dm.xmlsec.binding broken?

[navneil]

I can't get dm.xmlsec.binding to work on my fedora host. It just core dumps. Has anyone gotten this to work. As far as I can tell, I have everything installed cleanly. I find dm.xmlsec.binding to be very unreliable and modified python-saml to use the xmlsec1 binary instead.

[toopy]

Same issue for me. It looks like these tests are very strict, cf.:

• https://github.com/tachang/dm.xmlsec.binding/blob/master/setup.py#L107
• https://github.com/tachang/dm.xmlsec.binding/blob/master/setup.py#L111

In my case here is what I get.

# xmlsec1-config --libs --crypto=openssl
minion-services -L/usr/lib -lxmlsec1-openssl -lxmlsec1 -lxslt -lxml2 -lssl -lcrypto

I don't how I introduce that value minion-services, but the output is not so bad and dm.xmlsec.binding should work :/

[brycehemme]

I've also confirmed that @jborg 's solution of modifying /usr/bin/xmlsec1-config works on the current version of Amazon Linux using CentOS 7 RPMs. Thanks for the help everyone!

[boazsh]

This is what I did on CentOS (Amazon linux) to solve the issue:

I downloaded xmlsec1-1.2.20-4.el6.x86_64.rpm, xmlsec1-devel-1.2.20-4.el6.x86_64.rpm, xmlsec1-openssl-1.2.20-4.el6.x86_64.rpm and xmlsec1-openssl-devel-1.2.20-4.el6.x86_64.rpm manually, and then:

yum install xmlsec1-1.2.20-4.el6.x86_64.rpm
yum install xmlsec1-devel-1.2.20-4.el6.x86_64.rpm
yum install xmlsec1-openssl-1.2.20-4.el6.x86_64.rpm
yum install xmlsec1-openssl-devel-1.2.20-4.el6.x86_64.rpm
yum install libtool-ltdl-devel
pip install python-saml

[realjackofall]

@navneil , Did you get this to work? I'm having the same problem as you. I can can confirm that commenting out the mentioned line in dm/xmlsec/binding/init.py makes the problem go away. How exactly do I incorporate suggestions from @jborg ? I tried updating /usr/bin/xmlsec1-config with the said flag and re installing python-saml (with all it's dependencies) from scratch in a new virtual env. Is that correct? If yes, that has not solved the problem.

This is working now. I had to use --no-cache-dir when reinstalling dm.xmlsec.binding using pip as suggested by @sunmoonone .

My setup -

centos 6.6
xmlsec1-1.2.20-4.el6.x86_64
xmlsec1-devel-1.2.20-4.el6.x86_64
xmlsec1-openssl-1.2.20-4.el6.x86_64
xmlsec1-openssl-devel-1.2.20-4.el6.x86_64
libtool-ltdl-2.2.6-15.5.el6.x86_64
libtool-ltdl-devel-2.2.6-15.5.el6.x86_64
libxml2-python-2.7.6-17.el6_6.1.x86_64
libxml2-devel-2.7.6-17.el6_6.1.x86_64
libxml2-2.7.6-17.el6_6.1.x86_64
libxslt-1.1.26-2.el6_3.1.x86_64
libxslt-devel-1.1.26-2.el6_3.1.x86_64

Python              : sys.version_info(major=2, minor=7, micro=11, releaselevel='final', serial=0)
lxml.etree          : (3, 6, 0, 0)
libxml used         : (2, 7, 6)
libxml compiled     : (2, 7, 6)
libxslt used        : (1, 1, 26)
libxslt compiled    : (1, 1, 26)

All OS packages were installed using yum and python packages using pip.

[taldev-no]

I had a lot of problems with this running Fedora 24, this is what worked for me:

1)dnf install libtool-ltdl-devel xmlsec1-devel xmlsec1-openssl-devel swig 2) Open /usr/bin/xmlsec1-config and edit line 244, add -DXMLSEC_NO_SIZE_T to the variable the_flags. Placement may or may not matter, but I put it after -DXMLSEC_DL_LIBLTDL=1 to group them. 3) Install python-saml through pip. For safety, it can be wise to use the flag --no-cache-dir, to ensure that all the libraries are built using the correct config.

This appears to solve both "improper signature method" and immidiate segfaults when importing dm.xmlsec.binding.

[cacois]

@Heilage tried this edit, but I can't seem to get pip to rebuild python-saml, even using --no-cache-dir. It'll uninstall and reinstall, but no output about building from gcc, so I think its ignoring my request to not use the cache.

Any thoughts?

Update: using --ignore-installed seemed to work, now instead of a core dump I get an error: Unknown IO error when calling from onelogin.saml2.auth import OneLogin_Saml2_Auth

Not sure if this is an issue or not, investigating...

[greenpau]

Original error:

    Error: cannot get XMLSec1 pre-processor and compiler flags; do you have the `libxmlsec1` development package installed?

Resolved on CentOS Linux release 7.3.1611 (Core):

curl -s https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python get-pip.py
yum -y install libxml2-devel xmlsec1-devel python-devel xmlsec1-openssl-devel libtool-ltdl-devel
pip install python-saml

[RD1991]

import dm.xmlsec.binding as xmlsec ... ... dsig_ctx = xmlsec.DSigCtx() fails saying "attribute 'signKey' of 'dm.xmlsec.binding._xmlsec.DSigCtx' objects is not readable".

Related with this bug ?

[ThemGit]

Hello @pitbulk ,

i am running on Red Hat Enterprise Linux Server release 6.8

i have followed all the steps mentioned above and installed

libxml2-devel xmlsec1-devel python-devel xmlsec1-openssl-devel libtool-ltdl-devel

running pip install python-saml completes fine

i change -DXMLSEC_NO_SIZE_T

but then i still get Segmentation fault (core dumped)

Are there any other suggestions on how to overcome this? It seems quite strange that after all this time it is still an issue.

Update by manually compiling xmlsec1-devel my issue was resolved.

I followed the directions here:

[skortchmark9]

We're using this library for SSO and are pretty unhappy with how difficult it is to install. All of the problems come from dm.xmlsec.binding. The recent 1.3.3 upgrade broke us again. We're considering switching to: https://github.com/rohe/pysaml2 as an alternative.@navneil is your fork which uses xmlsec1 available anywhere?

[pitbulk]

@skortchmark9

You can use python3-saml that uses another xmlsec lib...not dm.xmlsec.binding

[taldev-no]

@skortchmark9 I'd just like to echo what @pitbulk said, switching to python3-saml (works on 2.7 btw, we're still on 2.7.11) saved us a lot of setup and configuration hassle (also the API is better designed and easier to use IMO).

[ThemGit]

@Heilage Did you need to do any changes in the code that uses python-saml, or are the method calls etc. exactly the same on python3-saml?

[taldev-no]

@ThemGit It's been a while since we did the switch, but I seem to remember not having to make many changes, maybe a few new imports and stuff. Unless I'm very much mistaken, it was a very easy switch.

[ThemGit]

@Heilage Thanks! I will post back then as well once i make the switch on our own code.

[ender672]

As an alternative to editing /usr/bin/xmlsec1-config, you can set the environment variable CFLAGS=-DXMLSEC_NO_SIZE_T.

For example:

$ pip uninstall dm.xmlsec.binding
$ CFLAGS=-DXMLSEC_NO_SIZE_T pip install --no-cache-dir dm.xmlsec.binding

[Terhands]

Just a heads up, there is a similar issue on MacOS 10.12 which prevents the successful installation of dm.xmlsec.binding.

Here is the apple thread with more information: https://forums.developer.apple.com/thread/87829

[Emerson]

Dealing with an issue here as well on Ubuntu 14.04 with all required packages installed (I think). If anyone has any knowledge of what could be wrong I'd really appreciate it, or likewise, if I figure out the issue I'll respond in this thread. Here is the error I see when trying to install v2.3.3:

(virtualenv) deploy@vagrant-ubuntu-trusty-64:/srv/git$ pip install python-saml
Collecting python-saml
  Using cached python_saml-2.3.0-py2-none-any.whl
Collecting dm.xmlsec.binding==1.3.3 (from python-saml)
  Using cached dm.xmlsec.binding-1.3.3.tar.gz
    Complete output from command python setup.py egg_info:
    x86_64-linux-gnu-gcc: internal compiler error: Killed (program cc1)
    Please submit a full bug report,
    with preprocessed source if appropriate.
    See <file:///usr/share/doc/gcc-4.8/README.Bugs> for instructions.
    Building lxml version 4.1.0.
    Building without Cython.
    Using build configuration of libxslt 1.1.28
    Compile failed: command 'x86_64-linux-gnu-gcc' failed with exit status 4
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-6ZN_Bm/dm.xmlsec.binding/setup.py", line 224, in <module>
        **setupArgs
      File "/usr/lib/python2.7/distutils/core.py", line 111, in setup
        _setup_distribution = dist = klass(attrs)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/dist.py", line 335, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/dist.py", line 456, in fetch_build_eggs
        replace_conflicting=True,
      File "/srv/virtualenv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 863, in resolve
        replace_conflicting=replace_conflicting
      File "/srv/virtualenv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1141, in best_match
        return self.obtain(req, installer)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1153, in obtain
        return installer(requirement)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/dist.py", line 522, in fetch_build_egg
        return cmd.easy_install(req)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 672, in easy_install
        return self.install_item(spec, dist.location, tmpdir, deps)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 698, in install_item
        dists = self.install_eggs(spec, download, tmpdir)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 879, in install_eggs
        return self.build_and_install(setup_script, setup_base)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1118, in build_and_install
        self.run_setup(setup_script, setup_base, args)
      File "/srv/virtualenv/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1106, in run_setup
        raise DistutilsError("Setup script exited with %s" % (v.args[0],))
    distutils.errors.DistutilsError: Setup script exited with error: command 'x86_64-linux-gnu-gcc' failed with exit status 4

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-6ZN_Bm/dm.xmlsec.binding/

[Emerson]

I wanted to followup on my previous comment. It turns out the issue was related to memory issues. I went ahead and created a 1GB swap on my box and pip install works fine now. Hope this helps someone else :v:

[juliedavila]

Also confirming CentOS7 is fixed by adding the -DXMLSEC_NO_SIZE_T flag and reinstall dm.xmlsec.binding with the no cache option.

Mirrors reports by @Heilage and @repagh

[jerkyrs]

This is referenced in another thread #177

I did the following within the venv on Centos 7 export ARCHFLAGS='-arch x86_64' pip install pysaml2==3.0.0

I also ran the above xmlsec configuration change

It also resulted in deadlock on uwsgi that resulted with the following error ImportError: lxml.etree does not export expected C function adoptExternalDocument

I will need to rebuild via kickstart/puppet to verify successful build, but this was also causing issues on our Centos6 builds.

[mathieu-lacage]

is there a reason dm.xmlsec.binding is still using xmlsec1-config instead of using pkg-config --cflags ?

i.e., borg's patch to xmlsec1-config to add -DXMLSEC_NO_SIZE_T works.

Note, this is on stock FC27

[xanterx]

As an alternative to editing /usr/bin/xmlsec1-config, you can set the environment variable CFLAGS=-DXMLSEC_NO_SIZE_T.

For example:

$ pip uninstall dm.xmlsec.binding
$ CFLAGS=-DXMLSEC_NO_SIZE_T pip install --no-cache-dir dm.xmlsec.binding

For Pipenv I used pipenv run pip uninstall dm.xmlsec.binding CFLAGS=-DXMLSEC_NO_SIZE_T pipenv run pip install --no-cache-dir dm.xmlsec.binding