[openstack-dev] [nova][glance][barbican][kite][requirements] pycrypto vs pycryptodome
robertc at robertcollins.net
Tue Feb 16 22:30:44 UTC 2016
- pin anything that moves
- start being strict ourselves to prepare for moving
- work with paramiko to help them move
Sadly Python doesn't have either-or dependencies as yet, so we're
going to be in the position of having to override pip for some time
during the migration process.
On 15 February 2016 at 11:16, Davanum Srinivas <davanum at gmail.com> wrote:
> Short Story:
> pycryptodome if installed inadvertently will break several projects:
> Example : https://review.openstack.org/#/c/279926/
> Long Story:
> There's a new kid in town pycryptodome:
> Because pycrypto itself has not been maintained for a while:
> So folks like pysaml2 and paramiko are trying to switch over:
> In fact pysaml2===4.0.3 has already switched over. So the requirements
> bot/script has been trying to alert us to this new dependency, you can
> see Nova fail.
> Why does it fail? For example, the new library is strict about getting
> bytes for keys and has dropped some parameters in methods. for
> Another problem, if pycrypto gets installed last then things will
> work, if it pycryptodome gets installed last, things will fail. So we
> definitely cannot allow both in our global-requirements and
> upper-constraints. We can always try to pin stuff, but things will
> fail as there are a lot of jobs that do not honor upper-constraints.
> And things will fail in the field for Mitaka.
> So what can we do? One possibility is to pin requirements and hope for
> the best. Another is to tolerate the install of either pycrypto or
> pycryptodome and test both combinations so we don't have to fight this
> Example for Nova : https://review.openstack.org/#/c/279909/
> Example for Glance : https://review.openstack.org/#/c/280008/
> Example for Barbican : https://review.openstack.org/#/c/280014/
> What do you think?
> Davanum Srinivas :: https://twitter.com/dims
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
Robert Collins <rbtcollins at hpe.com>
HP Converged Cloud
More information about the OpenStack-dev