On 05/08/2013 03:54 PM, Pádraig Brady wrote:
On 05/08/2013 10:22 PM, Orion Poplawski wrote:
So, one of my python packages that I'd like to see in EPEL6 (StarCluster)
requires python-ssh. python-ssh does not build on EL6 because the
python-crypto in RHEL6 (2.0) is too old and doesn't provide Crypto/Random (see
also https://bugzilla.redhat.com/show_bug.cgi?id=908475).
I'm wondering what else might be done to get around this. Some options may be:
- Package up Crypto/Random somehow
- port python-ssh to some other random number generator
Any other ideas? Suggestions welcome.
I added a workaround patch for that in openstack-glance:
http://pkgs.fedoraproject.org/cgit/openstack-glance.git/plain/crypto.random.patch?h=el6
thanks,
Pádraig.
Thanks for that suggestion. Here is my proposed patch for python-ssh then.
Comments welcome.
Silas -
I can commit this to the el6 branch if you'd like. Or I could commit to
master and merge to el6 depending on how you track spec files across the
branches. Or perhaps you want to take care of it?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane [email protected]
Boulder, CO 80301 http://www.nwra.com
diff -up ssh-1.7.14/ssh/common.py.urandom ssh-1.7.14/ssh/common.py
--- ssh-1.7.14/ssh/common.py.urandom 2012-04-19 16:17:28.000000000 -0600
+++ ssh-1.7.14/ssh/common.py 2013-05-08 16:38:40.278267493 -0600
@@ -95,10 +95,16 @@ CONNECTION_FAILED_CODE = {
DISCONNECT_SERVICE_NOT_AVAILABLE, DISCONNECT_AUTH_CANCELLED_BY_USER, \
DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 7, 13, 14
-from Crypto import Random
+import os
+# Replace Crypto/Random with dummy that read /dev/urandom
+class Random(object):
+ def __init__(self):
+ pass
-# keep a crypto-strong PRNG nearby
-rng = Random.new()
+ def read(self, nbytes):
+ return os.urandom(nbytes)
+
+rng = Random()
import sys
if sys.version_info < (2, 3):
diff -up ssh-1.7.14/ssh/transport.py.urandom ssh-1.7.14/ssh/transport.py
--- ssh-1.7.14/ssh/transport.py.urandom 2012-05-06 16:10:09.000000000 -0600
+++ ssh-1.7.14/ssh/transport.py 2013-05-08 16:35:05.833371480 -0600
@@ -46,7 +46,6 @@ from ssh.server import ServerInterface
from ssh.sftp_client import SFTPClient
from ssh.ssh_exception import SSHException, BadAuthenticationType, ChannelException
-from Crypto import Random
from Crypto.Cipher import Blowfish, AES, DES3, ARC4
from Crypto.Hash import SHA, MD5
try:
@@ -454,7 +453,6 @@ class Transport (threading.Thread):
# synchronous, wait for a result
self.completion_event = event = threading.Event()
self.start()
- Random.atfork()
while True:
event.wait(0.1)
if not self.active:
@@ -1529,10 +1527,6 @@ class Transport (threading.Thread):
# indefinitely, creating a GC cycle and not letting Transport ever be
# GC'd. it's a bug in Thread.)
- # Required to prevent RNG errors when running inside many subprocess
- # containers.
- Random.atfork()
-
# active=True occurs before the thread is launched, to avoid a race
_active_threads.append(self)
if self.server_mode:
diff --git a/python-ssh.spec b/python-ssh.spec
index f78886d..df5c9fe 100644
--- a/python-ssh.spec
+++ b/python-ssh.spec
@@ -6,13 +6,17 @@
Name: python-%{realname}
Version: 1.7.14
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A Python SSH2 library
Group: Development/Languages
License: LGPLv2+
URL: https://github.com/bitprophet/ssh
Source0: http://pypi.python.org/packages/source/s/ssh/ssh-%{version}.tar.gz
+%if 0%{?rhel} <= 6
+# Use urandom instead of Crypto/Random (not available on EL6)
+Patch0: python-ssh-urandom.patch
+%endif
BuildArch: noarch
BuildRequires: python2-devel
@@ -47,6 +51,9 @@ and server mode are both supported too.
%prep
%setup -q -n %{realname}-%{version}
+%if 0%{?rhel} <= 6
+%patch0 -p 1 -b .urandom
+%endif
rm -rf ssh.egg-info
@@ -100,6 +107,9 @@ popd
%endif # with_python3
%changelog
+* Wed May 8 2013 Orion Poplawski <[email protected]> - 1.7.14-2
+- Add patch to use urandom instead of Crypto/Random on EL6
+
* Thu May 17 2012 Silas Sewell <[email protected]> - 1.7.14-1
- Update to 0.7.14
_______________________________________________
epel-devel-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/epel-devel-list
