* ci: enable rhel9.0 tests for openssh_cert
* ci: allow openssh_cert second signature algorithm test for versions >8.7
* ci: narrowing condition to not attempt RSA1 signing exclusively on RHEL >=9
* ci: grouping and documenting condition
* Add RHEL 9.0 and FreeBSD 13.1 to CI.
* Add Ubuntu 22.04 and Fedora 36 to CI.
* Switch orders so that root doesn't have a SHA1 signature.
* Skip openssh_cert test on RHEL 9.0.
* Make it possible that pyOpenSSL isn't installed *at all*.
* Work with default.
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
* Add EE files.
* Install cryptography and PyOpenSSL from PyPi.
* Revert "Install cryptography and PyOpenSSL from PyPi."
This reverts commit 6b90a1efae.
* Only run test when cryptography has a new enough version.
* And another one.
* Extend changelog.
* Fix empty check for openssl_pkcs12 tests.
* Remove unnecessary imports.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
Read and write work queue significantly degrades performance on
SSD/NVME devices[1].
In Debian 11 crypttab does not support no-read-workqueue and
no-write-workqueue flags, so the persistent flag is workaround: once
opened with perf parameters persists forever.
[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
Signed-off-by: Yauhen Artsiukhou <jsirex@gmail.com>
* Document OpenSSH 7.7 required for validity always
* Document cert start time option for OpenSSH <7.7
* Improve language of "always" time support
* Update language on `always` to suggested
* Fix indetation
* Use community ansible-test images.
* Adjust tests for new operating systems, and pass on Python version as well.
* Fix Python version.
Co-authored-by: David Moreau Simard <moi@dmsimard.com>
* Fix package name.
Co-authored-by: David Moreau Simard <moi@dmsimard.com>
Felix Fontein
Andrew Pantuso
Jonas Verhofsté
Yauhen
bluikko
Andrew Pantuso