[Bug 2022372] Re: Backport for deprecated int_from_bytes to int.from_bytes

Mauricio Faria de Oliveira 2022372 at bugs.launchpad.net
Fri Jun 9 00:29:23 UTC 2023 

Hi Heather,

Thanks for the bug report with detailed tracks for releases and debdiff!

Tracks:

I think tracks that don't need the fix should be in 'Invalid' and not
"Won't Fix", since it's not like they had to be fixed but will not.

Impact:

Apparently if your reorder these lines it'd be clearer?

from

1) A method from cryptographic_utils was deprecated and replaced.
2) We are cherry-picking ... to address the unnecessary logging...
3) It also deprecates the usage ...

to

1) A method from cryptographic_utils was deprecated and replaced.
3) It also deprecates the usage ...
2) We are cherry-picking ... to address the unnecessary logging...

since 2 looks like the solution to the problem, and 3 is symptoms.

Also, it is important to highlight the need for the py3-crypto from
cloud archive to reproduce the problem in the Impact session.
(It's currently low profile in the middle of a long sentence in 
Test Plan).

Where Problems Could Occur:

I'm not sure I followed why exactly the Build-Depends: are related
since the python code is loaded at runtime (so Depends: are used),
if you could clarify please.

> The impact is low as this fixes a deprecated 3rd party library.

I guess it fixes the _usage_ of a deprecated method from other lib?

It'd be nice if we could confirm that the new code (int.from_bytes)
is not only available in python-cryptography in the ubuntu archive
(old version, not the new version in UCA), but also and does not
have bugs that need additional fixes from py-crypto upstream.

(since we'd be switching implementations, let's make sure the new
implementation is equivalent and/or has all fixes needed).

...

Debdiffs:

- changelog: needs LP: #number, and (nitpicking) further indent '-' 
  under '*' is usual (not strictly required)

- dep3:
- Origin: typo in "Origin, upstream: <url>" ("Origin: upstream, <url>")
- Origin: URL is OK, but prefer shorter/commit "https://github.com/mitya57/secretstorage/commit/<id>" 
  (we can get to the PR from the commit message or the LP bug number)
- Bug-Ubuntu: URL is OK, but prefer shorter "https://bugs.launchpad.net/bugs/<number>"

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-secretstorage in Ubuntu.
https://bugs.launchpad.net/bugs/2022372

Title:
  Backport for deprecated int_from_bytes to int.from_bytes

Status in python-secretstorage package in Ubuntu:
  New
Status in python-secretstorage source package in Bionic:
  Won't Fix
Status in python-secretstorage source package in Focal:
  In Progress
Status in python-secretstorage source package in Jammy:
  Won't Fix
Status in python-secretstorage source package in Kinetic:
  Won't Fix

Bug description:
  [ Impact ]

  A method from cryptographic_utils was deprecated and replaced.
  We are cherry-picking 2 commits from upstream, ad7c45e493fff48f897487d6aff63f4fff021d31 and 08c7010322ecec0de1e51cc51d5ed9db34a38aa3 to address the unnecessary logging when using any openstack command, or automating the install/upgrade of services on OpenStack.

  It also deprecates the usage of utils.int_from_bytes: pyca/cryptography#5609
  int_from_bytes is deprecated in favor of int.from_bytes which ships with Python 3

  [ Test Plan ]

  # this is the expected output
  python3
  >>> from secretstorage.dhcrypto import Session
  >>> session = Session()
  >>> exit()

  Installing and running the dhcrypto module from python-secretstorage
  shows after installing the package from the cloud-archive we see
  logging warnings from the deprecated method.

  sudo apt-add-repository -y cloud-archive:yoga
  sudo apt install -y python3-cryptography

  python3
  >>> from secretstorage.dhcrypto import Session
  /usr/lib/python3/dist-packages/secretstorage/dhcrypto.py:15: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
    from cryptography.utils import int_from_bytes
  /usr/lib/python3/dist-packages/secretstorage/util.py:19: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
    from cryptography.utils import int_from_bytes
  >>> exit()


  [ Where problems could occur ]

  This does not include the cryptography module update which python3-secretstorage depends on
  Build-Depends: debhelper-compat (= 13),
                 dh-python,
                 python3-all
                 python3-cryptography,
                 python3-jeepney
                 python3-setuptools,
                 python3-sphinx

  The impact is low as this fixes a deprecated 3rd party library.

   It uses D-Bus Secret Service API that is supported by GNOME Keyring
   (>= 2.30) and KSecretsService.

   It allows one to create, edit and delete secret items, manipulate
   secret collections, and search for items matching given attributes.
   It also supports locking and unlocking collections.

  There could be a failure for the D-Bus Secret Service API if the
  method fails to be called.

  [ Other Info ]

  upstream debian link - https://salsa.debian.org/python-team/packages/python-secretstorage/-/commit/e24df79cf7d62f11c2906d5aa0f4885cefeafbbf
  Github conversation link - https://github.com/mitya57/secretstorage/pull/27
  upstream cherrypick author other - https://github.com/mitya57/secretstorage/pull/27

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-secretstorage/+bug/2022372/+subscriptions

More information about the foundations-bugs mailing list