Did you also remove the 0002 from the d/p/ at the top of the changelog?

+  * d/p/0002-lp1906720-Make-disable_ssl_certificate_validation-work-
wit.patch


On Tue, Jan 19, 2021 at 3:31 PM Dan Streetman <1906...@bugs.launchpad.net>
wrote:

> uploaded to bionic, thanks @hypothetical-lemon
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1906720
>
> Title:
>   Fix the disable_ssl_certificate_validation option
>
> Status in python-httplib2 package in Ubuntu:
>   Fix Released
> Status in python-httplib2 source package in Bionic:
>   In Progress
> Status in python-httplib2 source package in Focal:
>   Fix Released
> Status in python-httplib2 source package in Groovy:
>   Fix Released
> Status in python-httplib2 source package in Hirsute:
>   Fix Released
>
> Bug description:
>   [Environment]
>
>   Bionic
>   python3-httplib2 | 0.9.2+dfsg-1ubuntu0.2
>
>   [Description]
>
>   maas cli fails to work with apis over https with self-signed
> certificates due to the lack
>   of disable_ssl_certificate_validation option with python 3.5.
>
>   [Distribution/Release, Package versions, Platform]
>   cat /etc/lsb-release; dpkg -l | grep maas
>   DISTRIB_ID=Ubuntu
>   DISTRIB_RELEASE=18.04
>   DISTRIB_CODENAME=bionic
>   DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
>   ii maas 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all "Metal as a Service"
> is a physical cloud and IPAM
>   ii maas-cli 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS client and
> command-line interface
>   ii maas-common 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS server
> common files
>   ii maas-dhcp 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS DHCP server
>   ii maas-proxy 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS Caching
> Proxy
>   ii maas-rack-controller 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all Rack
> Controller for MAAS
>   ii maas-region-api 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all Region
> controller API service for MAAS
>   ii maas-region-controller 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all
> Region Controller for MAAS
>   ii python3-django-maas 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS
> server Django web framework (Python 3)
>   ii python3-maas-client 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS
> python API client (Python 3)
>   ii python3-maas-provisioningserver
> 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS server provisioning
> libraries (Python 3)
>
>   [Steps to Reproduce]
>
>   - prepare a maas server(installed by packages for me and the customer).
> it doesn't have to be HA to reproduce
>   - prepare a set of certificate, key and ca-bundle
>   - place a new conf[2] in /etc/nginx/sites-enabled and `sudo systemctl
> restart nginx`
>   - add the ca certificates to the host
>   sudo mkdir /usr/share/ca-certificates/extra
>   sudo cp -v ca-bundle.crt /usr/share/ca-certificates/extra/
>   dpkg-reconfigure ca-certificates
>   - login with a new profile over https url
>   - when not added the ca-bundle to the trusted ca cert store, it fails to
> login and '--insecure' flag also doesn't work[3]
>
>   [Known Workarounds]
>   None
>
>   [Test]
>   # Note even though this change only affects Python3
>   # I tested it with Python2 with no issues and was able to connect.
>   Also please make note of the 2 packages. One is for Python2 the other
> Python3
>
>   Python2 ===> python-httplib2_0.9.2+dfsg-1ubuntu0.3_all.deb
>   Python3 ===>  python3-httplib2_0.9.2+dfsg-1ubuntu0.3_all.deb
>
>   helpful urls:
>   https://maas.io/docs/deb/2.8/cli/installation
>   https://maas.io/docs/deb/2.8/cli/configuration-journey
>   https://maas.io/docs/deb/2.8/ui/configuration-journey
>
>   # create bionic VM/lxc container
>   lxc launch ubuntu:bionic lp1820083
>
>   # get source code from repo
>   pull-lp-source  python-httplib2 bionic
>
>   # install maas-cli
>   apt-get install maas-cli
>
>   # install maas server
>   apt-get install maas
>
>   # init maas
>   sudo maas init
>
>   # answer questions
>
>   # generate self signed cert and key
>   openssl req -newkey rsa:4096 -x509 -sha256 -days 60 -nodes -out
> localhost.crt -keyout localhost.key
>
>   # add certs
>   sudo cp -v test.crt /usr/share/ca-certificates/extra/
>
>   # add new cert to list
>   sudo dpkg-reconfigure ca-certificates
>
>   # select yes with spacebar
>   # save
>
>   # create api key files
>   touch api_key
>   touch api-key-file
>
>   # remove any packages with this
>   # or this python3-httplib2
>   apt-cache search python-httplib2
>   apt-get remove python-httplib2
>   apt-get remove python3-httplib2
>
>   # create 2 admin users
>   sudo maas createadmin testadmin
>   sudo maas createadmin secureadmin
>
>   # generate maas api keys
>   sudo maas apikey --username=testadmin > api_key
>   sudo maas apikey --username=secureadmin > api-key-file
>
>   # make sure you can login to maas-cli without TLS
>   # by running this script
>   # this is for the non-tls user
>   # this goes into a script called maas-login.sh
>   touch maas-login.sh
>   sudo chmod +rwx maas-login.sh
>   ----
>   #!/bin/sh
>   PROFILE=testadmin
>   API_KEY_FILE=/home/ubuntu/api_key
>   API_SERVER=127.0.0.1:5240
>
>   MAAS_URL=http://$API_SERVER/MAAS
>
>   maas login $PROFILE $MAAS_URL - < $API_KEY_FILE
>   ----
>   sudo chmod +rwx https-maas.sh
>   # another script called https-maas.sh
>   # for the tls user
>   ----
>   #!/bin/sh
>   PROFILE=secureadmin
>   API_KEY_FILE=/home/ubuntu/api-key-file
>   API_SERVER=127.0.0.1
>
>   MAAS_URL=https://$API_SERVER/MAAS
>
>   maas login --insecure $PROFILE $MAAS_URL - < $API_KEY_FILE
>   ----
>
>   # try to login
>   ./maas-login.sh
>
>   cd /etc/nginx/sites-enabled
>   sudo touch maas-https-default
>   #example nginx config for maas https
>   server {
>    listen 443 ssl http2;
>
>    server_name _;
>    ssl_certificate /home/ubuntu/localhost.crt;
>    ssl_certificate_key /home/ubuntu/localhost.key;
>
>    location / {
>     proxy_pass http://localhost:5240;
>     include /etc/nginx/proxy_params;
>    }
>
>    location /MAAS/ws {
>     proxy_pass http://127.0.0.1:5240/MAAS/ws;
>                   proxy_http_version 1.1;
>                   proxy_set_header Upgrade $http_upgrade;
>     proxy_set_header Connection "Upgrade";
>    }
>   }
>
>   # create link
>   sudo ln -s /etc/nginx/sites-available/maas-https-default
> /etc/nginx/sites-enabled
>
>   # look at errors
>   cat /var/log/maas/regiond.log
>   cat regiond.log | grep "Python-http"
>   *i didn't see any 404's though
>
>   2020-12-15 13:24:48 regiond: [info] 127.0.0.1 GET
> /MAAS/api/2.0/users/?op=whoami HTTP/1.1 --> 200 OK (referrer: -; agent:
> Python-httplib2/0.9.2 (gzip))
>   2020-12-15 13:24:48 regiond: [info] 127.0.0.1 GET
> /MAAS/api/2.0/describe/ HTTP/1.1 --> 200 OK (referrer: -; agent:
> Python-httplib2/0.9.2 (gzip))
>   2020-12-15 14:24:46 regiond: [info] 127.0.0.1 GET
> /MAAS/api/2.0/describe/ HTTP/1.0 --> 200 OK (referrer: -; agent:
> Python-httplib2/0.9.2 (gzip))
>
>   # install fixed package
>   sudo apt install ./python3-httplib2_0.9.2+dfsg-1ubuntu0.2.1_all.deb
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/python-httplib2/+bug/1906720/+subscriptions
>


-- 
Heather Lemon
Associate Software Engineer (STS Engineering)
P: +1-719-415-8858
MM: hlemon | hypothetical-lemon
www.canonical.com | www.ubuntu.com

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1906720

Title:
  Fix the disable_ssl_certificate_validation option

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-httplib2/+bug/1906720/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to