Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ripemd not included in ubuntu-22.04 image #6676

Closed
2 of 11 tasks
mvadari opened this issue Dec 1, 2022 · 2 comments
Closed
2 of 11 tasks

ripemd not included in ubuntu-22.04 image #6676

mvadari opened this issue Dec 1, 2022 · 2 comments
Labels
bug report

Comments

@mvadari
Copy link

mvadari commented Dec 1, 2022

Description

Tests that were using ubuntu-latest are now

Platforms affected

  • Azure DevOps
  • GitHub Actions - Standard Runners
  • GitHub Actions - Larger Runners

Runner images affected

  • Ubuntu 18.04
  • Ubuntu 20.04
  • Ubuntu 22.04
  • macOS 10.15
  • macOS 11
  • macOS 12
  • Windows Server 2019
  • Windows Server 2022

Image version and build link

2022-12-01T16:49:32.9871732Z Current runner version: '2.299.1'
2022-12-01T16:49:32.9897314Z ##[group]Operating System
2022-12-01T16:49:32.9897877Z Ubuntu
2022-12-01T16:49:32.9898091Z 22.04.1
2022-12-01T16:49:32.9898348Z LTS
2022-12-01T16:49:32.9898603Z ##[endgroup]
2022-12-01T16:49:32.9898839Z ##[group]Runner Image
2022-12-01T16:49:32.9899186Z Image: ubuntu-22.04
2022-12-01T16:49:32.9899475Z Version: 20221127.1
2022-12-01T16:49:32.9899911Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20221127.1/images/linux/Ubuntu2204-Readme.md
2022-12-01T16:49:32.9900412Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20221127.1

https://github.com/XRPLF/xrpl-py/actions/runs/3594688513/jobs/6053263789

Is it regression?

No

Expected behavior

Tests pass, no error

Actual behavior

AssertionError: Your OpenSSL implementation does not include the RIPEMD160 algorithm,
    which is required by XRPL

ripemd is not supported by hashlib

Repro steps

from hashlib import algorithms_available
assert (
    "ripemd160" in algorithms_available
), """Your OpenSSL implementation does not include the RIPEMD160 algorithm,
    which is required by XRPL"""
@mikhailkoliada
Copy link
Contributor

Hello! We are using not modified openssl version provided by canonical (i.e. ubuntu stock repo), if something is not provided here it is not something we can fix on our side.

This was referenced Dec 1, 2022
Merged
Merged
mvadari added a commit to XRPLF/xbridge-cli that referenced this issue Dec 1, 2022
@mvadari
fix: switch tests to ubuntu 20.04 (#89)
1d6c596 
## High Level Overview of Change

This PR switches the Github Actions from running on `ubuntu-latest`
(which recently switched to 22.04) to `ubuntu-20.04`, which fixes tests.

### Context of Change

Ubuntu 22.04 upgraded OpenSSL to version 3.0, which deprecated
ripemd160. Github will not add support to the runner, because they want
to run only the default version.

openssl/openssl#16994
actions/runner-images#6676

### Type of Change

- [x] Tests (You added tests for code that already exists, or your new
feature included in this PR)

## Test Plan

CI now passes.
@ixje
Copy link

ixje commented Dec 12, 2022

@mikhailkoliada can you reconsider the issue given the below context?

The problem is that the openssl team changed ripemd160 to legacy provider and therefore requiring manual enabling. There has been a pretty big out lash by developers and ultimately they decided to re-enable ripemd160 in the default provider list in this commit (with some explanation in a blog post). This commit is included in openssl 3.0.7. Ubuntu 22.04 is still on openssl 3.0.2 and the best the Ubuntu security team did was add a security patch, but that doesn't solve the hashlib issue many are now having. There are at least these 2 solutions

  1. upgrade to openssl 3.0.7
  2. enable legacy providers as explained in this SO post

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ixje @mvadari @mikhailkoliada