-
Notifications
You must be signed in to change notification settings - Fork 425
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing temporary file creation for Windows #665
base: master
Are you sure you want to change the base?
Fixing temporary file creation for Windows #665
Conversation
Codecov Report
@@ Coverage Diff @@
## master #665 +/- ##
==========================================
+ Coverage 65.05% 65.06% +<.01%
==========================================
Files 102 102
Lines 25670 25676 +6
==========================================
+ Hits 16700 16705 +5
- Misses 8970 8971 +1
Continue to review full report at Codecov.
|
Oh also, the method for creating tempfiles on Windows does not do anything with the |
You can even run a schedular to delete .xml files older than 10minutes |
the You mentioned two errors:
Can you identify what was that fixed the first error and led to the second error? The first issue sounds like file permissions and the second sound like a strange race condition with file locks. On the diff per se, using Both of the above two scenarios are handled by
This might probably affect us since the file is opened, written, and then passed around. It seems from reading this issue that the real problem is that when the temp files are created, because the system is on windows the # Setting O_TEMPORARY in the flags causes the OS to delete
# the file when it is closed. This is only supported by Windows.
if _os.name == 'nt' and delete:
flags |= _os.O_TEMPORARY So I would suggest if possible to test if the issue still exists with the If this works what we have to do is update the documentation and set the |
Thanks for doing the research and the detailed response. I don't see a way to pass the If we use |
The first error was fixed by removing |
When you say "removing NamedTemporaryFile" you mean that you replaced it with some other file creation function?
Pass it to
Since we provide a way to *nix systems to automatically delete these temp files (and don't rely to some third party script/cron job to do it) for the sake of consistency I think we should also provide a way to do it in Windows as well |
This does not function as expected in Windows and this issue is referenced in the python documentation.
Essentially, we could not open this file again on our windows environment, which meant that xmlsec was unable to use the file for verifying the signature. |
# `NamedTemporaryFile` is not very reliable on Windows, so we'll make a | ||
# tempfile a different way. | ||
if sys.platform == 'win32': | ||
return open(os.path.join(gettempdir(), '%s.%s' % (uuid4(), suffix)), 'w+b') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will this ever be cleaned up?
This is very nasty on Python's part. I am really sad for this state of things. The option being discussed, is to implement "NamedTemporaryFiles" some other way. To be complete, this should support deleting/cleaning-up those files, when closed. Is there something like that out there? What do other projects do? Another option is to stop using files and use actual bindings to the xmlsec lib. I would prefer we invest time in this option. There is already a wrapper for xmlsec: https://github.com/mehcode/python-xmlsec Another lib we can look into is signxml: https://github.com/XML-Security/signxml Would someone like to see how we can use this to sign/verify/encrypt/decrypt an xml document? |
I've encountered this issue as well, it seems to be entirely a Windows problem in so much that temporary files created with the Naturally, I wouldn't recommend that solution to everyone, though. |
thank you for the feedback since I didn't have a windows vm to try this solution out. As it seems, the fact that we use a subprocess call to |
Having this same issue on windows, any ETA when this will be merged? |
Not yet to be honest. This needs some discussion on how to handle and when to free up these files. We should come up (if possible) with a common solution for all OS instead of adding flags to check if it's windows or some other *nix OS |
i ran into this problem. NamedTemporaryFile should never be used on windows or linux. it is fully bugged and can even result in an an infinite loop. uuid mechanism is the best mechanism. check out: python/cpython#66305 and https://stackoverflow.com/a/58955530/627042 |
hi @earonesty, and thanks for commenting back on this. I think using The alternative choice would be to start using the xmlsec bindings and avoid creating files altogether, but that would go into a separate backend. |
python 3.12 finally has a better fix for this one; |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #665 +/- ##
=======================================
Coverage 65.05% 65.06%
=======================================
Files 102 102
Lines 25670 25676 +6
=======================================
+ Hits 16700 16705 +5
- Misses 8970 8971 +1 ☔ View full report in Codecov by Sentry. |
We were having issues with the temporary files created by this library on Windows not being readable by the
xmlsec
process. I don't totally understand the problem, but it seems like IIS was retaining some kind of lock on the created files, so thexmlsec
process couldn't open them for reading. This resulted in 2 different errors:xmlsec --verify
failed because it could not read the temporary PEM file that was created for the operationxmlsec --verify
hung indefinitely because it could not access the file created for--output
to go into.I also see that
NamedTemporaryFile
has some odd behavior on Windows as noted in the Python documentation: https://docs.python.org/3/library/tempfile.html#tempfile.NamedTemporaryFileThis PR changes the way tempfiles are written on Windows. It still writes them to the temp directory as determined by
tempfile.gettempdir()
, but just uses regularopen
instead ofNamedTemporaryFile
.uuid4()
is used to generate a unique-ish filename. This fix seems to work well on our Windows server and locally on Windows machines. I'm not sure if this is the best way to do it though---open to other implementations if you don't like this one.Thanks!