-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove x509 ABCs #11437
Comments
Hi @alex How I plan to implement this:Taking Certificate class as an example :
Removing Addressing the changes further: Remove then Remove then I am bit confused on how to Implement methods and properties here should return as here of find the linked function it sounds a bit ddumb I know but I think with little direction I can pull this off. Let me know if I am missing something or wrong somewhere, I'll try to cover those cases again and revert back |
We'd be happy to take contributions for this yes! In terms of what needs to be done: These classes need to be deleted, and the concrete implementations should be exposed with the same name, and then we have to make sure the mypy types work correctly for them. (With teh small asterisk that |
Thanks @alex Sure, I hope you can help me on places where |
Please do each of these in separate pull requests, not one big one.
…On Fri, Oct 18, 2024 at 5:09 PM treavvasu ***@***.***> wrote:
Thanks @alex <https://github.com/alex>
I'll try my best
Sure, I hope you can help me on places where RevokedCertificate gets too
complex :)
—
Reply to this email directly, view it on GitHub
<#11437 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBDZXJEXQ5O44EDYTMDZ4F2JNAVCNFSM6AAAAABMTCYXKSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRTGIZTMNRYGE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
Thanks I was about to ask for this too. |
The removal of Certificate abc broke FreeIPA. We implement our shim on top of the x509.Certificate with additional logic. |
Can you link to that code?
…On Fri, Nov 29, 2024, 10:05 AM Alexander Bokovoy ***@***.***> wrote:
The removal of Certificate abc broke FreeIPA. We implement our shim on top
of the x509.Certificate with additional logic.
—
Reply to this email directly, view it on GitHub
<#11437 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBD5XXZNVZ4H7LBXJHT2DB7CLAVCNFSM6AAAAABMTCYXKSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMBXHE4TMNBRGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
https://github.com/freeipa/freeipa/blob/master/ipalib/x509.py#L91 and the issues are visible in this ticket: https://pagure.io/freeipa/issue/9708 |
Looks like the proximate way this fails is that you cannot subclass
Certificate. If we made that possible again, would it resolve the
issue?
…On Fri, Nov 29, 2024 at 11:54 AM Alexander Bokovoy ***@***.***> wrote:
https://github.com/freeipa/freeipa/blob/master/ipalib/x509.py#L91 and the issues are visible in this ticket: https://pagure.io/freeipa/issue/9708
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
Yes, I think so. It is literally because python doesn't see a single flag in the tp_flags that allows to subclass. |
Can you test with #12077 and
verify it works?
…On Fri, Nov 29, 2024 at 12:03 PM Alexander Bokovoy ***@***.***> wrote:
Yes, I think so. It is literally because python doesn't see a single flag
in the tp_flags that allows to subclass.
—
Reply to this email directly, view it on GitHub
<#11437 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBENQWMZIXNGYXNX4432DCM5JAVCNFSM6AAAAABMTCYXKSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMBYGE3DCOJXHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
@alex does not work yet, although there is a progress:
I built cryptography 43.0 with two additional patches: from the PR that removed abc for Certificate class and then from the PR #12077. Looking through the pyo3 documentation, it appears you need to define
|
So the challenge is that we don't want |
I'm looking if we can replace inheritance by simply consuming |
I created a PR freeipa/freeipa#7614 that moves FreeIPA to treat x509.Certificate as a resource within our class. There were few changes I needed to add to IPA code to handle that with PyCA prior to 44.0.0 but nothing we cannot sustain going forward. We are going to run more comprehensive tests this week but I think the change to get inheritance back is not needed. I'll report back once we transitioned. |
Great, thank you!
…On Mon, Dec 2, 2024 at 11:27 AM Alexander Bokovoy ***@***.***> wrote:
I created a PR freeipa/freeipa#7614
<freeipa/freeipa#7614> that moves FreeIPA to
treat x509.Certificate as a resource within our class. There were few
changes I needed to add to IPA code to handle that with PyCA prior to
44.0.0 but nothing we cannot sustain going forward.
We are going to run more comprehensive tests this week but I think the
change to get inheritance back is not needed. I'll report back once we
transitioned.
—
Reply to this email directly, view it on GitHub
<#11437 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBHYB2H3GQHWJ7F2DGT2DSDANAVCNFSM6AAAAABMTCYXKSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMJSGA2TAMBWGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
That's great to hear -- thanks for working on this @abbra! |
In numerous places we only support the concrete classes, and there's no real use case for people to implement the ABCs themselves.
Therefore, we should just drop the ABCs, and replace them with the concrete base classes.
Tasks
The text was updated successfully, but these errors were encountered: