Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: don't unset ICE_CONFIG (fix #191) #193

Merged
merged 1 commit into from
Apr 14, 2020
Merged

cli: don't unset ICE_CONFIG (fix #191) #193

merged 1 commit into from
Apr 14, 2020

Conversation

joshmoore
Copy link
Member

The unsetting of ICE_CONFIG fails on Windows and may
no longer be needed. It was added in 4459405
while working on omero shell.

see: #191

@joshmoore
cli: don't unset ICE_CONFIG (fix ome#191)
8e9395a 
The unsetting of ICE_CONFIG fails on Windows and may
no longer be needed. It was added in 4459405
while working on `omero shell`.

see: ome#191
@manics
Copy link
Member

manics commented Mar 12, 2020
edited
Loading

Should omero login take the contents of ICE_CONFIG into account (it doesn't seem to)?

edit: It takes some e.g. IceSSL.Trace.Security=1 but not all properties into account

@dominikl
Copy link
Member

Looks ok 👍
Didn't notice any change of behaviour on Linux. And on Windows I seem to get one step further now with this PR.
Without PR:
AttributeError: module 'os' has no attribute 'unsetenv'
With PR:
ModuleNotFoundError: No module named 'win32con' etc. (whatever this means)

@dominikl
Copy link
Member

Noticed that too. With and without PR the ICE_CONFIG doesn't seem to have any effect.

@joshmoore
Copy link
Member Author

Should omero login take the contents of ICE_CONFIG into account (it doesn't seem to)?

I didn't do anything to make that work yet. I assume some processes will make use of it, but that itself could be confusing. Do you guys feel that having it fully integrated is needed at this point? Or more of a follow-up?

It takes some e.g. IceSSL.Trace.Security=1 but not all properties into account

What does? Login?

on Windows I seem to get one step further now with this PR.

👍

@dominikl
Copy link
Member

Definitely ok for follow-up.

@manics
Copy link
Member

manics commented Mar 16, 2020 

$ cat ice.config
IceSSL.Trace.Security=1
omero.host=localhost
omero.pass=password

$ ICE_CONFIG=ice.config omero login
-- 03/16/20 13:35:43.860 Security: enabling SSL ciphersuites:
    ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ECDHE_RSA_WITH_AES_256_GCM_SHA384
    ECDHE_RSA_WITH_AES_256_CBC_SHA384
    ECDHE_RSA_WITH_AES_256_CBC_SHA
    ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    ECDH_ECDSA_WITH_AES_256_CBC_SHA
    ECDH_RSA_WITH_AES_256_GCM_SHA384
    ECDH_RSA_WITH_AES_256_CBC_SHA384
    ECDH_RSA_WITH_AES_256_CBC_SHA
    DHE_RSA_WITH_AES_256_GCM_SHA384
    DHE_RSA_WITH_AES_256_CBC_SHA256
    DHE_RSA_WITH_AES_256_CBC_SHA
    RSA_WITH_AES_256_GCM_SHA384
    RSA_WITH_AES_256_CBC_SHA256
    RSA_WITH_AES_256_CBC_SHA
    TLS_AES_256_GCM_SHA384
    DH_anon_WITH_AES_256_GCM_SHA384
    DH_anon_WITH_AES_256_CBC_SHA256
    DH_anon_WITH_AES_256_CBC_SHA
    PSK_WITH_AES_256_CBC_SHA384
    PSK_WITH_AES_256_CBC_SHA
    DH_anon_WITH_AES_128_GCM_SHA256
    DH_anon_WITH_AES_128_CBC_SHA256
    DH_anon_WITH_AES_128_CBC_SHA
-- 03/16/20 13:35:43.874 Network: SSL summary for outgoing connection
   cipher = DH_anon_WITH_AES_256_CBC_SHA
   protocol = TLS 1.0
   local address = 10.50.24.100:52761
   remote address = 10.0.48.9:4064
Previous session expired for USER on EXAMPLE.openmicroscopy.org:4064
Server: [EXAMPLE.openmicroscopy.org:4064]
Username: [USER]
Password:
-- 03/16/20 13:35:48.540 Security: enabling SSL ciphersuites:
    ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ECDHE_RSA_WITH_AES_256_GCM_SHA384
    ECDHE_RSA_WITH_AES_256_CBC_SHA384
    ECDHE_RSA_WITH_AES_256_CBC_SHA
    ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    ECDH_ECDSA_WITH_AES_256_CBC_SHA
    ECDH_RSA_WITH_AES_256_GCM_SHA384
    ECDH_RSA_WITH_AES_256_CBC_SHA384
    ECDH_RSA_WITH_AES_256_CBC_SHA
    DHE_RSA_WITH_AES_256_GCM_SHA384
    DHE_RSA_WITH_AES_256_CBC_SHA256
    DHE_RSA_WITH_AES_256_CBC_SHA
    RSA_WITH_AES_256_GCM_SHA384
    RSA_WITH_AES_256_CBC_SHA256
    RSA_WITH_AES_256_CBC_SHA
    TLS_AES_256_GCM_SHA384
    DH_anon_WITH_AES_256_GCM_SHA384
    DH_anon_WITH_AES_256_CBC_SHA256
    DH_anon_WITH_AES_256_CBC_SHA
    PSK_WITH_AES_256_CBC_SHA384
    PSK_WITH_AES_256_CBC_SHA
    DH_anon_WITH_AES_128_GCM_SHA256
    DH_anon_WITH_AES_128_CBC_SHA256
    DH_anon_WITH_AES_128_CBC_SHA
-- 03/16/20 13:35:48.554 Network: SSL summary for outgoing connection
   cipher = DH_anon_WITH_AES_256_CBC_SHA
   protocol = TLS 1.0
   local address = 10.50.24.100:52762
   remote address = 10.0.48.9:4064
Created session for [email protected]:4064. Idle timeout: 10 min. Current group: read-only-1

@joshmoore joshmoore self-assigned this Mar 16, 2020
@joshmoore joshmoore marked this pull request as ready for review April 8, 2020 13:23
@joshmoore
Copy link
Member Author

This has been in for a while. With more testing happening on Windows, I'd propose getting it in & released and then handling the propagation to login separately.

@joshmoore
Copy link
Member Author

General thumbs up today on getting this in. As there are no other merged PRs that need releasing, I'd propose only releasing this as a dev release at most.

@joshmoore joshmoore merged commit 7b0dc47 into ome:master Apr 14, 2020
@joshmoore joshmoore deleted the unsetenv branch April 14, 2020 12:54
@sbesson sbesson added this to the 5.6.3 milestone Jun 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@joshmoore joshmoore

Labels
None yet
Projects
None yet
Milestone
5.7.0
Development

Successfully merging this pull request may close these issues.
4 participants
@joshmoore @manics @dominikl @sbesson