Tests expect crypt.METHOD_CRYPT to always be availlable #11826

mweinelt · 2023-03-17T11:18:34Z

Describe the incorrect behavior you saw
Some tests expect the plain crypt method to always be available from python's crypt library.

Describe how to cause this behavior

This is only the case if the libcrypt/libxcrypt implementation provides the relevant algorithm.

For nixpkgs we are in the process of reducing the number of weak password hashing algorithms,
we supported throughout our packageset.

[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/conch/test/test_checkers.py", line 74, in test_verifyCryptedPassword
    crypted = crypt.crypt(password, salt)
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.conch.test.test_checkers.HelperTests.test_verifyCryptedPassword
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/conch/test/test_checkers.py", line 89, in test_verifyCryptedPasswordMD5
    crypted = crypt.crypt(password, salt)
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.conch.test.test_checkers.HelperTests.test_verifyCryptedPasswordMD5
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/conch/test/test_checkers.py", line 477, in test_defaultCheckers
    "alice", crypted("alice", "password"), 1, 2, "foo", "/foo", "/bin/sh"
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/conch/test/test_checkers.py", line 471, in crypted
    salt = crypt.crypt(password, username)
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.conch.test.test_checkers.UNIXPasswordDatabaseTests.test_defaultCheckers
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/conch/test/test_checkers.py", line 523, in test_passInCheckers
    password = crypt.crypt("secret", "secret")
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.conch.test.test_checkers.UNIXPasswordDatabaseTests.test_passInCheckers
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/cred/test/test_cred.py", line 261, in setUp
    f.write(u + b":" + self.hash(u, p, u[:2]) + b"\n")
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/cred/test/test_cred.py", line 268, in hash
    hashed_password = crypt(p.decode("ascii"), s.decode("ascii"))  # type: ignore[misc]
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.cred.test.test_cred.HashedPasswordOnDiskDatabaseTests.testBadCredentials
twisted.cred.test.test_cred.HashedPasswordOnDiskDatabaseTests.testGoodCredentials
twisted.cred.test.test_cred.HashedPasswordOnDiskDatabaseTests.testGoodCredentials_login
twisted.cred.test.test_cred.HashedPasswordOnDiskDatabaseTests.testHashedCredentials
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/cred/test/test_strcred.py", line 292, in test_verifyCryptedPassword
    cryptedCorrect = crypt.crypt(password, salt)
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.cred.test.test_strcred.CryptTests.test_verifyCryptedPassword
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/cred/test/test_strcred.py", line 341, in test_verifyCryptedPasswordOSError
    cryptedCorrect = crypt.crypt(password, "ab")
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.cred.test.test_strcred.CryptTests.test_verifyCryptedPasswordOSError
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/nix/store/wghqwxyc2iw1jmpllibzp730nar9gx62-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/cred/test/test_strcred.py", line 198, in setUp
    crypt.crypt(password, "F/"),
  File "/nix/store/qaliny94j0xf540gg29wvzqwj422qn97-python3-3.10.10/lib/python3.10/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
builtins.OSError: [Errno 22] Invalid argument

twisted.cred.test.test_strcred.UnixCheckerTests.test_isChecker
twisted.cred.test.test_strcred.UnixCheckerTests.test_unixCheckerFailsPassword
twisted.cred.test.test_strcred.UnixCheckerTests.test_unixCheckerFailsPasswordBytes
twisted.cred.test.test_strcred.UnixCheckerTests.test_unixCheckerFailsUsername
twisted.cred.test.test_strcred.UnixCheckerTests.test_unixCheckerFailsUsernameBytes
twisted.cred.test.test_strcred.UnixCheckerTests.test_unixCheckerSucceeds
twisted.cred.test.test_strcred.UnixCheckerTests.test_unixCheckerSucceedsBytes
-------------------------------------------------------------------------------
Ran 11949 tests in 630.148s

FAILED (skips=1636, errors=17, successes=10296)

Reproducing this is probably hard, because you need a restricted crypt(3) api to build
your python interpreter with.

Describe the correct behavior you'd like to see
Feature gate the relevant tests

Testing environment

Operating System and Version: Linux 6.2.6 on NixOS Unstable
Twisted version: 22.10.0
Reactor n/a

Additional context
https://hydra.nixos.org/log/nwa5asbsr5vvvwimvh7qyjfggf95n20w-python3.10-twisted-22.10.0.drv

The text was updated successfully, but these errors were encountered:

The advent of libxcrypt offers new password hashing algorithms to linux distributions, which we are slowly rolling out to our users. At the same time we are removing support for legacy ciphers, that should not be used any longer in a security-context. One of these is the traditional crypt method, which the python documentation¹ describes it as the "weakest method" it supports. This change adds a skip condition to the relevant tests, that checks for the presence of crypt.METHOD_CRYPT in the list of supported hashes. [1] https://docs.python.org/3/library/crypt.html#crypt.METHOD_CRYPT Closes: twisted#11826

The advent of libxcrypt offers new password hashing algorithms to linux distributions, which we are slowly rolling out to our users. At the same time we are removing support for legacy ciphers, that should not be used any longer in a security-context. One of these is the traditional crypt method, which the python documentation¹ describes aptly as the "weakest method" it supports. This change adds a skip condition to the relevant tests, that checks for the presence of crypt.METHOD_CRYPT in the list of supported hashes. [1] https://docs.python.org/3/library/crypt.html#crypt.METHOD_CRYPT Closes: twisted#11826

adiroiban · 2023-07-11T07:59:50Z

I see this patch upstream for Twisted on NixOS https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/python-modules/twisted/default.nix#L104-L149

I guess that in order to fix these types of issues, we should start by running NixOS tests as part of our CI.

@mweinelt are you available to do some work together to enable nixOS tests for Twisted on GitHub Actions?
I can help with Github actions, but I have no experience with Nix package manager or NixOS

mweinelt · 2023-09-13T20:03:50Z

@mweinelt are you available to do some work together to enable nixOS tests for Twisted on GitHub Actions? I can help with Github actions, but I have no experience with Nix package manager or NixOS

No, I'm afraid that's not part of my expertise and I can't invest time into that.

mweinelt added the bug label Mar 17, 2023

mweinelt linked a pull request Mar 17, 2023 that will close this issue

#11826 Conditionally skip tests that require METHOD_CRYPT #11827

Open

adiroiban mentioned this issue Nov 2, 2023

[Task] Heads up for PEP 594 and support Python 3.13 #11750

Open

9 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tests expect crypt.METHOD_CRYPT to always be availlable #11826

Tests expect crypt.METHOD_CRYPT to always be availlable #11826

mweinelt commented Mar 17, 2023

adiroiban commented Jul 11, 2023

mweinelt commented Sep 13, 2023

Tests expect crypt.METHOD_CRYPT to always be availlable #11826

Tests expect crypt.METHOD_CRYPT to always be availlable #11826

Comments

mweinelt commented Mar 17, 2023

adiroiban commented Jul 11, 2023

mweinelt commented Sep 13, 2023