Heroku and block_type='MODE_CBC' causes errors

[snoepkast]

As per the recommendation in the source code we switched to block_type='MODE_CBC' for our encrypted fields, only to get the following error:

AssertionError
PID check failed. RNG must be re-initialized after fork(). Hint: Try Random.atfork()

Which is thrown by the Crypto library. After some googling around it seems this problem occurs when that library is used in combination with threading. So for example Celery and Heroku.

It is quite easy to fix, just call the Random.atfork() function before using Random in BaseEncryptedField (fields.py line 55 & 111).

[svetlyak40wt]

I digged into the sources of pycrypto and found that there is very heavy lifting behind the atfork. Don't think it is a good idea to call it before any call to crypto library. Are there any hooks in celery to call atfork when worker was started?

[snoepkast]

Yeah both Django and Celery have hooks for this, but it would mean django-fields by default doesn't work when you use Heroku/similar platforms or Celery. Plus passing this along as an optional argument to the field would be nicer as this would fix the issue in one place instead of all over the codebase (for everything that works threaded a seperate fix, maybe even without hooks to attach to).

Either way the docs should be updated to mention this I think.

[svetlyak40wt]

As I understand threaded model is not affected. This issue is related to forked execution.
Feel free to add a note to the documentation and possible an example how to fix it through celery's hooks.

[stanleytang]

I'm facing the same issue too with Heroku. What did you end up doing to resolve this?

[snoepkast]

At the bottom of your wsgi.py (but as of django 1.7 this could go in apps.py)

from Crypto import Random
Random.atfork()

Somewhere in your tasks.py:

from celery.signals import task_prerun
def _task_prerun_listener(**kwargs):
    Random.atfork()
task_prerun.connect(_task_prerun_listener)