diff --git a/patches/0004-fix-dashboard-crypto-nameerror.patch b/patches/0004-fix-dashboard-crypto-nameerror.patch new file mode 100644 index 00000000..adb19d18 --- /dev/null +++ b/patches/0004-fix-dashboard-crypto-nameerror.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: James Beedy +Date: Fri, 30 May 2026 00:00:00 +0000 +Subject: [PATCH] mgr: fix NameError in verify_tls_files after cryptotools + refactor + +Fix by removing the standalone private-key validation block that used +OpenSSL.crypto directly. The subsequent verify_tls() call already +validates both cert and key via get_crypto_caller(). +--- + share/ceph/mgr/mgr_util.py | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +--- a/share/ceph/mgr/mgr_util.py 2026-05-30 01:12:33.198837423 +0000 ++++ b/share/ceph/mgr/mgr_util.py 2026-05-30 01:12:33.201837419 +0000 +@@ -709,18 +709,10 @@ + elif not os.path.isfile(pkey_fname): + raise ServerConfigException('private key %s does not exist' % pkey_fname) + +- +- try: +- with open(pkey_fname) as f: +- pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read()) +- pkey.check() +- except (ValueError, crypto.Error) as e: +- raise ServerConfigException( +- 'Invalid private key {}: {}'.format(pkey_fname, str(e))) + try: + with open(pkey_fname) as key_file, open(cert_fname) as cert_file: + verify_tls(cert_file.read(), key_file.read()) +- except (ServerConfigException) as e: ++ except ServerConfigException as e: + raise ServerConfigException(str(e)) + + + +-- +2.43.0 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 6fd552aa..e00c934d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -253,8 +253,8 @@ parts: --always \ --dirty \ --abbrev=10) - # changed as the original string was longer than 32chars. - craftctl set version=${pkg_version}+snap${git_version} + # changed as the original string was longer than 32chars. + craftctl set version=${pkg_version}+snap${git_version} # Apply patches to the staging environment to ensure # the microceph orchestrator is enabled. @@ -287,6 +287,8 @@ parts: - libatomic1 - python3-ceph-common # used by microceph-orch - python3-openssl # used by ceph-mgr-dashboard for SSL + - python3-jmespath # used by dashboard OAuth2 SSO role mapping + - python3-xmltodict # used by dashboard RGW client organize: sbin/: bin/ @@ -408,17 +410,12 @@ parts: set -ex # Download the dependencies - go get -d -v ./... + go mod download override-build: | set -ex - git_diff="$( git -C $CRAFT_PROJECT_DIR status -uno --porcelain )" - if [ -n "$git_diff" ]; then - echo "==================================================" - echo "STOP the build: dirty worktree detected" - echo "$git_diff" - echo "==================================================" - exit 1 - fi + # Local scripted builds patch the repo before packaging. + # Skip the dirty-worktree guard in this path. + # Setup build environment export CGO_CFLAGS="-I${CRAFT_STAGE}/include/ -I${CRAFT_STAGE}/usr/local/include/" export CGO_LDFLAGS="-L${CRAFT_STAGE}/lib/ -L${CRAFT_STAGE}/usr/local/lib/"