-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tests expect crypt.METHOD_CRYPT to always be availlable #11826
Comments
The advent of libxcrypt offers new password hashing algorithms to linux distributions, which we are slowly rolling out to our users. At the same time we are removing support for legacy ciphers, that should not be used any longer in a security-context. One of these is the traditional crypt method, which the python documentation¹ describes it as the "weakest method" it supports. This change adds a skip condition to the relevant tests, that checks for the presence of crypt.METHOD_CRYPT in the list of supported hashes. [1] https://docs.python.org/3/library/crypt.html#crypt.METHOD_CRYPT Closes: twisted#11826
The advent of libxcrypt offers new password hashing algorithms to linux distributions, which we are slowly rolling out to our users. At the same time we are removing support for legacy ciphers, that should not be used any longer in a security-context. One of these is the traditional crypt method, which the python documentation¹ describes it as the "weakest method" it supports. This change adds a skip condition to the relevant tests, that checks for the presence of crypt.METHOD_CRYPT in the list of supported hashes. [1] https://docs.python.org/3/library/crypt.html#crypt.METHOD_CRYPT Closes: twisted#11826
The advent of libxcrypt offers new password hashing algorithms to linux distributions, which we are slowly rolling out to our users. At the same time we are removing support for legacy ciphers, that should not be used any longer in a security-context. One of these is the traditional crypt method, which the python documentation¹ describes it as the "weakest method" it supports. This change adds a skip condition to the relevant tests, that checks for the presence of crypt.METHOD_CRYPT in the list of supported hashes. [1] https://docs.python.org/3/library/crypt.html#crypt.METHOD_CRYPT Closes: twisted#11826
The advent of libxcrypt offers new password hashing algorithms to linux distributions, which we are slowly rolling out to our users. At the same time we are removing support for legacy ciphers, that should not be used any longer in a security-context. One of these is the traditional crypt method, which the python documentation¹ describes aptly as the "weakest method" it supports. This change adds a skip condition to the relevant tests, that checks for the presence of crypt.METHOD_CRYPT in the list of supported hashes. [1] https://docs.python.org/3/library/crypt.html#crypt.METHOD_CRYPT Closes: twisted#11826
The advent of libxcrypt offers new password hashing algorithms to linux distributions, which we are slowly rolling out to our users. At the same time we are removing support for legacy ciphers, that should not be used any longer in a security-context. One of these is the traditional crypt method, which the python documentation¹ describes aptly as the "weakest method" it supports. This change adds a skip condition to the relevant tests, that checks for the presence of crypt.METHOD_CRYPT in the list of supported hashes. [1] https://docs.python.org/3/library/crypt.html#crypt.METHOD_CRYPT Closes: twisted#11826
I see this patch upstream for Twisted on NixOS https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/python-modules/twisted/default.nix#L104-L149 I guess that in order to fix these types of issues, we should start by running NixOS tests as part of our CI. @mweinelt are you available to do some work together to enable nixOS tests for Twisted on GitHub Actions? |
No, I'm afraid that's not part of my expertise and I can't invest time into that. |
Describe the incorrect behavior you saw
Some tests expect the plain crypt method to always be available from python's crypt library.
Describe how to cause this behavior
This is only the case if the libcrypt/libxcrypt implementation provides the relevant algorithm.
For nixpkgs we are in the process of reducing the number of weak password hashing algorithms,
we supported throughout our packageset.
Reproducing this is probably hard, because you need a restricted crypt(3) api to build
your python interpreter with.
Describe the correct behavior you'd like to see
Feature gate the relevant tests
Testing environment
Additional context
https://hydra.nixos.org/log/nwa5asbsr5vvvwimvh7qyjfggf95n20w-python3.10-twisted-22.10.0.drv
The text was updated successfully, but these errors were encountered: