electron-releases icon indicating copy to clipboard operation
electron-releases copied to clipboard

Published 20 hours ago verified publisher icon castlabs

castlabs_evs package is incompatible with cryptography 42.0.0+

Open quanglam2807 opened this issue 1 year ago • 3 comments

I ran this issue when running castlab sign with python3. It's probably related to this change: https://cryptography.io/en/latest/changelog/#v42-0-0

Running: python3 -m castlabs_evs.vmp sign-pkg "/var/folders/s6/1nfxlhk965l07b0jz9mlcdqh0000gn/T/tmp-3646-CAbM36yQ1OAL/mac-arm64"
  Error: /Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/castlabs_evs/vmp.py:151: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc.
    if now < cert.not_valid_before:
  /Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/castlabs_evs/vmp.py:153: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.
    if min_days is not None and now > (cert.not_valid_after - timedelta(days=min_days)):
  /Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/castlabs_evs/vmp.py:155: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.
    days_left = (cert.not_valid_after - now).days

quanglam2807 avatar Jan 30 '24 22:01 quanglam2807

Thanks for the report, we will look into this.

It looks like we may be treating deprecation warnings as errors, but we might as well look into supporting the updated/safer APIs as well. This is a EVS client issue, so the client will need to be updated once we publish a fixed version.

khwaaj avatar Jan 30 '24 23:01 khwaaj

I can't actually reproduce the error you are seeing, I only get deprecation warnings logged (with python 3.12 and cryptography 42.0.2), otherwise things work as normal. Perhaps you have a stricter setting that treat warnings as errors in your python installation?

Whatever the case we will still update the EVS client to prefer the newer APIs when they are available, which should fix both warnings and errors going forward.

khwaaj avatar Jan 31 '24 00:01 khwaaj

castlabs-evs 1.1.2 has been published to PyPI, and it contains updated support to deal with the changes in the cryptography API. You can update with something like:

% python3 -m pip install --upgrade castlabs-evs

Let me know how it goes!

khwaaj avatar Jan 31 '24 00:01 khwaaj

Since there has been no followup I'll assume the fix worked and close the ticket.

khwaaj avatar May 23 '24 19:05 khwaaj