diff --git a/indy_node/__version__.json b/indy_node/__version__.json index 7de2aa3f7..c41228235 100644 --- a/indy_node/__version__.json +++ b/indy_node/__version__.json @@ -1 +1 @@ -[1, 12, 5, "", ""] +[1, 12, 6, "rc", "1"] diff --git a/indy_node/test/node_control_utils/test_node_control_util.py b/indy_node/test/node_control_utils/test_node_control_util.py index 8d065b334..43674b0b1 100644 --- a/indy_node/test/node_control_utils/test_node_control_util.py +++ b/indy_node/test/node_control_utils/test_node_control_util.py @@ -162,12 +162,119 @@ def test_generated_cmd_get_info_from_package_manager(catch_generated_commands): assert len(generated_commands) == 1 assert generated_commands[0] == "apt-cache show {}".format(" ".join(packages)) - +# apt update is successful def test_generated_cmd_update_package_cache(catch_generated_commands): NodeControlUtil.update_package_cache() assert len(generated_commands) == 1 assert generated_commands[0] == "apt update" +# apt update fails +# apt update dependencies don't need to be upgraded, i.e. only key update is performed. +def test_generated_cmd_update_package_cache_2(monkeypatch): + run_shell_script_counter = 0 + commands = [] + + def _run_shell_script(command, *args, **kwargs): + nonlocal run_shell_script_counter + run_shell_script_counter += 1 + commands.append(command) + + if run_shell_script_counter == 1: + raise ShellError(100, "apt update") + + return '' + + def _f(command, *args, **kwargs): + commands.append(command) + return '' + + monkeypatch.setattr(NodeControlUtil, 'run_shell_script', _run_shell_script) + monkeypatch.setattr(NodeControlUtil, 'run_shell_script_extended', _f) + monkeypatch.setattr(NodeControlUtil, 'run_shell_command', _f) + + NodeControlUtil.update_package_cache() + assert len(commands) == 4 + assert commands[0] == "apt update" + assert commands[1] == "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88" + assert commands[2] == "apt list --upgradable" + assert commands[3] == "apt update" + + +# apt update fails +# apt update dependencies need to be upgraded +def test_generated_cmd_update_package_cache_3(monkeypatch): + run_shell_script_counter = 0 + commands = [] + + def _run_shell_script(command, *args, **kwargs): + nonlocal run_shell_script_counter + run_shell_script_counter += 1 + commands.append(command) + + if run_shell_script_counter == 1: + raise ShellError(100, "apt update") + + return '' + + def _run_shell_command(command, *args, **kwargs): + commands.append(command) + return """libgnutls-openssl27/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7] +libgnutls30/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7] +liblxc1/xenial-updates 2.0.11-0ubuntu1~16.04.3 amd64 [upgradable from: 2.0.8-0ubuntu1~16.04.2]""" + + def _f(command, *args, **kwargs): + commands.append(command) + return '' + + monkeypatch.setattr(NodeControlUtil, 'run_shell_script', _run_shell_script) + monkeypatch.setattr(NodeControlUtil, 'run_shell_script_extended', _f) + monkeypatch.setattr(NodeControlUtil, 'run_shell_command', _run_shell_command) + + NodeControlUtil.update_package_cache() + assert len(commands) == 5 + assert commands[0] == "apt update" + assert commands[1] == "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88" + assert commands[2] == "apt list --upgradable" + assert commands[3] == "apt --only-upgrade install -y libgnutls30" + assert commands[4] == "apt update" + + +def test_generated_cmd_update_repo_keys(catch_generated_commands): + NodeControlUtil.update_repo_keys() + assert len(generated_commands) == 1 + assert generated_commands[0] == "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88" + + +# apt update dependencies don't need to be upgraded +def test_generated_cmd_update_apt_update_dependencies_1(catch_generated_commands): + NodeControlUtil.update_apt_update_dependencies() + assert len(generated_commands) == 1 + assert generated_commands[0] == "apt list --upgradable" + + +# apt update dependencies need to be upgraded +def test_generated_cmd_update_apt_update_dependencies_2(monkeypatch): + commands = [] + + def _run_shell_command(command, *args, **kwargs): + commands.append(command) + return """libgnutls-openssl27/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7] +libgnutls30/xenial-updates 3.4.10-4ubuntu1.9 amd64 [upgradable from: 3.4.10-4ubuntu1.7] +liblxc1/xenial-updates 2.0.11-0ubuntu1~16.04.3 amd64 [upgradable from: 2.0.8-0ubuntu1~16.04.2]""" + + def _f(command, *args, **kwargs): + commands.append(command) + return '' + + monkeypatch.setattr(NodeControlUtil, 'run_shell_script', _f) + monkeypatch.setattr(NodeControlUtil, 'run_shell_script_extended', _f) + monkeypatch.setattr(NodeControlUtil, 'run_shell_command', _run_shell_command) + + NodeControlUtil.update_apt_update_dependencies() + assert len(commands) == 2 + assert commands[0] == "apt list --upgradable" + assert commands[1] == "apt --only-upgrade install -y libgnutls30" + def test_generated_cmd_get_sys_holds(monkeypatch, catch_generated_commands): monkeypatch.setattr(shutil, 'which', lambda *_: 'path') diff --git a/indy_node/utils/node_control_utils.py b/indy_node/utils/node_control_utils.py index 4f15b8169..a03c988ef 100644 --- a/indy_node/utils/node_control_utils.py +++ b/indy_node/utils/node_control_utils.py @@ -359,8 +359,48 @@ def _get_info_from_package_manager(cls, *package): @classmethod def update_package_cache(cls): cmd = compose_cmd(['apt', 'update']) + try: + cls.run_shell_script(cmd) + except ShellError as e: + # Currently two issues can stop this from working. + # 1) The Sovrin Repo key needs to be updated + # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88 + # 2) The following certificate validation error occurs: + # Err:6 https://repo.sovrin.org/deb xenial Release + # server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none + # Reading package lists... Done + # E: The repository 'https://repo.sovrin.org/deb xenial Release' does not have a Release file. + # N: Updating from such a repository can't be done securely, and is therefore disabled by default. + # N: See apt-secure(8) manpage for repository creation and user configuration details. + # This can be fixed by updating libgnutls30: + # apt --only-upgrade install -y libgnutls30 + logger.warning("Call to apt update failed in update_package_cache; {}".format(e)) + cls.update_repo_keys() + cls.update_apt_update_dependencies() + + # Try again ... + logger.info("Trying apt update again ...") + cls.run_shell_script(cmd) + + @classmethod + def update_repo_keys(cls): + logger.info("Updating signing keys for the artifact repository ...") + cmd = compose_cmd(['apt-key', 'adv', '--keyserver', 'keyserver.ubuntu.com', '--recv-keys', 'CE7709D068DB5E88']) cls.run_shell_script(cmd) + @classmethod + def update_apt_update_dependencies(cls): + cmd = compose_cmd(['apt', 'list', '--upgradable']) + logger.info("Getting list of upgradable packages ...") + upgradable_packages = cls.run_shell_command(cmd).split("\n") + libgnutls30 = next((x for x in upgradable_packages if x.find('libgnutls30') != -1), None) + if libgnutls30 is not None: + logger.info("Upgrading libgnutls30 ...") + cmd = compose_cmd(['apt', '--only-upgrade', 'install', '-y', 'libgnutls30']) + cls.run_shell_script(cmd) + else: + logger.info("libgnutls30 is already up to date.") + @classmethod def get_deps_tree(cls, *package, depth=0): ret = list(set(package)) diff --git a/setup.py b/setup.py index dae6dab98..25f8cb6ed 100644 --- a/setup.py +++ b/setup.py @@ -54,7 +54,7 @@ data_files=[( (BASE_DIR, ['data/nssm_original.exe']) )], - install_requires=['indy-plenum==1.12.5', + install_requires=['indy-plenum==1.12.6', 'timeout-decorator==0.4.0', 'distro==1.3.0'], setup_requires=['pytest-runner'],