Add scitokens-cpp with PR#137 for testing

scitokens/scitokens-cpp#137
unlhcc · Apr 30, 2024 · 7168830 · 7168830
1 parent a657f30
commit 7168830
Show file tree

Hide file tree

Showing 3 changed files with 282 additions and 0 deletions.
diff --git a/scitokens-cpp/osg/137.patch b/scitokens-cpp/osg/137.patch
@@ -0,0 +1,61 @@
+From f87b59c27fc77d1f0e704058bed93ccf50dce7bd Mon Sep 17 00:00:00 2001
+From: John Thiltges <[email protected]>
+Date: Tue, 23 Apr 2024 13:43:57 -0500
+Subject: [PATCH] Add mutex around key refresh with get_public_keys_from_web()
+
+Limit key refresh to a single simultaneous request to avoid
+overloading issuers.
+---
+ src/scitokens_internal.cpp | 8 +++++++-
+ src/scitokens_internal.h   | 2 ++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/scitokens_internal.cpp b/src/scitokens_internal.cpp
+index 2e578e6..933c930 100644
+--- a/src/scitokens_internal.cpp
++++ b/src/scitokens_internal.cpp
+@@ -31,6 +31,8 @@ struct CurlRaii {
+
+ CurlRaii myCurl;
+
++std::mutex key_refresh_mutex;
++
+ } // namespace
+
+ namespace scitokens {
+@@ -792,11 +794,15 @@ Validator::get_public_key_pem(const std::string &issuer, const std::string &kid,
+
+     if (get_public_keys_from_db(issuer, now, result->m_keys,
+                                 result->m_next_update)) {
+-        if (now > result->m_next_update) {
++        std::unique_lock<std::mutex> lock(key_refresh_mutex, std::defer_lock);
++        // If refresh is due *and* the key refresh mutex is free, try to update
++        if (now > result->m_next_update && lock.try_lock()) {
+             try {
+                 result->m_ignore_error = true;
+                 result = get_public_keys_from_web(
+                     issuer, internal::SimpleCurlGet::default_timeout);
++                // Hold refresh mutex in the new result
++                result->m_refresh_lock = std::move(lock);
+             } catch (std::runtime_error &) {
+                 result->m_do_store = false;
+                 // ignore the exception: we have a valid set of keys already
+diff --git a/src/scitokens_internal.h b/src/scitokens_internal.h
+index 85a4f1f..341d3cd 100644
+--- a/src/scitokens_internal.h
++++ b/src/scitokens_internal.h
+@@ -1,5 +1,6 @@
+
+ #include <memory>
++#include <mutex>
+ #include <sstream>
+ #include <unordered_map>
+
+@@ -212,6 +213,7 @@ class AsyncStatus {
+     bool m_has_metadata{false};
+     bool m_oauth_fallback{false};
+     AsyncState m_state{DOWNLOAD_METADATA};
++    std::unique_lock<std::mutex> m_refresh_lock;
+
+     int64_t m_next_update{-1};
+     int64_t m_expires{-1};
diff --git a/scitokens-cpp/osg/scitokens-cpp.spec b/scitokens-cpp/osg/scitokens-cpp.spec
@@ -0,0 +1,220 @@
+%undefine __cmake_in_source_build
+%undefine __cmake3_in_source_build
+
+Name: scitokens-cpp
+Version: 1.1.1
+Release: 1.20240430.1%{?dist}
+Summary: C++ Implementation of the SciTokens Library
+License: ASL 2.0
+URL: https://github.com/scitokens/scitokens-cpp
+
+# Directions to generate a proper release:
+# git archive --prefix "scitokens-cpp-0.3.3/" -o "scitokens-cpp-0.3.3.tar" v0.3.3
+# git submodule update --init
+# git submodule foreach --recursive "git archive --prefix=scitokens-cpp-0.3.3/\$path/ --output=\$sha1.tar HEAD && tar --concatenate --file=$(pwd)/scitokens-cpp-0.3.3.tar \$sha1.tar && rm \$sha1.tar"
+# gzip "scitokens-cpp-0.3.3.tar"
+Source0: https://github.com/scitokens/scitokens-cpp/releases/download/v%{version}/%{name}-%{version}.tar.gz
+# Fix build failure with GCC10.1 and Werror (upstream pull request)
+# https://github.com/kazuho/picojson/pull/131
+#Patch0: %{name}-paren.patch
+Patch1: 137.patch
+
+# Scitokens-cpp bundles jwt-cpp, a header only dependency
+# Since it doesn't create a library that can be used by others, it seems
+# inappropriate to include a "Provides", as jwt-cpp is not provided
+# by this package.
+
+BuildRequires: gcc-c++
+BuildRequires: make
+BuildRequires: cmake
+BuildRequires: sqlite-devel
+BuildRequires: openssl-devel
+BuildRequires: libcurl-devel
+BuildRequires: libuuid-devel
+
+%if 0%{?el7}
+# needed for ldconfig_scriptlets
+BuildRequires: epel-rpm-macros
+BuildRequires: cmake3
+%endif
+
+%description
+%{summary}
+
+%package devel
+Summary: Header files for the scitokens-cpp public interfaces
+
+Requires: %{name}%{?_isa} = %{version}
+
+%description devel
+%{summary}
+
+%prep
+%setup -q
+#sed 's/ -Werror//' -i CMakeLists.txt
+%patch1 -p1
+
+%build
+%cmake3
+%cmake3_build
+
+%install
+%cmake3_install
+
+# Run the ldconfig
+%ldconfig_scriptlets
+
+%files
+%{_libdir}/libSciTokens.so.0*
+%{_bindir}/scitokens-*
+%license LICENSE
+%doc README.md
+
+%files devel
+%{_libdir}/libSciTokens.so
+%{_includedir}/scitokens/scitokens.h
+%dir %{_includedir}/scitokens
+
+%changelog
+* Tue Apr 30 2024 John Thiltges <[email protected]> - 1.1.1-1.20240430.1
+- Build with PR#137 for testing
+
+* Wed Feb 28 2024 Derek Weitzel <[email protected]> - 1.1.1-1
+- Improve error handling around the sqlite3 library
+- Fix test failures and compiler warnings
+
+* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> - 1.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Nov 07 2023 Derek Weitzel <[email protected]> - 1.1.0-1
+- Allow the scitokens library user to setup a custom CA file
+- Fix typecast errors in scitoken_status_get_*() that caused async queries to fail
+- Fix logic error in deserialize_continue() that caused async deserialization to fail
+
+* Sat Jul 22 2023 Fedora Release Engineering <[email protected]> - 1.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jun 15 2023 Derek Weitzel <[email protected]> - 1.0.2-1
+- Add support for API-configurable cache home
+- Fix enforcer_acl_free logic
+- scitokens_internal: catch matching exception type after jwt-cpp update
+
+* Wed Apr 26 2023 Derek Weitzel <[email protected]> - 1.0.1-1
+- Fix bug in generate acls which would cause a timeout
+
+* Tue Mar 21 2023 Derek Weitzel <[email protected]> - 1.0.0-1
+- Add async API for parsing and verifying tokens
+- Add configuration API
+- Make nbf claim optional for non-scitokens tokens
+- Update to OpenSSL 3.0
+
+* Sat Jan 21 2023 Fedora Release Engineering <[email protected]> - 0.7.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Nov 01 2022 Derek Weitzel <[email protected]> - 0.7.3-1
+- Retry failed key renewal every 5 minutes
+
+* Mon Oct 31 2022 Derek Weitzel <[email protected]> - 0.7.2-1
+- Add curl timeout of 4 seconds for update, and 30 for expired keys
+
+* Sat Jul 23 2022 Fedora Release Engineering <[email protected]> - 0.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jun 22 2022 Derek Weitzel <[email protected]> - 0.7.1-1
+- Add scitokens-* binaries to the package
+- Bug: close sqlite db handle on return
+
+* Fri Feb 18 2022 Derek Weitzel <[email protected]> - 0.7.0-1
+- Changes from static analysis
+- If only one key is available, do not error on no kid
+- Support at+jwt profile
+
+* Sat Jan 22 2022 Fedora Release Engineering <[email protected]> - 0.6.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Dec 21 00:52:22 UTC 2021 Derek Weitzel <[email protected]> - 0.6.2-4
+- Remove -Werror for depreciated OpenSSL 3 functions
+
+* Tue Sep 14 2021 Sahana Prasad <[email protected]> - 0.6.2-3
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Fedora Release Engineering <[email protected]> - 0.6.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Derek Weitzel <[email protected]> - 0.6.2-1
+- Correct WLCG compat for condor read permissions
+
+* Thu May 20 2021 Derek Weitzel <[email protected]> - 0.6.1-1
+- Fix vector resize for el8+ builds
+
+* Tue May 18 2021 Derek Weitzel <[email protected]> - 0.6.0-2
+- Add back paren patch
+
+* Tue Mar 09 2021 Derek Weitzel <[email protected]> - 0.6.0-1
+- Fix compilation errors on c++11
+- Update to jwt-cpp-0.4.0 vendor
+- Change scitoken profile name to match spec, scitoken:2.0
+
+* Wed Jan 27 2021 Fedora Release Engineering <[email protected]> - 0.5.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Dec 07 2020 Mattias Ellert <[email protected]> - 0.5.1-2
+- Fix build failure with GCC10.1 and Werror (upstream pull request)
+- Adapt specfile to new cmake macros (out of tree build)
+- Drop EPEL 6 conditionals (EOL)
+- Fix compilation error with gcc 11
+
+* Wed Jun 24 2020 Derek Weitzel <[email protected]> - 0.5.1-1
+- Add storage.modify as write permission
+
+* Fri Feb 28 2020 Derek Weitzel <[email protected]> - 0.5.0-1
+- Add API for retrieving string list attributes
+
+* Thu Jan 30 2020 Fedora Release Engineering <[email protected]> - 0.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Nov 08 2019 Derek Weitzel <[email protected]> - 0.4.0-1
+- Add support for WLCG profile
+
+* Fri Nov 08 2019 Derek Weitzel <[email protected]> - 0.3.5-1
+- Fix EC public key handling
+
+* Wed Sep 18 2019 Derek Weitzel <[email protected]> - 0.3.4-1
+- Fix bugs for support with IAM
+
+* Thu Aug 01 2019 Derek Weitzel <[email protected]> - 0.3.3-3
+- Update the packaging to bring it line with EPEL (fedora) guidelines
+
+* Tue Jul 30 2019 Derek Weitzel <[email protected]> - 0.3.3-2
+- Change the Source URL
+- Use make_build in the packaging
+
+* Thu Jul 25 2019 Derek Weitzel <[email protected]> - 0.3.3-1
+- Merge OSG changes
+- Use a newer, still supported version of devtoolset
+- Fix bug in verifying EC signed tokens #13
+
+* Thu Jul 25 2019 Derek Weitzel <[email protected]> - 0.3.2-1
+- Update RPM to v0.3.2 of the packaging.
+- Fix downloading public key bug #12
+
+* Thu Jun 20 2019 Brian Bockelman <[email protected]> - 0.3.1-1
+- Update RPM to v0.3.1 of the packaging.
+
+* Wed May 29 2019 Mátyás Selmeci <[email protected]> - 0.3.0-4
+- Use double layer of const for deserialize
+  (patch from https://github.com/scitokens/scitokens-cpp/commit/ac0b2f0679488fa91c14ed781268efbcdb69ed3c)
+
+* Mon May 13 2019 Mátyás Selmeci <[email protected]> - 0.3.0-3
+- Add Force-aud-test-in-the-validator.patch from
+  https://github.com/scitokens/scitokens-cpp/pull/8
+
+* Fri May 03 2019 Mátyás Selmeci <[email protected]> - 0.3.0-2
+- Fix requirements
+
+* Thu May 02 2019 Mátyás Selmeci <[email protected]> - 0.3.0-1
+- Update to v0.3.0
+- Add dependencies on libcurl-devel, libuuid-devel
+
+* Thu Jan 03 2019 Brian Bockelman <[email protected]> - 0.1.0-1
+- Initial version of the SciTokens C++ RPM.
diff --git a/scitokens-cpp/upstream/koji.source b/scitokens-cpp/upstream/koji.source
@@ -0,0 +1 @@
+https://kojipkgs.fedoraproject.org//packages/scitokens-cpp/1.1.1/1.el8/src/scitokens-cpp-1.1.1-1.el8.src.rpm sha1sum=46cf14a00fdf2b6153676ed6a0719461152fb901
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		https://kojipkgs.fedoraproject.org//packages/scitokens-cpp/1.1.1/1.el8/src/scitokens-cpp-1.1.1-1.el8.src.rpm sha1sum=46cf14a00fdf2b6153676ed6a0719461152fb901