Project

General

Profile

Feature #7791

Bug #7423: Have what we need included in Debian Jessie

Feature #5875: Make sure all the Python 3 libraries we need are in Jessie

Investigate the need for python-gnutls

Added by alant about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Start date:
08/16/2014
Due date:
% Done:

100%

Feature Branch:
Type of work:
Research
Blueprint:
Starter:
Affected tool:

Description

WhisperBack uses python-gnutls which has no python3 version. It seems replaced by https://gitorious.org/pygnutls but we might not need it anymore. That should be confirmed to know wether we should package it or not.


Related issues

Blocks Tails - Feature #7892: Migrate WhisperBack to SSL Resolved 09/13/2014

History

#1 Updated by intrigeri about 5 years ago

  • Status changed from New to Confirmed

Indeed, I suspect that Python 3's much improved ssl module is enough for our needs.

#2 Updated by BitingBird about 5 years ago

maker answered concerning this on the parent ticket #5875

#3 Updated by intrigeri about 5 years ago

  • Assignee changed from alant to maker

maker wrote (on #5875):

Would it be appreciated a patch removing pygnutls as dependency?

Yes, please :) I think we used pygnutls since back then, it was the only way to have certificate verification against a single, known CA (or similar, I don't remember the details) working. I think this has changed with the backported ssl module. This patch should not make the security of the TLS connection worse.

#4 Updated by maker about 5 years ago

writes:

Yes, please :) I think we used pygnutls since back then, it was the
only way to have certificate verification against a single, known CA
(or similar, I don't remember the details) working. I think this has
changed with the backported ssl module. This patch should not make the
security of the TLS connection worse.

I am attaching now a patch removing pygnutls as dependency.
Unfortunately, whisperBack provides no unittests, only a shitty
```test.py``` module. I am not going to start a test/ package, as I
believe that would be worth a separate issue.

Right now, I've tested my changes with a ::
```
python -m smtpd -c DebuggingServer -n -d
```
and firing
```

mail.send_message_tls('', '', 'hello', host='localhost', port=8025)

```
and just it.

--
m.

#5 Updated by maker about 5 years ago

Michele Orru` <> writes:

Unfortunately, whisperBack provides no unittests, only a shitty

s/shitty/confused/

sry,
--
m.

#6 Updated by intrigeri about 5 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

Thanks for the patch! Here are a few comments:

  • I read "This class might be removed once SSLContexts will be available in smtplib (which right now happens only for python >= 2.7.8)." Debian Jessie has 2.7.8-6, and this ticket is about migrating Tails to Jessie, so maybe these bits can be dropped right away? (Sorry our current Jessie-based nightly builds are not exactly usable, so it may be hard to test.)
  • These changes would be easier to review if they were in a Git branch, wich atomic changes (e.g. whitespace changes should go in separate commits). Do you want a Tails Greeter Git repo? If so, please send a public SSH key to , in an OpenPGP-signed email.
  • We'll need to test against another HS SMTP relay, that uses an unexpected certificate.

#7 Updated by maker about 5 years ago

writes:

Thanks for the patch! Here are a few comments:

  • I read "This class might be removed once SSLContexts will be
    available in smtplib (which right now happens only for python >=
    2.7.8)." Debian Jessie has 2.7.8-6, and this ticket is about migrating
    Tails to Jessie, so maybe these bits can be dropped right away? (Sorry
    our current Jessie-based nightly builds are not exactly usable, so it
    may be hard to test.)

whoops, that was my fault. That should have been "python > 2.7.8".
In python 2.7.8 there are no SSLContexts yet [0], while in the latest
revision of the 2.7 branch there are. [1]
Thanks for spotting this error.

  • These changes would be easier to review if they were in a Git
    branch, wich atomic changes (e.g. whitespace changes should go in
    separate commits). Do you want a Tails Greeter Git repo? If so, please
    send a public SSH key to , in an
    OpenPGP-signed email.

Thanks, I will split the patch into atomic commits in the new repo as
soon as I get it.

  • We'll need to test against another HS SMTP relay, that uses an unexpected certificate.

I would love to see this process automated with unittests though.

[0] <http://hg.python.org/cpython/file/v2.7.8/Lib/ssl.py>
[1] <http://hg.python.org/cpython/file/2.7/Lib/ssl.py>

[My apologies for not putting links in https. I tried SO many times in
vain to ask for hg.python.org to be available in https..]
--
m.

#8 Updated by intrigeri about 5 years ago

Thanks, I will split the patch into atomic commits in the new repo as soon as I get it.

Awesome!

  • We'll need to test against another HS SMTP relay, that uses an unexpected certificate.

I would love to see this process automated with unittests though.

Sure, that would be extremely useful. Worth a dedicated ticket, IMO.

#9 Updated by alant about 5 years ago

  • I read "This class might be removed once SSLContexts will be
    available in smtplib (which right now happens only for python >=
    2.7.8)." Debian Jessie has 2.7.8-6, and this ticket is about migrating
    Tails to Jessie, so maybe these bits can be dropped right away? (Sorry
    our current Jessie-based nightly builds are not exactly usable, so it
    may be hard to test.)

whoops, that was my fault. That should have been "python > 2.7.8".
In python 2.7.8 there are no SSLContexts yet [0], while in the latest
revision of the 2.7 branch there are. [1]

This is not actually a problem as SSLContexts are present (as far as I understand) in python 3.4.1 which will be the one running whisperback in jessie-based Tails.

#10 Updated by alant about 5 years ago

#11 Updated by alant about 5 years ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (maker)
  • % Done changed from 10 to 100

As maker found, python-gnutls is not needed anymore and can be replaced with SSLContexts which is present in python 3.4 included in jessie. I'm thus closing this bug. Please follow developpment on #7892. Thanks a lot maker.

Also available in: Atom PDF