Package: src:python-djangorestframework-simplejwt Version: 5.5.1-1 Severity: serious Tags: ftbfs forky sid
Dear maintainer: During a rebuild of all packages in unstable, this package failed to build. Below you will find the last part of the build log (probably the most relevant part, but not necessarily). If required, the full build log is available here: https://people.debian.org/~sanvila/build-logs/202602/ About the archive rebuild: The build was made on virtual machines from AWS, using sbuild and a reduced chroot with only build-essential packages. If you cannot reproduce the bug please contact me privately, as I am willing to provide ssh access to a virtual machine where the bug is fully reproducible. If this is really a bug in one of the build-depends, please use reassign and add an affects on src:python-djangorestframework-simplejwt, so that this is still visible in the BTS web page for this package. Thanks. -------------------------------------------------------------------------------- [...] debian/rules clean dh clean --with python3,sphinxdoc --buildsystem=pybuild dh_auto_clean -O--buildsystem=pybuild dh_autoreconf_clean -O--buildsystem=pybuild dh_clean -O--buildsystem=pybuild debian/rules execute_after_dh_clean make[1]: Entering directory '/<<PKGBUILDDIR>>' rm -rf docs/.build make[1]: Leaving directory '/<<PKGBUILDDIR>>' debian/rules binary dh binary --with python3,sphinxdoc --buildsystem=pybuild dh_update_autotools_config -O--buildsystem=pybuild dh_autoreconf -O--buildsystem=pybuild dh_auto_configure -O--buildsystem=pybuild debian/rules execute_before_dh_auto_build [... snipped ...] def prepare_key(self, key: AllowedECKeys | str | bytes) -> AllowedECKeys: if isinstance(key, self._crypto_key_types): self._validate_curve(key) return key if not isinstance(key, (bytes, str)): raise TypeError("Expecting a PEM-formatted key.") key_bytes = force_bytes(key) # Attempt to load key. We don't know if it's # a Signing Key or a Verifying Key, so we try # the Verifying Key first. try: if key_bytes.startswith(b"ecdsa-sha2-"): public_key: PublicKeyTypes = load_ssh_public_key(key_bytes) else: > public_key = load_pem_public_key(key_bytes) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ E ValueError: Valid PEM but no BEGIN PUBLIC KEY/END PUBLIC KEY delimiters. Are you sure this is a public key? ec_private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4a8b0070> key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' key_bytes = b'\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4a8b0070> self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b74d950> /usr/lib/python3/dist-packages/jwt/algorithms.py:643: ValueError During handling of the above exception, another exception occurred: self = <tests.test_backends.TestTokenBackend testMethod=test_decode_with_no_expiry_no_verify> def test_decode_with_no_expiry_no_verify(self): for backend in self.backends: with self.subTest( "Test decode with no expiry and no verify for f{backend.algorithm}" ): > no_exp_token = jwt.encode( self.payload, backend.signing_key, algorithm=backend.algorithm ) backend = <rest_framework_simplejwt.backends.TokenBackend object at 0x7f1a4b853e30> no_exp_token = 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.hogLEvqFq38NxnFFyWR3Ojg6538aB9kOciUrYPySCsduDncVtdjekbOq4T0rIETlSGjGwZiKEEpGLX2VL1UZMQ' self = <tests.test_backends.TestTokenBackend testMethod=test_decode_with_no_expiry_no_verify> tests/test_backends.py:179: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3/dist-packages/jwt/api_jwt.py:153: in encode return self._jws.encode( algorithm = 'ES384' headers = None json_encoder = None json_payload = b'{"foo":"bar"}' key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' payload = {'foo': 'bar'} self = <jwt.api_jwt.PyJWT object at 0x7f1a4b713770> sort_headers = True time_claim = 'nbf' /usr/lib/python3/dist-packages/jwt/api_jws.py:183: in encode key = alg_obj.prepare_key(key) ^^^^^^^^^^^^^^^^^^^^^^^^ alg_obj = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b74d950> algorithm = 'ES384' algorithm_ = 'ES384' header = {'alg': 'ES384', 'typ': 'JWT'} headers = None is_payload_detached = False json_encoder = None json_header = b'{"alg":"ES384","typ":"JWT"}' key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' msg_payload = b'eyJmb28iOiJiYXIifQ' payload = b'{"foo":"bar"}' segments = [b'eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCJ9', b'eyJmb28iOiJiYXIifQ'] self = <jwt.api_jws.PyJWS object at 0x7f1a4b7116a0> signing_input = b'eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ' sort_headers = True /usr/lib/python3/dist-packages/jwt/algorithms.py:654: in prepare_key self._validate_curve(ec_private_key) ec_private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4a8b0070> key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' key_bytes = b'\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4a8b0070> self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b74d950> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b74d950> key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4a8b0070> def _validate_curve(self, key: AllowedECKeys) -> None: """Validate that the key's curve matches the expected curve.""" if self.expected_curve is None: return if not isinstance(key.curve, self.expected_curve): > raise InvalidKeyError( f"The key's curve '{key.curve.name}' does not match the expected " f"curve '{self.expected_curve.name}' for this algorithm" ) E jwt.exceptions.InvalidKeyError: The key's curve 'secp256r1' does not match the expected curve 'secp384r1' for this algorithm key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4a8b0070> self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b74d950> /usr/lib/python3/dist-packages/jwt/algorithms.py:621: InvalidKeyError _ TestTokenBackend.test_decode_with_no_expiry_no_verify [Test decode with no expiry and no verify for f{backend.algorithm}] _ self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b7c6d70> key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' def prepare_key(self, key: AllowedECKeys | str | bytes) -> AllowedECKeys: if isinstance(key, self._crypto_key_types): self._validate_curve(key) return key if not isinstance(key, (bytes, str)): raise TypeError("Expecting a PEM-formatted key.") key_bytes = force_bytes(key) # Attempt to load key. We don't know if it's # a Signing Key or a Verifying Key, so we try # the Verifying Key first. try: if key_bytes.startswith(b"ecdsa-sha2-"): public_key: PublicKeyTypes = load_ssh_public_key(key_bytes) else: > public_key = load_pem_public_key(key_bytes) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ E ValueError: Valid PEM but no BEGIN PUBLIC KEY/END PUBLIC KEY delimiters. Are you sure this is a public key? ec_private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4ab4e2d0> key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' key_bytes = b'\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4ab4e2d0> self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b7c6d70> /usr/lib/python3/dist-packages/jwt/algorithms.py:643: ValueError During handling of the above exception, another exception occurred: self = <tests.test_backends.TestTokenBackend testMethod=test_decode_with_no_expiry_no_verify> def test_decode_with_no_expiry_no_verify(self): for backend in self.backends: with self.subTest( "Test decode with no expiry and no verify for f{backend.algorithm}" ): > no_exp_token = jwt.encode( self.payload, backend.signing_key, algorithm=backend.algorithm ) backend = <rest_framework_simplejwt.backends.TokenBackend object at 0x7f1a4ad0f4d0> no_exp_token = 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.hogLEvqFq38NxnFFyWR3Ojg6538aB9kOciUrYPySCsduDncVtdjekbOq4T0rIETlSGjGwZiKEEpGLX2VL1UZMQ' self = <tests.test_backends.TestTokenBackend testMethod=test_decode_with_no_expiry_no_verify> tests/test_backends.py:179: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3/dist-packages/jwt/api_jwt.py:153: in encode return self._jws.encode( algorithm = 'ES512' headers = None json_encoder = None json_payload = b'{"foo":"bar"}' key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' payload = {'foo': 'bar'} self = <jwt.api_jwt.PyJWT object at 0x7f1a4b713770> sort_headers = True time_claim = 'nbf' /usr/lib/python3/dist-packages/jwt/api_jws.py:183: in encode key = alg_obj.prepare_key(key) ^^^^^^^^^^^^^^^^^^^^^^^^ alg_obj = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b7c6d70> algorithm = 'ES512' algorithm_ = 'ES512' header = {'alg': 'ES512', 'typ': 'JWT'} headers = None is_payload_detached = False json_encoder = None json_header = b'{"alg":"ES512","typ":"JWT"}' key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' msg_payload = b'eyJmb28iOiJiYXIifQ' payload = b'{"foo":"bar"}' segments = [b'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9', b'eyJmb28iOiJiYXIifQ'] self = <jwt.api_jws.PyJWS object at 0x7f1a4b7116a0> signing_input = b'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ' sort_headers = True /usr/lib/python3/dist-packages/jwt/algorithms.py:654: in prepare_key self._validate_curve(ec_private_key) ec_private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4ab4e2d0> key = '\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' key_bytes = b'\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49\nAwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt\nzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==\n-----END EC PRIVATE KEY-----\n' private_key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4ab4e2d0> self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b7c6d70> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b7c6d70> key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4ab4e2d0> def _validate_curve(self, key: AllowedECKeys) -> None: """Validate that the key's curve matches the expected curve.""" if self.expected_curve is None: return if not isinstance(key.curve, self.expected_curve): > raise InvalidKeyError( f"The key's curve '{key.curve.name}' does not match the expected " f"curve '{self.expected_curve.name}' for this algorithm" ) E jwt.exceptions.InvalidKeyError: The key's curve 'secp256r1' does not match the expected curve 'secp521r1' for this algorithm key = <cryptography.hazmat.bindings._rust.openssl.ec.ECPrivateKey object at 0x7f1a4ab4e2d0> self = <jwt.algorithms.ECAlgorithm object at 0x7f1a4b7c6d70> /usr/lib/python3/dist-packages/jwt/algorithms.py:621: InvalidKeyError =============================== warnings summary =============================== tests/test_authentication.py: 3 warnings tests/test_integration.py: 4 warnings tests/test_serializers.py: 24 warnings tests/test_token_blacklist.py: 14 warnings tests/test_tokens.py: 9 warnings tests/test_views.py: 18 warnings /usr/lib/python3/dist-packages/jwt/api_jwt.py:153: InsecureKeyLengthWarning: The HMAC key is 24 bytes long, which is below the minimum recommended length of 32 bytes for SHA256. See RFC 7518 Section 3.2. return self._jws.encode( tests/test_authentication.py: 3 warnings tests/test_integration.py: 3 warnings tests/test_serializers.py: 24 warnings tests/test_token_blacklist.py: 5 warnings tests/test_tokens.py: 7 warnings tests/test_views.py: 12 warnings /usr/lib/python3/dist-packages/jwt/api_jwt.py:371: InsecureKeyLengthWarning: The HMAC key is 24 bytes long, which is below the minimum recommended length of 32 bytes for SHA256. See RFC 7518 Section 3.2. decoded = self.decode_complete( tests/test_backends.py: 10 warnings /usr/lib/python3/dist-packages/jwt/api_jwt.py:153: InsecureKeyLengthWarning: The HMAC key is 10 bytes long, which is below the minimum recommended length of 32 bytes for SHA256. See RFC 7518 Section 3.2. return self._jws.encode( tests/test_backends.py::TestTokenBackend::test_custom_JSONEncoder tests/test_backends.py::TestTokenBackend::test_decode_leeway_hmac_fail tests/test_backends.py::TestTokenBackend::test_decode_leeway_hmac_success tests/test_backends.py::TestTokenBackend::test_decode_success tests/test_backends.py::TestTokenBackend::test_decode_with_expiry tests/test_backends.py::TestTokenBackend::test_decode_with_invalid_sig tests/test_backends.py::TestTokenBackend::test_decode_with_no_expiry /usr/lib/python3/dist-packages/jwt/api_jwt.py:371: InsecureKeyLengthWarning: The HMAC key is 10 bytes long, which is below the minimum recommended length of 32 bytes for SHA256. See RFC 7518 Section 3.2. decoded = self.decode_complete( -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html ============================= slowest 10 durations ============================= 0.25s call tests/test_backends.py::TestTokenBackend::test_decode_rsa_aud_iss_jwk_success 0.25s call tests/test_backends.py::TestTokenBackend::test_decode_jwk_missing_key_raises_tokenbackenderror 0.14s call tests/test_backends.py::TestTokenBackend::test_decode_with_invalid_sig_no_verify 0.13s setup tests/test_authentication.py::TestJWTAuthentication::test_get_header 0.12s call tests/test_backends.py::TestTokenBackend::test_decode_with_invalid_sig 0.12s call tests/test_backends.py::TestTokenBackend::test_decode_success 0.09s call tests/test_token_blacklist.py::TestPopulateJtiHexMigration::test_jti_field_should_contain_uuid_hex_strings 0.08s call tests/test_backends.py::TestTokenBackend::test_decode_with_expiry 0.08s call tests/test_backends.py::TestTokenBackend::test_decode_with_no_expiry 0.08s call tests/test_backends.py::TestTokenBackend::test_decode_with_no_expiry_no_verify =========================== short test summary info ============================ SUBFAILED[Test decode success for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_success SUBFAILED[Test decode success for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_success SUBFAILED[Test decode with expiry for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_expiry SUBFAILED[Test decode with expiry for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_expiry SUBFAILED[Test decode with invalid sig for ES384] tests/test_backends.py::TestTokenBackend::test_decode_with_invalid_sig SUBFAILED[Test decode with invalid sig for ES512] tests/test_backends.py::TestTokenBackend::test_decode_with_invalid_sig SUBFAILED[Test decode with invalid sig for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_invalid_sig_no_verify SUBFAILED[Test decode with invalid sig for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_invalid_sig_no_verify SUBFAILED[Test decode with no expiry for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_no_expiry SUBFAILED[Test decode with no expiry for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_no_expiry SUBFAILED[Test decode with no expiry and no verify for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_no_expiry_no_verify SUBFAILED[Test decode with no expiry and no verify for f{backend.algorithm}] tests/test_backends.py::TestTokenBackend::test_decode_with_no_expiry_no_verify ======= 12 failed, 184 passed, 143 warnings, 18 subtests passed in 2.20s ======= E: pybuild pybuild:483: test: plugin pyproject failed with: exit code=1: cd /<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_djangorestframework-simplejwt/build; python3.13 -m pytest tests dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p "3.14 3.13" returned exit code 13 make: *** [debian/rules:9: binary] Error 25 dpkg-buildpackage: error: debian/rules binary subprocess failed with exit status 2 --------------------------------------------------------------------------------
