Re: Python 3.6 and blocking-by-default os.urandom()
On 3 January 2017 at 20:01, Petr Viktorin wrote: > Here's a potentially related issue – apparently Python 3.6 doesn't run on a > CentOS 7 kernel (which would be an issue when running Fedora in Docker on an > EL7 host, or when we try to get py3.6 in EPEL). > > https://github.com/rpm-software-management/mock/issues/28 Even in 3.6+, CPython falls back to reading /dev/urandom if the syscall triggers ENOSYS or ENOPERM at runtime. What *will* fail is attempting to run in a chroot or container without access to either the getrandom syscall or the /dev/urandom device path. Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia ___ python-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
Re: Python 3.6 and blocking-by-default os.urandom()
On 4.1.2017 09:20, Nick Coghlan wrote: On 3 January 2017 at 20:01, Petr Viktorin wrote: Here's a potentially related issue – apparently Python 3.6 doesn't run on a CentOS 7 kernel (which would be an issue when running Fedora in Docker on an EL7 host, or when we try to get py3.6 in EPEL). https://github.com/rpm-software-management/mock/issues/28 Even in 3.6+, CPython falls back to reading /dev/urandom if the syscall triggers ENOSYS or ENOPERM at runtime. What *will* fail is attempting to run in a chroot or container without access to either the getrandom syscall or the /dev/urandom device path. Reported today: https://bugzilla.redhat.com/show_bug.cgi?id=1410175 Cheers, Nick. -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok ___ python-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
Re: Python 3.6 and blocking-by-default os.urandom()
> Here's a potentially related issue – apparently Python 3.6 doesn't run > on a CentOS 7 kernel (which would be an issue when running Fedora in > Docker on an EL7 host, or when we try to get py3.6 in EPEL). > > https://github.com/rpm-software-management/mock/issues/28 > > Harris, could you try to reproduce this? > It is not just about python3.6 but I can also see something similar with old kernel and python35 in latest rawhide userspace https://bugzilla.redhat.com/show_bug.cgi?id=1410187 ___ python-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
Re: Python 3.6 and blocking-by-default os.urandom()
> It is not just about python3.6 but I can also see something similar with old > kernel and python35 in latest rawhide userspace > https://bugzilla.redhat.com/show_bug.cgi?id=1410187 BTW the explanation is that the latest update of glibc in rawhide provides functions getentropy and getrandom objdump -T /lib64/libc.so.6 | grep GLIBC_2.25 0003c6f0 gDF .text 008c GLIBC_2.25 getentropy gDO *ABS* GLIBC_2.25 GLIBC_2.25 0003c9a0 gDF .text 020f GLIBC_2.25 strfromd 0003c780 gDF .text 021f GLIBC_2.25 strfromf 0003cbb0 gDF .text 021f GLIBC_2.25 strfroml 000a3a60 gDF .text 0013 GLIBC_2.25 explicit_bzero 0011f1a0 gDF .text 0025 GLIBC_2.25 __explicit_bzero_chk 0003c650 gDF .text 0099 GLIBC_2.25 getrandom and the latest python3 nad python35 packaeges uses it sh# rpm -q python3 python35 python3-3.6.0-1.fc26.x86_64 python35-3.5.2-5.fc26.x86_64 sh# objdump -T /usr/lib64/libpython3.5m.so | grep GLIBC_2.25 DF *UND* GLIBC_2.25 getentropy sh# objdump -T /usr/lib64/libpython3.6m.so | grep GLIBC_2.25 DF *UND* GLIBC_2.25 getentropy older version of python3 (3.5 at that time) didn't use it because it was compiled against older version of glibc sh# objdump -T /usr/lib64/libpython3.so | grep GLIBC_2.25 sh# objdump -T /usr/lib64/libpython3.5m.so.1.0 | grep GLIBC_2.25 sh# rpm -q python3 python3-3.5.2-7.fc26.x86_64 ___ python-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
Re: Python 3.6 and blocking-by-default os.urandom()
On 5 January 2017 at 03:42, Lukas Slebodnik wrote: >> It is not just about python3.6 but I can also see something similar with old >> kernel and python35 in latest rawhide userspace >> https://bugzilla.redhat.com/show_bug.cgi?id=1410187 > BTW the explanation is that the latest update of glibc in rawhide provides > functions getentropy and getrandom And Victor Stinner further diagnosed that as a combined bug in CPython's conditional compilation logic where: - getentropy was preferred over getrandom when both were available - only the getrandom code had the ENOSYS handling needed to cope with newer binaries running on older kernels http://bugs.python.org/issue29157 has a patch to change the logic so that getrandom is preferred over getentropy when both are available, and also to add the ENOSYS handling that getrandom already has to getentropy. Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia ___ python-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
