Switched everything to use cryptography instead of pyCrypto #394
Conversation
|
Oh, this also requires cryptography master right now, we need to get a release out before this is usable; that's no problem though. |
|
Oh -- this also adds pyasn1 as a dependency, it's a pretty small thing, and could be used to replace some of the existing BER stuff in the future. (We can also remove the ecdsa requirement and just use cryptography as well) |
| key.p = rsa.p | ||
| key.q = rsa.q | ||
| numbers = rsa.generate_private_key( | ||
| 65537, bits, backend=default_backend() |
There was a problem hiding this comment.
65537 is the public_exponent here, it's generally considered a good default (it's what PyCrypto uses). Would passing it as a keyword-argument make this easier?
|
Some tests seems to be failing on CPython. Is that due to requiring master of cryptography? If you'd like to add pypy and pypy3 to the .travis.yml that would be good, so we'll get those tested as well. |
|
Also, is there any significant speed difference going from PyCrypto to cryptography? |
|
Most of it looks good though. :) I will look at it a couple of times more to see if i discover something else. |
|
@lndbrg I don't believe any of the core developers have conducted a serious benchmark of pyca/cryptography against pycrypto, but I'd expect them to be broadly similar. The CPython failures are due to a function required for this PR not being present in the currently released version of pyca/cryptography (0.5.4). We'll be releasing a new version of the library soon to correct this (and add some new features). |
|
Would it be okay to ask you to try to transfer, say a 100M file, one with this branch and one with pycrypto? :) |
|
I haven't benchmarked it with paramiko, but the last time I benchmarked PyCrypto vs Cryptography (this was for DKIM, which is all RSA) it was many many times faster, 6x IIRC. If you can show me how to benchmark transfering a 100MB file with paramiko, I'm happy to do so :-) |
|
Cool. There is a test called test_sftp_big.py that transfers a 1MB file, running that should probably suffice. :) |
|
@reaperhulk when the new version is released and we get a green run in travis i'll have another look. 👍 |
|
SO EXCITED |
|
Actual comments, without reading the diffs yet:
|
| @param progress_func: an optional function to call at key points in | ||
| key generation (used by C{pyCrypto.PublicKey}). | ||
| @type progress_func: function | ||
| @param progress_func: Unused. |
There was a problem hiding this comment.
Heh, this junk here is some old epydoc syntax. I just fixed it (& scanned for any more elsewhere) and updated master. You'll probably need to update to account.
Conflicts: paramiko/ecdsakey.py tests/test_client.py
| Unless you are installing from a precompiled source such as a Debian apt | ||
| repository or RedHat RPM, or using :ref:`pypm <pypm>`, you will also need the | ||
| ability to build Python C-based modules from source in order to install | ||
| PyCrypto. Users on **Unix-based platforms** such as Ubuntu or Mac OS X will |
There was a problem hiding this comment.
Why was the "precompiled source / packages" bit removed? Are there no plans to distribute Cryptography via OS channels?
There was a problem hiding this comment.
It's in some OSes already (Debian), but not enough that I thought it was
worth noting; disagree?
On Thu, Sep 18, 2014 at 6:01 PM, Jeff Forcier notifications@github.com
wrote:
In sites/www/installing.rst:
C extension
-Unless you are installing from a precompiled source such as a Debian apt
-repository or RedHat RPM, or using :ref:pypm <pypm>, you will also need the
-ability to build Python C-based modules from source in order to install
-PyCrypto. Users on Unix-based platforms such as Ubuntu or Mac OS X willWhy was the "precompiled source / packages" bit removed? Are there no
plans to distribute Cryptography via OS channels?—
Reply to this email directly or view it on GitHub
https://github.com/paramiko/paramiko/pull/394/files#r17764948.
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
There was a problem hiding this comment.
Well, Paramiko is presently packaged on a number of distros (who also usually package PyCrypto) and I'd expect this to continue, even if it means maintainers need to start packaging Cryptography too. Either way I think the note is useful for some newbies and doesn't harm anything by existing.
There was a problem hiding this comment.
I absolutely think that as maintainers of distro packages update Parmaiko
they'll package cryptography, if it isn't already available, and we'll work
with those maintainers. (We're also in FreeBSD, adn some other weird
distros :-) and work closely with those upstream maintainers).
On Thu, Sep 18, 2014 at 6:19 PM, Jeff Forcier notifications@github.com
wrote:
In sites/www/installing.rst:
C extension
-Unless you are installing from a precompiled source such as a Debian apt
-repository or RedHat RPM, or using :ref:pypm <pypm>, you will also need the
-ability to build Python C-based modules from source in order to install
-PyCrypto. Users on Unix-based platforms such as Ubuntu or Mac OS X willWell, Paramiko is presently packaged on a number of distros (who also
usually package PyCrypto) and I'd expect this to continue, even if it means
maintainers need to start packaging Cryptography too. Either way I think
the note is useful for some newbies and doesn't harm anything by existing.—
Reply to this email directly or view it on GitHub
https://github.com/paramiko/paramiko/pull/394/files#r17765412.
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
|
Added some line notes (see above), otherwise this looks good to me at a glance. I haven't yet installed master Cryptography to test it out though. |
|
Pushed a fix for the merge conflict and the docs issue you noted. On Thu, Sep 18, 2014 at 6:04 PM, Jeff Forcier notifications@github.com
"I disapprove of what you say, but I will defend to the death your right to |
|
Mostly looks good. Only comment I have is that "plus development headers for Python, OpenSSL and CFFI" should probably read "plus development headers for Python, OpenSSL and libffi", as libffi is cffi's C dependency. |
|
Updated, thanks! |
|
Posted http://bitprophet.org/blog/2016/04/23/paramiko-2.0-is-coming/ so this doesn't catch everyone 100% flat-footed when it comes out :3 I'm off to bang on 1.16.1; some of its tickets may get bumped to 1.17.0; once those are both squared away I am probably going to declare master "2.0" and merge this. |
|
\o/ Thanks! Feel free to CC me on any issues should there be follow up necessary. |
|
Did initial prep work for release:
I plan to release 1.16.1, 1.17.0 and 2.0.0 tomorrow if all goes well. Thanks a billion, Alex, you have the patience of a saint. |
You know I will 😆 |
|
Outstanding!
|
|
👍 |
|
@alex @bitprophet and others, all y'all are great. Thanks! |
|
Quick note, still planning to get this out ASAP, been banging on an update to my changelog library so it can actually support 1.0 -> 2.0 transitions gracefully. Mostly done with that now. Computers. |
|
@bitprophet Sounds good, let me know if you need anything. |
Paramiko has switched from PyCrypto to Cryptography as backend. This makes the installation in Windows much easier. See paramiko/paramiko#394 for more information.
Upgrade Paramiko to the latest, 2.4.1. Paramiko drastically changed its dependencies in Paramiko 2, dropping defunct Pycrypto and using Cryptography instead. paramiko/paramiko#637 paramiko/paramiko#394 This change implicitly removes the dependency on Pycrypto. Also upgrade Fabric to the latest 1.x version, 1.14.0. Testing: - This works in my development environment. - This works in my downstream stress and query gen environments. - This works when doing a full data load. - Impala still builds on a variety of OSs. Change-Id: I0636d8113be449953420e1d5773f63d7c91943e3 Reviewed-on: http://gerrit.cloudera.org:8080/11308 Reviewed-by: Philip Zeyliger <philip@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
Upgrade Paramiko to the latest, 2.4.1. Paramiko drastically changed its dependencies in Paramiko 2, dropping defunct Pycrypto and using Cryptography instead. paramiko/paramiko#637 paramiko/paramiko#394 This change implicitly removes the dependency on Pycrypto. Also upgrade Fabric to the latest 1.x version, 1.14.0. Testing: - This works in my development environment. - This works in my downstream stress and query gen environments. - This works when doing a full data load. - Impala still builds on a variety of OSs. Change-Id: I0636d8113be449953420e1d5773f63d7c91943e3 Reviewed-on: http://gerrit.cloudera.org:8080/11308 Reviewed-by: Philip Zeyliger <philip@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
Motivation:
on Windows)
This PR is basically complete on the code side, of course it can always use
more review :-)
Tests all pass locally (tested with PyPy!)
Still needs some docs work, and to figure out how to do this with the version
numbers so people's stuff doesn't suddenly get broken.