[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: No python Crypto Random in EL6



On 05/08/2013 03:54 PM, Pádraig Brady wrote:
On 05/08/2013 10:22 PM, Orion Poplawski wrote:
So, one of my python packages that I'd like to see in EPEL6 (StarCluster) requires python-ssh.  python-ssh does not build on EL6 because the python-crypto in RHEL6 (2.0) is too old and doesn't provide Crypto/Random (see also https://bugzilla.redhat.com/show_bug.cgi?id=908475).

I'm wondering what else might be done to get around this.  Some options may be:

- Package up Crypto/Random somehow
- port python-ssh to some other random number generator

Any other ideas?  Suggestions welcome.

I added a workaround patch for that in openstack-glance:
http://pkgs.fedoraproject.org/cgit/openstack-glance.git/plain/crypto.random.patch?h=el6

thanks,
Pádraig.

Thanks for that suggestion. Here is my proposed patch for python-ssh then. Comments welcome.

Silas -

I can commit this to the el6 branch if you'd like. Or I could commit to master and merge to el6 depending on how you track spec files across the branches. Or perhaps you want to take care of it?

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion nwra com
Boulder, CO 80301                   http://www.nwra.com
diff -up ssh-1.7.14/ssh/common.py.urandom ssh-1.7.14/ssh/common.py
--- ssh-1.7.14/ssh/common.py.urandom	2012-04-19 16:17:28.000000000 -0600
+++ ssh-1.7.14/ssh/common.py	2013-05-08 16:38:40.278267493 -0600
@@ -95,10 +95,16 @@ CONNECTION_FAILED_CODE = {
 DISCONNECT_SERVICE_NOT_AVAILABLE, DISCONNECT_AUTH_CANCELLED_BY_USER, \
     DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 7, 13, 14
 
-from Crypto import Random
+import os
+# Replace Crypto/Random with dummy that read /dev/urandom
+class Random(object):
+    def __init__(self):
+        pass
 
-# keep a crypto-strong PRNG nearby
-rng = Random.new()
+    def read(self, nbytes):
+        return os.urandom(nbytes)
+
+rng = Random()
 
 import sys
 if sys.version_info < (2, 3):
diff -up ssh-1.7.14/ssh/transport.py.urandom ssh-1.7.14/ssh/transport.py
--- ssh-1.7.14/ssh/transport.py.urandom	2012-05-06 16:10:09.000000000 -0600
+++ ssh-1.7.14/ssh/transport.py	2013-05-08 16:35:05.833371480 -0600
@@ -46,7 +46,6 @@ from ssh.server import ServerInterface
 from ssh.sftp_client import SFTPClient
 from ssh.ssh_exception import SSHException, BadAuthenticationType, ChannelException
 
-from Crypto import Random
 from Crypto.Cipher import Blowfish, AES, DES3, ARC4
 from Crypto.Hash import SHA, MD5
 try:
@@ -454,7 +453,6 @@ class Transport (threading.Thread):
         # synchronous, wait for a result
         self.completion_event = event = threading.Event()
         self.start()
-        Random.atfork()
         while True:
             event.wait(0.1)
             if not self.active:
@@ -1529,10 +1527,6 @@ class Transport (threading.Thread):
         # indefinitely, creating a GC cycle and not letting Transport ever be
         # GC'd. it's a bug in Thread.)
 
-        # Required to prevent RNG errors when running inside many subprocess
-        # containers.
-        Random.atfork()
-
         # active=True occurs before the thread is launched, to avoid a race
         _active_threads.append(self)
         if self.server_mode:
diff --git a/python-ssh.spec b/python-ssh.spec
index f78886d..df5c9fe 100644
--- a/python-ssh.spec
+++ b/python-ssh.spec
@@ -6,13 +6,17 @@
 
 Name:           python-%{realname}
 Version:        1.7.14
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A Python SSH2 library
 
 Group:          Development/Languages
 License:        LGPLv2+
 URL:            https://github.com/bitprophet/ssh
 Source0:        http://pypi.python.org/packages/source/s/ssh/ssh-%{version}.tar.gz
+%if 0%{?rhel} <= 6
+# Use urandom instead of Crypto/Random (not available on EL6)
+Patch0:         python-ssh-urandom.patch
+%endif
 
 BuildArch:      noarch
 BuildRequires:  python2-devel
@@ -47,6 +51,9 @@ and server mode are both supported too.
 
 %prep
 %setup -q -n %{realname}-%{version}
+%if 0%{?rhel} <= 6
+%patch0 -p 1 -b .urandom
+%endif
 
 rm -rf ssh.egg-info
 
@@ -100,6 +107,9 @@ popd
 %endif # with_python3
 
 %changelog
+* Wed May 8 2013 Orion Poplawski <orion cora nwra com> - 1.7.14-2
+- Add patch to use urandom instead of Crypto/Random on EL6
+
 * Thu May 17 2012 Silas Sewell <silas sewell org> - 1.7.14-1
 - Update to 0.7.14
 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]