-0ubuntu1~16.04.3 amd64 [upgradable from: 2.0.8-0ubuntu1~16.04.2]"""
+
+    def _f(command, *args, **kwargs):
+        commands.append(command)
+        return ''
+
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_script', _run_shell_script)
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_script_extended', _f)
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_command', _run_shell_command)
+
+    NodeControlUtil.update_package_cache()
+    assert len(commands) == 5
+    assert commands[0] == "apt update"
+    assert commands[1] == "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88"
+    assert commands[2] == "apt list --upgradable"
+    assert commands[3] == "apt --only-upgrade install -y libgnutls30"
+    assert commands[4] == "apt update"
+
+
+def test_generated_cmd_update_repo_keys(catch_generated_commands):
+    NodeControlUtil.update_repo_keys()
+    assert len(generated_commands) == 1
+    assert generated_commands[0] == "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88"
+
+
+# apt update dependencies don't need to be upgraded
+def test_generated_cmd_update_apt_update_dependencies_1(catch_generated_commands):
+    NodeControlUtil.update_apt_update_dependencies()
+    assert len(generated_commands) == 1
+    assert generated_commands[0] == "apt list --upgradable"
+
+
+# apt update dependencies need to be upgraded
+def test_generated_cmd_update_apt_update_dependencies_2(monkeypatch):
+    commands = []
+
+    def _run_shell_command(command, *args, **kwargs):
+        commands.append(command)
+        return """libgnutls-openssl27/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7]
+libgnutls30/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7]
+liblxc1/xenial-updates 2.0.11-0ubuntu1~16.04.3 amd64 [upgradable from: 2.0.8-0ubuntu1~16.04.2]"""
+
+    def _f(command, *args, **kwargs):
+        commands.append(command)
+        return ''
+
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_script', _f)
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_script_extended', _f)
+    monkeypatch.setattr(NodeControlUtil, 'run_shell_command', _run_shell_command)
+
+    NodeControlUtil.update_apt_update_dependencies()
+    assert len(commands) == 2
+    assert commands[0] == "apt list --upgradable"
+    assert commands[1] == "apt --only-upgrade install -y libgnutls30"
+
 
 def test_generated_cmd_get_sys_holds(monkeypatch, catch_generated_commands):
     monkeypatch.setattr(shutil, 'which', lambda *_: 'path')

indy_node/utils/node_control_utils.py

@@ -359,8 +359,48 @@ def _get_info_from_package_manager(cls, *package):
     @classmethod
     def update_package_cache(cls):
         cmd = compose_cmd(['apt', 'update'])
+        try:
+            cls.run_shell_script(cmd)
+        except ShellError as e:
+            # Currently two issues can stop this from working.
+            # 1) The Sovrin Repo key needs to be updated
+            #    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88
+            # 2) The following certificate validation error occurs:
+            #       Err:6 https://repo.sovrin.org/deb xenial Release
+            #         server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
+            #       Reading package lists... Done
+            #       E: The repository 'https://repo.sovrin.org/deb xenial Release' does not have a Release file.
+            #       N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+            #       N: See apt-secure(8) manpage for repository creation and user configuration details.
+            #    This can be fixed by updating libgnutls30:
+            #    apt --only-upgrade install -y libgnutls30
+            logger.warning("Call to apt update failed in update_package_cache; {}".format(e))
+            cls.update_repo_keys()
+            cls.update_apt_update_dependencies()
+
+            # Try again ...
+            logger.info("Trying apt update again ...")
+            cls.run_shell_script(cmd)
+
+    @classmethod
+    def update_repo_keys(cls):
+        logger.info("Updating signing keys for the artifact repository ...")
+        cmd = compose_cmd(['apt-key', 'adv', '--keyserver', 'keyserver.ubuntu.com', '--recv-keys', 'CE7709D068DB5E88'])
         cls.run_shell_script(cmd)
 
+    @classmethod
+    def update_apt_update_dependencies(cls):
+        cmd = compose_cmd(['apt', 'list', '--upgradable'])
+        logger.info("Getting list of upgradable packages ...")
+        upgradable_packages = cls.run_shell_command(cmd).split("\n")
+        libgnutls30 = next((x for x in upgradable_packages if x.find('libgnutls30') != -1), None)
+        if libgnutls30 is not None:
+            logger.info("Upgrading libgnutls30 ...")
+            cmd = compose_cmd(['apt', '--only-upgrade', 'install', '-y', 'libgnutls30'])
+            cls.run_shell_script(cmd)
+        else:
+            logger.info("libgnutls30 is already up to date.")
+
     @classmethod
     def get_deps_tree(cls, *package, depth=0):
         ret = list(set(package))

setup.py

@@ -54,7 +54,7 @@
     data_files=[(
         (BASE_DIR, ['data/nssm_original.exe'])
     )],
-    install_requires=['indy-plenum==1.12.5',
+    install_requires=['indy-plenum==1.12.6',
                       'timeout-decorator==0.4.0',
                       'distro==1.3.0'],
     setup_requires=['pytest-runner'],