From b4633aea8215572bd993f72fc1574b3be117230e Mon Sep 17 00:00:00 2001 From: Jonas Bardino Date: Mon, 25 Aug 2025 14:32:09 +0200 Subject: [PATCH 1/3] Port the old paramiko quieter patches to the 4.0.0 version we use in Rocky9 with pip upgraded paramiko. --- ...oise_python-paramiko-4.0.0.el9_transport.py.diff | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 mig/src/paramiko/silence-scan-noise_python-paramiko-4.0.0.el9_transport.py.diff diff --git a/mig/src/paramiko/silence-scan-noise_python-paramiko-4.0.0.el9_transport.py.diff b/mig/src/paramiko/silence-scan-noise_python-paramiko-4.0.0.el9_transport.py.diff new file mode 100644 index 000000000..e3e676e94 --- /dev/null +++ b/mig/src/paramiko/silence-scan-noise_python-paramiko-4.0.0.el9_transport.py.diff @@ -0,0 +1,13 @@ +--- /usr/lib/python3.9/site-packages/paramiko/transport.py 2025-08-07 15:09:40.000000000 +0200 ++++ /usr/lib/python3.9/site-packages/paramiko/transport.py.quieter 2025-08-25 13:34:22.303856548 +0200 +@@ -2279,7 +2279,9 @@ + "server" if self.server_mode else "client", e + ), + ) +- self._log(ERROR, util.tb_strings()) ++ # NOTE: we degraded this noisy traceback from ERROR to INFO ++ # It is usually just ssh vulnerability scans failing. ++ self._log(INFO, util.tb_strings()) + self.saved_exception = e + except EOFError as e: + self._log(DEBUG, "EOF in transport thread") From 97c4ee5d922cdc101846110bae5efc64462a72d5 Mon Sep 17 00:00:00 2001 From: Jonas Bardino Date: Mon, 25 Aug 2025 14:58:57 +0200 Subject: [PATCH 2/3] Regenerate the old paramiko 2.12.0 patch from RHEL/CentOS 7 to Rocky9 where only python version changed. --- ...ise_python-paramiko-2.12.0.el9_transport.py.diff | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff diff --git a/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff b/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff new file mode 100644 index 000000000..a918bde87 --- /dev/null +++ b/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff @@ -0,0 +1,13 @@ +--- /usr/lib/python3.9/site-packages/paramiko/transport.py 2025-08-25 14:12:00.801675759 +0200 ++++ /usr/lib/python3.9/site-packages/paramiko/transport.py.quieter 2025-08-25 14:10:06.584651532 +0200 +@@ -2187,9 +2187,7 @@ + "server" if self.server_mode else "client", e + ), + ) +- self._log(ERROR, util.tb_strings()) ++ # NOTE: we degraded this noisy traceback from ERROR to INFO ++ # It is usually just ssh vulnerability scans failing. ++ self._log(INFO, util.tb_strings()) + self.saved_exception = e + except EOFError as e: + self._log(DEBUG, "EOF in transport thread") From cfa8035b0200d3ed43fe3a2733894ea2d73ac7f9 Mon Sep 17 00:00:00 2001 From: Jonas Bardino Date: Mon, 25 Aug 2025 17:36:51 +0200 Subject: [PATCH 3/3] Add Makefile to handle the patching and patch reversal transparently. Fix order of existing el9 patch for paramiko 2.12.0 and add a similar patch for ubuntu noble to ease local testing. --- mig/src/paramiko/Makefile | 15 +++++++++++++++ ...e_python-paramiko-2.12.0.el9_transport.py.diff | 2 +- ...python-paramiko-2.12.0.noble_transport.py.diff | 13 +++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 mig/src/paramiko/Makefile create mode 100644 mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.noble_transport.py.diff diff --git a/mig/src/paramiko/Makefile b/mig/src/paramiko/Makefile new file mode 100644 index 000000000..f43b5f852 --- /dev/null +++ b/mig/src/paramiko/Makefile @@ -0,0 +1,15 @@ +# Makefile for paramiko + + +# PLATFORM is expected overridden on command line to be e.g. 'el9' for RHEL/Rocky 9 +PLATFORM = UNKNOWN + +PATCH = /usr/bin/patch +PARAMIKO_VERSION = $(shell python -c 'import paramiko; print(paramiko.__version__)') +SILENCE = ${CURDIR}/silence-scan-noise_python-paramiko-${PARAMIKO_VERSION}.${PLATFORM}_transport.py.diff + +patch: + if [ -e ${SILENCE} ]; then cd / && ${PATCH} --batch -p 1 < ${SILENCE}; fi + +unpatch: + if [ -e ${SILENCE} ]; then cd / && ${PATCH} --batch -R -p 1 < ${SILENCE}; fi diff --git a/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff b/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff index a918bde87..e63f53afc 100644 --- a/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff +++ b/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.el9_transport.py.diff @@ -4,10 +4,10 @@ "server" if self.server_mode else "client", e ), ) -- self._log(ERROR, util.tb_strings()) + # NOTE: we degraded this noisy traceback from ERROR to INFO + # It is usually just ssh vulnerability scans failing. + self._log(INFO, util.tb_strings()) +- self._log(ERROR, util.tb_strings()) self.saved_exception = e except EOFError as e: self._log(DEBUG, "EOF in transport thread") diff --git a/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.noble_transport.py.diff b/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.noble_transport.py.diff new file mode 100644 index 000000000..1291f322e --- /dev/null +++ b/mig/src/paramiko/silence-scan-noise_python-paramiko-2.12.0.noble_transport.py.diff @@ -0,0 +1,13 @@ +--- /usr/lib/python3/dist-packages/paramiko/transport.py 2025-08-25 17:31:40.448077885 +0200 ++++ /usr/lib/python3/dist-packages/paramiko/transport.py.quieter 2025-08-25 17:34:45.580822927 +0200 +@@ -2236,7 +2236,9 @@ + "server" if self.server_mode else "client", e + ), + ) +- self._log(ERROR, util.tb_strings()) ++ # NOTE: we degraded this noisy traceback from ERROR to INFO ++ # It is usually just ssh vulnerability scans failing. ++ self._log(INFO, util.tb_strings()) + self.saved_exception = e + except EOFError as e: + self._log(DEBUG, "EOF in transport thread")