diff --git a/.gitignore b/.gitignore index 048903d6..3d779c37 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,7 @@ pip-log.txt #Translations *.mo + +.cargo/ +vendor/ +.pybuild/ diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 00000000..59720fda --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1,6 @@ +*.substvars +*debhelper* +.debhelper +files +python3-bcrypt +tmp diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..8646d01c --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +python-bcrypt (100:4.1.2-1) UNRELEASED; urgency=medium + + * https://github.com/pyca/bcrypt/releases/tag/4.1.2 + + -- Wong Hoi Sing Edison Mon, 01 Jan 2024 18:00:27 +0800 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..ea5676d1 --- /dev/null +++ b/debian/control @@ -0,0 +1,30 @@ +Source: python-bcrypt +Section: python +Priority: optional +Standards-Version: 4.5.0 +Maintainer: Wong Hoi Sing Edison +Homepage: https://github.com/pyca/bcrypt/tags +Vcs-Browser: https://github.com/alvistack/pyca-bcrypt +Vcs-Git: https://github.com/alvistack/pyca-bcrypt.git +Build-Depends: + cargo, + cython3, + debhelper, + debhelper-compat (= 10), + dh-python, + fdupes, + python3-dev, + python3-pycparser, + python3-setuptools (>= 42.0.0), + python3-setuptools-rust (>= 0.11.4), + rustc (>= 1.64.0), + +Package: python3-bcrypt +Architecture: amd64 +Description: Modern(-ish) password hashing for your software and your servers + Good password hashing for your software and your servers. +Depends: + ${misc:Depends}, + ${shlibs:Depends}, + ${python3:Depends}, + python3, diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..12900b41 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,21 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: debian/* +Copyright: 2024 Wong Hoi Sing Edison +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + The complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". diff --git a/debian/python3-bcrypt.install b/debian/python3-bcrypt.install new file mode 100644 index 00000000..e3da3e75 --- /dev/null +++ b/debian/python3-bcrypt.install @@ -0,0 +1 @@ +usr/lib/python*/*-packages/* diff --git a/debian/python3-bcrypt.lintian-overrides b/debian/python3-bcrypt.lintian-overrides new file mode 100644 index 00000000..1b0a6375 --- /dev/null +++ b/debian/python3-bcrypt.lintian-overrides @@ -0,0 +1,4 @@ +python3-bcrypt: copyright-without-copyright-notice +python3-bcrypt: initial-upload-closes-no-bugs +python3-bcrypt: no-manual-page +python3-bcrypt: zero-byte-file-in-doc-directory diff --git a/debian/rules b/debian/rules new file mode 100755 index 00000000..fcaa45ef --- /dev/null +++ b/debian/rules @@ -0,0 +1,15 @@ +#!/usr/bin/make -f + +SHELL := /bin/bash + +override_dh_auto_install: + dh_auto_install --destdir=debian/tmp + find debian/tmp/usr/lib/python*/*-packages -type f -name '*.pyc' -exec rm -rf {} \; + fdupes -qnrps debian/tmp/usr/lib/python*/*-packages + +override_dh_auto_test: + +override_dh_auto_clean: + +%: + dh $@ --buildsystem=pybuild --with python3 diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 00000000..52ff17b1 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,5 @@ +python-bcrypt source: file-without-copyright-information +python-bcrypt source: no-debian-changes +python-bcrypt source: source-contains-prebuilt-windows-binary +python-bcrypt source: source-package-encodes-python-version +python-bcrypt source: unpack-message-for-orig diff --git a/python-bcrypt.spec b/python-bcrypt.spec new file mode 100644 index 00000000..7a1d2464 --- /dev/null +++ b/python-bcrypt.spec @@ -0,0 +1,91 @@ +# Copyright 2024 Wong Hoi Sing Edison +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +%global debug_package %{nil} + +Name: python-bcrypt +Epoch: 100 +Version: 4.1.2 +Release: 1%{?dist} +Summary: Modern(-ish) password hashing for your software and your servers +License: Apache-2.0 +URL: https://github.com/pyca/bcrypt/tags +Source0: %{name}_%{version}.orig.tar.gz +BuildRequires: cargo +BuildRequires: fdupes +BuildRequires: gcc +BuildRequires: python-rpm-macros +BuildRequires: python3-Cython3 +BuildRequires: python3-devel +BuildRequires: python3-pycparser +BuildRequires: python3-setuptools >= 42.0.0 +BuildRequires: python3-setuptools-rust >= 0.11.4 +BuildRequires: rust >= 1.64.0 + +%description +Good password hashing for your software and your servers. + +%prep +%autosetup -T -c -n %{name}_%{version}-%{release} +tar -zx -f %{S:0} --strip-components=1 -C . + +%build +%py3_build + +%install +%py3_install +find %{buildroot}%{python3_sitearch} -type f -name '*.pyc' -exec rm -rf {} \; +fdupes -qnrps %{buildroot}%{python3_sitearch} + +%check + +%if 0%{?suse_version} > 1500 +%package -n python%{python3_version_nodots}-bcrypt +Summary: Modern(-ish) password hashing for your software and your servers +Requires: python3 +Provides: python3-bcrypt = %{epoch}:%{version}-%{release} +Provides: python3dist(bcrypt) = %{epoch}:%{version}-%{release} +Provides: python%{python3_version}-bcrypt = %{epoch}:%{version}-%{release} +Provides: python%{python3_version}dist(bcrypt) = %{epoch}:%{version}-%{release} +Provides: python%{python3_version_nodots}-bcrypt = %{epoch}:%{version}-%{release} +Provides: python%{python3_version_nodots}dist(bcrypt) = %{epoch}:%{version}-%{release} + +%description -n python%{python3_version_nodots}-bcrypt +Good password hashing for your software and your servers. + +%files -n python%{python3_version_nodots}-bcrypt +%license LICENSE +%{python3_sitearch}/* +%endif + +%if !(0%{?suse_version} > 1500) +%package -n python3-bcrypt +Summary: Modern(-ish) password hashing for your software and your servers +Requires: python3 +Provides: python3-bcrypt = %{epoch}:%{version}-%{release} +Provides: python3dist(bcrypt) = %{epoch}:%{version}-%{release} +Provides: python%{python3_version}-bcrypt = %{epoch}:%{version}-%{release} +Provides: python%{python3_version}dist(bcrypt) = %{epoch}:%{version}-%{release} +Provides: python%{python3_version_nodots}-bcrypt = %{epoch}:%{version}-%{release} +Provides: python%{python3_version_nodots}dist(bcrypt) = %{epoch}:%{version}-%{release} + +%description -n python3-bcrypt +Good password hashing for your software and your servers. + +%files -n python3-bcrypt +%license LICENSE +%{python3_sitearch}/* +%endif + +%changelog diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 00000000..8bfd5a12 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,4 @@ +[egg_info] +tag_build = +tag_date = 0 + diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 5a791c1f..4cab339e 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -148,17 +148,11 @@ dependencies = [ "wasi", ] -[[package]] -name = "heck" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" - [[package]] name = "indoc" -version = "2.0.4" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e186cfbae8084e513daff4240b4797e342f988cecda4fb6c939150f96315fd8" +checksum = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306" [[package]] name = "inout" @@ -185,15 +179,6 @@ dependencies = [ "scopeguard", ] -[[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] - [[package]] name = "once_cell" version = "1.19.0" @@ -243,14 +228,13 @@ dependencies = [ [[package]] name = "pyo3" -version = "0.20.0" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04e8453b658fe480c3e70c8ed4e3d3ec33eb74988bd186561b0cc66b85c3bc4b" +checksum = "0220c44442c9b239dd4357aa856ac468a4f5e1f0df19ddb89b2522952eb4c6ca" dependencies = [ "cfg-if", "indoc", "libc", - "memoffset", "parking_lot", "pyo3-build-config", "pyo3-ffi", @@ -260,9 +244,9 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.20.0" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a96fe70b176a89cff78f2fa7b3c930081e163d5379b4dcdf993e3ae29ca662e5" +checksum = "9c819d397859445928609d0ec5afc2da5204e0d0f73d6bf9e153b04e83c9cdc2" dependencies = [ "once_cell", "target-lexicon", @@ -270,9 +254,9 @@ dependencies = [ [[package]] name = "pyo3-ffi" -version = "0.20.0" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "214929900fd25e6604661ed9cf349727c8920d47deff196c4e28165a6ef2a96b" +checksum = "ca882703ab55f54702d7bfe1189b41b0af10272389f04cae38fe4cd56c65f75f" dependencies = [ "libc", "pyo3-build-config", @@ -280,9 +264,9 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.20.0" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dac53072f717aa1bfa4db832b39de8c875b7c7af4f4a6fe93cdbf9264cf8383b" +checksum = "568749402955ad7be7bad9a09b8593851cd36e549ac90bfd44079cea500f3f21" dependencies = [ "proc-macro2", "pyo3-macros-backend", @@ -292,11 +276,10 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.20.0" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7774b5a8282bd4f25f803b1f0d945120be959a36c72e08e7cd031c792fdfd424" +checksum = "611f64e82d98f447787e82b8e7b0ebc681e1eb78fc1252668b2c605ffb4e1eb8" dependencies = [ - "heck", "proc-macro2", "quote", "syn", @@ -351,9 +334,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.41" +version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44c8b28c477cc3bf0e7966561e3460130e1255f7a1cf71931075f1c5e7a7e269" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ "proc-macro2", "quote", @@ -380,9 +363,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unindent" -version = "0.2.3" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce" +checksum = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c" [[package]] name = "version_check" diff --git a/src/_bcrypt/Cargo.toml b/src/_bcrypt/Cargo.toml index a9c7f7c6..36dc219f 100644 --- a/src/_bcrypt/Cargo.toml +++ b/src/_bcrypt/Cargo.toml @@ -6,7 +6,7 @@ edition = "2018" publish = false [dependencies] -pyo3 = { version = "0.20.0", features = ["abi3"] } +pyo3 = { version = "0.16.6", features = ["abi3"] } bcrypt = "0.15" bcrypt-pbkdf = "0.10.0" base64 = "0.21.5" diff --git a/src/_bcrypt/src/lib.rs b/src/_bcrypt/src/lib.rs index a3472148..72405aae 100644 --- a/src/_bcrypt/src/lib.rs +++ b/src/_bcrypt/src/lib.rs @@ -151,18 +151,6 @@ fn kdf<'p>( )); } - if rounds < 50 && !ignore_few_rounds { - // They probably think bcrypt.kdf()'s rounds parameter is logarithmic, - // expecting this value to be slow enough (it probably would be if this - // were bcrypt). Emit a warning. - pyo3::PyErr::warn( - py, - pyo3::exceptions::PyUserWarning::type_object(py), - &format!("Warning: bcrypt.kdf() called with only {rounds} round(s). This few is not secure: the parameter is linear, like PBKDF2."), - 3 - )?; - } - pyo3::types::PyBytes::new_with(py, desired_key_bytes, |output| { py.allow_threads(|| { bcrypt_pbkdf::bcrypt_pbkdf(password, salt, rounds, output).unwrap(); diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py index 68c00fb4..01a12a2f 100644 --- a/tests/test_bcrypt.py +++ b/tests/test_bcrypt.py @@ -462,11 +462,6 @@ def test_kdf_no_warn_rounds(): bcrypt.kdf(b"password", b"salt", 10, 10, True) -def test_kdf_warn_rounds(): - with pytest.warns(UserWarning): - bcrypt.kdf(b"password", b"salt", 10, 10) - - @pytest.mark.parametrize( ("password", "salt", "desired_key_bytes", "rounds", "error"), [