Friday, 2015-08-14

« Thursday, 2015-08-13 Index Saturday, 2015-08-15 »
*** jamielennox is now known as jamielennox|away00:05
*** jamielennox|away is now known as jamielennox00:07
*** jamielennox is now known as jamielennox|away00:10
*** salv-orlando has quit IRC00:13
*** markvoelker has joined #openstack-security00:51
*** markvoelker has quit IRC00:56
*** bpokorny has quit IRC01:06
*** tjt263 has quit IRC01:33
*** tmcpeak has quit IRC01:41
openstackgerritEric Brown proposed openstack/bandit: Find bandit.yaml when in virtualenv  https://review.openstack.org/21289601:41
*** markvoelker has joined #openstack-security01:43
openstackgerritEric Brown proposed openstack/bandit: Find bandit.yaml when in virtualenv  https://review.openstack.org/21289601:45
openstackgerritEric Brown proposed openstack/bandit: Find bandit.yaml when in virtualenv  https://review.openstack.org/21289601:46
*** browne has quit IRC01:48
*** markvoelker has quit IRC01:48
*** jamielennox|away is now known as jamielennox02:08
*** salv-orlando has joined #openstack-security02:24
*** tjt263 has joined #openstack-security02:25
*** salv-orlando has quit IRC02:32
*** bpokorny has joined #openstack-security02:52
*** markvoelker has joined #openstack-security02:55
*** browne has joined #openstack-security03:09
*** jian5397 has joined #openstack-security03:10
*** tkelsey has joined #openstack-security03:29
*** jian5397 has quit IRC03:30
*** tkelsey has quit IRC03:33
*** tjt263 has quit IRC03:40
*** tjt263 has joined #openstack-security03:48
*** jian5397 has joined #openstack-security03:51
*** jamielennox is now known as jamielennox|away04:02
*** salv-orlando has joined #openstack-security04:16
*** salv-orlando has quit IRC04:19
*** jian5397 has quit IRC04:23
*** markvoelker has quit IRC04:26
openstackgerritMerged openstack/security-doc: fix spelling in security-services-for-instances  https://review.openstack.org/21277604:37
openstackgerritMerged openstack/security-doc: made small change to case-studies rst file  https://review.openstack.org/21278704:38
*** jamielennox|away is now known as jamielennox04:46
*** dave-mccowan has quit IRC05:14
*** sdake_ has quit IRC05:17
*** bpokorny has quit IRC05:17
*** bpokorny has joined #openstack-security05:18
*** bpokorny has quit IRC05:18
*** bpokorny has joined #openstack-security05:19
*** bpokorny has quit IRC05:24
*** salv-orlando has joined #openstack-security05:43
*** salv-orlando has quit IRC05:53
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/21299206:01
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/21299206:21
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/21300306:28
*** tjt263 has quit IRC06:30
*** tjt263 has joined #openstack-security06:33
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/21300306:49
*** jamielennox is now known as jamielennox|away07:17
*** tkelsey has joined #openstack-security07:31
*** tkelsey has quit IRC07:35
*** tkelsey has joined #openstack-security07:51
*** salv-orlando has joined #openstack-security07:54
*** salv-orlando has quit IRC08:05
openstackgerritStanislaw Pitucha proposed openstack/anchor: Integrate PyASN1 for certificate operations  https://review.openstack.org/20436808:07
openstackgerritStanislaw Pitucha proposed openstack/anchor: Abstract the signing / verification  https://review.openstack.org/21143708:10
*** alex_klimov has joined #openstack-security08:24
*** browne has quit IRC08:34
*** tjt263 has quit IRC09:05
*** salv-orlando has joined #openstack-security09:07
*** salv-orlando has quit IRC09:11
*** tkelsey has quit IRC09:22
*** tjt263 has joined #openstack-security09:26
*** tjt263 has quit IRC09:29
*** tjt263 has joined #openstack-security09:30
*** salv-orlando has joined #openstack-security09:36
*** rmarathu has joined #openstack-security09:41
*** alex_klimov has quit IRC09:47
*** rmarathu has quit IRC10:19
*** alex_klimov has joined #openstack-security10:23
*** tjt263 has quit IRC11:43
*** tjt263 has joined #openstack-security11:44
jelle/go 1711:44
*** sdake_ has joined #openstack-security12:11
*** markvoelker has joined #openstack-security12:21
*** edmondsw has joined #openstack-security12:29
*** sdake_ has quit IRC12:37
*** dave-mccowan has joined #openstack-security12:52
*** sdake has joined #openstack-security12:55
*** sdake_ has joined #openstack-security12:59
*** sdake has quit IRC13:02
*** tmcpeak has joined #openstack-security13:14
*** sdake has joined #openstack-security13:17
*** sdake_ has quit IRC13:20
*** browne has joined #openstack-security13:24
*** singlethink has joined #openstack-security13:24
*** sdake_ has joined #openstack-security13:34
*** sdake has quit IRC13:38
*** jmckind has joined #openstack-security13:46
*** timkennedy has quit IRC13:48
*** jmckind has quit IRC13:52
*** timkennedy has joined #openstack-security13:54
*** jmckind has joined #openstack-security14:02
*** sigmavirus24_awa is now known as sigmavirus2414:23
tmcpeaksigmavirus24: can you take a look at this please? https://review.openstack.org/21289614:24
tmcpeakwe somehow managed to once again break config in 0.13.0 :(14:24
tmcpeakDaviey: ^14:24
Daviey:'(14:25
tmcpeakso guess what day it is? 0.13.2 day14:25
sigmavirus24tmcpeak: yeah I saw the bug report in my email14:25
sigmavirus24hah14:25
sigmavirus24that looks right14:25
sigmavirus24I think dstufft would be the better person to review that14:25
tmcpeakooh good point14:26
sigmavirus24Since he knows all things virtualenv, pip, etc.14:26
Davieytmcpeak: Hmm. Maybe i am missremembering, but i thought we concluded that it was acceptable that a config wouldn't be found in virtualenv?14:26
sigmavirus24It *looks* right to me14:26
sigmavirus24But damned if I know14:26
sigmavirus24Daviey: did we?14:26
tmcpeakdstufft: you got time to take a look at this or are you snowed under?14:26
sigmavirus24I don't see why we would have thought that14:26
tmcpeakno, I don't think so14:26
sigmavirus24Most people use bandit in tox (i.e., in a virtualenv)14:26
Davieysigmavirus24: I'm not sure... we bikeshedded quite a bit :)14:26
tmcpeak0.12.0 -> 0.13.0 broke some internal automation14:26
tmcpeakthat's how I noticed it14:26
* sigmavirus24 may not have been around/paying attention14:26
DavieyAh yes, quite right.14:26
* sigmavirus24 shrugs14:26
sigmavirus24I'm not worried about it too much14:27
sigmavirus24we're still in 0.x14:27
tmcpeaklol14:27
*** browne has quit IRC14:27
sigmavirus24breaking working things isn't acceptable14:27
sigmavirus24but we also aren't guaranteeing stability14:27
sigmavirus24so yolo14:27
tmcpeakwe're never coming out of 0.x ;)14:27
tmcpeaklike Gmail, it was in beta for like 12 years14:27
tmcpeak#yolo !14:27
tmcpeakI'm mainly concerned with the gate stability14:28
tmcpeakif we break things for bknudson I'll be very upset but otherwise I'm pretty much on the same page with sigmavirus24 on that14:28
tmcpeakDaviey: oh yeah, we have tests..14:29
DavieyMove Fast and Break Things. -- Facebook14:29
sigmavirus24"tests"14:29
sigmavirus24=P14:29
tmcpeak;)14:29
tmcpeakwe're kind of testing whatever we're doing we're doing right, but we're obviously not testing that we're doing what we're supposed to be14:30
DavieyYeah, turns out that 1==114:32
DavieyI started doing better mocking.. but not ready to push up.14:32
tmcpeakbut when that day comes when 1 != 1 we'll be right there waiting14:33
DavieyWe'll catch that use case perfectly!14:33
*** alejandrito has joined #openstack-security14:44
tmcpeakhttp://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/mainlist14:47
*** jian5397 has joined #openstack-security14:48
dstuffttmcpeak: you're not going to detect pyvenv style virtual envs14:55
dstuffttmcpeak: https://github.com/pypa/pip/blob/develop/pip/locations.py#L72-L8214:56
tmcpeakdstufft: ahh ok, what do you suggest for an approach?14:57
tmcpeakadding the first bit of that code?14:57
dstufftuse the code I linked14:57
dstufftto detect virtualenv14:57
tmcpeakif hasattr(sys, 'real_prefix'):14:57
tmcpeak        return True14:57
dstufftthat whole function14:57
tmcpeakdstufft: ok awesome, thank you sir14:58
dstufftthat function is "return true if running under a virtual environment, false otherwise"14:58
dstufftalso um14:58
tmcpeakand whenever we are we can use browne's code to find the virtualenv config?14:58
dstufftyou probably don't want to use the env var14:58
dstufftthat only happens if you activate the virtual env, not call the bins directly14:59
tmcpeakahh ok14:59
tmcpeakbetter way?14:59
*** singleth_ has joined #openstack-security14:59
dstufftuse sys.prefix14:59
tmcpeaksame way as you did in that code?15:00
dstufftNo, you should be able to replace os.environ["..."] with "sys.prefix"15:00
dstufftsys.prefix in virtual environments is rooted at the top of the virtual env15:01
*** singlethink has quit IRC15:03
tmcpeakok awesome, thank you15:03
*** bpokorny has joined #openstack-security15:04
Davieydstufft rocks.15:05
tmcpeak+115:05
tmcpeakI've said it before, I'll say it again - dstufft gets beers for life15:05
*** voodookid has joined #openstack-security15:06
*** bpokorny has quit IRC15:08
*** singlethink has joined #openstack-security15:16
*** singleth_ has quit IRC15:19
*** singlethink has quit IRC15:20
*** bpokorny has joined #openstack-security15:24
*** dwyde has joined #openstack-security15:26
*** sigmavirus24 is now known as sigmavirus24_awa15:30
*** openstackgerrit has quit IRC15:31
*** openstackgerrit has joined #openstack-security15:31
*** sigmavirus24_awa is now known as sigmavirus2415:33
openstackgerritAndrew Mitry proposed openstack/security-doc: Made changes to docs case studies in sec guide  https://review.openstack.org/21320515:38
*** alex_klimov has quit IRC15:44
tmcpeakwhere's Mr. Brown? :)15:52
*** browne has joined #openstack-security15:53
tmcpeakspeak of the devil :P15:53
tmcpeakbrowne: could you take another crack at that change? I'd like to get it into 0.13.2 before I leave (1 PM PST)15:54
brownewill do15:54
tmcpeakbrowne: awesome, thanks man!15:55
openstackgerritShilla Saebi proposed openstack/security-doc: change to data-encryption file  https://review.openstack.org/21321515:55
openstackgerritShilla Saebi proposed openstack/security-doc: small change to key-management rst file  https://review.openstack.org/21321715:57
*** singlethink has joined #openstack-security16:01
openstackgerritShilla Saebi proposed openstack/security-doc: fixed spelling in secure-reference-architectures  https://review.openstack.org/21322016:01
openstackgerritShilla Saebi proposed openstack/security-doc: Made changes to docs case studies in sec guide  https://review.openstack.org/21320516:09
brownetmcpeak: i'll need help on mac.  i've never been able to get venv working there.  so i don't know what the equivalent of /etc/ is16:23
tmcpeakyou mean within the venv?16:24
browneyeah16:24
tmcpeakshould be the same venv_name/etc16:24
brownebut according to the readme we don't search anywhere in ../etc/..16:25
tmcpeakbrowne: I think what we should do is add the venv/etc check to the end of the dirs regardless of platform if we detect we're in a virtualenv (using dstufft's linked code)16:26
brownetmcpeak: yeah i did that, but not sure what to put in the readme.  although i can just be general16:28
*** singleth_ has joined #openstack-security16:28
tmcpeakbrowne: yeah, just be general I htink16:28
tmcpeak*think16:28
tmcpeakvirtualenv's work the same in Mac/Linux I believe16:28
brownesure, it works the same, but what path do it get for appdirs.site_config_dir("bandit")16:29
*** singlet__ has joined #openstack-security16:30
tmcpeakbrowne: let me check16:30
browne  /usr/local/etc/bandit/bandit.yaml ?16:30
elmikoi've had issues getting some packages to install correctly on my mac, usually issues with having the compiled dependencies in place. ymmv16:31
*** singlethink has quit IRC16:31
tmcpeakbrowne: when I ran appdirs.site_config_dir("bandit") it returned: '/Library/Application Support/bandit'16:32
tmcpeakfrom within the venv16:32
browneelmiko: yeah i tried to use mac os like a year ago for python.  lots of issues16:33
tmcpeakit's all I use, it works great as long as I don't have to produce something that somebody else wants to run :P16:33
*** singleth_ has quit IRC16:33
brownetmcpeak: ok cool.  that's what i needed.  now do you also have a directory of '/Library/Application Support/bandit' in your virtualenv path?16:34
tmcpeaklemme check16:34
elmikotmcpeak: lol!16:34
elmikobrowne: yea, sadly i gave up on my mac for dev work about 1.5 years ago16:34
tmcpeakbrowne: no I do not, nothing in '/Library' is in my virtualenv path16:35
brownetmcpeak: so what is in your <path to venv>/ ?16:35
Davieybrowne: did you see the comment i left about mac's /etc ?16:36
Daviey(in code comment, prior commit near your change)16:36
openstackgerritMerged openstack/security-doc: Remove DocBook glossary  https://review.openstack.org/21190416:36
browneDaviey: i did not.  let me check16:36
openstackgerritMerged openstack/security-doc: Remove tools/generatepot  https://review.openstack.org/21212916:37
openstackgerritMerged openstack/security-doc: change to data-encryption file  https://review.openstack.org/21321516:37
openstackgerritMerged openstack/security-doc: fixed spelling in secure-reference-architectures  https://review.openstack.org/21322016:37
tmcpeakbrowne: /Users/travismcpeak/Desktop/temp/test/bin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin16:37
tmcpeakthat Desktop/temp/test is my virtualenv16:37
Davieybrowne: '/Library/Application Support/bandit' IS correct, but pip will never install there.. so appdirs does the wrong thing for us16:37
browneso where in a venv on mac os does bandit.yaml go?16:38
browne /usr/local/etc/bandit/bandit.yaml ?16:39
tmcpeakbrowne: test/lib/python2.7/site-packages/bandit/config/bandit.yaml16:39
Davieybrowne: See the comment here, might be useful https://gist.github.com/Daviey/6edf198a996ba55a016716:39
Davieytmcpeak: IMO we should really try to avoid using the lib one16:39
tmcpeakDaviey: in my virtualenv that's the only one I got16:40
Davieybrowne: Also see the paths where it might actually be installed here, https://github.com/openstack/bandit/commit/80c7798e5140203ae8d48d11a3de660db1de8f8016:40
Davieytmcpeak: Yeah, so that should be the LAST place we check16:40
tmcpeakDaviey: I'm happy with that, but it needs to be *a* place we check16:41
tmcpeakotherwise broken ensues16:41
Daviey+116:41
Davieybrowne: Does those two links make sense?16:41
browneDaviey: they make sense, but i still have no idea what to do about venv on mac16:41
*** salv-orlando has quit IRC16:42
tmcpeakcan we use the path relative to the actual python being executed?16:42
Davieybrowne: Right so...16:42
Davieytmcpeak: can you run that code segement AGAIN under virtualenv?16:42
tmcpeakDaviey: which code segment?16:42
DavieyOh wait.. that wont help you16:42
tmcpeakso I think general approach should be this:16:43
openstackgerritMerged openstack/security-doc: Made changes to docs case studies in sec guide  https://review.openstack.org/21320516:43
Davieytmcpeak: What is the full path of test/lib/python2.7/site-packages/bandit/config/bandit.yaml ?16:43
tmcpeak1) we detect if we're in a virtualenv, and if so 2) add virtual_env/etc/bandit.yaml  and virtualenv/site_packages/bandit/config/bandit.yaml to the searched paths16:43
brownetmcpeak: hardcoded?  or use appdirs?16:44
tmcpeaktest/lib/python2.7/site-packages/bandit/config/bandit.yaml16:44
tmcpeakhardcoded, I don't think appdirs works16:44
Davieytmcpeak: it might be safe to unconditionally try and use the virtualenv path16:44
Davieytmcpeak: No, the full path... ?16:44
tmcpeakno not the full path16:44
DavieyBut for my education, what is the full path? :)16:45
tmcpeakis there a way to get the site-packages dir of a virtualenv?16:45
*** firstTimeHero has joined #openstack-security16:45
tmcpeakDaviey: it's that, it's just got my desktop sitting in front of it.  test is the root of my virtualenv16:45
*** firstTimeHero has left #openstack-security16:45
DavieyOh i see16:46
tmcpeakI think per what dstuffft said we can use sys.prefix16:46
Davieyyeah16:46
Davieyvirtualenv changes the sys.prefix, right?16:46
tmcpeakdstufft: is there an equivalent to sys.prefix of site packages?16:46
Davieyso sys.prefix + "/bandit/config/bandit.yaml" ?16:46
tmcpeakwell no, because:16:47
tmcpeak>>> sys.prefix16:47
tmcpeak'/Users/travismcpeak/Desktop/temp/test/bin/..'16:47
tmcpeakso that only gets us to the root of the virutalenv16:47
tmcpeakso we can do "sys.prefix + '/etc'" for the virtualenv etc directory but we also need a way of getting to site packages16:47
Davieyis [-1] safe?16:49
Daviey>>> print sys.prefix16:49
Daviey/home/dave/openstack/.venv16:49
Davieyerr16:49
tmcpeakimport site; site.getsitepackages()16:49
Daviey>>> print sys.path[-1]16:49
Daviey/home/dave/openstack/.venv/lib/python2.7/site-packages16:49
tmcpeaklol, that doesn't work16:49
tmcpeakI mean the one I pasted16:49
tmcpeakDaviey: yours works for me16:50
browneDaviey: can you always rely on that being the last item in the list?16:50
DavieyNFI16:50
tmcpeakI doubt it16:50
tmcpeakfrom distutils.sysconfig import get_python_lib; print(get_python_lib())16:50
tmcpeakthat also works ^16:50
tmcpeakdstufft: you around?16:51
Davieytmcpeak: are you /certain/ it doesn't get installed somewhere else aswell?16:51
tmcpeaknot in the virtualenv path16:51
tmcpeak(test)MacBook-Pro:temp travismcpeak$ find . -name 'bandit.yaml'16:52
tmcpeak./test/lib/python2.7/site-packages/bandit/config/bandit.yaml16:52
Davieytmcpeak: and you used pip inside the virtualenv to install it?16:52
tmcpeakyep16:52
tmcpeakbrowne: you're on Ubuntu right?16:53
tmcpeakcan you verify what happens when you're in a virutalenv and run this:16:53
tmcpeakfrom distutils.sysconfig import get_python_lib16:53
tmcpeakprint get_python_lib()16:53
tmcpeakif it points to our site-packages I think we're good16:53
browne'/home/ericwb/bandit/test_me/lib/python2.7/site-packages'16:53
brownetmcpeak: ^^^16:54
Davieyweird...16:54
Daviey(.venv)dave@piper:~/openstack/.venv$ find ./ | grep bandit.yaml16:54
Daviey## Nothing returned, now pip install16:54
Daviey(.venv)dave@piper:~/openstack/.venv$ find ./ | grep bandit.yaml16:54
Daviey./lib/python2.7/site-packages/bandit/config/bandit.yaml16:54
Daviey./etc/bandit/bandit.yaml16:54
dstuffttmcpeak: what versions of Python do you support16:55
tmcpeak2.7 +16:55
tmcpeakbrowne: ok I think this should work then16:55
sigmavirus24dstufft: actually 2.7 and 3.416:55
sigmavirus24not 2.7 +16:55
tmcpeak:P16:55
tmcpeaklisten to sigma16:55
sigmavirus24some people may use it on 3.3, but we don't test there16:55
tmcpeakI rarely know what I'm talking about :)16:55
sigmavirus24(some people == gentoo)16:55
Davieytmcpeak: SO.. I am not sure 0.13.1 doesn't work as designed on Linix.. i think it is just mac.16:56
*** tjt263 has quit IRC16:56
sigmavirus24Daviey: virtualenvs != global installs16:56
sigmavirus24Which is the problem16:56
dstuffttmcpeak: sigmavirus24 there's a sysconfig API outside of distutils16:56
dstufftthat you want16:56
dstufftinstead of the distutils one16:56
tmcpeakDaviey: nah, it doesn't work in our HP lab on *nix as well16:56
Davieysigmavirus24: No.. i mean.. the config IS present at an expected path on Linux using virtualenv.16:56
tmcpeakdstufft ahh ok16:57
Davieytmcpeak: oh.. but it is in $virtualenv/etc/16:57
tmcpeakDaviey: oh yeah, it must be16:57
tmcpeakdstufft: you know offhand what that call is?16:57
dstufftsysconfig.get_path("purelib")16:58
tmcpeaksysconfig.get_paths['platlib']?16:59
dstufftor platlib16:59
tmcpeakok cool16:59
dstufftit's typically the same location16:59
dstufftpurelib is where pure python files get installed, platlib for platform specific16:59
tmcpeakwe'll want purelib, we don't have compiled anything16:59
browneAttributeError: 'module' object has no attribute 'get_paths'16:59
dstufftalmost all situations they point to the same16:59
tmcpeak>>> sysconfig.get_paths()['purelib']17:00
tmcpeak'/Users/travismcpeak/Desktop/temp/test/lib/python2.7/site-packages'17:00
Davieyhmm.. neither of those work for me on Ubuntu17:00
Davieyoh17:00
*** tjt263 has joined #openstack-security17:01
DavieyYeah ()[] does work17:01
tmcpeakok cool, so just wrap that in a try and we should be gtg17:01
tmcpeakbrowne: ^17:02
DavieybHmm17:03
DavieyBut... that is dist-packages rather than site-packages17:03
tmcpeakDaviey: it is?17:04
tmcpeaksite-pacakges on my end :\17:04
dstufftDaviey: lol Debuntu17:04
tmcpeakhaha17:04
Daviey>>> sysconfig.get_paths()['purelib']17:04
Daviey'/home/dave/openstack/.venv/local/lib/python2.7/dist-packages'17:04
Daviey>>> sysconfig.get_paths()['platlib']17:04
Daviey'/home/dave/openstack/.venv/local/lib/python2.7/dist-packages'17:04
browneon ubuntu in venv it should be path to site-packages17:04
DavieyCan i suggest using ['include']?17:04
tmcpeakinclude?17:05
Daviey>>> sysconfig.get_paths()['include'] + "/site-packages/bandit/config/bandit.yaml"17:05
Daviey'/home/dave/openstack/.venv/local/include/python2.7/site-packages/bandit/config/bandit.yaml'17:05
tmcpeaknah, wrong path - I need to get to test/lib/python2.7/site-packages17:05
browne>>> sysconfig.get_paths()['include']17:05
browne'/home/ericwb/bandit/test_me/local/include/python2.7'17:05
tmcpeakthat's the wrong path - we need to be in /lib/..17:06
Davieytmcpeak: where does sysconfig.get_paths()['include'] get you?17:06
browneits ok if its not right on ubuntu, its mac os we're after17:06
DavieyTrue!17:06
tmcpeakthat's true.. Ubuntu is already doing the right thing with virtualenvs17:06
tmcpeak>>> sysconfig.get_paths()['include']17:06
tmcpeak'/Users/travismcpeak/Desktop/temp/test/include/python2.7'17:06
tmcpeakok cool, let's go with that17:07
tmcpeakif virtualenv? configs.append('virtualenv/etc', sysconfig.get_paths()['purelib']17:07
tmcpeakwith a try around that sysconfig.get_paths call17:07
tmcpeakI don't trust it  o-O17:07
tmcpeak0.13.3 is definitely going to have something to do with sysconfig.get_paths :P17:08
Davieylol17:08
DavieyActually, i am not sure Linux is DTRT with configs.. it is installed in the venv/etc/, but not sure it is read there17:08
tmcpeakDaviey: no it isn't this change will fix that17:11
openstackgerritEric Brown proposed openstack/bandit: Find bandit.yaml when in virtualenv  https://review.openstack.org/21289617:11
tmcpeakthat's why my internal automation was busted - it's *nix and installing bandit config to virtualenv/etc/bandit.yaml but not actually reading from there17:11
Davieytmcpeak: Well.. not sure it will?17:11
tmcpeakbrowne: I think you're missing a :"return False" at the end of that function17:12
browneunnecessary17:12
DavieyAh, you added sys.prefix.. that'll do it17:12
tmcpeakimplicit return?17:13
browneyeah, implicit17:13
browneexplicit default returns remind me of java17:13
tmcpeaklol ok17:14
browneok well review away.  i need to shower and get my butt to work17:14
tmcpeakis the implicit return None or False?17:14
tmcpeak(not that it matters)17:14
tmcpeakbrowne: could you wrap the sysconfig.get_paths in a try and except a KeyError?17:15
Davieythe default return is None17:16
tmcpeakI don't trust sysconfig.get_paths enough on all platforms not to do something janky17:16
Davieyi kinda hoped appdirs would have handled all this for us.. :/17:16
*** 17SADBVNB has joined #openstack-security17:17
tmcpeakDaviey yeah, it was a good concept17:17
tmcpeakPython and Linux kind of has a fragmentation problem it seems17:17
DavieyThat is a quote i'd like to print on a t-shirt.17:19
tmcpeaklol17:19
Davieytmcpeak: rather than a KeyError, why not use  sysconfig.get_paths().get('purelib', None) ?17:21
*** 17SADBVNB has quit IRC17:21
tmcpeakDaviey: sure, either way17:22
*** salv-orlando has joined #openstack-security17:22
tmcpeakget is more robust17:22
openstackgerritEric Brown proposed openstack/bandit: Find bandit.yaml when in virtualenv  https://review.openstack.org/21289617:30
tmcpeak+217:31
tmcpeaksigmavirus24, Daviey - let's make it happen17:31
brownetmcpeak: i probably should at a test too17:32
brownes/at/add17:32
Davieytesting is overrated17:32
browneha17:32
tmcpeakour testing sucks right now anyway17:32
tmcpeakyou can hold off17:32
Davieybrowne: Is it worth adding those paths to the unit tests or not?17:32
tmcpeakwe'll sweep through soon17:32
tmcpeakyeah probably17:33
tmcpeaklet's not break what bknduson has so nicely put together for us17:33
brownei feel gross when i don't do a unit test.  but i could wait17:34
tmcpeakbrowne: if you wouldn't mind adding those paths to what bknudson already did17:35
browneok17:35
tmcpeakthank you17:35
DavieyOooo, i didn't realize bknudson cleaned up my crap17:36
tmcpeak:)17:36
*** sdake has joined #openstack-security17:48
*** sdake_ has quit IRC17:49
*** sdake_ has joined #openstack-security17:50
*** singlethink has joined #openstack-security17:51
*** singlethink has quit IRC17:53
*** sdake has quit IRC17:53
*** singlet__ has quit IRC17:54
tmcpeakbrowne: if you don't have time for the tests I'm happy to merge as is17:54
browneyeah, it'll take me more time.  but i can make it right by tomorrow17:55
tmcpeakbrowne: ok, let's get what you have through17:55
tmcpeakbrowne: eek bug17:57
tmcpeak- /Users/travismcpeak/Desktop/temp/test/lib/python2.7/site-packages/bandit/config/bandit.yaml/bandit.yaml,17:57
browneha, oops17:57
*** singlethink has joined #openstack-security17:58
openstackgerritEric Brown proposed openstack/bandit: Find bandit.yaml when in virtualenv  https://review.openstack.org/21289618:02
tmcpeaksigmavirus24: can you +A please?18:03
sigmavirus24trusting that you tested that tmcpeak18:05
tmcpeaksigmavirus24: I did18:05
*** browne has quit IRC18:05
tmcpeakawesome18:06
*** dwyde has quit IRC18:09
*** salv-orlando has quit IRC18:11
openstackgerritMerged openstack/bandit: Find bandit.yaml when in virtualenv  https://review.openstack.org/21289618:21
tmcpeakcool, 0.13.2 up - thanks guys18:23
tmcpeakhmm is Bandit badly broken for anybody18:31
tmcpeaknevermind, there was some strange lag but it seems ok18:32
elmikotmcpeak: ticket/hotel booked =)18:33
tmcpeakelmiko: sweet!18:33
elmiko\o/18:33
tmcpeakwhere you staying?18:33
elmikothe hilton around the corner, i get in monday afternoon18:33
tmcpeaknice!18:34
*** browne has joined #openstack-security18:48
tmcpeakthanks browne - new version pushed18:48
brownethx18:49
*** dwyde has joined #openstack-security18:50
*** jian5397 has quit IRC18:52
*** jian5397 has joined #openstack-security18:52
*** jian5397 has quit IRC18:53
*** jian5397 has joined #openstack-security18:55
tmcpeakelmiko, browne, Daviey: I'm getting a huge delay from when I start Bandit until it starts actually scanning18:55
tmcpeakanybody else see that?18:55
tmcpeakI'm at a loss to what it is18:55
tmcpeakit's not our new config thing18:55
brownemaybe its sysconfig18:55
browneoh ok18:56
tmcpeakno because it's already stating the config it found18:56
tmcpeakit happens after it lists the total number of files but before it starts printing out the stats18:56
tmcpeak*status18:56
elmikotmcpeak: i'll have to get a new copy and try it out18:57
tmcpeakelmiko: yeah, I'll be curious18:57
tmcpeakit's prob a 40 second delay for me :\18:57
tmcpeakit's not *breaking* anything, but it sucks18:57
*** browne has quit IRC18:57
*** browne has joined #openstack-security18:58
tmcpeakalso I meant sigmavirus24 not elmiko :)19:01
tmcpeakbut I'd love to have you look too19:01
tmcpeakusual Bandit victimsw19:01
elmikotmcpeak: no slowdown for me with a fresh bandit from pypi19:02
tmcpeakoh ok cool19:03
tmcpeakif it's just me I'm happy with that19:03
elmikoprobably a mac thing ;P19:11
tmcpeakhaha yeah19:14
tmcpeakI'll figure it out sometime that is not Friday afternoon19:14
elmiko+119:15
elmikoalso, how do i control the color options in bandit?19:15
elmikois that a log format thing19:15
tmcpeakelmiko: it's in the config19:15
tmcpeaktowards the top19:15
tmcpeakbut if you don't want it you can just "-f txt"19:16
elmikoah, cool. thanks19:16
elmikoi recently switched to light background terminals and some things are just awful (ie yellow)19:17
tmcpeakhaha I bet19:18
* sigmavirus24 sighs19:20
tmcpeaksigh which part sigma?19:21
tmcpeaksigh for light terminals? sigh for my localized performance issues?19:21
tmcpeaksigmavirus24:19:22
sigmavirus24tmcpeak: sigh because it's now passé to blame things on OSX19:24
tmcpeakhaha yeah19:24
sigmavirus24"hur hur must be osx"19:25
tmcpeak+1 I agree with sigmavirus24 OSX - burn it!19:25
elmikohey, i added a ;P to that comment...19:28
sigmavirus24I know19:28
sigmavirus24That just seems to be the replacement for "works on my machine" as of late19:28
elmikoand python support on OSX is not as good as on linux, but it is way worse than windows19:28
elmikofair19:29
sigmavirus24i disagree19:30
sigmavirus24latest version of OSX has a more up-to-date version of Python 2 than most "stable" distros19:30
sigmavirus24of linux that is19:30
sigmavirus24because "stable" as far as I can tell always means "insecure"19:30
elmikowhat version is on the latest?19:30
elmiko(but actually, i was referring more to installing packages which require compiled bits, that always seem to get out of sync on OSX)19:31
*** salv-orlando has joined #openstack-security19:35
sigmavirus242.7.1019:41
sigmavirus24elmiko: I've never had problems with installing things like cryptography and such19:41
elmikothat's remarkably fresh19:41
sigmavirus24elmiko: yes19:41
sigmavirus24also has all the SSL module backports from 3.x branch to 2.719:42
sigmavirus24and other excellent fixes for 2.719:42
tmcpeakoh that's cool19:42
sigmavirus242.7.10 is the best 2.7 version19:42
sigmavirus24tmcpeak: 10.10.5 has 2.7.1019:42
tmcpeakyeah I use the brew version19:42
tmcpeakI should probably update19:42
sigmavirus24which means requests can do fancy SNI on system python without needing extra crap19:42
sigmavirus24tmcpeak: only if the CVE in 10.10.4 was fixed19:42
sigmavirus24which would be in the release notes19:42
tmcpeaksigmavirus24: oh no, I mean update brew versions19:43
tmcpeakyep, 2.7.10_2 now19:43
elmikothe only OSX machine i have is still running 2.7.5 from apple19:43
elmikoand otoh, my f21 box is running 2.7.8, not sure what f22 ships with19:44
sigmavirus24elmiko: what version of OSX?19:44
elmikolooks like 2.7.10 is default on f22, and i find fedora's security to be decent for a stable distro19:44
elmikosigmavirus24: it's old, not sure the exact version number. i stopped using it regularly last year sometime19:44
elmikobut i ran into issues just yesterday trying to get a solid pecan app running in a venv on my mac19:45
elmikoand it all came down to weird version stuff with pbr, and mising components needing for compiling something19:45
sigmavirus24elmiko: mostly when I think of "stable" distros I think debian and RHEL19:45
elmiko(which i've run into before)19:45
elmikosigmavirus24: well, yeah, rhel is gonna be behind on the python front, but security-wise i think it does better than debian19:46
sigmavirus24agreed19:47
*** browne has quit IRC19:47
elmikoi give apple props for shipping good standard versions of python, but it seems like i need to use brew, or even macports, if i want to get a fresh python on older mac stuff.19:47
sigmavirus24debian mispatched requests-kerberos right prior to kilo and didn't want to hear a peep about it19:47
sigmavirus24it was a CVE fix across two patches reported in the open19:47
elmikoooph19:47
sigmavirus24They only backported 119:47
tmcpeakallright guys, have a great weekend!19:48
elmikoyou too tmcpeak !19:48
*** dwyde has quit IRC19:56
*** singleth_ has joined #openstack-security20:00
*** dwyde has joined #openstack-security20:01
*** singlethink has quit IRC20:03
*** alejandrito has quit IRC20:04
*** singleth_ has quit IRC20:04
*** yaya has joined #openstack-security20:05
*** yaya has quit IRC20:09
*** bknudson has quit IRC20:27
*** sdake has joined #openstack-security20:27
*** sdake_ has quit IRC20:31
*** browne has joined #openstack-security20:34
*** bpokorny has quit IRC20:49
*** bpokorny has joined #openstack-security20:50
elmikosigmavirus24: still around?21:11
sigmavirus24sort of21:11
sigmavirus24what's up?21:11
elmikohave you ever seen this come out of devstack/glance http://pastebin.test.redhat.com/305456 ?21:11
sigmavirus24server not found21:12
sigmavirus24guess I need to become a red hat employee to view that =P21:13
elmikooops, sorry21:13
elmikounless you're looking for a reference ;) lol21:13
elmikohttp://paste.openstack.org/show/414855/21:13
sigmavirus24sounds familiar elmiko21:14
sigmavirus24that said I've never seen it come out of osc21:14
sigmavirus24it's usually a problem on larger images21:14
elmikothat's kinda what i thought too, but this is like the default image21:15
sigmavirus24I know21:15
sigmavirus24that truly is strange21:17
sigmavirus24does glance have any logs about the error?21:17
elmikoah well, thanks for taking a look21:17
sigmavirus24it's typically to do with token expiration21:17
elmikohmm21:17
sigmavirus24that said, what's your backing store? RBD?21:17
sigmavirus24elmiko: but something that tiny shouldn't take so long21:18
elmikothis is devstack, so it's just the loopback disk21:18
sigmavirus24yeah21:18
sigmavirus24that's really bizarre21:18
sigmavirus24what version of devstack/glance?21:18
elmikochecking21:19
elmikodevstack and glance updated within the last hour, so master...21:20
sigmavirus24anything in g-api?21:20
elmikotrying to get into the machine now21:20
*** jerrygb has joined #openstack-security21:24
elmikosigmavirus24: still working around some issues here, please don't let me hold you up. i just thought you might have seen that before.21:24
sigmavirus24not in a while21:26
*** jerrygb has quit IRC21:30
*** jmckind has quit IRC21:32
*** sdake_ has joined #openstack-security21:35
*** bknudson has joined #openstack-security21:37
*** bpokorny_ has joined #openstack-security21:39
*** sdake has quit IRC21:39
*** dwyde has quit IRC21:40
*** bpokorny has quit IRC21:42
*** tmcpeak has quit IRC21:49
elmikohave a good weekend sigmavirus2421:50
*** elo has joined #openstack-security21:57
sigmavirus24you too22:03
*** jian5397 has quit IRC22:05
*** markvoelker has quit IRC22:15
*** salv-orlando has quit IRC22:25
*** salv-orlando has joined #openstack-security22:27
*** edmondsw has quit IRC22:51
*** voodookid has quit IRC22:58
*** sigmavirus24 is now known as sigmavirus24_awa23:20
*** markvoelker has joined #openstack-security23:31
*** kutija has quit IRC23:32
*** markvoelker has quit IRC23:35
« Thursday, 2015-08-13 Index Saturday, 2015-08-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!