-
Notifications
You must be signed in to change notification settings - Fork 420
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression: Version 16.1 doesn't work with Kodi #542
Comments
I see no pyOpenSSL in your traceback; urllib2 uses the standard library's ssl module. But there seems to be a call to an uninitialized cryptography? Sadly there’s no details why or by whom it is called? Maybe @reaperhulk can make sense of this but from my vantage point pyOpenSSL isn’t really involved. Is it used by kodi at all? |
It smells like a problem with mod_wsgi subinterpreters and cryptography's random engine hook. |
Kodi isn't a web application and doesn't use mod_wsgi. As for how Kodi uses pyopenssl, I don't know - but, I do know that if one uses a version of pyopenssl before 16.1 (I tested with 15.1 and 16.0) Kodi works fine. So it has to be a regression in pyopenssl 16.1 because that is the only variable. I can guess that perhaps the problem is that pyopenssl configures openssl different in 16.1 than in previous versions and there's a threading issue causing that configuration to be applied to urllib2 (which uses openssl but not via pyopenssl). |
I've looked at Kodi's source before and it is a Python subinterpreter problem. It's possible we stopped disabling cryptography's osrandom engine in pyopenssl 16.1? @candrews inside the youtube video plugin if you can find where it imports from OpenSSL (probably
|
I don't recall pyOpenSSL disabling the osrandom engine. On Sun, Sep 18, 2016 at 12:57 PM, Paul Kehrer notifications@github.com
"I disapprove of what you say, but I will defend to the death your right to |
@alex originally we never imported the backend at all, just the binding. So we never enabled the engine. |
Ah, so now that we import the backend from On Sun, Sep 18, 2016 at 12:58 PM, Paul Kehrer notifications@github.com
"I disapprove of what you say, but I will defend to the death your right to |
Yep. Damn global side effects. |
Any ideas how to proceed? Simplest fix would be to move the imports into those functions and release a 16.1.1 I guess? |
We just need to call |
Uhhh, sounds bad, I would definitely be opposed to a patch that did that. |
We intentionally didn't want to have pyopenssl use the osrandom engine in the past. This is why the binding doesn't activate it, only the backend. Now things are trickier since we're using higher levels of cryptography's APIs inside pyopenssl. Disabling osrandom is unfortunate, but we've repeatedly run into concrete breakage due to use of subinterpeters. It's not hard to find persistent suggestions in various forums that people downgrade their cryptography versions to avoid these bugs, which is pretty terrible. With this change we've created the same problem in pyopenssl and given users of tools like kodi a strong incentive to pin at 16.0 forever. One solution would be to go back to a C based osrandom, but you've strongly resisted that option in the past due to the increase in complexity it requires. I'd suggest that we can't have our cake and eat it too any more. We need to do something distasteful -- either we hoist osrandom back into C or we disable osrandom engine (first in pyopenssl but also ultimately in cryptography). Given that the latter poses major risk to any user forking processes it seems like there's really only one way forward.
|
I'd prefer moving the osrandom engine back to C code. If we put the On Tue, Sep 20, 2016 at 10:13 AM, Paul Kehrer notifications@github.com
"I disapprove of what you say, but I will defend to the death your right to |
This should be resolved in 16.2.0 (a workaround for now, osrandom improvements in the future) |
As a kodi user I can confirm that the problem is still there. |
Is there a way for your to verify what versions Kodi is actually using? You seem to be mixing packages from multiples sources and it’s hard to guess, which are actually used. |
I have a plain 16.04 version of ubuntu, afaik the kodi that comes with it is this: https://launchpad.net/~team-xbmc/+archive/ubuntu/ppa |
The problem continues. I tried pyOpenSSL 16 (stock in Fedora) and pyOpenSSL 16.2 (which I compiled myself). No difference. Errno 0. That's absurd, how can an error have errno zero? |
For the record, this is the version of cryptography I am using (derived directly from the file that Kodi has open in question):
You can find this package in the Fedora Koji system if you need to inspect its contents. |
Actually, incorrect. Downgrading doesn't fix it. |
That indicates strongly that Kodi is not picking up your pyOpenSSL installations. |
It is. I confirmed by hacking on the source of the Kodi plugin that uses urllib2, and it is picking the distribution's pyOpenSSL (16 or 16.2, either of them I tried). I looked at the Here's what makes me think it's a problem with either urllib2 or pyOpenSSL: If I import the OpenSSL module at the top of the source file of the Kodi plugin, then urllib2 stops spewing the Errno 0 errors. So it's a side effect somewhere, related to loading the pyOpenSSL module later than at top-of-module-source. When it loads early (before urllib2 makes its first request) everything works fine. I've confirmed this is the case. Check the referred bug one comment above yours for a patch that "fixes" the problem with the plugin by loading pyOpenSSL before urllib2. |
Is this fixed in Ubuntu 17.04? I applied one of the workarounds I found on the web to 16.04 and got things working but a subsequent regular software update appears to have reverted the fix because the problem is happening again. I'm fed up so considering a distribution upgrade. |
I don't know what versions are packaged with Ubuntu but this issue is fully resolved by upgrading cryptography to 1.7 or better and is also likely to be resolved by upgrading to pyOpenSSL 16.2 or better. The latter is just a workaround, the cryptography upgrade fixes the underlying issue. |
Good news! Ubuntu 17.04 has python-cryptography 1.7.1-2 and all Kodi add-ons are updating correctly. |
Is it possible to fix this for Ubuntu 16.04, too? |
You'll have to update cryptography yourself. Ubuntu won't backport the package update. |
Ah, thank you for letting me know, @reaperhulk ! The other option then is to update my Linux Mint... probably in October. I can wait until then. |
We have had multiple issues with Ubuntu 16.04 using an outdated version of the Python cryptography module that causes strange SSL behavior. Example for this is not being able to connect to SSL sites. This commit introduces a check on initialization of the interpreter to make sure that we use a compatible version. See also: pyca/pyopenssl#542 (comment) https://forum.kodi.tv/showthread.php?tid=335786
We have had multiple issues with Ubuntu 16.04 using an outdated version of the Python cryptography module that causes strange SSL behavior. Example for this is not being able to connect to SSL sites. This commit introduces a check on initialization of the interpreter to make sure that we use a compatible version. See also: pyca/pyopenssl#542 (comment) https://forum.kodi.tv/showthread.php?tid=335786
We have had multiple issues with Ubuntu 16.04 using an outdated version of the Python cryptography module that causes strange SSL behavior. Example for this is not being able to connect to SSL sites. This commit introduces a check on Kodi startup so the user is aware of the issue. See also: pyca/pyopenssl#542 (comment) https://forum.kodi.tv/showthread.php?tid=335786
We have had multiple issues with Ubuntu 16.04 using an outdated version of the Python cryptography module that causes strange SSL behavior. Example for this is not being able to connect to SSL sites. This commit introduces a check on Kodi startup so the user is aware of the issue. See also: pyca/pyopenssl#542 (comment) https://forum.kodi.tv/showthread.php?tid=335786
I'm a user of Kodi, not a developer, so I apologize ahead of time for the lack of detail in this bug report.
Versions 15.1 and 16.0 work fine.
Version 0.16.1 does not work with Kodi. I've reported the issue to Kodi at http://trac.kodi.tv/ticket/16914
In short, when you try to perform an operation in Kodi that's implemented using urllib2, such as playing a Youtube video, playback fails, this error is sent to stdout:
and this stack trace is logged:
The text was updated successfully, but these errors were encountered: