docker image fails with non-ascii passwords

[deraffe]

% docker run --rm -ti -v test.kdbx:/tmp.kdbx:ro fopina/kdbxpasswordpwned:dev -u /tmp.kdbx
Password: 
Traceback (most recent call last):
  File "/app/kdbxpasswordpwned.py", line 51, in <module>
    main()
  File "/app/kdbxpasswordpwned.py", line 36, in main
    with pykeepass.PyKeePass(opt.kdbx, password=getpass.getpass(), keyfile=opt.keyfile) as kdb:
  File "/usr/lib/python2.7/site-packages/pykeepass/pykeepass.py", line 28, in __init__
    self.read(password=password, keyfile=keyfile)
  File "/usr/lib/python2.7/site-packages/pykeepass/pykeepass.py", line 45, in read
    keyfile=keyfile
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 325, in parse_file
    return self.parse_stream(f, **contextkw)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 316, in parse_stream
    return self._parsereport(stream, context, "(parsing)")
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 328, in _parsereport
    obj = self._parse(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 1979, in _parse
    subobj = sc._parsereport(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 328, in _parsereport
    obj = self._parse(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 2468, in _parse
    return self.subcon._parsereport(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 328, in _parsereport
    obj = self._parse(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 3663, in _parse
    return sc._parsereport(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 328, in _parsereport
    obj = self._parse(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 1979, in _parse
    subobj = sc._parsereport(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 328, in _parsereport
    obj = self._parse(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 2468, in _parse
    return self.subcon._parsereport(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 328, in _parsereport
    obj = self._parse(stream, context, path)
  File "/usr/lib/python2.7/site-packages/construct/core.py", line 2604, in _parse
    return self.func(context) if callable(self.func) else self.func
  File "/usr/lib/python2.7/site-packages/pykeepass/kdbx_parsing/kdbx3.py", line 145, in <lambda>
    keyfile=this._._.keyfile
  File "/usr/lib/python2.7/site-packages/pykeepass/kdbx_parsing/common.py", line 69, in aes_kdf
    keyfile=keyfile
  File "/usr/lib/python2.7/site-packages/pykeepass/kdbx_parsing/common.py", line 86, in compute_key_composite
    password_composite = hashlib.sha256(password.encode('utf-8')).digest()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1: ordinal not in range(128)

It seems the Alpine system needs some locales, so Python doesn't fall back to ASCII.

[fopina]

Not that I think the error is from there but, out of curiosity, did you actually run docker run --rm -ti -v test.kdbx:/tmp.kdbx:ro fopina/kdbxpasswordpwned:dev -u /tmp.kdbx? Because -v requires full path, single name means named volume, not the file you are probably looking for

[deraffe]

I truncated the long absolute path that was actually used. I did test this with different passwords and in as well as outside of docker (dev as well as latest), so I'm fairly sure the error stems from some difference between my local system setup and the docker image, possibly the locales setup.

[fopina]

Local env shouldn’t affect as only the vars you specify are passed (none there), I believe.

Any chance you could produce such error with a sample file and share it?

[Evidlo]

Does it work if you add this?

ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8

I had to do that in my dockerfile to get unicode passwords to work.