First time using Provy in Ubuntu

[Arthur Alvim]

Hey guys,

my name is Arthur Alvim, I'm from Recife just like Fernando.

Fernando told me about this project some months ago. Althought the my lack of experience in deployment and provy's documentation kept me away.

Meanwhile, I developed some fabric scripts for doing some of what provy does. But most of what I did is incomplete. 

So I decided to give a try in the project. =)

I just started two new ubuntu virtual machines (one with 12.10 and later with 11.10) to test provy. 

Procedure was:

I installed Ubuntu 12.10 from an image in the ubuntu website.

Then I installed python-dev, python-pip (then virtualenv and virtualenvwrapper), git, sublime-text.

Then I installed swig which is a dependency for provy (first question: Why the need of swig?).

Then created my virtualenv, installed django and provy.

When running the simple provyfile.py I got a M2Crypto Error about an undefined SSLv2_method.

Since M2Crypto has some issues with OpenSSL in Ubuntu, I downgraded to 11.10 but same problems occurred.

What Am I doing wrong? Am I missing something?

 =)

[Diogo Baeder]

Hi Arthur! Welcome to provy! :-)

Then I installed swig which is a dependency for provy (first question: Why the need of swig?).

Because of M2Crypto. Yeah, I know, this makes it a bit harder to install provy, depending on the machine situation. Let's try and see if we have an alternative for it, in the future. (Feel free to propose it, if you want.)

When running the simple provyfile.py I got a M2Crypto Error about an undefined SSLv2_method.

Since M2Crypto has some issues with OpenSSL in Ubuntu, I downgraded to 11.10 but same problems occurred.

What Am I doing wrong? Am I missing something?

Nope, you're not doing anything wrong, this is a bug in provy - Ubuntu packages OpenSSL without SSL2 support, because SSL2 is considered insecure (http://superuser.com/a/246076) -. The bug is already fixed for when you use the REQUIREMENTS file, but not when you install it the easy way. I'll fix this ASAP, sorry for that. :-(

Maybe the way out of this mess is finding an alternative to M2Crypto, so, again, feel free to propose one. (I haven't found one yet.)

Cheers,

Diogo

[Diogo Baeder]

I think I was not very good at details about the M2Crypto issue with Ubuntu, sorry. Let's try again:

• SSLv2 has security problems, but its C libraries are required by the default M2Crypto package (probably for backwards-compatibility);
• The Ubuntu developers decided to take SSLv2 support out of the distro, because of the security issues;
• Hence they've removed SSLv2 support from OpenSSL in the Ubuntu package (removing also the dependency to SSLv2 libraries);
• Hence they've removed SSLv2 support from M2Crypto as well (also removing the dependency to SSLv2 libraries).

I've found that maybe PyCrypto might be a nice alternative for us. I don't have experience with it yet, but I'll play a bit more with it to see if it solves our problem without us having to mess with the provy API. (Anyways, 0.7.0 will be a release with some API changes, so maybe it won't hurt so much if we have to change it as well for the SSL RSA stuff that we use.)

In the meanwhile, can you file a bug issue in GitHub for us?

__________________________
Diogo Baeder
http://diogobaeder.com.br

--
 
 

[Fernando]

On 27 January 2013 12:40, Diogo Baeder <diogo...@gmail.com> wrote:

I think I was not very good at details about the M2Crypto issue with Ubuntu, sorry. Let's try again:

• SSLv2 has security problems, but its C libraries are required by the default M2Crypto package (probably for backwards-compatibility);
• The Ubuntu developers decided to take SSLv2 support out of the distro, because of the security issues;
• Hence they've removed SSLv2 support from OpenSSL in the Ubuntu package (removing also the dependency to SSLv2 libraries);
• Hence they've removed SSLv2 support from M2Crypto as well (also removing the dependency to SSLv2 libraries).

I've found that maybe PyCrypto might be a nice alternative for us. I don't have experience with it yet, but I'll play a bit more with it to see if it solves our problem without us having to mess with the provy API. (Anyways, 0.7.0 will be a release with some API changes, so maybe it won't hurt so much if we have to change it as well for the SSL RSA stuff that we use.)

Doing as fast grep I found M2Crypto is just being used in debian SSHRole.

As far I understood, it is only used to create de public key from a private key. Is that right? If so, maybe we could just use ssh-keygen for that.

Other possible approach is to make these dependencies optional, if it is not needed by provy core. The user may be installing dependencies for something they may never use (sshrole).

Also, I think is a good idea to avoid C dependencies, since (at least for me), one of the most appealing characteristic of provy is being simple and easy to use. So, it is important to also being simple to install.

In this case, pycrypto could be a great choose, since it is already a dependency of fabric.

[]s

In the meanwhile, can you file a bug issue in GitHub for us?

__________________________
Diogo Baeder
http://diogobaeder.com.br

On Sun, Jan 27, 2013 at 12:56 PM, Diogo Baeder <diogo...@gmail.com> wrote:

Hi Arthur! Welcome to provy! :-)

Then I installed swig which is a dependency for provy (first question: Why the need of swig?).

Because of M2Crypto. Yeah, I know, this makes it a bit harder to install provy, depending on the machine situation. Let's try and see if we have an alternative for it, in the future. (Feel free to propose it, if you want.)

When running the simple provyfile.py I got a M2Crypto Error about an undefined SSLv2_method.

Since M2Crypto has some issues with OpenSSL in Ubuntu, I downgraded to 11.10 but same problems occurred.

What Am I doing wrong? Am I missing something?

Nope, you're not doing anything wrong, this is a bug in provy - Ubuntu packages OpenSSL without SSL2 support, because SSL2 is considered insecure (http://superuser.com/a/246076) -. The bug is already fixed for when you use the REQUIREMENTS file, but not when you install it the easy way. I'll fix this ASAP, sorry for that. :-(

Maybe the way out of this mess is finding an alternative to M2Crypto, so, again, feel free to propose one. (I haven't found one yet.)

Cheers,

Diogo

--
 
 

--
 
 

--
http://about.me/fernandogrd

[Fernando]

On 27 January 2013 12:56, Fernando <ferna...@gmail.com> wrote:

On 27 January 2013 12:40, Diogo Baeder <diogo...@gmail.com> wrote:

I think I was not very good at details about the M2Crypto issue with Ubuntu, sorry. Let's try again:

• SSLv2 has security problems, but its C libraries are required by the default M2Crypto package (probably for backwards-compatibility);
• The Ubuntu developers decided to take SSLv2 support out of the distro, because of the security issues;
• Hence they've removed SSLv2 support from OpenSSL in the Ubuntu package (removing also the dependency to SSLv2 libraries);
• Hence they've removed SSLv2 support from M2Crypto as well (also removing the dependency to SSLv2 libraries).

I've found that maybe PyCrypto might be a nice alternative for us. I don't have experience with it yet, but I'll play a bit more with it to see if it solves our problem without us having to mess with the provy API. (Anyways, 0.7.0 will be a release with some API changes, so maybe it won't hurt so much if we have to change it as well for the SSL RSA stuff that we use.)

Doing as fast grep I found M2Crypto is just being used in debian SSHRole.

As far I understood, it is only used to create de public key from a private key. Is that right? If so, maybe we could just use ssh-keygen for that.

Other possible approach is to make these dependencies optional, if it is not needed by provy core. The user may be installing dependencies for something they may never use (sshrole).

Also, I think is a good idea to avoid C dependencies, since (at least for me), one of the most appealing characteristic of provy is being simple and easy to use. So, it is important to also being simple to install.

In this case, pycrypto could be a great choose, since it is already a dependency of fabric.

I did some tests and it seems simple to replace it with pycrypto. I'm working on it.
 

[]s

In the meanwhile, can you file a bug issue in GitHub for us?

__________________________
Diogo Baeder
http://diogobaeder.com.br

On Sun, Jan 27, 2013 at 12:56 PM, Diogo Baeder <diogo...@gmail.com> wrote:

Hi Arthur! Welcome to provy! :-)

Then I installed swig which is a dependency for provy (first question: Why the need of swig?).

Because of M2Crypto. Yeah, I know, this makes it a bit harder to install provy, depending on the machine situation. Let's try and see if we have an alternative for it, in the future. (Feel free to propose it, if you want.)

When running the simple provyfile.py I got a M2Crypto Error about an undefined SSLv2_method.

Since M2Crypto has some issues with OpenSSL in Ubuntu, I downgraded to 11.10 but same problems occurred.

What Am I doing wrong? Am I missing something?

Nope, you're not doing anything wrong, this is a bug in provy - Ubuntu packages OpenSSL without SSL2 support, because SSL2 is considered insecure (http://superuser.com/a/246076) -. The bug is already fixed for when you use the REQUIREMENTS file, but not when you install it the easy way. I'll fix this ASAP, sorry for that. :-(

Maybe the way out of this mess is finding an alternative to M2Crypto, so, again, feel free to propose one. (I haven't found one yet.)

Cheers,

Diogo

--
 
 

--
 
 

--
http://about.me/fernandogrd

--
http://about.me/fernandogrd

[Diogo Baeder]

Awesome, Fernando, thanks a lot! Yeah, indeed, that's the only point of use, only to generate a public key from a private one. If you figure out how to replace with PyCrypto without sacrificing the API, that would be awesome, thanks a lot! :-)

Cheers!

__________________________
Diogo Baeder
http://diogobaeder.com.br