Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CryptographyDeprecationWarning when running autorsyncbackup on Debian Buster #50

Open
mbchristoff opened this issue Mar 17, 2020 · 10 comments

Comments

@mbchristoff
Copy link
Contributor

When running autorsyncbackup on Debian Buster using Python 3.7 in debug mode these errors will pop up on screen.

/usr/lib/python3/dist-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
/usr/lib/python3/dist-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
/usr/lib/python3/dist-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())
/usr/lib/python3/dist-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.ecdsa_curve.curve_class(), pointinfo
INFO: Successfully connected to host via ssh protocol (hostname.fqdn.com)

Autorsyncbackup was installed using the guide in Readme.md on a vanilla up-to-date Debian Buster install.
Should you need any further information, please do not hesitate to contact me.

@sebastic Does this warning also occur on your installation?

@sebastic
Copy link
Contributor

Yes, it occurs for everything that uses paramiko on buster. It needs changes to accommodate python-cryptography >= 2.4.

Try python3-paramiko from buster-backports.

@teunis90
Copy link
Member

@sebastic maybe the wrong person to ask given your Debian background. But what if we use pip packages over Debian packages? Can we then avoid using backports?

Personally I don't like mixing the two of them. What would be the cleanest solution? Should be update the docs?

@sebastic
Copy link
Contributor

The cleanest solution is keep using Debian packages for the autorsyncbackup dependencies, with newer versions provided in buster-backports.

Alternatively you can use pip3 to install newer versions, like we needed to do in the Travis config for Ubuntu bionic. Since that's contained within their VMs I don't mind as much, for production servers I recommend against mixing Debian packages and modules installed from PyPI.

If people are really bothered by this warning we could suppress it in autorsyncbackup, I've done that for many projects at $DAYJOB that run on buster.

@sebastic
Copy link
Contributor

This should work to suppress the warning:

diff --git a/src/lib/command.py b/src/lib/command.py
index bdddde9..bcd2ef9 100644
--- a/src/lib/command.py
+++ b/src/lib/command.py
@@ -1,12 +1,20 @@
 import socket
 import subprocess
 import time
+import warnings
 
+from cryptography.utils import CryptographyDeprecationWarning
 import paramiko
 
 from .logger import logger
 
 
+warnings.filterwarnings(
+                         action='ignore',
+                         category=CryptographyDeprecationWarning,
+                       )
+
+
 class command():
 
     def checkRemoteHostViaSshProtocol(self, job,
diff --git a/src/lib/rsync.py b/src/lib/rsync.py
index c56374f..d93fd0d 100644
--- a/src/lib/rsync.py
+++ b/src/lib/rsync.py
@@ -1,13 +1,21 @@
 import socket
 import subprocess
 import time
+import warnings
 
+from cryptography.utils import CryptographyDeprecationWarning
 import paramiko
 
 from models.config import config
 from lib.logger import logger
 
 
+warnings.filterwarnings(
+                         action='ignore',
+                         category=CryptographyDeprecationWarning,
+                       )
+
+
 class rsync():
 
     def checkRemoteHost(self, job):

@teunis90
Copy link
Member

I decided not to change anything since you only see this message while debugging on the CLI. Everything else is working fine.

@sebastic thanks for updating this ticket. It's good to know it will be resolved in the next Debian release.

@teunis90
Copy link
Member

@sebastic I just realized we get every night e-mails with the deprecation warning. In our effort to reduce the number of emails we get, I would propose to suppress the deprecation warning till the next major Debian release. Once we go to Debian 11, we can remove the suppression.

What do you think?

@teunis90 teunis90 reopened this Apr 10, 2020
@sebastic
Copy link
Contributor

That's pretty much what we'll do for the various scripts where we suppressed the warning. Applying the patch I proposed should do.

@teunis90
Copy link
Member

I have 5 servers with an installation. I rather add it to src then patch all 5 of them. Can you commit your patch from one of your servers?

sebastic added a commit to sebastic/autorsyncbackup that referenced this issue Apr 10, 2020
Caused by the paramiko not being updated for cryptography >= 2.4.

Fixes: Nextpertise#50
@sebastic
Copy link
Contributor

I'm not working at $DAYJOB today, so I just committed the patch to my fork.

On Tuesday I'll be able to test the changes at $DAYJOB. If you're able to test before then, please do.

@teunis90
Copy link
Member

Thanks, I saw your commit. I'll try to test it today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants