From d32b2497ed691bef7d38b18bf0c1dd8b6d2bcadd Mon Sep 17 00:00:00 2001 From: holger krekel Date: Tue, 28 Apr 2026 21:31:38 +0200 Subject: [PATCH] apply cmdeploy fmt linting, no content changes --- cmdeploy/src/cmdeploy/cmdeploy.py | 10 ++++- cmdeploy/src/cmdeploy/deployers.py | 10 ++++- cmdeploy/src/cmdeploy/dovecot/deployer.py | 38 +++++++++++++------ cmdeploy/src/cmdeploy/selfsigned/deployer.py | 32 +++++++++++----- .../src/cmdeploy/tests/online/test_0_qr.py | 17 +++++---- cmdeploy/src/cmdeploy/tests/plugin.py | 9 +++-- .../cmdeploy/tests/test_dovecot_deployer.py | 3 +- 7 files changed, 82 insertions(+), 37 deletions(-) diff --git a/cmdeploy/src/cmdeploy/cmdeploy.py b/cmdeploy/src/cmdeploy/cmdeploy.py index 9fbc221d..3cbd437e 100644 --- a/cmdeploy/src/cmdeploy/cmdeploy.py +++ b/cmdeploy/src/cmdeploy/cmdeploy.py @@ -93,7 +93,9 @@ def run_cmd(args, out): strict_tls = args.config.tls_cert_mode == "acme" if not args.dns_check_disabled: remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain) - if not dns.check_initial_remote_data(remote_data, strict_tls=strict_tls, print=out.red): + if not dns.check_initial_remote_data( + remote_data, strict_tls=strict_tls, print=out.red + ): return 1 env = os.environ.copy() @@ -116,7 +118,11 @@ def run_cmd(args, out): out.check_call(cmd, env=env) if args.website_only: out.green("Website deployment completed.") - elif not args.dns_check_disabled and strict_tls and not remote_data["acme_account_url"]: + elif ( + not args.dns_check_disabled + and strict_tls + and not remote_data["acme_account_url"] + ): out.red("Deploy completed but letsencrypt not configured") out.red("Run 'cmdeploy run' again") else: diff --git a/cmdeploy/src/cmdeploy/deployers.py b/cmdeploy/src/cmdeploy/deployers.py index 0a759a5f..9ff37994 100644 --- a/cmdeploy/src/cmdeploy/deployers.py +++ b/cmdeploy/src/cmdeploy/deployers.py @@ -591,11 +591,17 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) - return # Check if mtail_address interface is available (if configured) - if config.mtail_address and config.mtail_address not in ('127.0.0.1', '::1', 'localhost'): + if config.mtail_address and config.mtail_address not in ( + "127.0.0.1", + "::1", + "localhost", + ): ipv4_addrs = host.get_fact(hardware.Ipv4Addrs) all_addresses = [addr for addrs in ipv4_addrs.values() for addr in addrs] if config.mtail_address not in all_addresses: - Out().red(f"Deploy failed: mtail_address {config.mtail_address} is not available (VPN up?).\n") + Out().red( + f"Deploy failed: mtail_address {config.mtail_address} is not available (VPN up?).\n" + ) exit(1) if not is_in_container(): diff --git a/cmdeploy/src/cmdeploy/dovecot/deployer.py b/cmdeploy/src/cmdeploy/dovecot/deployer.py index 37215d35..401e3658 100644 --- a/cmdeploy/src/cmdeploy/dovecot/deployer.py +++ b/cmdeploy/src/cmdeploy/dovecot/deployer.py @@ -20,12 +20,30 @@ DOVECOT_ARCHIVE_VERSION = "2.3.21+dfsg1-3" DOVECOT_PACKAGE_VERSION = f"1:{DOVECOT_ARCHIVE_VERSION}" DOVECOT_SHA256 = { - ("core", "amd64"): "dd060706f52a306fa863d874717210b9fe10536c824afe1790eec247ded5b27d", - ("core", "arm64"): "e7548e8a82929722e973629ecc40fcfa886894cef3db88f23535149e7f730dc9", - ("imapd", "amd64"): "8d8dc6fc00bbb6cdb25d345844f41ce2f1c53f764b79a838eb2a03103eebfa86", - ("imapd", "arm64"): "178fa877ddd5df9930e8308b518f4b07df10e759050725f8217a0c1fb3fd707f", - ("lmtpd", "amd64"): "2f69ba5e35363de50962d42cccbfe4ed8495265044e244007d7ccddad77513ab", - ("lmtpd", "arm64"): "89f52fb36524f5877a177dff4a713ba771fd3f91f22ed0af7238d495e143b38f", + ( + "core", + "amd64", + ): "dd060706f52a306fa863d874717210b9fe10536c824afe1790eec247ded5b27d", + ( + "core", + "arm64", + ): "e7548e8a82929722e973629ecc40fcfa886894cef3db88f23535149e7f730dc9", + ( + "imapd", + "amd64", + ): "8d8dc6fc00bbb6cdb25d345844f41ce2f1c53f764b79a838eb2a03103eebfa86", + ( + "imapd", + "arm64", + ): "178fa877ddd5df9930e8308b518f4b07df10e759050725f8217a0c1fb3fd707f", + ( + "lmtpd", + "amd64", + ): "2f69ba5e35363de50962d42cccbfe4ed8495265044e244007d7ccddad77513ab", + ( + "lmtpd", + "arm64", + ): "89f52fb36524f5877a177dff4a713ba771fd3f91f22ed0af7238d495e143b38f", } @@ -61,11 +79,7 @@ class DovecotDeployer(Deployer): self.need_restart = True files.put( name="Pin dovecot packages to block Debian dist-upgrades", - src=io.StringIO( - "Package: dovecot-*\n" - "Pin: version *\n" - "Pin-Priority: -1\n" - ), + src=io.StringIO("Package: dovecot-*\nPin: version *\nPin-Priority: -1\n"), dest="/etc/apt/preferences.d/pin-dovecot", user="root", group="root", @@ -84,7 +98,7 @@ class DovecotDeployer(Deployer): if not self.disable_mail and not self.need_restart: stale = host.get_fact( Command, - 'pid=$(systemctl show -p MainPID --value dovecot.service 2>/dev/null);' + "pid=$(systemctl show -p MainPID --value dovecot.service 2>/dev/null);" ' [ "${pid:-0}" != "0" ] && readlink "/proc/$pid/exe" 2>/dev/null | grep -q "(deleted)"' " && echo STALE || true", ) diff --git a/cmdeploy/src/cmdeploy/selfsigned/deployer.py b/cmdeploy/src/cmdeploy/selfsigned/deployer.py index 7f6d5015..f02a5307 100644 --- a/cmdeploy/src/cmdeploy/selfsigned/deployer.py +++ b/cmdeploy/src/cmdeploy/selfsigned/deployer.py @@ -12,15 +12,27 @@ def openssl_selfsigned_args(domain, cert_path, key_path, days=36500): ``www.`` and ``mta-sts.``. """ return [ - "openssl", "req", "-x509", - "-newkey", "ec", "-pkeyopt", "ec_paramgen_curve:P-256", - "-noenc", "-days", str(days), - "-keyout", str(key_path), - "-out", str(cert_path), - "-subj", f"/CN={domain}", + "openssl", + "req", + "-x509", + "-newkey", + "ec", + "-pkeyopt", + "ec_paramgen_curve:P-256", + "-noenc", + "-days", + str(days), + "-keyout", + str(key_path), + "-out", + str(cert_path), + "-subj", + f"/CN={domain}", # Mark as end-entity cert so it cannot be used as a CA to sign others. - "-addext", "basicConstraints=critical,CA:FALSE", - "-addext", "extendedKeyUsage=serverAuth,clientAuth", + "-addext", + "basicConstraints=critical,CA:FALSE", + "-addext", + "extendedKeyUsage=serverAuth,clientAuth", "-addext", f"subjectAltName=DNS:{domain},DNS:www.{domain},DNS:mta-sts.{domain}", ] @@ -42,7 +54,9 @@ class SelfSignedTlsDeployer(Deployer): def configure(self): args = openssl_selfsigned_args( - self.mail_domain, self.cert_path, self.key_path, + self.mail_domain, + self.cert_path, + self.key_path, ) cmd = shlex.join(args) server.shell( diff --git a/cmdeploy/src/cmdeploy/tests/online/test_0_qr.py b/cmdeploy/src/cmdeploy/tests/online/test_0_qr.py index b916e696..4ffc8f0d 100644 --- a/cmdeploy/src/cmdeploy/tests/online/test_0_qr.py +++ b/cmdeploy/src/cmdeploy/tests/online/test_0_qr.py @@ -30,12 +30,15 @@ def test_newemail_configure(maildomain, rpc, chatmail_config): # set_config_from_qr, so fetch credentials via requests instead res = requests.post(f"https://{maildomain}/new", verify=False) data = res.json() - rpc.add_or_update_transport(account_id, { - "addr": data["email"], - "password": data["password"], - "imapServer": maildomain, - "smtpServer": maildomain, - "certificateChecks": "acceptInvalidCertificates", - }) + rpc.add_or_update_transport( + account_id, + { + "addr": data["email"], + "password": data["password"], + "imapServer": maildomain, + "smtpServer": maildomain, + "certificateChecks": "acceptInvalidCertificates", + }, + ) else: rpc.add_transport_from_qr(account_id, url) diff --git a/cmdeploy/src/cmdeploy/tests/plugin.py b/cmdeploy/src/cmdeploy/tests/plugin.py index fc5e2f26..a3013ac1 100644 --- a/cmdeploy/src/cmdeploy/tests/plugin.py +++ b/cmdeploy/src/cmdeploy/tests/plugin.py @@ -417,9 +417,12 @@ class Remote: getjournal = "journalctl -f" if not logcmd else logcmd print(self.sshdomain) match self.sshdomain: - case "@local": command = [] - case "localhost": command = [] - case _: command = ["ssh", f"root@{self.sshdomain}"] + case "@local": + command = [] + case "localhost": + command = [] + case _: + command = ["ssh", f"root@{self.sshdomain}"] [command.append(arg) for arg in getjournal.split()] popen = subprocess.Popen( command, diff --git a/cmdeploy/src/cmdeploy/tests/test_dovecot_deployer.py b/cmdeploy/src/cmdeploy/tests/test_dovecot_deployer.py index f632912e..8c615671 100644 --- a/cmdeploy/src/cmdeploy/tests/test_dovecot_deployer.py +++ b/cmdeploy/src/cmdeploy/tests/test_dovecot_deployer.py @@ -23,8 +23,7 @@ def make_host(*fact_pairs): if cls not in facts: registered = ", ".join(c.__name__ for c in facts) raise LookupError( - f"unexpected get_fact({cls.__name__}); " - f"only registered: {registered}" + f"unexpected get_fact({cls.__name__}); only registered: {registered}" ) return facts[cls]