Bug 1678500
| Summary: | python-SecretStorage: FTBFS in Fedora rawhide | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Raphael Groner <projects.rg> | ||||
| Component: | python-cryptography | Assignee: | William Moreno <williamjmorenor> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | cheimes, cstratak, itamar, jeremy, nick, npmccallum, projects.rg, rbarlow, terrycwk1994, williamjmorenor | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://apps.fedoraproject.org/koschei/package/python-SecretStorage | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | python-SecretStorage-3.1.1-1.fc30 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-03-27 23:40:58 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Raphael Groner
2019-02-18 22:54:07 UTC
Created attachment 1536177 [details]
build.log
Relevant snippet from build.log:
ERROR: test_secret (test_item.ItemTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/builddir/build/BUILD/SecretStorage-3.1.0/tests/test_item.py", line 59, in test_secret
self.assertEqual(self.item.get_secret(), b'pa$$word')
File "/builddir/build/BUILD/SecretStorage-3.1.0/secretstorage/item.py", line 106, in get_secret
padded_secret = decryptor.update(encrypted_secret) + decryptor.finalize()
File "/usr/lib64/python3.7/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 149, in update
return self._ctx.update(data)
File "/usr/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 124, in update
n = self.update_into(data, buf)
File "/usr/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 140, in update_into
self._backend._ffi.from_buffer(data), len(data)
TypeError: a bytes-like object is required, not 'list'
This failure of a test is obviously the result from recent (unannounced) major update of python3-cryptography 2.3-3.fc30 > 2.5-1.fc30 https://src.fedoraproject.org/rpms/python-cryptography/c/437c09bb12d0b3e1795ae236b273a35ea4455af3?branch=master See also: https://www.python.org/dev/peps/pep-0404/#strings-and-bytes I don't think it's related to python-cryptography update. It's more likely related to some internal changes in python-cffi. Anyhow lists was never officially supported. CipherContet.update() must be called with a bytes-like object, https://cryptography.readthedocs.io/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.CipherContext.update . There was a recent change to python-SecretStorage that addresses the problem, https://github.com/mitya57/secretstorage/commit/a334722a68fa857087e82aad2ac756f96d848b31#diff-ebc7e112765d29e01b7aabc6d8fad7ed . Please apply the upstream patch. My first analysis was wrong. Alex Gaynor from python-cryptography upstream correct just told me that <quote>python-cryptography changed which APIs are for buffers. The fact that it used to work with lists was an accident. </quote> https://cryptography.readthedocs.io/en/latest/changelog/#v2-5 > Numerous classes and functions have been updated to allow bytes-like types for keying material and passwords, including symmetric algorithms, AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes. It looks like this was fixed with 3.1.1: https://github.com/mitya57/secretstorage/blob/3.1.1/changelog |