apel · tofu-rocketry · Feb 21, 2024 · Oct 9, 2023 · Nov 20, 2023 · Dec 11, 2023
@@ -51,7 +51,7 @@ jobs:
       run: rpmlint ${{ steps.rpm.outputs.rpm_dir_path }}
 
     - name: Upload artifact
-      uses: actions/upload-artifact@v3.1.3
+      uses: actions/upload-artifact@v4.3.1
       with:
         name: Binary and Source RPMs
         path: |

@@ -38,7 +38,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -49,4 +49,4 @@ jobs:
         queries: security-extended,security-and-quality
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
@@ -48,7 +48,7 @@ jobs:
         # Build and push Docker image
         # https://github.com/docker/build-push-action
         name: Build and push Docker image
-        uses: docker/build-push-action@v5.0.0
+        uses: docker/build-push-action@v5.1.0
         with:
           # Only push containers to the registry on GitHub pushes,
           # not pull requests. GitHub won't let a rogue PR create a container

@@ -13,7 +13,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Set up dependencies for python-ldap

@@ -1,5 +1,10 @@
-Changelog for ssm
-=================
+* Wed Feb 21 2024 Adrian Coveney <[email protected]> - 3.4.0-1
+ - Fixed compatability with newer versions of OpenSSL that only provide comma separated DNs.
+ - Fixed Python 3 compatability (indirectly fixing EL8+ compatability) by performing explicit
+   decoding. Note that this limits messages to ASCII as this is the current behaviour.
+ - Added new build script that handles both RPM and DEB pacakging and later OSes.
+ - Changed default config file values to bring in line with AMS usage.
+
 * Mon Oct 09 2023 Adrian Coveney <[email protected]> - 3.3.0-1
  - Added warning that BDII broker fetching will be deprecated in a future version.
  - Added non-zero exit status if sender or receiver crash.

@@ -7,15 +7,18 @@ COPY . /tmp/ssm
 WORKDIR /tmp/ssm
 
 # Add the EPEL repo so we can get pip
-RUN yum -y install epel-release
+RUN yum -y install epel-release && yum clean all
 # Then get pip
-RUN yum -y install python-pip
+RUN yum -y install python-pip && yum clean all
 
 # Install the system requirements of python-ldap
-RUN yum -y install gcc python-devel openldap-devel
+RUN yum -y install gcc python-devel openldap-devel && yum clean all
+
+# Install libffi, a requirement of openssl
+RUN yum -y install libffi-devel && yum clean all
 
 # Install the system requirements of ssm
-RUN yum -y install openssl
+RUN yum -y install openssl && yum clean all
 
 # Install the python requirements of SSM
 RUN pip install -r requirements.txt

@@ -4,7 +4,7 @@
 %endif
 
 Name:           apel-ssm
-Version:        3.3.1
+Version:        3.4.0
 %define releasenumber 1
 Release:        %{releasenumber}%{?dist}
 Summary:        Secure stomp messenger
@@ -100,6 +100,13 @@ rm -rf $RPM_BUILD_ROOT
 %doc %_defaultdocdir/%{name}
 
 %changelog
+* Wed Feb 21 2024 Adrian Coveney <[email protected]> - 3.4.0-1
+ - Fixed compatability with newer versions of OpenSSL that only provide comma separated DNs.
+ - Fixed Python 3 compatability (indirectly fixing EL8+ compatability) by performing explicit
+   decoding. Note that this limits messages to ASCII as this is the current behaviour.
+ - Added new build script that handles both RPM and DEB pacakging and later OSes.
+ - Changed default config file values to bring in line with AMS usage.
+
 * Mon Oct 09 2023 Adrian Coveney <[email protected]> - 3.3.0-1
  - Added warning that BDII broker fetching will be deprecated in a future version.
  - Added non-zero exit status if sender or receiver crash.

@@ -1,16 +1,17 @@
 [receiver]
 # Either 'STOMP' for STOMP message brokers or 'AMS' for Argo Messaging Service
-protocol: STOMP
+protocol: AMS
 
 [broker]
 
 # The SSM will query a BDII to find brokers available.  These details are for the
 # EGI production broker network
-bdii: ldap://lcg-bdii.cern.ch:2170
-network: PROD
+#bdii: ldap://lcg-bdii.cern.ch:2170
+#network: PROD
 # Alternatively, 'host' and 'port' can be set manually (with 'bdii' and
-# 'network' commented out). This option MUST be used for AMS.
-#host:
+# 'network' commented out). The 'host' option MUST be used for AMS.
+host: msg-devel.argo.grnet.gr
+#host: msg.argo.grnet.gr
 #port:
 
 # broker authentication.  If use_ssl is set, the certificates configured
@@ -25,17 +26,22 @@ check_crls: false
 
 [messaging]
 # If using AMS this is the project that SSM will connect to. Ignored for STOMP.
-ams_project:
+ams_project: accounting
 
 # Destination to which SSM will listen.
-destination: /queue/ssm2test
+destination:
+
+# Only use direct token auth with AMS if you've been provided with a token to use.
+#token:
 
 # Accepted messages will be written to <path>/incoming
 # Rejected messages will be written to <path>/reject
 path: /var/spool/apel
 
 [logging]
 logfile: /var/log/apel/ssmreceive.log
+# Available logging levels:
+# DEBUG, INFO, WARN, ERROR, CRITICAL
 level: INFO
 console: false
 

@@ -1,17 +1,18 @@
 [sender]
 # Either 'STOMP' for STOMP message brokers or 'AMS' for Argo Messaging Service
-protocol: STOMP
+protocol: AMS
 
 [broker]
 
 # The SSM will query a BDII to find brokers available.  These details are for the
 # EGI production broker network
-bdii: ldap://lcg-bdii.cern.ch:2170
-network: PROD
-# Alternatively, 'host' and 'port' may be set manually (with 'bdii' and
-# 'network' commented out). This option must be used for AMS.
-#host: msg-devel.argo.grnet.gr
-#port: 443
+#bdii: ldap://lcg-bdii.cern.ch:2170
+#network: PROD
+# Alternatively, 'host' and 'port' can be set manually (with 'bdii' and
+# 'network' commented out). The 'host' option MUST be used for AMS.
+host: msg-devel.argo.grnet.gr
+#host: msg.argo.grnet.gr
+#port:
 
 # broker authentication.  If use_ssl is set, the certificates configured
 # in the mandatory [certificates] section will be used.
@@ -23,7 +24,7 @@ key: /etc/grid-security/hostkey.pem
 capath: /etc/grid-security/certificates
 
 # If supplied, outgoing messages will be encrypted using this certificate.
-# May be used in addition to 'use_ssl'. If used, it must be the certificate of
+# May be used in addition to 'use_ssl'. If used, it MUST be the certificate of
 # the final server that's receiving your messages; not your own, nor the broker.
 #server_cert: /etc/grid-security/servercert.pem
 
@@ -34,6 +35,9 @@ ams_project: accounting
 # Queue to which SSM will send messages
 destination: gLite-APEL
 
+# Only use direct token auth with AMS if you've been provided with a token to use.
+#token:
+
 # Outgoing messages will be read and removed from this directory.
 path: /var/spool/apel/outgoing
 # If 'path_type' is set to 'dirq' (or if 'path_type' is omitted), the supplied

@@ -2,6 +2,8 @@
 
 argo-ams-library
 certifi<2020.4.5.2  # Used by AMS (via requests), 2020.4.5.2 dropped support for Python 2
+pyopenssl >=19.1.0, <=21.0.0  # 22.0.0 dropped support for Python 2
+cryptography==3.3.2  # Crypto dropped support for Python 2 after 3.3
 stomp.py<5.0.0
 python-daemon<=2.3.0  # 2.3.1 dropped support for Python 2
 python-ldap<3.4.0  # python-ldap-3.4.0 dropped support for Python 2

@@ -16,7 +16,7 @@
 
 set -eu
 
-TAG=3.3.1-1
+TAG=3.4.0-1
 
 SOURCE_DIR=~/debbuild/source
 BUILD_DIR=~/debbuild/build

@@ -10,7 +10,7 @@
 rpmdev-setuptree
 
 RPMDIR=/home/rpmb/rpmbuild
-VERSION=3.3.1-1
+VERSION=3.4.0-1
 SSMDIR=apel-ssm-$VERSION
 
 # Remove old sources and RPMS