Source: pytest-localserver Version: 0.3.7-2 User: debian...@lists.debian.org Usertags: needs-update Control: affects -1 src:python3-defaults
[X-Debbugs-CC: debian...@lists.debian.org,
python3-defau...@packages.debian.org]
Dear maintainers,
With a recent upload of python3-defaults the autopkgtest of
pytest-localserver fails in testing when that autopkgtest is run with
the binary packages of python3-defaults from unstable. It passes when
run with only packages from testing. In tabular form:
pass fail
python3-defaults from testing 3.6.7-1
pytest-localserver from testing 0.3.7-2
versioned deps [0] from testing from unstable
all others from testing from testing
I copied some of the output at the bottom of this report. Looking at the
error, it seems you need to update the tests for the version of openssl
in unstable, version 1.1.1. We have a Wiki page that describes the
common updates required [1].
Currently this regression is contributing to the delay of the migration
of python3-defaults to testing [2].
If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from python3-defaults should
really add a versioned Breaks on the unfixed version of (one of your)
package(s). Note: the Breaks is nice even if the issue is only in the
autopkgtest as it helps the migration software to figure out the right
versions to combine in the tests.
More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
Paul
[0] You can see what packages were added from the second line of the log
file quoted below. The migration software adds source package from
unstable to the list if they are needed to install packages from
python3-defaults/3.6.7-1. I.e. due to versioned dependencies or
breaks/conflicts. In this case: python3-defaults/3.6.7-1 openssl/1.1.1-1
python3-stdlib-extensions/3.7.1-1 python3.6/3.6.7-1
[1] https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
[2] https://qa.debian.org/excuses.php?package=python3-defaults
https://ci.debian.net/data/autopkgtest/testing/amd64/p/pytest-localserver/1204135/log.gz
==================================== ERRORS
====================================
__________________ ERROR at setup of test_httpsserver_funcarg
__________________
request = <SubRequest 'httpsserver' for <Function
'test_httpsserver_funcarg'>>
@pytest.fixture
def httpsserver(request):
"""The returned ``httpsserver`` (note the additional S!) provides a
threaded HTTP server instance similar to funcarg ``httpserver``
but with
SSL encryption.
"""
from pytest_localserver import https
> server = https.SecureContentServer()
pytest_localserver/plugin.py:65:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
pytest_localserver/https.py:103: in __init__
super(SecureContentServer, self).__init__(host, port,
ssl_context=(key, cert))
pytest_localserver/http.py:64: in __init__
super(ContentServer, self).__init__(host, port, self,
ssl_context=ssl_context)
pytest_localserver/http.py:22: in __init__
self._server = make_server(host, port, self.app, **kwargs)
/usr/lib/python3/dist-packages/werkzeug/serving.py:666: in make_server
passthrough_errors, ssl_context, fd=fd)
/usr/lib/python3/dist-packages/werkzeug/serving.py:601: in __init__
self.socket = ssl_context.wrap_socket(sock, server_side=True)
/usr/lib/python3/dist-packages/werkzeug/serving.py:511: in wrap_socket
ssl_version=self._protocol, **kwargs)
/usr/lib/python3.6/ssl.py:1158: in wrap_socket
ciphers=ciphers)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
self = <ssl.SSLSocket fd=-1, family=AddressFamily.AF_UNSPEC, type=0,
proto=0>
sock = <socket.socket fd=8, family=AddressFamily.AF_INET,
type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 43969)>
keyfile =
'/tmp/autopkgtest-lxc.4ukr44pr/downtmp/build.fTj/src/pytest_localserver/server.pem'
certfile =
'/tmp/autopkgtest-lxc.4ukr44pr/downtmp/build.fTj/src/pytest_localserver/server.pem'
server_side = True, cert_reqs = <VerifyMode.CERT_NONE: 0>
ssl_version = <_SSLMethod.PROTOCOL_TLS: 2>, ca_certs = None
do_handshake_on_connect = True, family = <AddressFamily.AF_INET: 2>
type = <SocketKind.SOCK_STREAM: 1>, proto = 0, fileno = None
suppress_ragged_eofs = True, npn_protocols = None, ciphers = None
server_hostname = None, _context = None, _session = None
def __init__(self, sock=None, keyfile=None, certfile=None,
server_side=False, cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_TLS, ca_certs=None,
do_handshake_on_connect=True,
family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
suppress_ragged_eofs=True, npn_protocols=None,
ciphers=None,
server_hostname=None,
_context=None, _session=None):
if _context:
self._context = _context
else:
if server_side and not certfile:
raise ValueError("certfile must be specified for
server-side "
"operations")
if keyfile and not certfile:
raise ValueError("certfile must be specified")
if certfile and not keyfile:
keyfile = certfile
self._context = SSLContext(ssl_version)
self._context.verify_mode = cert_reqs
if ca_certs:
self._context.load_verify_locations(ca_certs)
if certfile:
> self._context.load_cert_chain(certfile, keyfile)
E ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak
(_ssl.c:3486)
/usr/lib/python3.6/ssl.py:750: SSLError
signature.asc
Description: OpenPGP digital signature
