scmrepo 3.3.10__tar.gz → 3.3.11__tar.gz

{scmrepo-3.3.10 → scmrepo-3.3.11}/.github/workflows/tests.yaml

@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-20.04, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest]
         pyv: ['3.9', '3.10', '3.11', '3.12', '3.13']
 
     steps:
@@ -47,7 +47,7 @@ jobs:
       run: nox -s tests-${{ matrix.pyv }} -- --slow --cov-report=xml
 
     - name: Upload coverage report
-      uses: codecov/codecov-action@v5.3.1
+      uses: codecov/codecov-action@v5
 
     - name: Build package
       run: nox -s build

{scmrepo-3.3.10 → scmrepo-3.3.11}/.pre-commit-config.yaml

@@ -20,13 +20,13 @@ repos:
       - id: sort-simple-yaml
       - id: trailing-whitespace
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 'v0.9.3'
+    rev: 'v0.11.7'
     hooks:
       - id: ruff
         args: [--fix, --exit-non-zero-on-fix]
       - id: ruff-format
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.4.0
+    rev: v2.4.1
     hooks:
       - id: codespell
         additional_dependencies: ["tomli"]

{scmrepo-3.3.10/src/scmrepo.egg-info → scmrepo-3.3.11}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: scmrepo
-Version: 3.3.10
+Version: 3.3.11
 Summary: scmrepo
 Author-email: Iterative <support@dvc.org>
 License: Apache-2.0
@@ -38,12 +38,13 @@ Requires-Dist: pytest-sugar; extra == "tests"
 Requires-Dist: pytest-test-utils<0.2,>=0.1.0; extra == "tests"
 Requires-Dist: proxy.py; extra == "tests"
 Provides-Extra: dev
-Requires-Dist: mypy==1.14.1; extra == "dev"
+Requires-Dist: mypy==1.15.0; extra == "dev"
 Requires-Dist: scmrepo[tests]; extra == "dev"
 Requires-Dist: types-certifi; extra == "dev"
 Requires-Dist: types-mock; extra == "dev"
 Requires-Dist: types-paramiko; extra == "dev"
 Requires-Dist: types-tqdm; extra == "dev"
+Dynamic: license-file
 
 scmrepo
 =======

{scmrepo-3.3.10 → scmrepo-3.3.11}/pyproject.toml

@@ -52,7 +52,7 @@ tests = [
     "proxy.py",
 ]
 dev = [
-    "mypy==1.14.1",
+    "mypy==1.15.0",
     "scmrepo[tests]",
     "types-certifi",
     "types-mock",

{scmrepo-3.3.10 → scmrepo-3.3.11}/src/scmrepo/git/backend/dulwich/asyncssh_vendor.py

@@ -2,7 +2,7 @@
 
 import asyncio
 import os
-from collections.abc import Coroutine, Iterator, Sequence
+from collections.abc import Coroutine, Iterator
 from typing import (
     TYPE_CHECKING,
     Any,
@@ -18,6 +18,7 @@ from scmrepo.asyn import BaseAsyncObject, sync_wrapper
 from scmrepo.exceptions import AuthError
 
 if TYPE_CHECKING:
+    from collections.abc import Sequence
     from pathlib import Path
 
     from asyncssh.auth import KbdIntPrompts, KbdIntResponse
@@ -40,6 +41,12 @@ async def _read_all(read: Callable[[int], Coroutine], n: Optional[int] = None) -
     return b"".join(result)
 
 
+async def _getpass(*args, **kwargs) -> str:
+    from getpass import getpass
+
+    return await asyncio.to_thread(getpass, *args, **kwargs)
+
+
 class _StderrWrapper:
     def __init__(self, stderr: "SSHReader", loop: asyncio.AbstractEventLoop) -> None:
         self.stderr = stderr
@@ -97,45 +104,6 @@ class AsyncSSHWrapper(BaseAsyncObject):
     close = sync_wrapper(_close)
 
 
-# NOTE: Github's SSH server does not strictly comply with the SSH protocol.
-# When validating a public key using the rsa-sha2-256 or rsa-sha2-512
-# signature algorithms, RFC4252 + RFC8332 state that the server should respond
-# with the same algorithm in SSH_MSG_USERAUTH_PK_OK. Github's server always
-# returns "ssh-rsa" rather than the correct sha2 algorithm name (likely for
-# backwards compatibility with old SSH client reasons). This behavior causes
-# asyncssh to fail with a key-mismatch error (since asyncssh expects the server
-# to behave properly).
-#
-# See also:
-#   https://www.ietf.org/rfc/rfc4252.txt
-#   https://www.ietf.org/rfc/rfc8332.txt
-def _process_public_key_ok_gh(self, _pkttype, _pktid, packet):
-    from asyncssh.misc import ProtocolError
-
-    algorithm = packet.get_string()
-    key_data = packet.get_string()
-    packet.check_end()
-
-    # pylint: disable=protected-access
-    if (
-        (
-            algorithm == b"ssh-rsa"
-            and self._keypair.algorithm
-            not in (
-                b"ssh-rsa",
-                b"rsa-sha2-256",
-                b"rsa-sha2-512",
-            )
-        )
-        or (algorithm not in (b"ssh-rsa", self._keypair.algorithm))
-        or key_data != self._keypair.public_data
-    ):
-        raise ProtocolError("Key mismatch")
-
-    self.create_task(self._send_signed_request())
-    return True
-
-
 class InteractiveSSHClient(SSHClient):
     _conn: Optional["SSHClientConnection"] = None
     _keys_to_try: Optional[list["FilePath"]] = None
@@ -171,7 +139,7 @@ class InteractiveSSHClient(SSHClient):
             self._keys_to_try = []
             options = self._conn._options  # pylint: disable=protected-access
             config = options.config
-            client_keys = cast(Sequence["FilePath"], config.get("IdentityFile", ()))
+            client_keys = cast("Sequence[FilePath]", config.get("IdentityFile", ()))
             if not client_keys:
                 client_keys = [
                     os.path.expanduser(os.path.join("~", ".ssh", path))
@@ -202,8 +170,6 @@ class InteractiveSSHClient(SSHClient):
         return None
 
     async def _read_private_key_interactive(self, path: "FilePath") -> "SSHKey":
-        from getpass import getpass
-
         from asyncssh.public_key import (
             KeyEncryptionError,
             KeyImportError,
@@ -215,11 +181,8 @@ class InteractiveSSHClient(SSHClient):
         if passphrase:
             return read_private_key(path, passphrase=passphrase)
 
-        loop = asyncio.get_running_loop()
         for _ in range(3):
-            passphrase = await loop.run_in_executor(
-                None, getpass, f"Enter passphrase for key '{path}': "
-            )
+            passphrase = await _getpass(f"Enter passphrase for key {path!r}: ")
             if passphrase:
                 try:
                     key = read_private_key(path, passphrase=passphrase)
@@ -239,23 +202,20 @@ class InteractiveSSHClient(SSHClient):
         lang: str,
         prompts: "KbdIntPrompts",
     ) -> Optional["KbdIntResponse"]:
-        from getpass import getpass
-
         if os.environ.get("GIT_TERMINAL_PROMPT") == "0":
             return None
 
-        def _getpass(prompt: str) -> str:
-            return getpass(prompt=prompt).rstrip()
-
         if instructions:
             pass
-        loop = asyncio.get_running_loop()
-        return [
-            await loop.run_in_executor(
-                None, _getpass, f"({name}) {prompt}" if name else prompt
-            )
-            for prompt, _ in prompts
-        ]
+
+        response: list[str] = []
+        for prompt, _echo in prompts:
+            p = await _getpass(f"({name}) {prompt}" if name else prompt)
+            response.append(p.rstrip())
+        return response
+
+    async def password_auth_requested(self) -> str:
+        return await _getpass()
 
 
 class AsyncSSHVendor(BaseAsyncObject, SSHVendor):
@@ -286,12 +246,6 @@ class AsyncSSHVendor(BaseAsyncObject, SSHVendor):
           key_filename: Optional path to private keyfile
         """
         import asyncssh
-        from asyncssh.auth import MSG_USERAUTH_PK_OK, _ClientPublicKeyAuth
-
-        # pylint: disable=protected-access
-        _ClientPublicKeyAuth._packet_handlers[MSG_USERAUTH_PK_OK] = (
-            _process_public_key_ok_gh
-        )
 
         try:
             conn = await asyncssh.connect(

{scmrepo-3.3.10 → scmrepo-3.3.11}/src/scmrepo/git/backend/pygit2/__init__.py

@@ -289,7 +289,9 @@ class Pygit2Backend(BaseGitBackend):  # pylint:disable=abstract-method
             bare = True
         try:
             with RemoteCallbacks(progress=progress) as cb:
-                repo = clone_repository(url, to_path, callbacks=cb, bare=bare)
+                repo = clone_repository(
+                    url, os.fspath(to_path), callbacks=cb, bare=bare
+                )
                 if mirror:
                     cls._set_mirror(repo, progress=progress)
         except GitError as exc:

{scmrepo-3.3.10 → scmrepo-3.3.11}/src/scmrepo/git/backend/pygit2/callbacks.py

@@ -66,6 +66,8 @@ class RemoteCallbacks(_RemoteCallbacks, AbstractContextManager):
                 else:
                     creds = Credential(username=username_from_url, url=url).fill()
                     self._store_credentials = creds
+                assert creds.username is not None
+                assert creds.password is not None
                 return UserPass(creds.username, creds.password)
             except CredentialNotFoundError:
                 pass

{scmrepo-3.3.10 → scmrepo-3.3.11}/src/scmrepo/git/objects.py

@@ -160,7 +160,7 @@ class GitTrie:
             }
         )
 
-        return cast(dict, ret)
+        return cast("dict", ret)
 
 
 @dataclass

{scmrepo-3.3.10 → scmrepo-3.3.11/src/scmrepo.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: scmrepo
-Version: 3.3.10
+Version: 3.3.11
 Summary: scmrepo
 Author-email: Iterative <support@dvc.org>
 License: Apache-2.0
@@ -38,12 +38,13 @@ Requires-Dist: pytest-sugar; extra == "tests"
 Requires-Dist: pytest-test-utils<0.2,>=0.1.0; extra == "tests"
 Requires-Dist: proxy.py; extra == "tests"
 Provides-Extra: dev
-Requires-Dist: mypy==1.14.1; extra == "dev"
+Requires-Dist: mypy==1.15.0; extra == "dev"
 Requires-Dist: scmrepo[tests]; extra == "dev"
 Requires-Dist: types-certifi; extra == "dev"
 Requires-Dist: types-mock; extra == "dev"
 Requires-Dist: types-paramiko; extra == "dev"
 Requires-Dist: types-tqdm; extra == "dev"
+Dynamic: license-file
 
 scmrepo
 =======

{scmrepo-3.3.10 → scmrepo-3.3.11}/src/scmrepo.egg-info/requires.txt

@@ -10,7 +10,7 @@ aiohttp-retry>=2.5.0
 tqdm
 
 [dev]
-mypy==1.14.1
+mypy==1.15.0
 scmrepo[tests]
 types-certifi
 types-mock

{scmrepo-3.3.10 → scmrepo-3.3.11}/tests/test_dulwich.py

@@ -8,6 +8,7 @@ from unittest.mock import AsyncMock
 import asyncssh
 import paramiko
 import pytest
+from paramiko.server import InteractiveQuery
 from pytest_mock import MockerFixture
 from pytest_test_utils.waiters import wait_until
 
@@ -52,13 +53,24 @@ class Server(paramiko.ServerInterface):
     """http://docs.paramiko.org/en/2.4/api/server.html."""
 
     def __init__(self, commands, *args, **kwargs) -> None:
-        super().__init__(*args, **kwargs)
+        super().__init__()
         self.commands = commands
+        self.allowed_auths = kwargs.get("allowed_auths", "publickey,password")
 
     def check_channel_exec_request(self, channel, command):
         self.commands.append(command)
         return True
 
+    def check_auth_interactive(self, username: str, submethods: str):
+        return InteractiveQuery(
+            "Password", "Enter the password", f"Password for user {USER}:"
+        )
+
+    def check_auth_interactive_response(self, responses):
+        if responses[0] == PASSWORD:
+            return paramiko.AUTH_SUCCESSFUL
+        return paramiko.AUTH_FAILED
+
     def check_auth_password(self, username, password):
         if username == USER and password == PASSWORD:
             return paramiko.AUTH_SUCCESSFUL
@@ -76,12 +88,12 @@ class Server(paramiko.ServerInterface):
         return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
 
     def get_allowed_auths(self, username):
-        return "password,publickey"
+        return self.allowed_auths
 
 
 @pytest.fixture
 def ssh_conn(request: pytest.FixtureRequest) -> dict[str, Any]:
-    server = Server([])
+    server = Server([], **getattr(request, "param", {}))
 
     socket.setdefaulttimeout(10)
     request.addfinalizer(lambda: socket.setdefaulttimeout(None))
@@ -133,7 +145,8 @@ def test_run_command_password(server: Server, ssh_port: int):
     assert b"test_run_command_password" in server.commands
 
 
-def test_run_command_no_password(server: Server, ssh_port: int):
+@pytest.mark.parametrize("ssh_conn", [{"allowed_auths": "publickey"}], indirect=True)
+def test_run_command_no_password(ssh_port: int):
     vendor = AsyncSSHVendor()
     with pytest.raises(AuthError):
         vendor.run_command(
@@ -145,6 +158,28 @@ def test_run_command_no_password(server: Server, ssh_port: int):
         )
 
 
+@pytest.mark.parametrize(
+    "ssh_conn",
+    [{"allowed_auths": "password"}, {"allowed_auths": "keyboard-interactive"}],
+    indirect=True,
+    ids=["password", "interactive"],
+)
+def test_should_prompt_for_password_when_no_password_passed(
+    mocker: MockerFixture, server: Server, ssh_port: int
+):
+    mocked_getpass = mocker.patch("getpass.getpass", return_value=PASSWORD)
+    vendor = AsyncSSHVendor()
+    vendor.run_command(
+        "127.0.0.1",
+        "test_run_command_password",
+        username=USER,
+        port=ssh_port,
+        password=None,
+    )
+    assert server.commands == [b"test_run_command_password"]
+    mocked_getpass.asssert_called_once()
+
+
 def test_run_command_with_privkey(server: Server, ssh_port: int):
     key = asyncssh.import_private_key(CLIENT_KEY)
 
@@ -212,28 +247,6 @@ def test_run_command_partial_transfer(ssh_port: int, mocker: MockerFixture):
     assert mock_stderr.call_count == 3
 
 
-@pytest.mark.parametrize("algorithm", [b"ssh-rsa", b"rsa-sha2-256", b"rsa-sha2-512"])
-def test_dulwich_github_compat(mocker: MockerFixture, algorithm: bytes):
-    from asyncssh.misc import ProtocolError
-
-    from scmrepo.git.backend.dulwich.asyncssh_vendor import _process_public_key_ok_gh
-
-    key_data = b"foo"
-    auth = mocker.Mock(
-        _keypair=mocker.Mock(algorithm=algorithm, public_data=key_data),
-    )
-    packet = mocker.Mock()
-
-    strings = iter((b"ed21556", key_data))
-    packet.get_string = lambda: next(strings)
-    with pytest.raises(ProtocolError):
-        _process_public_key_ok_gh(auth, None, None, packet)
-
-    strings = iter((b"ssh-rsa", key_data))
-    packet.get_string = lambda: next(strings)
-    _process_public_key_ok_gh(auth, None, None, packet)
-
-
 @pytest.mark.skipif(os.name != "nt", reason="Windows only")
 def test_git_bash_ssh_vendor(mocker):
     from dulwich.client import SubprocessSSHVendor