Bug 2283628

Summary: python-tpm2-pytss: FTBFS in Fedora Rawhide with python-cryptography 42.0.5: cryptography.exceptions.UnsupportedAlgorithm: Curve 1.3.132.0.15 is not supported
Product: [Fedora] Fedora Reporter: Karolina Surma <ksurma>
Component: python-tpm2-pytssAssignee: Jakub Jelen <jjelen>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jjelen
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
URL: https://koschei.fedoraproject.org/package/python-tpm2-pytss
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-06-17 12:36:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2251816    

Description Karolina Surma 2024-05-28 11:13:20 UTC 
Description of problem:
Package python-tpm2-pytss fails to build from source in Fedora Rawhide with python-cryptography 42.0.5.

Version-Release number of selected component (if applicable):
2.2.1-2.fc41

See: https://copr.fedorainfracloud.org/coprs/ksurma/tpm3-pytss-cryptography-42/builds/



Reproducible: Always

Steps to Reproduce:
1. Get python3-cryptography 42.0.5 (e.g build it from dist-git) and install to a Rawhide mock
2. Attempt to mockbuild python-tpm2-pytss
Actual Results:  
___________________ CryptoTest.test_verify_singature_rsassa ____________________
[gw0] linux -- Python 3.12.3 /usr/bin/python3

self = <test.test_crypto.CryptoTest testMethod=test_verify_singature_rsassa>

    def setUp(self):
        super().setUp()
        self._has_sect163r2 = True
        try:
>           load_pem_public_key(ecc_bad_curve)
E           cryptography.exceptions.UnsupportedAlgorithm: Curve 1.3.132.0.15 is not supported

test/test_crypto.py:208: UnsupportedAlgorithm
=========================== short test summary info ============================
FAILED test/test_crypto.py::CryptoTest::test_ecc_bad_curves - cryptography.ex...
FAILED test/test_crypto.py::CryptoTest::test_encrypted_key - cryptography.exc...
FAILED test/test_crypto.py::CryptoTest::test_from_pem_with_scheme - cryptogra...
FAILED test/test_crypto.py::CryptoTest::test_from_pem_with_symmetric - crypto...
FAILED test/test_crypto.py::CryptoTest::test_get_alg - cryptography.exception...
FAILED test/test_crypto.py::CryptoTest::test_kdfa - cryptography.exceptions.U...
FAILED test/test_crypto.py::CryptoTest::test_kdfe - cryptography.exceptions.U...
FAILED test/test_crypto.py::CryptoTest::test_keyedhash_from_secret - cryptogr...
FAILED test/test_crypto.py::CryptoTest::test_keyedhash_from_secret_bad - cryp...
FAILED test/test_crypto.py::CryptoTest::test_keyedhash_from_secret_unseal - c...
FAILED test/test_crypto.py::CryptoTest::test_loadexternal_ecc - cryptography....
FAILED test/test_crypto.py::CryptoTest::test_loadexternal_public_rsa - crypto...
FAILED test/test_crypto.py::CryptoTest::test_loadexternal_rsa - cryptography....
FAILED test/test_crypto.py::CryptoTest::test_nv_getname - cryptography.except...
FAILED test/test_crypto.py::CryptoTest::test_private_from_pem_bad_der - crypt...
FAILED test/test_crypto.py::CryptoTest::test_private_from_pem_ecc - cryptogra...
FAILED test/test_crypto.py::CryptoTest::test_private_from_pem_ecc_der - crypt...
FAILED test/test_crypto.py::CryptoTest::test_private_from_pem_rsa - cryptogra...
FAILED test/test_crypto.py::CryptoTest::test_private_from_pem_rsa_der - crypt...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_bad_der - crypto...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_ecc - cryptograp...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_ecc_der - crypto...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_ecc_der_cert - c...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_ecc_pem_cert - c...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_rsa - cryptograp...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_rsa_der - crypto...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_rsa_der_cert - c...
FAILED test/test_crypto.py::CryptoTest::test_public_from_pem_rsa_pem_cert - c...
FAILED test/test_crypto.py::CryptoTest::test_public_from_private - cryptograp...
FAILED test/test_crypto.py::CryptoTest::test_public_from_private_der - crypto...
FAILED test/test_crypto.py::CryptoTest::test_public_getname - cryptography.ex...
FAILED test/test_crypto.py::CryptoTest::test_public_to_pem_bad_key - cryptogr...
FAILED test/test_crypto.py::CryptoTest::test_public_to_pem_ecc - cryptography...
FAILED test/test_crypto.py::CryptoTest::test_public_to_pem_rsa - cryptography...
FAILED test/test_crypto.py::CryptoTest::test_rsa_exponent - cryptography.exce...
FAILED test/test_crypto.py::CryptoTest::test_ssh_key_ecc - cryptography.excep...
FAILED test/test_crypto.py::CryptoTest::test_symcipher_from_secret - cryptogr...
FAILED test/test_crypto.py::CryptoTest::test_symcipher_from_secret_bad - cryp...
FAILED test/test_crypto.py::CryptoTest::test_symdef_to_crypt - cryptography.e...
FAILED test/test_crypto.py::CryptoTest::test_topem_ecc - cryptography.excepti...
FAILED test/test_crypto.py::CryptoTest::test_topem_encodings - cryptography.e...
FAILED test/test_crypto.py::CryptoTest::test_topem_rsa - cryptography.excepti...
FAILED test/test_crypto.py::CryptoTest::test_unsupported_key - cryptography.e...
FAILED test/test_crypto.py::CryptoTest::test_verify_signature_bad - cryptogra...
FAILED test/test_crypto.py::CryptoTest::test_verify_signature_ecc - cryptogra...
FAILED test/test_crypto.py::CryptoTest::test_verify_signature_hmac - cryptogr...
FAILED test/test_crypto.py::CryptoTest::test_verify_singature_rsapss - crypto...
FAILED test/test_crypto.py::CryptoTest::test_verify_singature_rsassa - crypto...
================= 48 failed, 513 passed, 15 skipped in 45.59s ==================
Comment 1 Jakub Jelen 2024-05-28 14:17:06 UTC 
Sounds easy enough to fix with https://github.com/tpm2-software/tpm2-pytss/pull/575

Waiting for the scratch build to finish as the mock look more broken than working to me recently:

https://koji.fedoraproject.org/koji/taskinfo?taskID=118206068
Comment 2 Jakub Jelen 2024-05-28 16:19:07 UTC 
Rawhide build works. With the python-cryptography too, so pushing the changes out

https://src.fedoraproject.org/rpms/python-tpm2-pytss/c/e624341c0370d66a9fd9e8b31d4b6cc64bae7d90?branch=rawhide

Do you need a build or just changes in dist git are ok?
Comment 3 Karolina Surma 2024-05-28 16:21:55 UTC 
Just the dist-git is alright, we'll be bumping the packages during the rebuild. Thank you for the prompt action :)