Control: severity -1 important Control: retitle -1 python-keyring: CryptedFileKeyring: incomplete migration, broken unlock logic
On 2013-01-03 02:15:09, Sebastian Ramacher wrote:
> While preparing a tpu upload for the CVEs and testing the migration code, I
> came to the conclusion that without this patch is really necessary. Otherwise
> the keyring is created over and over again.
>
> Furthermore the commit [2] released in 0.9.3 is also required. So if you don't
> mind I'd like to prepare a team upload of 0.9.3 with the patch for this bug
> for
> unstable (including the changes from the NMU of course). After that I'll
> continue to work in the tpu.
It was too late when I wrote that mail. Here are more details.
Without the commit from [2] an existing keyring is not converted correctly. In
the case of a call to get_password the keyring is moved to the new location but
then one gets the following traceback:
File "/usr/lib/python2.7/dist-packages/keyring/core.py", line 37, in
get_password
return _keyring_backend.get_password(service_name, username)
File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 375, in
get_password
password = self.decrypt(password_encrypted).decode('utf-8')
File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 549, in
decrypt
data = json.loads(password_encrypted)
File "/usr/lib/python2.7/json/__init__.py", line 326, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 383, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
LP #1042754 contains an example of this case.
As this leaves python-keyring with an existing
pre-0.9.2-CryptedFileKeyring keyring unusable, I'm raising the severity to
important.
Kind regards
--
Sebastian Ramacher
signature.asc
Description: Digital signature
