| Summary: | dev-python/bcrypt-4.1.[12] breaks bcrypt support in dev-python/passlib-1.7.4-r2 (and by extension, ansible) | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Stuart Longland <stuartl> |
| Component: | Current packages | Assignee: | Python Gentoo Team <python> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | mgorny, openstack, prometheanfire, stuartl |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://foss.heptapod.net/python-libs/passlib/-/issues/190 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | Hacked up ebuild for bcrypt-4.0.1 | ||
Created attachment 885760 [details]
Hacked up ebuild for bcrypt-4.0.1
Installing `bcrypt-4.0.1` via this ebuild script restored `bcrypt` functionality in `passlib`.
That sounds like a bug in ansible. FWICS passlib is emitting a warning. My guess is that something is either treating warnings as errors (which is a bad idea for production setup), or reading output from stderr. Sure, it's not perfect. What's even less perfect is that passlib is clearly dead at this point, so I'd say ansible is equally at fault for still using it. That said, feel free to make a merge request upstream and I'll add the patch to Gentoo then. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1e015b65b74283a51893672739c5e4784b95273 commit c1e015b65b74283a51893672739c5e4784b95273 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2024-04-25 12:30:53 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2024-04-25 12:51:56 +0000 dev-python/passlib: Fix warning with dev-python/bcrypt-4.1.1 Fix a warning due to `dev-python/bcrypt` removing `bcrypt.__about__`. Apparently this breaks random packages. Closes: https://bugs.gentoo.org/925289 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/passlib/files/passlib-1.7.4-bcrypt-4.1.patch | 13 +++++++++++++ .../{passlib-1.7.4-r2.ebuild => passlib-1.7.4-r3.ebuild} | 10 +++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) |
The `passlib` python module attempts to access a module property which has been removed from later releases of `bcrypt` when checking the version number. This breaks many applications that use `passlib` for hashing including `ansible`. Reproducible: Always Steps to Reproduce: 1. emerge dev-python/bcryot dev-python/passlib 2. python3 -c 'from passlib.hash import bcrypt; print(bcrypt.hash("test123"))' Actual Results: (trapped) error reading bcrypt version Traceback (most recent call last): File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin version = _bcrypt.__about__.__version__ AttributeError: module 'bcrypt' has no attribute '__about__' $2b$12$r1TA1sIbDCV199V9qVszhOJo2o5s9pXF4cAr7ne3qlorPz7Dce80K Expected Results: $2b$12$r1TA1sIbDCV199V9qVszhOJo2o5s9pXF4cAr7ne3qlorPz7Dce80K On some applications, that allegedly "trapped" error is sufficient to terminate the application. Ansible playbooks seem to abort with failures due to this error: e.g. the Ansible deployment step: - name: fail if passlib not installed on deployment workstation local_action: fail msg="Python passlib is not installed. Must be for correct password hashes for <censored>" when: "'whatever'|password_hash('bcrypt') == '*0'" TASK [<censored> : fail if passlib not installed on deployment workstation] *** │ (trapped) error reading bcrypt version │ Traceback (most recent call last): │ File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin │ version = _bcrypt.__about__.__version__ │ ^^^^^^^^^^^^^^^^^ │ AttributeError: module 'bcrypt' has no attribute '__about__' │ (trapped) error reading bcrypt version │ Traceback (most recent call last): │ File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin │ version = _bcrypt.__about__.__version__ │ ^^^^^^^^^^^^^^^^^ │ AttributeError: module 'bcrypt' has no attribute '__about__' │ (trapped) error reading bcrypt version │ Traceback (most recent call last): │ File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin │ version = _bcrypt.__about__.__version__ │ ^^^^^^^^^^^^^^^^^ │ AttributeError: module 'bcrypt' has no attribute '__about__' │ (trapped) error reading bcrypt version │ Traceback (most recent call last): │ File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin │ version = _bcrypt.__about__.__version__ │ ^^^^^^^^^^^^^^^^^ │ AttributeError: module 'bcrypt' has no attribute '__about__' It appears maintenance on `passlib` stopped in 2020. It is possible the upstream project has been abandoned. For now, I was able to continue by manually copying the `bcrypt-4.1.1.ebuild` file to `bcrypt-4.0.1.ebuild` and then going on a hacking spree re-constructing the correct Rust crates list to make it build.