1927154 – Running ipa-server-install fails with cryptography.utils.InterfaceNotImplemented: <class 'ipalib.x509.IPACertificate'>.__eq__'s signature differs from the expected.

Bug 1927154 - Running ipa-server-install fails with cryptography.utils.InterfaceNotImplemented: <class 'ipalib.x509.IPACertificate'>.__eq__'s signature differs from the expected.

Summary: Running ipa-server-install fails with cryptography.utils.InterfaceNotImplemen...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	python-cryptography
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Jeremy Cline
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	1927044
Blocks:
TreeView+	depends on / blocked

Reported:	2021-02-10 09:05 UTC by Jan Pazdziora (Red Hat)
Modified:	2021-03-19 20:00 UTC (History)
CC List:	19 users (show)
Fixed In Version:	python-cryptography-3.4.2-1 python-cryptography-3.4.6-1.fc34
Clone Of:
Environment:
Last Closed:	2021-03-19 17:44:47 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Pazdziora (Red Hat) 2021-02-10 09:05:12 UTC

Description of problem:

Running ipa-server-install in Fedora rawhide started to fail with

cryptography.utils.InterfaceNotImplemented: <class 'ipalib.x509.IPACertificate'>.__eq__'s signature differs from the expected. Expected: <Signature (self, other: object) -> bool>. Received: <Signature (self, other)>

Version-Release number of selected component (if applicable):

freeipa-server-4.9.1-1.fc34.x86_64  

How reproducible:

Deterministic.

Steps to Reproduce:
1. dnf install -y --setopt=install_weak_deps=False freeipa-server freeipa-server-dns
2. ipa-server-install -U -r EXAMPLE.TEST -n example.test -p Secret123 -a Secret123 --setup-dns --no-forwarders --no-ntp

Actual results:

Traceback (most recent call last):
  File "/usr/sbin/ipa-server-install", line 23, in <module>
    from ipaserver.install import ipa_server_install
  File "/usr/lib/python3.9/site-packages/ipaserver/install/ipa_server_install.py", line 10, in <module>
    from ipaserver.install.server import ServerMasterInstall
  File "/usr/lib/python3.9/site-packages/ipaserver/install/server/__init__.py", line 11, in <module>
    from ipaclient.install import client
  File "/usr/lib/python3.9/site-packages/ipaclient/install/client.py", line 37, in <module>
    from ipalib import api, errors, x509
  File "/usr/lib/python3.9/site-packages/ipalib/__init__.py", line 921, in <module>
    from ipalib.frontend import Command, LocalOrRemote, Updater
  File "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 31, in <module>
    from ipalib.parameters import create_param, Param, Str, Flag
  File "/usr/lib/python3.9/site-packages/ipalib/parameters.py", line 125, in <module>
    from ipalib.x509 import (
  File "/usr/lib/python3.9/site-packages/ipalib/x509.py", line 92, in <module>
    class IPACertificate:
  File "/usr/lib64/python3.9/site-packages/cryptography/utils.py", line 45, in register_decorator
    verify_interface(iface, klass)
  File "/usr/lib64/python3.9/site-packages/cryptography/utils.py", line 84, in verify_interface
    raise InterfaceNotImplemented(
cryptography.utils.InterfaceNotImplemented: <class 'ipalib.x509.IPACertificate'>.__eq__'s signature differs from the expected. Expected: <Signature (self, other: object) -> bool>. Received: <Signature (self, other)>

Expected results:

No error, FreeIPA server configured.

Additional info:

Comment 2 Christian Heimes 2021-02-10 09:25:19 UTC

What version of python-cryptography do you have? The issue should be fixed in 3.4.2.

Comment 4 Jan Pazdziora (Red Hat) 2021-02-10 09:42:16 UTC

The repo at https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/p/ carries python3-cryptography-3.4.1-1.fc34.x86_64.rpm even if https://bodhi.fedoraproject.org/updates/FEDORA-2021-0aa7abd5ef says it was pushed to stable two days ago. But so does https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae11bd2c46 -- is it possible that the older build was pushed after the newer one and that's why 3.4.2 is not in the repo?

By the way, both builds report fedora-ci.koji-build.rpminspect.static-analysis test failures.

Comment 5 Alexander Bokovoy 2021-02-10 09:51:07 UTC

I don't think there was a successful Rawhide compose since that push.

As for rpminspect failures, I see them all the time. For example, https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/rpminspect-pipeline/job/master/10190/testReport/(root)/tests/_filesize/ fails due to OCI error:


Error: exec session exited with non-zero exit code 1: OCI runtime error

Comment 6 Christian Heimes 2021-02-10 09:57:20 UTC

I'm working on python-cryptography-3.4.4 for F35 and F34 now. Upstream released two more bug fix releases since Monday.

Comment 7 Fedora Update System 2021-02-10 10:37:22 UTC

FEDORA-2021-e6aad2194c has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 8 Jan Pazdziora (Red Hat) 2021-02-10 10:46:51 UTC

(In reply to Alexander Bokovoy from comment #5)
> I don't think there was a successful Rawhide compose since that push.

Doesn't https://bodhi.fedoraproject.org/updates/FEDORA-2021-0aa7abd5ef's status Stable mean that the update landed on a compose?

Comment 9 Alexander Bokovoy 2021-02-10 11:00:58 UTC

Nope, that's what I learned myself last year. When bodhi marks it 'stable' for Rawhide, it only means 'slated to be in the compose when it is done, successfully'. Composes aren't produced immediately. Latest rawhide compose was two days ago: Fedora-Rawhide-20210208.n.0 

See list of composes and their testing status: https://openqa.fedoraproject.org/nightlies.html

Comment 10 Jan Pazdziora (Red Hat) 2021-02-10 11:34:53 UTC

Ah, good to know. I've filed https://github.com/fedora-infra/bodhi/issues/4185 for that now.

Comment 11 Christian Heimes 2021-02-10 14:35:07 UTC

I'm changing the component to python-cryptography. The problem is fixed in python-cryptography-3.4.2-1 and 3.4.4-1.

Comment 12 Fedora Update System 2021-03-01 14:00:27 UTC

FEDORA-2021-08b9c4e2b9 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-08b9c4e2b9

Comment 13 Fedora Update System 2021-03-03 13:03:17 UTC

FEDORA-2021-8d5f2b4424 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d5f2b4424

Comment 14 Fedora Update System 2021-03-03 15:47:54 UTC

FEDORA-2021-8d5f2b4424 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-8d5f2b4424`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d5f2b4424

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 15 Fedora Update System 2021-03-19 17:44:47 UTC

FEDORA-2021-8d5f2b4424 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 16 Fedora Update System 2021-03-19 20:00:40 UTC

FEDORA-2021-8d5f2b4424 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.