Merge pull request #105 from DrDaveD/update-2.0

Update to 2.0

Author: DrDaveD

.github/workflows/build.yml

@@ -28,10 +28,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # Build for CentOS 7, and Rockylinux >=8
+        # Build for Rockylinux >=8
         include:
-          - distro: centos
-            version: 7
           - distro: rockylinux
             version: 8
           - distro: rockylinux
@@ -76,10 +74,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # Build for CentOS 7, and Rockylinux >=8
+        # Build for Rockylinux >=8
         include:
-          - distro: centos
-            version: 7
           - distro: rockylinux
             version: 8
           - distro: rockylinux
@@ -153,10 +149,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # Build for CentOS 7, and Rockylinux >=8
+        # Build for Rockylinux >=8
         include:
-          - distro: centos
-            version: 7
           - distro: rockylinux
             version: 8
           - distro: rockylinux

RELEASE_PROCEDURE

@@ -1,4 +1,4 @@
-1. Update the version in htgettoken.
+1. Update the version in htgettoken and setup.cfg.
 2. Update the version in htgettoken.spec and add a changelog entry.
 3. Run 'make' to update html version of man page if the man page source
     has changed.

htgettoken.py

@@ -15,7 +15,7 @@
 from __future__ import print_function
 
 prog = "htgettoken"
-version = "1.20"
+version = "2.0"
 
 import os
 import sys

htgettoken.spec

@@ -1,8 +1,6 @@
-%define downloads_version 1.8
-
 Summary: Get OIDC bearer tokens by interacting with Hashicorp vault
 Name: htgettoken
-Version: 1.20
+Version: 2.0
 Release: 1%{?dist}
 
 License: BSD-3-Clause
@@ -12,8 +10,8 @@ BuildArch: noarch
 Prefix: %{_prefix}
 
 # download with:
-# $ curl -o htgettoken-%{version}.tar.gz \
-#    https://codeload.github.com/fermitools/htgettoken/tar.gz/%{version}
+# $ curl -o htgettoken-%%{version}.tar.gz \
+#    https://codeload.github.com/fermitools/htgettoken/tar.gz/%%{version}
 Source0: %{name}-%{version}.tar.gz
 
 # rpmbuild dependencies
@@ -54,11 +52,11 @@ htgettoken gets OIDC bearer tokens by interacting with Hashicorp vault
 %autosetup -n %{name}-%{version}
 
 %build
-%py3_build_wheel
+%py3_build
 
 %install
 # install the Python project
-%py3_install_wheel %{name}-%{version}-*.whl
+%py3_install
 # link httokendecode to htdecodetoken
 (cd %{buildroot}%{_bindir}/; ln -s htdecode httokendecode)
 # install man pages
@@ -75,26 +73,25 @@ rm -rf $RPM_BUILD_ROOT
 # -- changelog
 
 %changelog
-# - Replace use of m2crypto and pyOpenSSL with urllib3
-# - Replace use of pykerberos with gssapi
-# - Use standard Requires for Python modules instead of PyInstaller
-# - Add --vaultcertname option to specify an alternative certificate name.
-#   That used to be an additional optional meaning of the --vaultalias option,
-#   but urllib3 requires only one name to match.
-# - Add setuptools build infrastructure
-# - Refactor htgettoken script into module with entry point.
-#   This enables invoking htgettoken as `htgettoken.main()` from Python.
-# - Use wheels to build/install Python package, which simplified the entry
-#   points and improves (slightly) the metadata
-
-
-#- Fix the httokensh background process's check for its parent process.
-#  That is only a backup in case only the parent process is hard-killed,
-#  because normally the parent process kills the background process when
-#  the parent exits.
-#- Use newer `sts` secrets API for token exchanges.
-#- Fix the `-o`/`--outfile` option to work with relative paths. 
-#- Change the `--nobearertoken` option to always get and save a vault token.
+* Wed Jul 24 2024 Dave Dykstra <dwd@fnal.gov> 2.0-1
+- Replace use of m2crypto and pyOpenSSL with urllib3
+- Replace use of pykerberos with gssapi
+- Use standard Requires for Python modules instead of PyInstaller
+- Add --vaultcertname option to specify an alternative certificate name.
+  That used to be an additional optional meaning of the --vaultalias option,
+  but urllib3 requires only one name to match.
+- Add setuptools build infrastructure
+- Refactor htgettoken script into module with entry point.
+  This enables invoking htgettoken as `htgettoken.main()` from Python.
+- Use wheels to build/install Python package, which simplified the entry
+  points and improves (slightly) the metadata
+- Fix the httokensh background process's check for its parent process.
+  That is only a backup in case only the parent process is hard-killed,
+  because normally the parent process kills the background process when
+  the parent exits.
+- Use newer `sts` secrets API for token exchanges.
+- Fix the `-o`/`--outfile` option to work with relative paths. 
+- Change the `--nobearertoken` option to always get and save a vault token.
 
 * Thu Aug 17 2023 Dave Dykstra <dwd@fnal.gov> 1.20-1
 - Update httokensh to by default set the minimum vault token time to live to

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = htgettoken
-version = 1.20
+version = 2.0
 author = Dave Dykstra
 author_email = dwd@fnal.gov
 license = BSD-3-Clause

tests/010-kerbprincipal/main

@@ -11,6 +11,7 @@ ALTPRINCIPAL="$(echo "$PRINCIPALS"|tail -n +2|head -1)"
 
 set -e
 htdestroytoken
+set -x
 kswitch -p $ALTPRINCIPAL
-trap "kswitch -p $MAINPRINCIPAL" 0
+trap "set -x; kswitch -p $MAINPRINCIPAL" 0
 htgettoken --nooidc --nossh --kerbprincipal=$MAINPRINCIPAL -a $VAULTSERVER -i $ISSUER

tests/011-credkey/main

@@ -1,3 +1,6 @@
+#WARNING: kcron credentials interfere badly with access to /nashome!
+#See SNOW tickets TASK0319666 and RITM2125276
+
 if [ "$HASKERBEROS" != true ]; then
     exit $SKIPCODE
 fi