diff options
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | Gemfile.lock | 2 | ||||
| -rw-r--r-- | lib/license/finder/ext/pip.rb | 6 | ||||
| -rw-r--r-- | lib/license/finder/ext/pipenv.rb | 11 | ||||
| -rw-r--r-- | lib/license/management/python.rb | 6 | ||||
| -rw-r--r-- | lib/license/management/shell.rb | 2 | ||||
| -rw-r--r-- | lib/license/management/version.rb | 2 | ||||
| -rw-r--r-- | spec/fixtures/python/simple-setup.py | 5 | ||||
| -rw-r--r-- | spec/integration/python/pip_spec.rb | 32 | ||||
| -rw-r--r-- | spec/integration/python/pipenv_spec.rb | 9 | ||||
| -rw-r--r-- | spec/support/integration_test_helper.rb | 6 |
11 files changed, 59 insertions, 26 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 42c33c5..54a2fde 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # GitLab License management changelog +## v3.7.1 + +- Export `PIP_CERT` when invoking `pip` when a custom root certificate is specified. (!133) + ## v3.7.0 - Add `ADDITIONAL_CA_CERT_BUNDLE` to list of trusted root certificates. (!126) diff --git a/Gemfile.lock b/Gemfile.lock index 826a28f..3b282f0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - license-management (3.7.0) + license-management (3.7.1) license_finder (~> 6.0.0) spandx (~> 0.1) diff --git a/lib/license/finder/ext/pip.rb b/lib/license/finder/ext/pip.rb index 5ef6602..084816c 100644 --- a/lib/license/finder/ext/pip.rb +++ b/lib/license/finder/ext/pip.rb @@ -35,10 +35,14 @@ module LicenseFinder def install_packages within_project_dir do shell.execute(['virtualenv -p', python_executable, '--activators=bash --seeder=app-data .venv']) - shell.sh([". .venv/bin/activate", "&&", :pip, :install, '-i', python.pip_index_url, '-r', @requirements_path]) + shell.sh([". .venv/bin/activate", "&&", pip_install_command], env: python.default_env) end end + def pip_install_command + [:pip, :install, '-v', '-i', python.pip_index_url, '-r', @requirements_path] + end + def python_executable '"$(asdf where python)/bin/python"' end diff --git a/lib/license/finder/ext/pipenv.rb b/lib/license/finder/ext/pipenv.rb index d681cc2..056b81d 100644 --- a/lib/license/finder/ext/pipenv.rb +++ b/lib/license/finder/ext/pipenv.rb @@ -5,8 +5,8 @@ module LicenseFinder def prepare return unless pipfile? - shell.execute([:pipenv, '--python', python.version], env: default_env) - shell.execute([:pipenv, :run, :pipenv, :sync, '--pypi-mirror', python.pip_index_url], env: default_env) + shell.execute([:pipenv, '--python', python.version], env: python.default_env) + shell.execute([:pipenv, :run, :pipenv, :sync, '--pypi-mirror', python.pip_index_url], env: python.default_env) end def current_packages @@ -48,12 +48,5 @@ module LicenseFinder def lockfile_hash @lockfile_hash ||= JSON.parse(IO.read(detected_package_path)) end - - def default_env - return {} unless shell.custom_certificate_installed? - return {} if ENV['PIP_CERT'] - - { 'PIP_CERT' => shell.custom_certificate_path.to_s } - end end end diff --git a/lib/license/management/python.rb b/lib/license/management/python.rb index c5f7107..b8932f9 100644 --- a/lib/license/management/python.rb +++ b/lib/license/management/python.rb @@ -50,6 +50,12 @@ module License ) end end + + def default_env + return {} unless shell.custom_certificate_installed? + + { 'PIP_CERT' => ENV.fetch('PIP_CERT', shell.custom_certificate_path.to_s) } + end end end end diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb index 691a8ea..8850e60 100644 --- a/lib/license/management/shell.rb +++ b/lib/license/management/shell.rb @@ -33,7 +33,7 @@ module License private def expand(command) - Array(command).map(&:to_s).join(' ') + Array(command).flatten.map(&:to_s).join(' ') end def trust!(certificate) diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index b422fd6..fe617f9 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '3.7.0' + VERSION = '3.7.1' end end diff --git a/spec/fixtures/python/simple-setup.py b/spec/fixtures/python/simple-setup.py index 02ee1c4..51b96a2 100644 --- a/spec/fixtures/python/simple-setup.py +++ b/spec/fixtures/python/simple-setup.py @@ -1,12 +1,7 @@ #!/usr/bin/env python3 -import os -import shutil - from setuptools import find_packages from setuptools import setup -shutil.rmtree("build", ignore_errors=True) - setup( name="package name", version='1.1', diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb index 2183dd1..8e3ec3d 100644 --- a/spec/integration/python/pip_spec.rb +++ b/spec/integration/python/pip_spec.rb @@ -24,7 +24,6 @@ RSpec.describe "pip" do 'jsonschema>=3.0.0', 'python-json-logger>=0.1.10', 'sentry-sdk>=0.7.7', - 'https://s3-eu-west-1.amazonaws.com/new10-pypi/new10-logging-1.1.4.tar.gz', 'ptvsd', 'pylint', 'flake8', @@ -127,4 +126,35 @@ RSpec.describe "pip" do expect(report[:dependencies]).to be_empty end end + + context "when connecting to a private package repository with self signed certificate" do + let(:index_url) { "https://#{private_pypi_host}/simple" } + let(:bundle) { fixture_file_content('python/pypi.crt') } + + before do + runner.add_file('setup.py') do + <<~RAW +from setuptools import setup, find_packages + +setup( + name='gitlab-sp-test-python-pip', + version='1.2.0', + packages=find_packages(), + install_requires=['requests'], +) + RAW + end + end + + it 'downloads the packages and trusts the certificate' do + report = runner.scan(env: { + 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, + 'PIP_INDEX_URL' => index_url + }) + + expect(report).to match_schema(version: '2.0') + expect(report.dependency_names).to include('requests') + expect(report.licenses_for('requests')).to match_array(['Apache-2.0']) + end + end end diff --git a/spec/integration/python/pipenv_spec.rb b/spec/integration/python/pipenv_spec.rb index 9ec7d96..b54ee99 100644 --- a/spec/integration/python/pipenv_spec.rb +++ b/spec/integration/python/pipenv_spec.rb @@ -203,20 +203,15 @@ RSpec.describe "pipenv" do end context "when connecting to a private package repository with self signed certificate" do - let(:index_url) { "https://gitlab-airgap-pypi.us-west1-b.c.group-secure-a89fe7.internal/simple" } + let(:index_url) { "https://#{private_pypi_host}/simple" } let(:bundle) { fixture_file_content('python/pypi.crt') } - def install_airgap_hosts - add_host('gitlab-airgap-test.us-west1-b.c.group-secure-a89fe7.internal', '34.82.7.216') - add_host('gitlab-airgap-pypi.us-west1-b.c.group-secure-a89fe7.internal', '35.227.149.218') - end - before do runner.add_file('Pipfile', fixture_file_content('python/airgap-Pipfile.erb', index_url: index_url)) runner.add_file('Pipfile.lock', fixture_file_content('python/airgap-Pipfile.lock.erb', index_url: index_url)) end - pending 'downloads the packages and trusts the certificate' do + it 'downloads the packages and trusts the certificate' do report = runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, 'PIP_INDEX_URL' => index_url diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb index 6c30a99..52693f2 100644 --- a/spec/support/integration_test_helper.rb +++ b/spec/support/integration_test_helper.rb @@ -86,6 +86,12 @@ module IntegrationTestHelper end end + def private_pypi_host + @private_pypi_host ||= ENV.fetch('PRIVATE_PYPI_HOST').tap do |host| + add_host(host, ENV.fetch('PRIVATE_PYPI_IP')) + end + end + def runner(*args) @runner ||= IntegrationTestRunner.new(*args) end |