wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-05 19:43:22 +02:00
Code Issues Projects Releases Wiki Activity

Update to Python 3.11 minimum and fix IPv6 constraint format

Browse source 
- Update Python requirement from 3.10 to 3.11 to align with Ansible 11
- Pin Ansible collections in requirements.yml for stability
- Fix invalid IPv6 constraint format causing deployment failure
- Update ruff target-version to py311 for consistency

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Dan Guido 2025-08-04 22:39:26 -07:00
parent a9bc3fe27b
commit 87424b20f6
6 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CLAUDE.md
View file

@ -76,7 +76,7 @@ Currently unpinned in `requirements.yml`, but key ones include:
```toml ```toml
# pyproject.toml configuration # pyproject.toml configuration
[tool.ruff] [tool.ruff]
target-version = "py310" target-version = "py311"
line-length = 120 line-length = 120
[tool.ruff.lint] [tool.ruff.lint]

4
main.yml
View file

@ -34,10 +34,10 @@
- name: Verify Python meets Algo VPN requirements - name: Verify Python meets Algo VPN requirements
assert: assert:
that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.8', '>=') that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.11', '>=')
msg: > msg: >
Python version is not supported. Python version is not supported.
You must upgrade to at least Python 3.8 to use this version of Algo. You must upgrade to at least Python 3.11 to use this version of Algo.
See for more details - https://trailofbits.github.io/algo/troubleshooting.html#python-version-is-not-supported See for more details - https://trailofbits.github.io/algo/troubleshooting.html#python-version-is-not-supported
- name: Verify Ansible meets Algo VPN requirements - name: Verify Ansible meets Algo VPN requirements

4
pyproject.toml
View file

@ -2,11 +2,11 @@
name = "algo" name = "algo"
description = "Set up a personal IPSEC VPN in the cloud" description = "Set up a personal IPSEC VPN in the cloud"
version = "0.1.0" version = "0.1.0"
requires-python = ">=3.10" requires-python = ">=3.11"
[tool.ruff] [tool.ruff]
# Ruff configuration # Ruff configuration
target-version = "py310" target-version = "py311"
line-length = 120 line-length = 120
[tool.ruff.lint] [tool.ruff.lint]

4
requirements.yml
View file

@ -1,6 +1,10 @@
--- ---
collections: collections:
- name: ansible.posix - name: ansible.posix
version: ">=1.6.2"
- name: community.general - name: community.general
version: ">=8.6.11"
- name: community.crypto - name: community.crypto
version: ">=2.26.4"
- name: openstack.cloud - name: openstack.cloud
version: ">=2.4.1"

2
roles/strongswan/tasks/openssl.yml
View file

@ -80,7 +80,7 @@
- "IP:10.0.0.0/255.0.0.0" - "IP:10.0.0.0/255.0.0.0"
- "IP:172.16.0.0/255.240.0.0" - "IP:172.16.0.0/255.240.0.0"
- "IP:192.168.0.0/255.255.0.0" - "IP:192.168.0.0/255.255.0.0"
- "IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0" # IPv6 all zeros - "IP:::/0" # IPv6 all addresses
name_constraints_critical: true name_constraints_critical: true
register: ca_csr register: ca_csr

2
tests/unit/test_openssl_compatibility.py
View file

@ -151,7 +151,7 @@ def validate_ca_certificate_config():
assert f'"email:{domain}"' in content, f"Email domain {domain} should be excluded" assert f'"email:{domain}"' in content, f"Email domain {domain} should be excluded"
# Verify IPv6 constraints are present (Issue #153) # Verify IPv6 constraints are present (Issue #153)
assert "IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0" in content, "IPv6 all-zeros should be excluded" assert "IP:::/0" in content, "IPv6 all addresses should be excluded"
print("✓ CA certificate configuration has proper security constraints") print("✓ CA certificate configuration has proper security constraints")