Bug 1678500 - python-SecretStorage: FTBFS in Fedora rawhide
Summary: python-SecretStorage: FTBFS in Fedora rawhide
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: python-cryptography
Version: rawhide
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: William Moreno
QA Contact: Fedora Extras Quality Assurance
URL: http://apps.fedoraproject.org/koschei...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-18 22:54 UTC by Raphael Groner
Modified: 2019-03-27 23:40 UTC (History)
10 users (show)

Fixed In Version: python-SecretStorage-3.1.1-1.fc30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-27 23:40:58 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
build.log (14.42 KB, text/plain)
2019-02-18 22:56 UTC, Raphael Groner
no flags Details

Description Raphael Groner 2019-02-18 22:54:07 UTC
Description of problem:
Package python-SecretStorage fails to build from source in Fedora rawhide.

Version-Release number of selected component (if applicable):
3.1.0-2.fc30

Steps to Reproduce:
koji build --scratch f30 python-SecretStorage-3.1.0-2.fc30.src.rpm

Additional info:
This package is tracked by Koschei. See:
http://apps.fedoraproject.org/koschei/package/python-SecretStorage

Comment 1 Raphael Groner 2019-02-18 22:56:00 UTC
Created attachment 1536177 [details]
build.log

Relevant snippet from build.log:

ERROR: test_secret (test_item.ItemTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/builddir/build/BUILD/SecretStorage-3.1.0/tests/test_item.py", line 59, in test_secret
    self.assertEqual(self.item.get_secret(), b'pa$$word')
  File "/builddir/build/BUILD/SecretStorage-3.1.0/secretstorage/item.py", line 106, in get_secret
    padded_secret = decryptor.update(encrypted_secret) + decryptor.finalize()
  File "/usr/lib64/python3.7/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 149, in update
    return self._ctx.update(data)
  File "/usr/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 124, in update
    n = self.update_into(data, buf)
  File "/usr/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 140, in update_into
    self._backend._ffi.from_buffer(data), len(data)
TypeError: a bytes-like object is required, not 'list'

Comment 2 Raphael Groner 2019-02-18 22:59:15 UTC
This failure of a test is obviously the result from recent (unannounced) major update of python3-cryptography 2.3-3.fc30 > 2.5-1.fc30
https://src.fedoraproject.org/rpms/python-cryptography/c/437c09bb12d0b3e1795ae236b273a35ea4455af3?branch=master

See also: https://www.python.org/dev/peps/pep-0404/#strings-and-bytes

Comment 3 Christian Heimes 2019-02-26 14:19:11 UTC
I don't think it's related to python-cryptography update. It's more likely related to some internal changes in python-cffi. Anyhow lists was never officially supported. CipherContet.update() must be called with a bytes-like object, https://cryptography.readthedocs.io/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.CipherContext.update . There was a recent change to python-SecretStorage that addresses the problem, https://github.com/mitya57/secretstorage/commit/a334722a68fa857087e82aad2ac756f96d848b31#diff-ebc7e112765d29e01b7aabc6d8fad7ed . Please apply the upstream patch.

Comment 4 Christian Heimes 2019-02-26 14:26:41 UTC
My first analysis was wrong. Alex Gaynor from python-cryptography upstream correct just told me that <quote>python-cryptography changed which APIs are for buffers. The fact that it used to work with lists was an accident. </quote>

https://cryptography.readthedocs.io/en/latest/changelog/#v2-5
> Numerous classes and functions have been updated to allow bytes-like types for keying material and passwords, including symmetric algorithms, AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes.

Comment 5 Randy Barlow 2019-03-27 23:37:05 UTC
It looks like this was fixed with 3.1.1:

https://github.com/mitya57/secretstorage/blob/3.1.1/changelog


Note You need to log in before you can comment on or make changes to this bug.