Open Stack

On Wed, Feb 14, 2018 at 01:59:29PM -0600, Matthew Thode wrote:
> On 18-02-14 13:55:53, Sean McGinnis wrote:
> > On Wed, Feb 14, 2018 at 10:09:47AM -0600, Matthew Thode wrote:
> > > Development has stalled, (since 2014).  It's been forked but now would
> > > be a good time to move to a more actively maintained crypto library like
> > > cryptography.
> > > 
> > > Requirements wishes to drop pycrypto.  Let me know if there's anything
> > > we can do to facilitate this.
> > > 
> > > -- 
> > > Matthew Thode (prometheanfire)
> > 
> > We did have a discussion on the ML, and I think a little at one of the PTGs,
> > about the path forward for this. IIRC, there was one other potential supported
> > package that was considered for an option, but we settled on cryptography as
> > the recommended path forward to get off of pycrypto. I think it had to do with
> > ease of being able to just drop in the new package with minimal affected code.
> > 
> 
> Yep, I remember it, I'm not mentioning it because I'd like to focus on
> moving to cryptography rather than move to the fork.

Seems like a good PTG ad-hoc session.

But looking at the dump below I don't actually think that we have that much work to do to switch.

$ get-all-requirements.py --all --pkgs pycrypto
Package      : pycrypto [pycrypto>=2.6] (used by 11 projects)
Included in  : 4 projects
openstack/barbican                            [cycle-with-milestones]
openstack/freezer                             [cycle-with-milestones]
openstack/solum                               [cycle-with-intermediary]
openstack/trove                               [cycle-with-milestones]
Also affects : 7 projects
openstack-dev/heat-cfnclient                  [None]
openstack/compass-core                        [None]
openstack/nova-powervm                        [None]
openstack/openstack-ansible                   [cycle-trailing]
openstack/pyghmi                              [None]
openstack/rpm-packaging                       [None]
openstack/tatu                                [None]

$ bash ./check_more_pycrypto.sh openstack/barbican openstack/freezer openstack/solum openstack/trove openstack-dev/heat-cfnclient openstack/compass-core openstack/nova-powervm openstack/openstack-ansible openstack/pyghmi openstack/rpm-packaging openstack/tatu
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:555:    def test_should_return_for_pycrypto_stored_key_with_passphrase(self):
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:597:    def test_should_return_for_pycrypto_stored_key_without_passphrase(self):
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:632:    def test_should_raise_for_pycrypto_stored_key_no_container(self):
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:666:    def test_should_raise_for_pycrypto_stored_key_no_private_key(self):
openstack/barbican:origin/master:requirements.txt:25:pycrypto>=2.6 # Public Domain
openstack/barbican:origin/master:barbican/plugin/dogtag.py:22:from Crypto.PublicKey import RSA  # nosec
openstack/barbican:origin/master:barbican/plugin/dogtag.py:23:from Crypto.Util import asn1  # nosec
openstack/barbican:origin/master:barbican/tests/plugin/test_dogtag.py:21:from Crypto.PublicKey import RSA  # nosec
openstack/freezer:origin/master:README.rst:127:-  pycrypto
openstack/freezer:origin/master:README.rst:590:restore. When a key is provided, it uses OpenSSL or pycrypto module (OpenSSL compatible)
openstack/freezer:origin/master:requirements.txt:21:pycrypto>=2.6 # Public Domain
openstack/freezer:origin/master:freezer/utils/crypt.py:17:from Crypto.Cipher import AES
openstack/freezer:origin/master:freezer/utils/crypt.py:18:from Crypto import Random
openstack/solum:origin/master:devstack/devstack-provenance:253:pip|pycrypto|2.6.1
openstack/solum:origin/master:requirements.txt:24:pycrypto>=2.6 # Public Domain
openstack/solum:origin/master:solum/api/handlers/plan_handler.py:20:from Crypto.PublicKey import RSA
openstack/solum:origin/master:solum/common/utils.py:14:from Crypto.Cipher import AES
openstack/trove:origin/master:integration/scripts/files/requirements/fedora-requirements.txt:30:pycrypto>=2.6  # Public Domain
openstack/trove:origin/master:integration/scripts/files/requirements/ubuntu-requirements.txt:29:pycrypto>=2.6  # Public Domain
openstack/trove:origin/master:requirements.txt:47:pycrypto>=2.6 # Public Domain
openstack/trove:origin/master:trove/common/crypto_utils.py:19:from Crypto.Cipher import AES
openstack/trove:origin/master:trove/common/crypto_utils.py:20:from Crypto import Random
openstack/trove:origin/master:trove/tests/unittests/common/test_crypto_utils.py:17:from Crypto import Random
openstack/trove:origin/master:trove/tests/unittests/common/test_stream_codecs.py:17:from Crypto import Random
openstack/compass-core:origin/master:test-requirements.txt:9:pycrypto
openstack/nova-powervm:origin/master:test-requirements.txt:8:pycrypto>=2.6 # Public Domain
openstack/pyghmi:origin/master:requirements.txt:1:pycrypto>=2.6
openstack/pyghmi:origin/master:pyghmi/ipmi/private/session.py:30:from Crypto.Cipher import AES
openstack/rpm-packaging:origin/master:openstack/freezer/freezer.spec.j2:42:BuildRequires:  {{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:openstack/freezer/freezer.spec.j2:87:Requires:       {{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:openstack/keystoneauth1/keystoneauth1.spec.j2:24:BuildRequires:  {{ py2pkg('pycrypto', py_versions=['py2', 'py3']) }}
openstack/rpm-packaging:origin/master:openstack/keystonemiddleware/keystonemiddleware.spec.j2:27:BuildRequires:  {{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:openstack/pyghmi/pyghmi.spec.j2:17:BuildRequires:  {{ py2pkg('pycrypto', py_versions=['py2', 'py3']) }}
openstack/rpm-packaging:origin/master:openstack/pyghmi/pyghmi.spec.j2:18:Requires:       {{ py2pkg('pycrypto')  }}
openstack/rpm-packaging:origin/master:openstack/python-troveclient/python-troveclient.spec.j2:20:BuildRequires:  {{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:requirements.txt:192:pycrypto>=2.6  # Public Domain
openstack/rpm-packaging:origin/master:requirements.txt:228:# NOTE(dims): pysaml 4.0.3 uses pycryptodome instead of pycrypto, for mitaka
openstack/rpm-packaging:origin/master:requirements.txt:229:# we cannot switch to pycryptodome as many projects are likely to break. So
openstack/rpm-packaging:origin/master:requirements.txt:231:# dependencies like paramiko switch to pycryptodome, we should revisit this
openstack/rpm-packaging:origin/master:requirements.txt:232:# and fully switch over to pycryptodome and stop using pycrypto
openstack/tatu:origin/master:requirements.txt:7:pycrypto>=2.6.1
openstack/tatu:origin/master:test-requirements.txt:7:pycrypto>=2.6.1
openstack/tatu:origin/master:scripts/get-user-cert:20:from Crypto.PublicKey import RSA
openstack/tatu:origin/master:scripts/revoke-user-cert:20:from Crypto.PublicKey import RSA
openstack/tatu:origin/master:tatu/api/models.py:17:from Crypto.PublicKey import RSA
openstack/tatu:origin/master:tatu/db/models.py:13:from Crypto.PublicKey import RSA
openstack/tatu:origin/master:tatu/ftests/test_api.py:13:from Crypto.PublicKey import RSA
openstack/tatu:origin/master:tatu/tests/test_app.py:13:from Crypto.PublicKey import RSA


Yours Tony.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180216/5cca17e6/attachment.sig>