[update] py-passlib to make Ansible encrypt passwords
Hi, while playing with Ansible I saw an issue with password_hash('blowfish') filter - it did not work[1], and I found py-passlib has newer version. With py-passlib 1.7.0 I am able with little change in Ansible (22 chars long salt) to make encrypted passwords using Blowfish on OpenBSD. With old py-passlib I could not make passwords to have '2b' ident. I did not test much, not enough skills here :/ There sure will be some mistakes, sorry. (My goal was just make Ansible do valid passwords encryption. Not sure I follow good way.) j. [1] https://marc.info/?l=openbsd-ports&m=148482296414763&w=2 ~~ --- /usr/local/lib/python2.7/site-packages/ansible/plugins/filter/core.py.orig Thu Jan 19 18:46:05 2017 +++ /usr/local/lib/python2.7/site-packages/ansible/plugins/filter/core.py Thu Jan 19 18:48:42 2017 @ -247,6 +247,8 @@ def get_encrypted_password(password, hashtype='sha512' r = SystemRandom() if hashtype in ['md5']: saltsize = 8 +elif hashtype in ['blowfish']: +saltsize = 22 else: saltsize = 16 salt = ''.join([r.choice(string.ascii_letters + string.digits) for _ in range(saltsize)]) # ~~~ Diff: ~~~ Index: Makefile === RCS file: /cvs/ports/security/py-passlib/Makefile,v retrieving revision 1.8 diff -u -p -u -p -r1.8 Makefile --- Makefile3 Jan 2017 19:26:14 - 1.8 +++ Makefile19 Jan 2017 17:49:35 - @@ -2,10 +2,9 @@ COMMENT = Python module providing a password hashing framework -MODPY_EGG_VERSION =1.6.5 +MODPY_EGG_VERSION =1.7.0 DISTNAME = passlib-${MODPY_EGG_VERSION} PKGNAME = py-passlib-${MODPY_EGG_VERSION} -REVISION = 0 CATEGORIES = security Index: distinfo === RCS file: /cvs/ports/security/py-passlib/distinfo,v retrieving revision 1.2 diff -u -p -u -p -r1.2 distinfo --- distinfo15 Jan 2016 12:46:36 - 1.2 +++ distinfo19 Jan 2017 17:49:35 - @@ -1,2 +1,2 @@ -SHA256 (passlib-1.6.5.tar.gz) = qD009T3JsXqkLJo1w/vMUSDz/LB/f4ch7EXmonvjR/w= -SIZE (passlib-1.6.5.tar.gz) = 417044 +SHA256 (passlib-1.7.0.tar.gz) = C+T2BTNXxOu6VXigZfva11qERQHUxtkdSjoMFZTGq+0= +SIZE (passlib-1.7.0.tar.gz) = 637909 Index: pkg/PLIST === RCS file: /cvs/ports/security/py-passlib/pkg/PLIST,v retrieving revision 1.3 diff -u -p -u -p -r1.3 PLIST --- pkg/PLIST 13 May 2014 09:18:24 - 1.3 +++ pkg/PLIST 19 Jan 2017 17:49:35 - @@ -1,11 +1,12 @@ @comment $OpenBSD: PLIST,v 1.3 2014/05/13 09:18:24 sthen Exp $ lib/python${MODPY_VERSION}/site-packages/passlib/ -lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/ -lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/PKG-INFO -lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/SOURCES.txt -lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/dependency_links.txt -lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/top_level.txt -lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/zip-safe +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/ +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/PKG-INFO +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/SOURCES.txt +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/dependency_links.txt +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/requires.txt +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/top_level.txt +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/zip-safe lib/python${MODPY_VERSION}/site-packages/passlib/__init__.py ${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}/ lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc @@ -16,8 +17,16 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}hash.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}hosts.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}ifc.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VE
Re: [update] py-passlib to make Ansible encrypt passwords
On 2017/01/19 12:58, Jiri B wrote: > Hi, > > while playing with Ansible I saw an issue with password_hash('blowfish') > filter - it did not work[1], and I found py-passlib has newer version. > > With py-passlib 1.7.0 I am able with little change in Ansible (22 chars > long salt) to make encrypted passwords using Blowfish on OpenBSD. > > With old py-passlib I could not make passwords to have '2b' ident. > > I did not test much, not enough skills here :/ There sure will be > some mistakes, sorry. > > (My goal was just make Ansible do valid passwords encryption. Not sure > I follow good way.) > > j. > > [1] https://marc.info/?l=openbsd-ports&m=148482296414763&w=2 > > ~~ > --- > /usr/local/lib/python2.7/site-packages/ansible/plugins/filter/core.py.orig > Thu Jan 19 18:46:05 2017 > +++ /usr/local/lib/python2.7/site-packages/ansible/plugins/filter/core.py > Thu Jan 19 18:48:42 2017 > @ -247,6 +247,8 @@ def get_encrypted_password(password, hashtype='sha512' > r = SystemRandom() > if hashtype in ['md5']: > saltsize = 8 > +elif hashtype in ['blowfish']: > +saltsize = 22 > else: > saltsize = 16 > salt = ''.join([r.choice(string.ascii_letters + string.digits) > for _ in range(saltsize)]) > # > ~~~ > > Diff: Here is a better diff for passlib. Updates HOMEPAGE and fixes the egg-version mess. I'm not using passlib for anything at the moment so haven't tested runtime yet but it should be equivalent to your diff apart from those fixes. Index: Makefile === RCS file: /cvs/ports/security/py-passlib/Makefile,v retrieving revision 1.8 diff -u -p -r1.8 Makefile --- Makefile3 Jan 2017 19:26:14 - 1.8 +++ Makefile19 Jan 2017 20:36:22 - @@ -2,16 +2,15 @@ COMMENT = Python module providing a password hashing framework -MODPY_EGG_VERSION =1.6.5 +MODPY_EGG_VERSION =1.7.0 DISTNAME = passlib-${MODPY_EGG_VERSION} PKGNAME = py-passlib-${MODPY_EGG_VERSION} -REVISION = 0 CATEGORIES = security MAINTAINER = Stuart Henderson -HOMEPAGE = https://pythonhosted.org/passlib/ +HOMEPAGE = https://bitbucket.org/ecollins/passlib/wiki/Home # BSD PERMIT_PACKAGE_CDROM = Yes @@ -25,6 +24,7 @@ FLAVOR ?= TEST_DEPENDS = devel/py-nose${MODPY_FLAVOR} \ devel/py-mock${MODPY_FLAVOR} +MAKE_ENV = PASSLIB_SETUP_TAG_RELEASE=no do-test: cd ${WRKSRC} && \ Index: distinfo === RCS file: /cvs/ports/security/py-passlib/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- distinfo15 Jan 2016 12:46:36 - 1.2 +++ distinfo19 Jan 2017 20:36:22 - @@ -1,2 +1,2 @@ -SHA256 (passlib-1.6.5.tar.gz) = qD009T3JsXqkLJo1w/vMUSDz/LB/f4ch7EXmonvjR/w= -SIZE (passlib-1.6.5.tar.gz) = 417044 +SHA256 (passlib-1.7.0.tar.gz) = C+T2BTNXxOu6VXigZfva11qERQHUxtkdSjoMFZTGq+0= +SIZE (passlib-1.7.0.tar.gz) = 637909 Index: patches/patch-passlib_hosts_py === RCS file: /cvs/ports/security/py-passlib/patches/patch-passlib_hosts_py,v retrieving revision 1.1 diff -u -p -r1.1 patch-passlib_hosts_py --- patches/patch-passlib_hosts_py 15 Jan 2016 12:46:37 - 1.1 +++ patches/patch-passlib_hosts_py 19 Jan 2017 20:36:22 - @@ -1,7 +1,7 @@ $OpenBSD: patch-passlib_hosts_py,v 1.1 2016/01/15 12:46:37 sthen Exp $ passlib/hosts.py.orig Sun Jul 26 03:39:39 2015 -+++ passlib/hosts.py Fri Jan 15 12:46:20 2016 -@@ -48,7 +48,8 @@ linux_context = linux2_context = LazyCryptContext( +--- passlib/hosts.py.orig Wed Nov 23 03:20:22 2016 passlib/hosts.py Mon Jan 16 14:26:12 2017 +@@ -47,7 +47,8 @@ linux_context = linux2_context = LazyCryptContext( # referencing source via -http://fxr.googlebit.com # freebsd 6,7,8 - des, md5, bcrypt, bsd_nthash # netbsd - des, ext, md5, bcrypt, sha1 Index: pkg/PLIST === RCS file: /cvs/ports/security/py-passlib/pkg/PLIST,v retrieving revision 1.3 diff -u -p -r1.3 PLIST --- pkg/PLIST 13 May 2014 09:18:24 - 1.3 +++ pkg/PLIST 19 Jan 2017 20:36:22 - @@ -4,6 +4,7 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/PKG-INFO lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/SOURCES.txt lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/dependency_links.txt +lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/requires.txt lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${