[Python-modules-team] Bug#824952: python-bcrypt: pyca/bcrypt not fully compatible with py-bcrypt (lacks kdf)

Daniel Stender stender at debian.org
Sat May 21 18:45:46 UTC 2016 

Package: python-bcrypt
Version: 2.0.0-1
Severity: important

Like Vincent recently reported on #803096 (python-bcrypt: please update
python-bcrypt, closed) github.com/pyca/bcrypt is not fully downward
compatible with google.com/py-bcrypt[*], which has been packaged before.

[*] https://pypi.python.org/pypi/py-bcrypt/0.4

The new implementation lacks kdf() [key derivation function to transform a
password ans salt into bytes suitable for use a cryptographic key material].

Among the reverse deps, python-asyncssh breaks on this:
<cut>
ERROR: test_key (tests.test_public_key.TestRSA) [Export OpenSSH private (aes256-gcm at openssh.com)] (keytype=2048)
Check key import and export
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/<<PKGBUILDDIR>>/tests/test_public_key.py", line 853, in check_openssh_private
    self.export_openssh_private(cipher)
  File "/<<PKGBUILDDIR>>/tests/test_public_key.py", line 313, in export_openssh_private
    select_passphrase(cipher), cipher)
  File "/<<PKGBUILDDIR>>/asyncssh/public_key.py", line 352, in write_private_key
    f.write(self.export_private_key(*args, **kwargs))
  File "/<<PKGBUILDDIR>>/asyncssh/public_key.py", line 254, in export_private_key
    key = bcrypt.kdf(passphrase, salt, key_size + iv_size, rounds)
AttributeError: module 'bcrypt' has no attribute 'kdf'

----------------------------------------------------------------------
Ran 42 tests in 33.277s

FAILED (errors=186, skipped=1)
E: pybuild pybuild:274: test: plugin distutils failed with: exit code=1: python3.5 setup.py test 
dh_auto_test: pybuild --test -i python{version} -p 3.5 --dir . returned exit code 13
debian/rules:7: recipe for target 'build' failed
make: *** [build] Error 25
dpkg-buildpackage: error: debian/rules build gave error exit status 2
</cut>

It have been asked upstream if they could reimplement this[*].

[*] https://github.com/pyca/bcrypt/issues/65

DS

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python-bcrypt depends on:
ii  libc6                         2.22-7
ii  python                        2.7.11-1
pn  python-cffi-backend-api-9729  <none>
ii  python-six                    1.10.0-3
pn  python:any                    <none>

python-bcrypt recommends no packages.

python-bcrypt suggests no packages.

-- no debconf information

More information about the Python-modules-team mailing list