Issue #7082: FreeIPA 4.5 is not compatible with latest pyasn1 - freeipa

freeipa

#7082 FreeIPA 4.5 is not compatible with latest pyasn1

Closed: fixed 6 years ago Opened 6 years ago by cheimes.

ipalib.x509 is not compatible with pyasn 0.3.1 and later. In 0.3, __init__ of ASN.1 types like SequenceOf do no longer take positional arguments:

.tox/py27/lib/python2.7/site-packages/ipalib/x509.py:342: in <module>
    class _PrincipalName(univ.Sequence):
.tox/py27/lib/python2.7/site-packages/ipalib/x509.py:347: in _PrincipalName
    namedtype.NamedType('name-string', univ.SequenceOf(char.GeneralString()).subtype(
E   TypeError: __init__() takes exactly 1 argument (2 given)

Code like univ.SequenceOf(char.GeneralString()) must be replaced with univ.SequenceOf(componentType=char.GeneralString()).

From https://github.com/etingof/pyasn1/blob/master/CHANGES.rst

ASN.1 types __init__(), .clone() and .subtype() signatures refactored into keyword arguments to simplify their signatures.

cheimes commented 6 years ago

PS: In the long run it might be a good idea to drop pyasn1 and move to asn1crypto. python-cryptography moved because it's much faster and it has a nicer API.

etingof commented 6 years ago

JFYI: the upcoming pyasn1 0.3.2 will have the backward-compatible behaviour in part of SequenceOf type definition. That should hopefully fix the issue FreeIPA has encountered.

The fix is already in place at pyasn1 master so you are welcome to test it right away.

Please note that pyasn1 is being under significant refactoring for half a year already aiming at new features (e.g. X.680 end friends), concise API and high performance. That hopefully explains the hiccups like this one. Do not hesitate raising a GitHub issue in case of any troubles.

Edited 6 years ago by etingof

cheimes commented 6 years ago

Thanks for your quick fix! I was busy with fixing my builds. Ofek beat me with ticket https://github.com/etingof/pyasn1/issues/59.

In the long run we may move away from pyasn1 and use asn1crypto instead. FreeIPA depends on PyCA cryptography and cryptography no longer uses pyasn1. We try to minimize our dependency stack. For now we require python-cryptography >= 1.7.2, which still uses pyasn1. As soon as we require 2.0, we might also replace ASN1 parsing code with asn1crypto.

pvoborni commented 6 years ago

#7079 was closed as duplicate of this issue

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.8

6 years ago

earsdown commented 6 years ago

Could this be affecting FreeIPA 4.4.0 on CentOS 7 if awscli is installed from pip?

Opened a separate issue https://pagure.io/freeipa/issue/7103

rcritten commented 6 years ago

Closing. python-pyasn1 0.3.1 was quickly fixed and that was where the bug originated.

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

FreeIPA 4.8

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#7082 FreeIPA 4.5 is not compatible with latest pyasn1 Closed: fixed 6 years ago Opened 6 years ago by cheimes.

Metadata

#7082 FreeIPA 4.5 is not compatible with latest pyasn1

Closed: fixed 6 years ago Opened 6 years ago by cheimes.