search

bugfest / tor-controller

Tor toolkit for Kubernetes (Tor instances, onion services and more)
Apache License 2.0
98 stars 17 forks source link

[BUG] 0.7.1 onionbalance raises ImportError #30

Closed conneryn closed 1 year ago

conneryn commented 1 year ago

Describe the bug The latest build (0.7.1) of the onionbalanace-manager is failing to run onionbalance successfully, as it throws an Import Error:

ImportError: Hidden service descriptor decryption requires cryptography version 2.6

To Reproduce Create an OnionBalancedService using the latest version (0.7.1 docker containers).

Expected behavior The OnionBalanceService should startup without issues, and the onion service should be discoverable.

Additional information

Error logs from the onionbalance container in the daemon pod:

[...]
2023-01-17 15:39:05,078 [WARNING]: Onionbalance initialized (stem version: 1.8.1) (tor version: 0.4.6.10 (git-22fd351cf582aa2b))!
2023-01-17 15:39:05,078 [WARNING]: ================================================================================
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/onionbalance/hs_v3/stem_controller.py", line 39, in handle_new_desc_content_event_wrapper
    my_onionbalance.handle_new_desc_content_event(desc_content_event)
  File "/usr/lib/python3.10/site-packages/onionbalance/hs_v3/onionbalance.py", line 148, in handle_new_desc_content_event
    instance.register_descriptor(descriptor_text, onion_address)
  File "/usr/lib/python3.10/site-packages/onionbalance/hs_v3/instance.py", line 57, in register_descriptor
    new_descriptor = ob_descriptor.ReceivedDescriptor(descriptor_text, onion_address)
  File "/usr/lib/python3.10/site-packages/onionbalance/hs_v3/descriptor.py", line 275, in __init__
    v3_desc.decrypt(onion_address)
  File "/usr/lib/python3.10/site-packages/stem/descriptor/hidden_service.py", line 1081, in decrypt
    raise ImportError('Hidden service descriptor decryption requires cryptography version 2.6')
ImportError: Hidden service descriptor decryption requires cryptography version 2.6

Between container images 0.7.0 and 0.7.1, the base version of alpine was upgraded from 3.16.2 to 3.17.1, which in turn caused several dependencies to be upgraded. Namely, py3-cyrptography is upgraded from 3.4.8 to 38.0.3

In the previous version (0.7.0), I would receive a deprecation warning:

2023-01-17 20:14:44,594 [WARNING]: Onionbalance initialized (stem version: 1.8.0) (tor version: 0.4.6.10 (git-22fd351cf582aa2b))!
2023-01-17 20:14:44,594 [WARNING]: ================================================================================
/usr/lib/python3.10/site-packages/stem/prereq.py:142: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes, int_to_bytes

Therefore, this is potentially related to: https://github.com/torproject/stem/issues/118 (as int_from_bytes has been fully deprecated as of cryptography version 37.x). Although, there have been many other deprecations/changes between 3.4.8 and 38.0.3, so it really could be a number of things.

System (please complete the following information):

conneryn commented 1 year ago

I think simply pinning the alpine version could be a work-around, for now (see #31).

bugfest commented 1 year ago

Thanks again @conneryn, my bad I didn't double check it was working properly before release. #31 merged & building right now. Will release 0.7.2 for this fix and let you know

bugfest commented 1 year ago

Released by #32