| opendevreview | Merged openstack/python-swiftclient master: Add Python3 zed unit tests https://review.opendev.org/c/openstack/python-swiftclient/+/832039 | 01:37 |
|---|---|---|
| opendevreview | Matthew Oliver proposed openstack/swift master: formpost: deprecate sha1 signatures https://review.opendev.org/c/openstack/swift/+/833713 | 03:37 |
| opendevreview | Tim Burke proposed openstack/swift master: CHANGELOG for 2.29.1 https://review.opendev.org/c/openstack/swift/+/833718 | 04:35 |
| afaranha | timburke_, clarkb so I tested what we discussed yesterday about the tempurl issue and it 's an issue only happening on centos9 fips | 16:28 |
| afaranha | I opened a bug on the openssl component https://bugzilla.redhat.com/show_bug.cgi?id=2064343 and I think we can modify the code to not use functools.partial | 16:29 |
| afaranha | https://github.com/openstack/swift/blob/master/swift/common/middleware/tempurl.py#L753 | 16:29 |
| afaranha | I don't see the reason to use it, and we can just pass the hash_algorithm as a string to the hmac.new, this way it works also on fips env without any issue | 16:30 |
| clarkb | ah the fips enforcement can't handle the partial function and falls back to failure | 16:40 |
| clarkb | I guess that makes sense from a defensive programming standpoint | 16:41 |
| opendevreview | Thibault Person proposed openstack/swift master: Comply with AWS signature calculation (s3v4) https://review.opendev.org/c/openstack/swift/+/833913 | 20:16 |
| opendevreview | Tim Burke proposed openstack/swift master: Comply with AWS signature calculation (s3v4) https://review.opendev.org/c/openstack/swift/+/833913 | 22:25 |
| mattoliver | Yup, now that hmac.new can take the string we should be able to remove that. I'm playing with a sha1 deprecation in formpost as a follow up to the tempurl one. timburke__ Want me to respin the tempurl patch to remove the partial? | 23:18 |
| mattoliver | If your not already working on it? | 23:19 |
| opendevreview | Matthew Oliver proposed openstack/swift master: formpost: deprecate sha1 signatures https://review.opendev.org/c/openstack/swift/+/833713 | 23:22 |
| mattoliver | ^ that isn't it, that's just fixing up the followup some more :P | 23:22 |
| timburke_ | mattoliver, i'm not already working on it, no | 23:42 |
| *** timburke_ is now known as timburke | 23:42 | |
| mattoliver | good cause I have a new patchset I'm about to push up (once the tests finish running locally) ;) | 23:42 |
| mattoliver | ok, so the main problem is hmac.new can take in a disgest string name in py3, but not in py2 :( So can still try and remove the partial, but can't just use the string until py2 is deprecated from swift (after the next release!). | 23:53 |
| mattoliver | So we can either wait.. or I'll just be smarter getting the digest constructor without a partial. | 23:53 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!