gltestserver: Bug fixes for gltestserver errors

- Updated the `gltestserver-image` script in the Makefile to use `buildx --load`.

- Added `uv lock` before `uv sync` in the gl-testserver's Dockerfile to prevent the build-time error: `ERROR: failed to solve: process "/bin/sh -c uv sync --locked -v" did not complete successfully: exit code: 2`.

- Included the `gl-client` version in `pyproject.toml` to resolve the compile-time error: `pyproject.tomlis using the[project]table, but the requiredproject.versionfield is neither set nor present in theproject.dynamic list`.

- Modified gl-testing's certs.py to call `cfssl`, `openssl`, and `cfssljson` methods via `subprocess` to avoid runtime errors of invalid certificates.

Makefile

@@ -192,8 +192,9 @@ docs-publish: docs
 	  --branch gh-pages \
 	  --remote origin
 
-gltestserver-image: docker/gl-testserver/Dockerfile
-	docker build \
+gltestserver-image: ${REPO_ROOT}/docker/gl-testserver/Dockerfile
+	docker buildx build \
+	  --load \
 	  --build-arg DOCKER_USER=$(shell whoami) \
 	  --build-arg UID=$(shell id -u) \
 	  --build-arg GID=$(shell id -g) \
@@ -203,7 +204,6 @@ gltestserver-image: docker/gl-testserver/Dockerfile
 	  .
 
 gltestserver: gltestserver-image
-	mkdir -p /tmp/gltestserver
 	docker run \
 	  --user $(shell id -u):$(shell id -g) \
 	  -e DOCKER_USER=$(shell whoami) \

docker/gl-testserver/Dockerfile

@@ -80,6 +80,6 @@ RUN cargo build --bin gl-signerproxy
 
 RUN curl -LsSf https://astral.sh/uv/install.sh | sh
 
-RUN uv sync --locked -v
+RUN uv lock && uv sync --locked -v
 RUN uv run clnvm get-all
 CMD uv run gltestserver run --metadata ${REPO}/ --directory ${REPO}/.gltestserver

libs/gl-client-py/pyproject.toml

@@ -1,5 +1,6 @@
 [project]
 name = "gl-client"
+version = "0.3.0"
 
 dependencies = [
     "protobuf>=3",

libs/gl-testing/gltesting/certs.py

@@ -4,7 +4,7 @@
 import tempfile
 import json
 import os
-from sh import cfssl, openssl, cfssljson
+import subprocess
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat._oid import NameOID
@@ -108,9 +108,13 @@ def path_to_identity(path):
     )
 
 def postprocess_private_key(keyfile):
-    converted = openssl("pkcs8", "-topk8", "-nocrypt", "-in", keyfile).stdout
-    with open(keyfile, "wb") as f:
-        f.write(converted)
+    result = subprocess.run(["openssl", "pkcs8", "-topk8", "-nocrypt", "-in", keyfile], capture_output=True, text=True)
+    if result.returncode == 0:
+        converted = result.stdout
+        with open(keyfile, "wb") as f:
+            f.write(converted.encode())
+    else:
+        raise RuntimeError(f"OpenSSL command failed with error: {result.stderr}")
 
 
 def parent_ca(path):
@@ -167,24 +171,15 @@ def genca(idpath):
     if not os.path.exists(directory):
         os.makedirs(directory)
 
-    cfssljson(cfssl("gencert", "-initca", tmpcsr.name), "-bare", path[3])
-
+    certs_json = subprocess.check_output(["cfssl", "gencert", "-initca", tmpcsr.name])
+    subprocess.run(["cfssljson", "-bare", path[3]], input=certs_json)
+
     # Write config
     tmpconfig = tempfile.NamedTemporaryFile(mode="w")
     tmpconfig.write(config)
     tmpconfig.flush()
-    cfssljson(
-        cfssl(
-            "sign",
-            f"-ca={parent[0]}",
-            f"-ca-key={parent[1]}",
-            f"-config={tmpconfig.name}",
-            f"-profile={profile}",
-            path[3] + ".csr",
-        ),
-        "-bare",
-        path[3],
-    )
+    sign_certs_json = subprocess.check_output(["cfssl", "sign", f"-ca={parent[0]}", f"-ca-key={parent[1]}", f"-config={tmpconfig.name}", f"-profile={profile}", path[3] + ".csr"])
+    subprocess.run(["cfssljson", "-bare", path[3]], input=sign_certs_json)
     # Cleanup the temporary certificate signature request
     os.remove(path[3] + ".csr")
 
@@ -225,18 +220,8 @@ def gencert(idpath):
     if not os.path.exists(directory):
         os.makedirs(directory)
 
-    cfssljson(
-        cfssl(
-            "gencert",
-            f"-ca={parent[0]}",
-            f"-ca-key={parent[1]}",
-            f"-config={tmpconfig.name}",
-            f"-profile={profile}",
-            tmpcsr.name,
-        ),
-        "-bare",
-        path[3],
-    )
+    certs_json = subprocess.check_output(["cfssl", "gencert", f"-ca={parent[0]}", f"-ca-key={parent[1]}", f"-config={tmpconfig.name}", f"-profile={profile}", tmpcsr.name])
+    subprocess.run(["cfssljson", "-bare", path[3]], input=certs_json)
     # Cleanup the temporary certificate signature request
     os.remove(path[3] + ".csr")
 
@@ -300,28 +285,11 @@ def gencert_from_csr(csr: bytes, recover=False, pairing=False):
         os.makedirs(directory)
 
     if pairing:
-        cfssljson(
-            cfssl(
-                "sign",
-                f"-ca={parent[0]}",
-                f"-ca-key={parent[1]}",
-                tmpcsr.name,
-                tmpsubject.name,
-            ),
-            "-bare",
-            path[3],
-        )
+        sign_certs_json = subprocess.check_output(["cfssl", "sign", f"-ca={parent[0]}", f"-ca-key={parent[1]}", tmpcsr.name, tmpsubject.name])
     else:
-        cfssljson(
-            cfssl(
-                "sign",
-                f"-ca={parent[0]}",
-                f"-ca-key={parent[1]}",
-                tmpcsr.name,
-            ),
-            "-bare",
-            path[3],
-        )
+        sign_certs_json = subprocess.check_output(["cfssl", "sign", f"-ca={parent[0]}", f"-ca-key={parent[1]}", tmpcsr.name])
+
+    subprocess.run(["cfssljson", "-bare", path[3]], input=sign_certs_json)
 
     # Cleanup the temporary certificate signature request
     os.remove(path[3] + ".csr")
@@ -333,4 +301,3 @@ def gencert_from_csr(csr: bytes, recover=False, pairing=False):
     cert = certf.read()
     certf.close()
     return cert
-