This patch simplifies the return logic in the get_os_sslcertfile_searchpath function by removing the unnecessary try-finally block and directly checking the length of the location list after attempting to append hardcoded paths. If no valid paths are found, it returns None. Previously, using a finally with a return is a bug because it can mask exceptions and lead to unexpected behavior. This change makes the code cleaner and more straightforward.
platform.linux_distribution() was deprecated in Python 3.7 and
removed in Python 3.8. The try/except that fell back to
distro.linux_distribution() was therefore dead code in the try branch
on any supported Python version, making the distro package a de-facto
hard dependency already.
Replace the try/except with a direct top-level import of distro and
use distro.id() instead. distro.id() returns a normalised, lowercase,
hyphen-separated identifier (e.g. "ubuntu", "opensuse-leap", "rhel")
that does not need the .split()[0].lower() post-processing that the old
code applied to the human-readable distribution name.
Because distro.id() returns different identifiers than
linux_distribution()[0].split()[0].lower() did, the CA certificate
lookup table (__DEF_OS_LOCATIONS) is updated to match:
Old key New key(s) distro.id() value
─────────────────────────────────────────────────────────────────
linux-redhat → linux-rhel "rhel"
linux-suse → linux-sles, linux-sled "sles" / "sled"
linux-opensuse → linux-opensuse-leap, "opensuse-leap" /
linux-opensuse-tumbleweed "opensuse-tumbleweed"
Based on a patch from Adam Dinwoodie, as forwarded by Etienne Buira.
For me at least, this changed from it from giving the message
"ERROR: Default CA bundle was requested, but OfflineIMAP doesn't know any for your current operating system"
to actually working.
Signed-off-by: Keith Bowes <keithbowes@users.noreply.github.com>
Rather than having the distro package as a requirement for OfflineIMAP
in general, only specify it as a requirement if it's needed, and only
import it when it's about to be used.
Signed-off-by: Adam Dinwoodie <adam@dinwoodie.org>
The variable f is renamed to l_file to avoid pylint warning:
utils/distro_utils.py:95:8: C0103: Variable name "f" doesn't conform to snake_case naming style (invalid-name)
This patch renames some variables to avoid pylint warning about
Variable name "f" doesn't conform to snake_case naming style (invalid-name)
f is now file
th is now the_en
n is now count
This patch changes the __DEF_OS_LOCATIONS to an iterable value.
The reason is because a list is an iterable, but an string is an
iterable too, and this is a mistake.
The function get_os_sslcertfile() has a loop to iterate the return of
get_os_sslcertfile_searchpath(), that returns the value in the
__DEF_OS_LOCATIONS dictionary. When the value is an iterable, the "f"
variable is set to the iterable value and works fine.
If the value of "f" is an string, the for-loop iterates over every
character, so the test for os.path.exists is always false (is comparing
the path with a character, not with the full path), so this function
fails and return None.
To check this change, edit your .offlineimaprc file and change the
sslcacertfile to OS-DEFAULT:
sslcacertfile = OS-DEFAULT
And run offlineimap. If you are not using 'darwin0 (the only iterable)
it will fails. Now, apply this patch, and run offlineimap again. Problem
is solved.
Signed-off-by: Rodolfo García Peñas (kix) <kix@kix.es>
The call from platform.linux_distribution was depdrecated in Python 3.7.
This patch solves this problem, using the recomended package distro.
Signed-off-by: Rodolfo García Peñas (kix) <kix@kix.es>
The file utils/distro.py is renamed to utils/distro_utils.py
because we need import the distro file to update some calls.
The file is used in IMAP.py, I need change the import.
This patch change these errors in the utils folder
C0121: Comparison to None should be 'expr is None' (singleton-comparison)
C0121: Comparison to None should be 'expr is not None' (singleton-comparison)
This patch removes these lintian warnings:
Warning R0205: Class 'X' inherits from object,
can be safely removed from bases in python3 (useless-object-inheritance)
There is a bug with `platform.linux_distribution()`, which returns an
empty value on Archlinux with python2.
This bug is fixed in python3, but *will not* be fixed in python2.
This patch fixes that issue with a dirty hack: on archlinux, there is a
file that can be used to detect an archlinux machine. that file is
`/etc/arch-release`. if the file exists, then the OS variable will be
set to "linux-arch".
You can learn more about that issue on the python bug platform:
https://bugs.python.org/issue20454
Signed-off-by: Philippe Loctaux <loctauxphilippe@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
A certfile was already specified for osx but only with MacPorts,
this patch adds the certfile given with the package `openssl` with
homebrew.
You can get more info with the command `brew info openssl` on osx with
homebrew and openssl installed.
Signed-off-by: Philippe Loctaux <loctauxphilippe@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
get_os_name returns linux-arch on Archlinux, so add a line for linux-arch to __DEF_OS_LOCATIONS.
Signed-off-by: Philippe Loctaux <loctauxphilippe@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
get_os_name returns linux-opensuse on OpenSUSE, so add a line for linux-opensuse to __DEF_OS_LOCATIONS.
Signed-off-by: Michael Hohmuth <hohmuth@sax.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This simplifies logics for the user, especially if he uses both
fingerprint and certificate validation: it is hard to maintain
the compatibility with the prior behaviour and to avoid getting
default CA bundle to be disabled when fingerprint verification
is requested.
See
http://thread.gmane.org/gmane.mail.imap.offlineimap.general/6695
for discussion about this change.
Default CA bundle is requested via 'sslcertfile = OS-DEFAULT'.
I had also enforced all cases where explicitely-requested CA bundles
are non-existent to be hard errors: when users asks us to use CA
bundle (and, thus, certificate validation), but we can't find one,
we must error out rather than happily continue and downgrade to
no validation.
Reported-By: Edd Barrett <edd@theunixzoo.co.uk>
Reviewed-By: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
This eases testing of option values inside the code. This instance
is implemented as the read-only copy of the obtained 'options' object,
so callers won't be able to modify its contents.
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
This is handy when we're debugging the thread locks: we can try to
understand which thread does what and how it was called.
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
Rodolfo García Peñas (kix)
Franklin Bynum
Keith Bowes
Adam Dinwoodie
Schspa Shi
Philippe Loctaux
Nicolas Sebrecht
altruizine
Espen Henriksen
Eygene Ryabinkin
nopjmp