On 10/9/25 16:31, Ivan Marton wrote:
It seems to me that the underlying cryptography module does support
[...] these public keys since https://github.com/pyca/cryptography/ commit/51a6dd28ccbb7587fff9e951299b17aac39ee5cc <https://github.com/ pyca/cryptography/commit/51a6dd28ccbb7587fff9e951299b17aac39ee5cc>. That commit appeared in version 43.0.0 first. (In 2.7 that I see in https:// github.com/openstack/nova/blob/076498ed95958a5d6ccb784f3d336657584bc63a/ requirements.txt#L13 <https://github.com/openstack/nova/ blob/076498ed95958a5d6ccb784f3d336657584bc63a/requirements.txt#L13> this was still not there. 2.7 was released on May 31, 2019, while 43.0.0 on Jul 20, 2024.)
Is there chance to have that dependency being bumped up to some newer version?
You and Clark are correct, whether or not Nova supports the key types depends only on the version of the Python 'cryptography' library installed as it does not deal with the key types directly. IMO we could bump the required version for release versions circa 2024 and newer. As long as 43.0.0 is available for install in the common distros of the time. That said, the version in the requirements.txt represents the minimum version needed to use Nova in general, as using newer key types is not strictly "required". What really matters is the version indicated in the upper-constraints.txt [1] for the given Nova release. The version on the master branch allows up to version 43.0.3 as of today. This version is also shown as the upper bound for OpenStack versions 2025.2 and 2025.1. Generally upper bound versions are selected within the range of the common distros package versions at the time of that OpenStack release. Note that I don't think you actually have to adhere to upper-constraints.txt either in your environment depending on how you deploy. If you are able to install cryptography 43.0.0 in your environment, you should automatically get Nova working with it (after service restart). This was my experience anyway in the past with https://bugs.launchpad.net/nova/+bug/1555521. -melwitt [1] https://opendev.org/openstack/requirements/src/commit/af5fa8a98f1f093d01d87f...