Skip to content

Deprecation message for httpsig_cffi component #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
glaubitz opened this issue Nov 15, 2019 · 6 comments
Open

Deprecation message for httpsig_cffi component #187

glaubitz opened this issue Nov 15, 2019 · 6 comments

Comments

@glaubitz
Copy link

I am currently testing the python-oci-sdk and oci-cli packages which I created for openSUSE.

During the tests, I ran into a warning which seems to indicate that httpsig_cffi which oci-sdk uses makes use of deprecated APIs:

/usr/lib/python3.7/site-packages/httpsig_cffi/sign.py:60: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  r = self._rsa_private.signer(padding.PKCS1v15(), self._rsahash())

Since httpsig_cffi hasn't been updated upstream since 2015, it might be a good idea to use a replacement instead before the API breaks altogether.
@jodoglevy jodoglevy added the SDK Issue pertains to the SDK itself and not specific to any service label Nov 16, 2019
@pelliu
Copy link
Member

pelliu commented Dec 5, 2019

@glaubitz , thanks for your reminding, we will consider carefully and see what is the best replacement and then update.

@hawkowl
Copy link

hawkowl commented Dec 14, 2019

(httpsig_cffi fork author here) I'm not terribly interested in maintaining httpsig_cffi further, since it was a fork for a project that I don't even remember. I didn't actually even know anyone was using it! At the time, httpsig was using pycrypto which broke rather terribly on pypy, but since it's now using a maintained fork (pycryptodome?) I don't think that's relevant anymore, and switching to the upstream httpsig might work just fine.

@pelliu
Copy link
Member

pelliu commented Jan 21, 2020

@glaubitz what version of python SDK are you using? And could you please check signer.py(https://github.com/oracle/oci-python-sdk/blob/master/src/oci/signer.py#L15), or you directly import httpsig_cffi? Thanks!

@hdiggens
Copy link

Yes switching back to httpsig was easy.

Change code in class SignedRequestAuth(requests.auth.AuthBase)
#signer = httpsig_cffi.sign.HeaderSigner(
# key_id=key_id, secret=private_key,
# algorithm="rsa-sha256", headers=headers[:])

        # Replaced with httpsig
        signer = httpsig.HeaderSigner(
            key_id, private_key, algorithm="rsa-sha256", 
            headers=headers[:])

@glaubitz
Copy link
Author

@pelliu Sorry, I missed your message. I'm regularly updating both the SDK and the CLI package. If I remember correctly, the httpsig_cffi dependency is gone, isn't it? (from the tip of my head)

@pabs3
Copy link

pabs3 commented May 26, 2022

@pelliu @glaubitz: httpsig_cffi is now a modified vendored dependency instead of a Python module dependency. In #444 I've requested that all vendored dependencies be migrated to Python module dependencies and it looks like that will happen for version 3.0 of the SDK. Perhaps as part of that, the modified httpsig_cffi could be removed and httpsig from @ahknight used instead. It looks a bit like that project hasn't received many updates recently though. I wonder if Oracle or SUSE would be interested in sponsoring the maintainer to do some work on it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jodoglevy @pabs3 @glaubitz @hawkowl @hdiggens @pelliu