Debian Bug report logs - #944194
dput: Authenticated HTTP request raises AttributeError in Python >= 3.7

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: TQ Hirsch <thequux@thequux.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: dput: Authenticated HTTP uploads are broken in Python 3.7

Date: Tue, 5 Nov 2019 18:17:00 +0100

[Message part 1 (text/plain, inline)]

Package: dput
Version: 1.0.3
Severity: normal
Tags: patch

Using dput to an HTTP host that expects Basic authentication ("hsg" in
the config below) results in the following stack trace:

Uploading to hsg (via http to localhost:8123):
  Uploading thequux-apt-config_2019.11.02.dsc: need authentication.
Traceback (most recent call last):
  File "/usr/bin/dput", line 11, in <module>
    load_entry_point('dput==1.0.3', 'console_scripts', 'execute-dput')()
  File "/usr/share/dput/dput/dput.py", line 1156, in main
    files_to_upload, debug, 0, progress=progress)
  File "/usr/share/dput/dput/methods/http.py", line 154, in upload
    url, res.msg, pwman).get_auth_headers()
  File "/usr/share/dput/dput/methods/http.py", line 82, in get_auth_headers
    ah.http_error_401(self, None, 401, None, self.resp_headers)
  File "/usr/lib/python3.7/urllib/request.py", line 1025, in http_error_401
    url = req.full_url
AttributeError: 'AuthHandlerHackAround' object has no attribute 'full_url'

I would have expected this to prompt me for a password and then
proceed to upload the package.

The attached patch seems to fix the problem, but it has not been
thoroughly tested (only a quick trial).

-- Package-specific info:

-- /etc/dput.cf --
# Example dput.cf that defines the host that can be used
# with dput for uploading.

[DEFAULT]
login            = *
method            = ftp
hash            = md5
allow_unsigned_uploads    = 0
allow_dcut        = 0
run_lintian        = 0
run_dinstall        = 0
check_version        = 0
scp_compress        = 0
post_upload_command    =
pre_upload_command    =
passive_ftp        = 1
default_host_main    =
allowed_distributions    = (?!UNRELEASED)

[ftp-master]
fqdn            = ftp.upload.debian.org
incoming        = /pub/UploadQueue/
login            = anonymous
allow_dcut        = 1
method            = ftp
# Please, upload your package to the proper archive
#
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security-upload
allowed_distributions    = (?!UNRELEASED|.*-security)

# https://lists.debian.org/debian-project/2009/05/msg00036.html
[ftp-eu]
fqdn            = ftp.eu.upload.debian.org
method            = ftp
incoming        = /pub/UploadQueue/
login            = anonymous
allow_dcut        = 1
# Please, upload your package to the proper archive
#
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security-upload
allowed_distributions    = (?!UNRELEASED|.*-security)

# https://lists.debian.org/debian-devel-announce/2008/09/msg00007.html
[ssh-upload]
login            = *
# login            = another_username
fqdn            = ssh.upload.debian.org
method            = scp
incoming        = /srv/upload.debian.org/UploadQueue/
allow_dcut        = 1
# Please, upload your package to the proper archive
#
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security-upload
allowed_distributions    = (?!UNRELEASED|.*-security)

# And if you want to override one of the defaults, add it here.
# For example, comment out the next line
# post_upload_command    = /path/to/some/script
# pre_upload_command    = /path/to/some/script

[security-master]
fqdn            = ftp.security.upload.debian.org
method            = ftp
incoming        = /pub/SecurityUploadQueue
login            = anonymous
allow_dcut        = 1
# This has been added at the request of the security team.
# Please be sure to know what you are doing before taking it out.
pre_upload_command    = /usr/share/dput/helper/security-warning

[security-master-unembargoed]
fqdn            = ftp.security.upload.debian.org
method            = ftp
incoming        = /pub/OpenSecurityUploadQueue
login            = anonymous
allow_dcut        = 1
# This has been added at the request of the security team.
# Please be sure to know what you are doing before taking it out.
pre_upload_command    = /usr/share/dput/helper/security-warning

[ubuntu]
fqdn            = upload.ubuntu.com
method            = ftp
incoming        = /
login            = anonymous

[ppa]
fqdn            = ppa.launchpad.net
method            = ftp
# replace <launchpad-id> with your Launchpad ID
incoming        = ~<launchpad-id>/ubuntu
login            = anonymous

[mentors]
method            = ftp
fqdn            = mentors.debian.net
incoming        = /pub/UploadQueue
login            = anonymous

[local]
method            = local
incoming        = ~/public_html/debian/mini-dinstall/incoming
run_dinstall        = 0
post_upload_command    = /usr/bin/mini-dinstall --batch


# Local variables:
# coding: utf-8
# mode: conf
# End:
# vim: fileencoding=utf-8 filetype=config :

-- /home/thequux/.dput.cf --
[hsg]
fqdn = localhost:8123
method = http
login = thequux
incoming = /incoming
# distributions = hsg

[DEFAULT]
login = *
method = ftp
hash = md5
allow_unsigned_uploads = 0
allow_dcut = 0
distributions =
allowed_distributions = (?!UNRELEASED)
run_lintian = 0
run_dinstall = 0
check_version = 0
scp_compress = 0
default_host_main =
post_upload_command =
pre_upload_command =
ssh_config_options =
passive_ftp = 1
progress_indicator = 0
delayed =

[ftp-master]
fqdn = ftp.upload.debian.org
incoming = /pub/UploadQueue/
login = anonymous
allow_dcut = 1
method = ftp
allowed_distributions = (?!UNRELEASED|.*-security)

[ftp-eu]
fqdn = ftp.eu.upload.debian.org
method = ftp
incoming = /pub/UploadQueue/
login = anonymous
allow_dcut = 1
allowed_distributions = (?!UNRELEASED|.*-security)

[ssh-upload]
login = *
fqdn = ssh.upload.debian.org
method = scp
incoming = /srv/upload.debian.org/UploadQueue/
allow_dcut = 1
allowed_distributions = (?!UNRELEASED|.*-security)

[security-master]
fqdn = ftp.security.upload.debian.org
method = ftp
incoming = /pub/SecurityUploadQueue
login = anonymous
allow_dcut = 1
pre_upload_command = /usr/share/dput/helper/security-warning

[security-master-unembargoed]
fqdn = ftp.security.upload.debian.org
method = ftp
incoming = /pub/OpenSecurityUploadQueue
login = anonymous
allow_dcut = 1
pre_upload_command = /usr/share/dput/helper/security-warning

[ubuntu]
fqdn = upload.ubuntu.com
method = ftp
incoming = /
login = anonymous

[ppa]
fqdn = ppa.launchpad.net
method = ftp
incoming = ~<launchpad-id>/ubuntu
login = anonymous

[mentors]
method = ftp
fqdn = mentors.debian.net
incoming = /pub/UploadQueue
login = anonymous

[local]
method = local
incoming = ~/public_html/debian/mini-dinstall/incoming
run_dinstall = 0
post_upload_command = /usr/bin/mini-dinstall --batch
fqdn = localhost

[hsg]
fqdn = localhost:8123
method = http
login = thequux
incoming = /incoming



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.3.0-1-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dput depends on:
ii  python3                3.7.5-1
ii  python3-debian         0.1.36
ii  python3-gpg            1.13.1-1
ii  python3-pkg-resources  41.4.0-1

dput recommends no packages.

Versions of packages dput suggests:
ii  lintian         2.32.0
pn  mini-dinstall   <none>
ii  openssh-client  1:8.1p1-1
ii  rsync           3.1.3-8

Versions of packages dput is related to:
ii  devscripts  2.19.7
ii  gnupg       2.2.17-3
ii  lintian     2.32.0
ii  rsync       3.1.3-8
pn  ssh         <none>

-- no debconf information

[dput-basic-auth.patch (text/x-patch, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #10 received at 944194@bugs.debian.org (full text, mbox, reply):

From: Ben Finney <bignose@debian.org>

To: 944194@bugs.debian.org

Cc: TQ Hirsch <thequux@thequux.com>

Subject: Re: Bug#944194: dput: Authenticated HTTP request raises AttributeError in Python >= 3.7

Date: Tue, 26 Apr 2022 12:48:14 +1000

[Message part 1 (text/plain, inline)]

Control: tags -1 + confirmed pending
Control: retitle -1 dput: Authenticated HTTP request raises AttributeError in Python >= 3.7
Control: summary -1 0

The ‘AuthHandlerHackAround’ class has fallen behind recent Python
implementation of ‘urllib.request.Request’ API. This causes users
expecting that API to crash with AttributeError.

On 05-Nov-2019, TQ Hirsch wrote:

> Uploading to hsg (via http to localhost:8123):
>   Uploading thequux-apt-config_2019.11.02.dsc: need authentication.
> Traceback (most recent call last):
>   File "/usr/bin/dput", line 11, in <module>
>     load_entry_point('dput==1.0.3', 'console_scripts', 'execute-dput')()
>   File "/usr/share/dput/dput/dput.py", line 1156, in main
>     files_to_upload, debug, 0, progress=progress)
>   File "/usr/share/dput/dput/methods/http.py", line 154, in upload
>     url, res.msg, pwman).get_auth_headers()
>   File "/usr/share/dput/dput/methods/http.py", line 82, in get_auth_headers
>     ah.http_error_401(self, None, 401, None, self.resp_headers)
>   File "/usr/lib/python3.7/urllib/request.py", line 1025, in http_error_401
>     url = req.full_url
> AttributeError: 'AuthHandlerHackAround' object has no attribute 'full_url'

The Python ‘urllib.request’ module is attempting to use an API not
implemented on ‘AuthHandlerHackAround’. I have implemented the changed
API on that fake class, and it will be part of the next ‘dput’ release.

Thank you for the report and analysis of the issue.

-- 
 \     “Whatever a man prays for, he prays for a miracle. Every prayer |
  `\   reduces itself to this: “Great God, grant that twice two be not |
_o__)                                           four.”” —Ivan Turgenev |
Ben Finney <bignose@debian.org>

[signature.asc (application/pgp-signature, inline)]

Message #21 received at 944194-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 944194-close@bugs.debian.org

Subject: Bug#944194: fixed in dput 1.1.1

Date: Mon, 27 Jun 2022 22:50:07 +0000

Source: dput
Source-Version: 1.1.1
Done: Ben Finney <bignose@debian.org>

We believe that the bug you reported is fixed in the latest version of
dput, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 944194@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Finney <bignose@debian.org> (supplier of updated dput package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Jun 2022 17:57:36 +1000
Source: dput
Binary: dput
Architecture: source all
Version: 1.1.1
Distribution: unstable
Urgency: medium
Maintainer: Ben Finney <bignose@debian.org>
Changed-By: Ben Finney <bignose@debian.org>
Description:
 dput       - Debian package upload tool
Closes: 787840 944194
Changes:
 dput (1.1.1) unstable; urgency=medium
 .
   * The “Koyo Ogasawara” release.
   * Update publication years in copyright notices.
   * Declare conformance to “Standards-Version: 4.6.1”. No changes needed.
   * Remove dependency declarations against ancient package versions.
   * Use wildcard for version string in context for Lintian overrides.
   * Declare auto-generated Setuptools ‘egg-info’ files to ‘dh_clean’.
   * Implement `urllib.request.Request` compatible API for auth.
     Closes: bug#944194. Thanks to TQ Hirsch for the report
     and to Mathieu Parent for the implementation.
   * Remove a workaround for a Debhelper bug now fixed.
   * Read user configuration file from XDG standard location by default.
     Closes: bug#787840. Thanks to Rodolphe PELLOUX-PRAYER for the report.
Checksums-Sha1:
 1c4954e3c2b0d0b2a688bec7fc7408e29a0edc34 1725 dput_1.1.1.dsc
 4ea453825d49076d597b4687cc530a0272103f53 106336 dput_1.1.1.tar.xz
 cdcff12c92d49397a77c8fdbdc0304bcf82c0674 57860 dput_1.1.1_all.deb
 4f290ed8efd0831f9cb7a905c1de5d75951f897f 7625 dput_1.1.1_amd64.buildinfo
Checksums-Sha256:
 4b246d5ab44c036ee81a96d7d5051abbfb23e0bed41470e9543267eec5a345c8 1725 dput_1.1.1.dsc
 80bcfa317c56692424242718af0cd69873298b3adb5ab8c1cc8e62820b47522f 106336 dput_1.1.1.tar.xz
 41a70f66345ec3224452f56fdd7fc7abf3f44968afccc49932963b5a49f6ba0a 57860 dput_1.1.1_all.deb
 bcadeb878268126a8d5f695d3875b1925613bf2757508e31c205d63002af6dd0 7625 dput_1.1.1_amd64.buildinfo
Files:
 7e185716af638746eb7d2b46435b9304 1725 devel optional dput_1.1.1.dsc
 a4bc6e50958c0a11d3b237f2a5bb0569 106336 devel optional dput_1.1.1.tar.xz
 88bdd62108e611eb64c924b226598aa9 57860 devel optional dput_1.1.1_all.deb
 d836408e6af60aa712cadf0c59ce2fa4 7625 devel optional dput_1.1.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYVng8p4vpBLgeVxz+bRqrIRCDIIFAmKyzhgACgkQ+bRqrIRC
DII94hAAzmQn37tWVJymMD/0RPZy/gxZ52Ilf2eaEnAHGMugpK53C/uTQEu4G7ye
FXpT1fAbqv1VVekl9OjI7rjzJDrDlIGU7akEKYpl9+lzgCUmhc512tzo5KiKATsv
FhzHqgQQJItS3S0m7DUAjx7tD5Ndr7wbJ4nvoX1oVwTSxcSRDVJ11jambQ6crY+R
3/GbsSlWw/3zdmC3YZeDo5mlCTwyLOFGVDPLrkltA3glxJ5ry+1h4IhMJOFhiKsD
HYa+6AsYP3GCErVPI4HXyx3uMtoYVF6GQIPJ3FP7wdpeCwPwlhQ/qd+Qfgbeh+eM
2DSR8DWoWEo4MPtfMyU15TLfgSI5+2ajbEu60Qapfz5EMDRoRDjJJGdYgoRZ0L5K
safaSmIvz3ul7xt1wa+ahSmRSo+SCRugGL5YiDUPg5RieqTGKhI/eLwAezP/C/4P
p3qIrkJ1woJJEH16WS9VcbIO5xm2RTPcTAY/Gxgxu3RlAGSgAL/FcVSUQOkj1dJB
CsBqamal2TGs/n5YynLlKEi9twwAni+S2gDwNGp8lPTohCiPq4sjuP9rgfAoBCt5
7rEaaMkoGxc6URH+kFxbr/lavhMnGYKmsKfALQ4FMHSbzx97lnZz+JP4Ih7wIq1j
54xbG/eyuavZo8fPCdHY4EcYBra/jQwD5sXxa0unJ0Q9YDaKjas=
=JDuZ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.