-
-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dm.xmlsec.binding broken? #30
Comments
@navneil , Why do you say dm.xmlsec.binding is unreliable? dm.xmlsec.binding is used in dm.zope.saml2. After review many libraries, I choosedm.xmlsec.binding. What would you propose? |
I can't get dm.xmlsec.binding to work on different linux distributions. Even after installing cleanly, it core dumps on import dm.xmlsec.binding. What distribution are you using? Also, have you thought of using the xmlsec1 binaries instead of the python bindings. |
I tested it on Redhat and Ubuntu. I dislike the use of xmlsec1 binaries execution. Can you take a look on this Travis trace? https://travis-ci.org/onelogin/python-saml As you see is installed as expected. Also, take a look on the installation section of: https://pypi.python.org/pypi/dm.xmlsec.binding/1.3.1 What you get after those commands?
|
Hi, I found this during a google search and I am having the same problem. This is on RHEL6.6, I followed the instructions from the Travis trace (with modifications for RHEL) and ensured all the necessary packages are installed. In order to get past the M2Crypto failures I needed to download the package from the python web site and then apply the fedora_setup from the git clone of M2Crypto (which is an older version than the one available from python pypi)because it's NOT included with the download from pypi. I also needed to install, which isn't mentioned anywhere, xmlsec1-openssl, xmlsec1-openssl-devel, libtool-ltdl and libtool-ltdl-devel (added the -devel packages to be on the safe side) Thi Here is output from the coverage run root@gandalf # coverage run --source=src/onelogin/saml2 --rcfile=tests/coverage.rc setup.py test
running test
running egg_info
writing requirements to src/python_saml.egg-info/requires.txt
writing src/python_saml.egg-info/PKG-INFO
writing top-level names to src/python_saml.egg-info/top_level.txt
writing dependency_links to src/python_saml.egg-info/dependency_links.txt
reading manifest file 'src/python_saml.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '__pycache__' found under directory '*'
warning: no previously-included files matching '*.py[co]' found under directory '*'
writing manifest file 'src/python_saml.egg-info/SOURCES.txt'
running build_ext
Segmentation fault (core dumped) Here is my GDB run: root@gandalf # gdb python2.7
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-75.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/rh/python27/root/usr/bin/python2.7...(no debugging symbols found)...done.
Missing separate debuginfos, use: debuginfo-install python27-python-2.7.5-10.el6.x86_64
(gdb) run
Starting program: /opt/rh/python27/root/usr/bin/python2.7
[Thread debugging using libthread_db enabled]
Python 2.7.5 (default, Dec 3 2013, 08:35:16)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import dm.xmlsec.binding
Program received signal SIGSEGV, Segmentation fault.
__pyx_f_4lxml_5etree_funicode (__pyx_v_s=0x10 <Address 0x10 out of bounds>) at src/lxml/lxml.etree.c:26833
26833 src/lxml/lxml.etree.c: No such file or directory.
in src/lxml/lxml.etree.c Any thoughts? Thanks for any help. |
For shiz and giggles I tried on Fedora Core 20 and received the same results. [root@sauron python-saml]# coverage run --source=src/onelogin/saml2 --rcfile=tests/coverage.rc setup.py test
running test
running egg_info
writing requirements to src/python_saml.egg-info/requires.txt
writing src/python_saml.egg-info/PKG-INFO
writing top-level names to src/python_saml.egg-info/top_level.txt
writing dependency_links to src/python_saml.egg-info/dependency_links.txt
reading manifest file 'src/python_saml.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '__pycache__' found under directory '*'
warning: no previously-included files matching '*.py[co]' found under directory '*'
writing manifest file 'src/python_saml.egg-info/SOURCES.txt'
running build_ext
Segmentation fault |
Hi @cjsteinke and @navneil , Sorry to see that you experiencing problems installing python-saml @cjsteinke , I install M2Crypto using pypi: https://pypi.python.org/pypi/M2Crypto (openssl and swig are dependences from this library). I googled the error and it seems a bug with the lxml library (lxml is a dependece of dm.xmlsec.binding): https://bugs.launchpad.net/lxml/+bug/928333 |
Hi @navneil and @cjsteinke , sorry to see that python-saml is not working on Fedora. In python-saml I install M2Crypto using pypi (https://pypi.python.org/pypi/M2Crypto). This library requires openssl and swig. I googled the error and it seems a bug on the lxml library (a dependence of dm.xmlsec.binding) |
I asked a friend to try get it working on Fedora. @cjsteinke can you try to use the lxml library? Maybe an issue that this library was not compiled correctly. Did you install the python-dev, libxml2-dev and libxslt-dev libraries? In Ubuntu, when building 'dm.xmlsec.binding' I see:
|
Can you try to execute this in order to know the versión installed:
Also in the dm.xmlsec.binding documentation appears:
don't know if maybe is missing this LXML_HOME path. Have you tried to install lxml using pypi? https://pypi.python.org/pypi/lxml/3.4.0 |
I got the normal source but I still get dm.xmlsec.binding to crash: Python 2.7.5 (default, Dec 3 2013, 08:35:16)
Program received signal SIGSEGV, Segmentation fault. This is what I am using: Python : sys.version_info(major=2, minor=7, micro=5, releaselevel='final', serial=0) On Wed, Oct 29, 2014 at 1:55 AM, Sixto Martin [email protected]
|
I sent a mail to the author of dm.xmlsec.binding (Dieter). Sorry for the inconveniences. |
Output: Python 2.7.5 (default, Dec 3 2013, 08:35:16)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> from lxml import etree
>>> print("%-20s: %s" % ('Python', sys.version_info))
Python : sys.version_info(major=2, minor=7, micro=5, releaselevel='final', serial=0)
>>> print("%-20s: %s" % ('lxml.etree', etree.LXML_VERSION))
lxml.etree : (3, 4, 0, 0)
>>> print("%-20s: %s" % ('libxml used', etree.LIBXML_VERSION))
libxml used : (2, 7, 6)
>>> print("%-20s: %s" % ('libxml compiled', etree.LIBXML_COMPILED_VERSION))
libxml compiled : (2, 7, 6)
>>> print("%-20s: %s" % ('libxslt used', etree.LIBXSLT_VERSION))
libxslt used : (1, 1, 26)
>>> print("%-20s: %s" % ('libxslt compiled', etree.LIBXSLT_COMPILED_VERSION))
libxslt compiled : (1, 1, 26) I was able to upgrade lxml, I had 2.2.3 installed and it upgraded it to 3.4.0. I also downloaded lxml and pointed LXML_HOME to it's root and no luck. Thanks for your help. |
I found this resource: |
I finally got dm.xmlsec.binding to work on Fedora but I needed to comment out this line transformByHref = dict((t.href, t) for t in transforms) in file dm/xmlsec/binding/init.py I don't know what this line does but I am able to run the python-saml toolkit and was able to get the demo-flask app to work. |
Nice, I mailed to Dieter that info. Let's see if he can fix that issue. Thanks for getting involved! |
I confirmed that I installed libxml2,but same story. Not sure if this will help, I ran a GDB session in the lxml-3.4.0 source tree Contents of script to load dm.xmlsec.binding cat ../onelogin/python-saml/loadxmlsec.py
#!/usr/bin/env python2.7
import dm.xmlsec.binding
print "Foo!" gdb python2.7
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-75.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/rh/python27/root/usr/bin/python2.7...(no debugging symbols found)...done.
Missing separate debuginfos, use: debuginfo-install python27-python-2.7.5-10.el6.x86_64
(gdb) run ../onelogin/python-saml/loadxmlsec.py
Starting program: /opt/rh/python27/root/usr/bin/python2.7 ../onelogin/python-saml/loadxmlsec.py
[Thread debugging using libthread_db enabled]
Program received signal SIGSEGV, Segmentation fault.
__pyx_f_4lxml_5etree_funicode (__pyx_v_s=0x10 <Address 0x10 out of bounds>) at src/lxml/lxml.etree.c:26833
26833 if (!__pyx_t_1) break;
(gdb) bt
#0 __pyx_f_4lxml_5etree_funicode (__pyx_v_s=0x10 <Address 0x10 out of bounds>) at src/lxml/lxml.etree.c:26833
#1 0x00007ffff123da2e in pyunicode (__pyx_v_s=<value optimized out>) at src/lxml/lxml.etree.c:179443
#2 0x00007ffff18061df in __pyx_f_2dm_6xmlsec_7binding_7_xmlsec_xmlChar2py (__pyx_v_xs=<value optimized out>) at src/_xmlsec.c:8352
#3 0x00007ffff18065b1 in __pyx_pf_2dm_6xmlsec_7binding_7_xmlsec_9Transform_4href___get__ (o=<value optimized out>, x=<value optimized out>) at src/_xmlsec.c:2421
#4 __pyx_pw_2dm_6xmlsec_7binding_7_xmlsec_9Transform_4href_1__get__ (o=<value optimized out>, x=<value optimized out>) at src/_xmlsec.c:2399
#5 __pyx_getprop_2dm_6xmlsec_7binding_7_xmlsec_9Transform_href (o=<value optimized out>, x=<value optimized out>) at src/_xmlsec.c:8651
#6 0x00007ffff7c98968 in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#7 0x00007ffff7cbfd1b in _PyObject_GenericGetAttrWithDict () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#8 0x00007ffff7d18948 in PyEval_EvalFrameEx () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#9 0x00007ffff7c9e337 in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#10 0x00007ffff7c7f7fb in PyIter_Next () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#11 0x00007ffff7cbb78f in PyDict_MergeFromSeq2 () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#12 0x00007ffff7cbc0a7 in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#13 0x00007ffff7cd74d8 in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#14 0x00007ffff7c80913 in PyObject_Call () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#15 0x00007ffff7d1c7c6 in PyEval_EvalFrameEx () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#16 0x00007ffff7d1ec4e in PyEval_EvalCodeEx () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#17 0x00007ffff7d1ed62 in PyEval_EvalCode () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#18 0x00007ffff7d2e522 in PyImport_ExecCodeModuleEx () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#19 0x00007ffff7d2e948 in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#20 0x00007ffff7d2f77a in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#21 0x00007ffff7d2fe11 in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#22 0x00007ffff7d30084 in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#23 0x00007ffff7d30f10 in PyImport_ImportModuleLevel () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#24 0x00007ffff7d1681f in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#25 0x00007ffff7c80913 in PyObject_Call () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#26 0x00007ffff7d16d03 in PyEval_CallObjectWithKeywords () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#27 0x00007ffff7d18b16 in PyEval_EvalFrameEx () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#28 0x00007ffff7d1ec4e in PyEval_EvalCodeEx () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#29 0x00007ffff7d1ed62 in PyEval_EvalCode () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#30 0x00007ffff7d3914c in ?? () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#31 0x00007ffff7d39220 in PyRun_FileExFlags () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#32 0x00007ffff7d3a7bf in PyRun_SimpleFileExFlags () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#33 0x00007ffff7d4c2b6 in Py_Main () from /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0
#34 0x0000003df9a1ed5d in __libc_start_main () from /lib64/libc.so.6
#35 0x0000000000400649 in _start ()
(gdb) info threads
* 1 Thread 0x7ffff7bff700 (LWP 1252) __pyx_f_4lxml_5etree_funicode (__pyx_v_s=0x10 <Address 0x10 out of bounds>) at src/lxml/lxml.etree.c:26833
(gdb) |
Dieter replied:
|
And after check the error trace:
|
These are the version of xmlsec1 that have installed on my system:
So these version are newer than the 1.2.18 version used by Dieter. I have noticed that packages from Ubuntu sometimes have bug fixes and enhancements that don't get pushed out to or included in other releases of the package for other distros and it's really annoying. I hope this is not the case as I work in a RedHat shop. Are you running 1.2.18 or 1.2.20 or a later version? Thanks! |
I'm using ubuntu 13.10 with xmlsec1 1.2.18 (openssl) where the python-toolkit is working.
I think we need to compare the /usr/include/xmlsec1/xmlsec/transforms.h from the ubuntu version from the 1.2.18 with the one that is installed using rhel/centOS to see what transform does not exists in the rhel/centOS branch. This is the ubuntu version: |
@navneil and @cjsteinke There is a new release of the dm.xmlsec.binding library. Can you please check if this new release solve your problems? |
I gave it a try and it sill doesn't work :( |
Can confirm the transforms.h given in the gist matches the transforms.h on CentOS 6 save a trailing newline, still experiencing this issue. |
Can confirm https://bugs.launchpad.net/lxml/+bug/928333 is unrelated in my case |
All transforms listed are present in the various xmlsec1 header files on CentOS 6 as well. |
There are two transforms referenced by the binding that do have NULLs in the xmlsec1 library: TransformRemoveXmlTagsC14N and TransformVisa3DHack. However, xmlChar2py will return None on NULL pointers. |
Simply importing the shared object is enough:
|
It looks like /usr/bin/xmlsec1-config is broken on CentOS 6 (at least). The following changes fixes this for me: https://gist.github.com/jborg/d50975951580c53322a0 xmlsec1-config --cflags needs to include "-DXMLSEC_NO_SIZE_T" on 64 bit platforms, but does not. "pkg-config --cflags xmlsec1-openssl" seems to work though. |
Hello @pitbulk , i am running on Red Hat Enterprise Linux Server release 6.8 i have followed all the steps mentioned above and installed
running i change -DXMLSEC_NO_SIZE_T but then i still get Are there any other suggestions on how to overcome this? It seems quite strange that after all this time it is still an issue. Update I followed the directions here: |
We're using this library for SSO and are pretty unhappy with how difficult it is to install. All of the problems come from |
You can use python3-saml that uses another xmlsec lib...not dm.xmlsec.binding |
@skortchmark9 I'd just like to echo what @pitbulk said, switching to python3-saml (works on 2.7 btw, we're still on 2.7.11) saved us a lot of setup and configuration hassle (also the API is better designed and easier to use IMO). |
@Heilage Did you need to do any changes in the code that uses python-saml, or are the method calls etc. exactly the same on python3-saml? |
@ThemGit It's been a while since we did the switch, but I seem to remember not having to make many changes, maybe a few new imports and stuff. Unless I'm very much mistaken, it was a very easy switch. |
@Heilage Thanks! I will post back then as well once i make the switch on our own code. |
As an alternative to editing For example: $ pip uninstall dm.xmlsec.binding
$ CFLAGS=-DXMLSEC_NO_SIZE_T pip install --no-cache-dir dm.xmlsec.binding |
Just a heads up, there is a similar issue on MacOS 10.12 which prevents the successful installation of dm.xmlsec.binding. Here is the apple thread with more information: https://forums.developer.apple.com/thread/87829 |
Dealing with an issue here as well on Ubuntu 14.04 with all required packages installed (I think). If anyone has any knowledge of what could be wrong I'd really appreciate it, or likewise, if I figure out the issue I'll respond in this thread. Here is the error I see when trying to install v2.3.3:
|
I wanted to followup on my previous comment. It turns out the issue was related to memory issues. I went ahead and created a 1GB swap on my box and |
Also confirming CentOS7 is fixed by adding the -DXMLSEC_NO_SIZE_T flag and reinstall dm.xmlsec.binding with the no cache option. Mirrors reports by @Heilage and @repagh |
This is referenced in another thread #177 I did the following within the venv on Centos 7 I also ran the above xmlsec configuration change It also resulted in deadlock on uwsgi that resulted with the following error I will need to rebuild via kickstart/puppet to verify successful build, but this was also causing issues on our Centos6 builds. |
is there a reason dm.xmlsec.binding is still using xmlsec1-config instead of using pkg-config --cflags ? i.e., borg's patch to xmlsec1-config to add -DXMLSEC_NO_SIZE_T works. Note, this is on stock FC27 |
python-saml depends on dm.xmlsec.binding which is a python binding of xmlsec C library. but without -DXMLSEC_NO_SIZE_T the compiled dm.xmlsec.binding segfaults when `import dm.xmlsec.binding`. see SAML-Toolkits/python-saml#30 and 4teamwork/ftw.saml2auth#3 . in long term, we might want to switch to python-saml, see http://tracker.ceph.com/issues/37081 Signed-off-by: Kefu Chai <[email protected]>
For Pipenv I used |
I can't get dm.xmlsec.binding to work on my fedora host. It just core dumps. Has anyone gotten this to work. As far as I can tell, I have everything installed cleanly. I find dm.xmlsec.binding to be very unreliable and modified python-saml to use the xmlsec1 binary instead.
The text was updated successfully, but these errors were encountered: