tlocke / scramp Goto Github PK
View Code? Open in Web Editor NEWPython implementation of the SCRAM protocol
License: MIT No Attribution
Python implementation of the SCRAM protocol
License: MIT No Attribution
I've found in issue 10 the following comment, but I didn't success to update the build of scramp on openSUSE obs build.
https://build.opensuse.org/package/show/home:bruno_friedmann:branches:devel:languages:python/python-scramp
Scramp finish with 0.0.0 which is not good. Beware the build being done on an isolated vm with no remote access we can't download whatever from internet.
So is there a way to setup correctly the version with the rpm ${version} variable ?
Hi @robert-schmidtke, I think the problem may lie with the way Scramp is packaged for conda. Scramp now finds its version by doing:
try:
from importlib.metadata import version
except ImportError:
from importlib_metadata import version
__version__ = version("scramp")
so it uses Scramp's metadata to find the version. The version metadata is created using versioningit. So I think my first thought is that the problem lies with the Conda packaging, but let me know if you find that we need to change something in Scramp.
Originally posted by @tlocke in #10 (comment)
Not sure when this was introduced, but when installing the conda package, the scramp version is reported as 0.0.0.
pip is fine.
>>> import scramp
>>> scramp.__version__
'0.0.0'
>>> from importlib.metadata import version
>>> version("scramp")
'0.0.0'
# Name Version Build Channel
_libgcc_mutex 0.1 conda_forge conda-forge
_openmp_mutex 4.5 2_gnu conda-forge
asn1crypto 1.5.1 pyhd8ed1ab_0 conda-forge
bzip2 1.0.8 h7f98852_4 conda-forge
ca-certificates 2022.9.24 ha878542_0 conda-forge
importlib-metadata 4.11.4 py39hf3d152e_0 conda-forge
ld_impl_linux-64 2.39 hc81fddc_0 conda-forge
libffi 3.4.2 h7f98852_5 conda-forge
libgcc-ng 12.2.0 h65d4601_19 conda-forge
libgomp 12.2.0 h65d4601_19 conda-forge
libnsl 2.0.0 h7f98852_0 conda-forge
libsqlite 3.39.4 h753d276_0 conda-forge
libuuid 2.32.1 h7f98852_1000 conda-forge
libzlib 1.2.13 h166bdaf_4 conda-forge
ncurses 6.3 h27087fc_1 conda-forge
openssl 3.0.5 h166bdaf_2 conda-forge
pip 22.3 pyhd8ed1ab_0 conda-forge
python 3.9.13 h2660328_0_cpython conda-forge
python_abi 3.9 2_cp39 conda-forge
readline 8.1.2 h0f457ee_0 conda-forge
scramp 1.4.2 pyhd8ed1ab_0 conda-forge
setuptools 65.5.0 pyhd8ed1ab_0 conda-forge
sqlite 3.39.4 h4ff8645_0 conda-forge
tk 8.6.12 h27826a3_0 conda-forge
tzdata 2022e h191b570_0 conda-forge
wheel 0.37.1 pyhd8ed1ab_0 conda-forge
xz 5.2.6 h166bdaf_0 conda-forge
zipp 3.10.0 pyhd8ed1ab_0 conda-forge
active environment : scramp
active env location : /home/rschmidtke/miniconda3/envs/scramp
shell level : 1
user config file : /home/rschmidtke/.condarc
populated config files : /home/rschmidtke/.condarc
conda version : 22.9.0
conda-build version : 3.22.0
python version : 3.9.12.final.0
virtual packages : __linux=5.10.102.1=0
__glibc=2.31=0
__unix=0=0
__archspec=1=x86_64
base environment : /home/rschmidtke/miniconda3 (writable)
conda av data dir : /home/rschmidtke/miniconda3/etc/conda
conda av metadata url : None
channel URLs : https://conda.anaconda.org/conda-forge/linux-64
https://conda.anaconda.org/conda-forge/noarch
https://repo.anaconda.com/pkgs/main/linux-64
https://repo.anaconda.com/pkgs/main/noarch
https://repo.anaconda.com/pkgs/r/linux-64
https://repo.anaconda.com/pkgs/r/noarch
package cache : /home/rschmidtke/miniconda3/pkgs
/home/rschmidtke/.conda/pkgs
envs directories : /home/rschmidtke/miniconda3/envs
/home/rschmidtke/.conda/envs
platform : linux-64
user-agent : conda/22.9.0 requests/2.28.1 CPython/3.9.12 Linux/5.10.102.1-microsoft-standard-WSL2 ubuntu/20.04.5 glibc/2.31 solver/libmamba conda-libmamba-solver/22.8.1 libmambapy/0.27.0
UID:GID : 1000:1000
netrc file : None
offline mode : False
Not sure if this is the right place to ask this question.
According to the example in README, both ScramServer
and ScramClient
required password to perform handshake. But I thought that SCRAM only passes hashes during handshakes.
Is this intended? Or am I missing something?
@tlocke: I wish you a Happy New Year!
Can you add new topics in this repository like others?
Thanks in advance.
On create github release entry is created email notification to those whom have set in your repo the web UI Watch->Releases.
gh release can contain additional comments (li changelog) or additional assets like release tar balls (by default it contains only assets from git tag) however all those part are not obligatory.
In simplest variant gh release can be empty because subiekt of the sent email contains git tag name.
I'm asking because my automation process uses those email notifications by trying to make preliminary automated upgrades of building packages, which allows saving some time on maintaining packaging procedures.
Probably other people may be interested to be instantly informed about release new version as well.
Documentation and examples of generate gh releases:
getmoto/py-partiql-parser@a58a3783
https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository
https://cli.github.com/manual/gh_release_upload/
jbms/sphinx-immaterial#282
https://github.com/marketplace/actions/github-release
https://pgjones.dev/blog/trusted-plublishing-2023/
jbms/sphinx-immaterial#281 (comment)
tox target to publish on pypi and make gh release https://github.com/jaraco/skeleton/blob/928e9a86d61d3a660948bcba7689f90216cc8243/tox.ini#L42-L58
@tlocke: I wish you a Happy New Year!
Can you add reference to RFCs/I-Ds in the README?
Thanks in advance.
There's a system for reporting errors to the client that we don't support yet.
After:
Can you add supports of :
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
-- https://tools.ietf.org/html/rfc5802
-- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS):
-- https://tools.ietf.org/html/rfc7677 since 2015-11-02
-- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
LDAP:
HTTP:
2FA:
IANA:
Linked to:
In a python 3.8 lambda function, when importing scramp
it fails due to an importerror. Downgrading to 1.4.1 resolves it.
The cause seems to be here:
try:
from importlib.metadata import version
except ImportError:
from importlib_metadata import version
As in version 1.4.1 that part is different
Python 3.7 is no longer supported https://devguide.python.org/versions/
The tls-exporter
channel binding is described in https://datatracker.ietf.org/doc/html/draft-ietf-kitten-tls-channel-bindings-for-tls13. This probably can't be implemented until Python allows access to Exported Keying Material, see https://bugs.python.org/issue37952
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.