-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Credstash Throws RIPEMD160 Error #175
Comments
I started getting this error on installations today |
Got this too.
And this commit which allows to use latest cryptography. You can use credstash v1.13.2 until this is fixed. |
Downgrading to v1.13.2 didn't resolve it for me. But this did:
|
Can confirm that this error is appearing across our apps.
|
Same here. |
Solution without downgrading the cryptography library: |
- We got bitten by fugue/credstash#175 which is not nice
- We got bitten by fugue/credstash#175 which is not nice
Having same issue:
@jomunoz is that safe though? Assuming these hash methods are there for good reason. |
@mfisher29 The lines are there to expose what hash methods are supported by the cryptography library. |
I came across the same issue today in many of our Docker images. |
Hi all, I'm one of the developer of pyca/cryptography. Is there anything we could have done to have prevented this from breaking credstash suddenly? It's been deprecated for 5 months, so I'd have hoped someone would have seen the warning :-( |
Someone did: #165 Alex, can I ask why these hashes were deprecated? I've been unable to find a reason |
Almost zero usage combined with the fact that there's basically no reason to ever use them. We didn't see the value in offering a bunch of choices that no one should ever use -- all it would do is add extra confusion for users. (Sorry this didn't get written down anywhere, I think we made the decision about this in person) |
Hi But it failed and I just figure out that this is becasue ansible will install cryptography-2.1.1 first and credstash will not update change the cryptography to a lower version. I have update the command to pip install cryptography==2.0.3 ansible credstash to force the cryptography to 2.0.3 and the issue has been solved. Hope this will help. |
@alex, despite pretty widespread adoption, credstash seems to be (mostly) abandoned at this point. How did you find this issue in the first place? It's not really your job to bug downstream dependencies, but maybe in the case of popular projects it might be worthwhile taking a peek at a few of them in the future. |
Someone pointed me to it, I honestly don't know how they found it :-) We currently run the tests for some of our most popular downstreams in CI (current urllib3, twisted, pyopenssl, and paramiko). |
@evanstachowiak can you speak to why you think credstash is abandoned? It seems like a simple body of code that does the job it's supposed to do, be a lightweight wrapper around KMS and DynamoDb. I would expect there is a point where the project is done in this regard and shouldn't have too much active development beyond simple bug fixes. |
@andrewkrug just look at all of the outstanding pull requests without any response. There are some bugs that are affecting a lot of people that have a potential to fix things and these have received no response from the project owner. Case in point, this cryptography deprecation which had several pull requests related to it. |
@evanstachowiak one of those has already merged and gone to release. Seems that the issue is more stale pull requests left open rather than a lack of action on the part of the maintainer(s). Maybe @alex-luminal would be willing to comment on this topic. |
@andrewkrug yes, i see that now. Maybe I spoke a bit to quickly, but I would love to see more activity on this project as it is obvious a lot of people depend on it and are also willing to contribute back. |
@evanstachowiak maybe the answer might be to have a few more in the community with merge-ability and have them sync with @alex-luminal on future and direction. I know we have heavy dependence on credstash in our AWS infra and would love to give back to the project as well. I bet @gene1wood has some thoughts on this as well. |
I haven't been able to give credstash the attention it needs over the last few months. Personal and professional obligations have just taken up all my time. We're working on having more people spend time on credstash, shepherding PRs through, making improvements, keeping credstash going. We (at Fugue) use credstash extensively, so in addition to wanting to be good stewards of the project, we have very real incentives to keep it going and working. tl;dr: credstash has been a bit neglected, but we haven't forgotten about it and you should see more movement of PRs and improvements in the near future. |
thanks for all the effort you've put into credstash, @alex-luminal ! |
FWIW this should fix it: #178 |
This is currently worked around in 1.13.4 and 1.14.0. I'll close this issue because of the workaround we placed with an upper bound on cryptography. The next major release (currently in development) will have this bound removed. |
This error has surfaced again... Using version 1.13.4,
Any suggestions? |
@mfisher29 Have you pinned down |
See issue #178 |
I have credstash 1.15.0 installed and I'm receiving the error referenced above:
I tried pinning the crypto lib but I get a dependency error back
I checked on my cryptography lib and I have version I thought this issue was resolved per above commits? EDIT: I just used |
@soultech67 works for me...
I suspect something is tainted in your environment, because my L51-L60 of
No reference to I would try to repro from a fresh virtualenv and clear your |
AttributeError: 'module' object has no attribute 'RIPEMD160'
credstash==1.13.3
cryptography==2.1
CentOS Linux release 7.4.1708 (Core)
[root@329a265ae9c0 ]# credstash
Traceback (most recent call last):
File "/usr/bin/credstash", line 5, in
from pkg_resources import load_entry_point
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 3007, in
working_set.require(requires)
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 728, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 631, in resolve
requirements.extend(dist.requires(req.extras)[::-1])
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2489, in requires
dm = self._dep_map
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2700, in _dep_map
self.__dep_map = self._compute_dependencies()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2733, in _compute_dependencies
common = frozenset(reqs_for_extra(None))
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2730, in reqs_for_extra
if req.marker_fn(override={'extra':extra}):
File "/usr/lib/python2.7/site-packages/_markerlib/markers.py", line 113, in marker_fn
return eval(compiled_marker, environment)
File "", line 1, in
NameError: name 'python_implementation' is not defined
The text was updated successfully, but these errors were encountered: