passlib call of encrypt() replaced by hash()

* Fix passlib call of encrypt() which is replaced by hash() upstream (Closes: #846729). Change-Id: I9b56ada1c72f2164b5be917f3b442e78146a97c2
2016-12-05 12:35:04 +01:00 · 2016-12-05 12:35:04 +01:00 · 3c2b407fb3
parent abdcf16177
commit 3c2b407fb3
4 changed files with 43 additions and 4 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,10 @@
+keystone (2:10.0.0-4) unstable; urgency=medium
+
+  * Fix passlib call of encrypt() which is replaced by hash() upstream
+    (Closes: #846729).
+
+ -- Thomas Goirand <zigo@debian.org>  Mon, 05 Dec 2016 12:33:54 +0100
+
 keystone (2:10.0.0-3) unstable; urgency=medium

  * Team upload.
--- a/debian/patches/fixes-default-connection.patch
+++ b/debian/patches/fixes-default-connection.patch
@ -4,11 +4,11 @@ Author: Thomas Goirand <zigo@debian.org>
 Forwarded: no
 Last-Update: 2014-03-28

-Index: keystone/etc/keystone.conf.sample
+Index: deb-keystone/etc/keystone.conf.sample
 ===================================================================
--- keystone.orig/etc/keystone.conf.sample
-+++ keystone/etc/keystone.conf.sample
-@@ -546,7 +546,7 @@
+--- deb-keystone.orig/etc/keystone.conf.sample
+++ deb-keystone/etc/keystone.conf.sample
+@@ -637,7 +637,7 @@
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
--- a/debian/patches/series
+++ b/debian/patches/series
@ -3,3 +3,4 @@ fixes-default-connection.patch
 fix-requirements.txt.patch
 Remove_trailing_d_from_-days_param_of_OpenSSL_command.patch
 allow_newer_sqlalchemy.patch
+uses-hash-instead-of-encrypt-for-passlib.patch
--- a/debian/patches/uses-hash-instead-of-encrypt-for-passlib.patch
+++ b/debian/patches/uses-hash-instead-of-encrypt-for-passlib.patch
@ -0,0 +1,31 @@
+Description: Uses hash() instead of encrypt() for passlib
+ Otherwise, this generates this warning:
+  DeprecationWarning: the method
+  passlib.handlers.sha2_crypt.sha512_crypt.encrypt()
+  is deprecated as of Passlib 1.7, and will be removed in Passlib 2.0, use
+  .hash() instead.
+ .
+ Unfortunately, this warning fails 3459 unit tests.
+Author: Thomas Goirand <zigo@debian.org>
+Bug-Debian: https://bugs.debian.org/846729
+Forwarded: no
+Last-Update: 2016-12-05
+
+--- keystone-10.0.0.orig/keystone/common/utils.py
+++ keystone-10.0.0/keystone/common/utils.py
+@@ -139,8 +139,13 @@ def hash_user_password(user):
+ def hash_password(password):
+     """Hash a password. Hard."""
+     password_utf8 = verify_length_and_trunc_password(password).encode('utf-8')
+-    return passlib.hash.sha512_crypt.encrypt(
+-        password_utf8, rounds=CONF.crypt_strength)
+    # Method was renamed in passlib 1.7.0
+    if hasattr(passlib.hash.sha512_crypt, "hash"):
+        return passlib.hash.sha512_crypt.hash(
+            password_utf8, rounds=CONF.crypt_strength)
+    else:
+        return passlib.hash.sha512_crypt.encrypt(
+            password_utf8, rounds=CONF.crypt_strength)
+ 
+ 
+ def check_password(password, hashed):