zhangyiss/spack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

web: remove checks for SSL verification support (#34307)

Browse Source 
We no longer support Python <3.6, so we don't need to check whether Python supports SSL
verification in `spack.util.web`.

- [x] Remove a bunch of logic we needed to appease Python 2
This commit is contained in:
Todd Gamblin 2022-12-04 23:46:27 -08:00 committed by GitHub
parent 729b1c9fa6
commit 94dc86e163
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/spack/spack/util/web.py
View File

@ -78,35 +78,23 @@ def uses_ssl(parsed_url):
return False return False
__UNABLE_TO_VERIFY_SSL = (lambda pyver: ((pyver < (2, 7, 9)) or ((3,) < pyver < (3, 4, 3))))(
sys.version_info
)
def read_from_url(url, accept_content_type=None): def read_from_url(url, accept_content_type=None):
url = url_util.parse(url) url = url_util.parse(url)
context = None context = None
verify_ssl = spack.config.get("config:verify_ssl")
# Timeout in seconds for web requests # Timeout in seconds for web requests
timeout = spack.config.get("config:connect_timeout", 10) timeout = spack.config.get("config:connect_timeout", 10)
# Don't even bother with a context unless the URL scheme is one that uses # Don't even bother with a context unless the URL scheme is one that uses
# SSL certs. # SSL certs.
if uses_ssl(url): if uses_ssl(url):
if verify_ssl: if spack.config.get("config:verify_ssl"):
if __UNABLE_TO_VERIFY_SSL: # User wants SSL verification, and it *can* be provided.
# User wants SSL verification, but it cannot be provided. context = ssl.create_default_context()
warn_no_ssl_cert_checking()
else:
# User wants SSL verification, and it *can* be provided.
context = ssl.create_default_context() # novm
else: else:
# User has explicitly indicated that they do not want SSL # User has explicitly indicated that they do not want SSL
# verification. # verification.
if not __UNABLE_TO_VERIFY_SSL: context = ssl._create_unverified_context()
context = ssl._create_unverified_context()
url_scheme = url.scheme url_scheme = url.scheme
url = url_util.format(url) url = url_util.format(url)
@ -154,22 +142,11 @@ def read_from_url(url, accept_content_type=None):
return response.geturl(), response.headers, response return response.geturl(), response.headers, response
def warn_no_ssl_cert_checking():
tty.warn(
"Spack will not check SSL certificates. You need to update "
"your Python to enable certificate verification."
)
def push_to_url(local_file_path, remote_path, keep_original=True, extra_args=None): def push_to_url(local_file_path, remote_path, keep_original=True, extra_args=None):
if sys.platform == "win32": if sys.platform == "win32":
if remote_path[1] == ":": if remote_path[1] == ":":
remote_path = "file://" + remote_path remote_path = "file://" + remote_path
remote_url = url_util.parse(remote_path) remote_url = url_util.parse(remote_path)
verify_ssl = spack.config.get("config:verify_ssl")
if __UNABLE_TO_VERIFY_SSL and verify_ssl and uses_ssl(remote_url):
warn_no_ssl_cert_checking()
remote_file_path = url_util.local_file_path(remote_url) remote_file_path = url_util.local_file_path(remote_url)
if remote_file_path is not None: if remote_file_path is not None:
@ -728,10 +705,7 @@ def _urlopen(req, *args, **kwargs):
except AttributeError: except AttributeError:
pass pass
# Note: 'context' parameter was only introduced starting del kwargs["context"]
# with versions 2.7.9 and 3.4.3 of Python.
if __UNABLE_TO_VERIFY_SSL:
del kwargs["context"]
opener = urlopen opener = urlopen
if url_util.parse(url).scheme == "s3": if url_util.parse(url).scheme == "s3":