On Wed, Feb 14, 2018 at 01:59:29PM -0600, Matthew Thode wrote: > On 18-02-14 13:55:53, Sean McGinnis wrote: > > On Wed, Feb 14, 2018 at 10:09:47AM -0600, Matthew Thode wrote: > > > Development has stalled, (since 2014). It's been forked but now would > > > be a good time to move to a more actively maintained crypto library like > > > cryptography. > > > > > > Requirements wishes to drop pycrypto. Let me know if there's anything > > > we can do to facilitate this. > > > > > > -- > > > Matthew Thode (prometheanfire) > > > > We did have a discussion on the ML, and I think a little at one of the PTGs, > > about the path forward for this. IIRC, there was one other potential > > supported > > package that was considered for an option, but we settled on cryptography as > > the recommended path forward to get off of pycrypto. I think it had to do > > with > > ease of being able to just drop in the new package with minimal affected > > code. > > > > Yep, I remember it, I'm not mentioning it because I'd like to focus on > moving to cryptography rather than move to the fork.
Seems like a good PTG ad-hoc session.
But looking at the dump below I don't actually think that we have that much
work to do to switch.
$ get-all-requirements.py --all --pkgs pycrypto
Package : pycrypto [pycrypto>=2.6] (used by 11 projects)
Included in : 4 projects
openstack/barbican [cycle-with-milestones]
openstack/freezer [cycle-with-milestones]
openstack/solum [cycle-with-intermediary]
openstack/trove [cycle-with-milestones]
Also affects : 7 projects
openstack-dev/heat-cfnclient [None]
openstack/compass-core [None]
openstack/nova-powervm [None]
openstack/openstack-ansible [cycle-trailing]
openstack/pyghmi [None]
openstack/rpm-packaging [None]
openstack/tatu [None]
$ bash ./check_more_pycrypto.sh openstack/barbican openstack/freezer
openstack/solum openstack/trove openstack-dev/heat-cfnclient
openstack/compass-core openstack/nova-powervm openstack/openstack-ansible
openstack/pyghmi openstack/rpm-packaging openstack/tatu
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:555:
def test_should_return_for_pycrypto_stored_key_with_passphrase(self):
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:597:
def test_should_return_for_pycrypto_stored_key_without_passphrase(self):
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:632:
def test_should_raise_for_pycrypto_stored_key_no_container(self):
openstack/barbican:origin/master:barbican/tests/tasks/test_certificate_resources.py:666:
def test_should_raise_for_pycrypto_stored_key_no_private_key(self):
openstack/barbican:origin/master:requirements.txt:25:pycrypto>=2.6 # Public
Domain
openstack/barbican:origin/master:barbican/plugin/dogtag.py:22:from
Crypto.PublicKey import RSA # nosec
openstack/barbican:origin/master:barbican/plugin/dogtag.py:23:from Crypto.Util
import asn1 # nosec
openstack/barbican:origin/master:barbican/tests/plugin/test_dogtag.py:21:from
Crypto.PublicKey import RSA # nosec
openstack/freezer:origin/master:README.rst:127:- pycrypto
openstack/freezer:origin/master:README.rst:590:restore. When a key is provided,
it uses OpenSSL or pycrypto module (OpenSSL compatible)
openstack/freezer:origin/master:requirements.txt:21:pycrypto>=2.6 # Public
Domain
openstack/freezer:origin/master:freezer/utils/crypt.py:17:from Crypto.Cipher
import AES
openstack/freezer:origin/master:freezer/utils/crypt.py:18:from Crypto import
Random
openstack/solum:origin/master:devstack/devstack-provenance:253:pip|pycrypto|2.6.1
openstack/solum:origin/master:requirements.txt:24:pycrypto>=2.6 # Public Domain
openstack/solum:origin/master:solum/api/handlers/plan_handler.py:20:from
Crypto.PublicKey import RSA
openstack/solum:origin/master:solum/common/utils.py:14:from Crypto.Cipher
import AES
openstack/trove:origin/master:integration/scripts/files/requirements/fedora-requirements.txt:30:pycrypto>=2.6
# Public Domain
openstack/trove:origin/master:integration/scripts/files/requirements/ubuntu-requirements.txt:29:pycrypto>=2.6
# Public Domain
openstack/trove:origin/master:requirements.txt:47:pycrypto>=2.6 # Public Domain
openstack/trove:origin/master:trove/common/crypto_utils.py:19:from
Crypto.Cipher import AES
openstack/trove:origin/master:trove/common/crypto_utils.py:20:from Crypto
import Random
openstack/trove:origin/master:trove/tests/unittests/common/test_crypto_utils.py:17:from
Crypto import Random
openstack/trove:origin/master:trove/tests/unittests/common/test_stream_codecs.py:17:from
Crypto import Random
openstack/compass-core:origin/master:test-requirements.txt:9:pycrypto
openstack/nova-powervm:origin/master:test-requirements.txt:8:pycrypto>=2.6 #
Public Domain
openstack/pyghmi:origin/master:requirements.txt:1:pycrypto>=2.6
openstack/pyghmi:origin/master:pyghmi/ipmi/private/session.py:30:from
Crypto.Cipher import AES
openstack/rpm-packaging:origin/master:openstack/freezer/freezer.spec.j2:42:BuildRequires:
{{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:openstack/freezer/freezer.spec.j2:87:Requires:
{{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:openstack/keystoneauth1/keystoneauth1.spec.j2:24:BuildRequires:
{{ py2pkg('pycrypto', py_versions=['py2', 'py3']) }}
openstack/rpm-packaging:origin/master:openstack/keystonemiddleware/keystonemiddleware.spec.j2:27:BuildRequires:
{{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:openstack/pyghmi/pyghmi.spec.j2:17:BuildRequires:
{{ py2pkg('pycrypto', py_versions=['py2', 'py3']) }}
openstack/rpm-packaging:origin/master:openstack/pyghmi/pyghmi.spec.j2:18:Requires:
{{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:openstack/python-troveclient/python-troveclient.spec.j2:20:BuildRequires:
{{ py2pkg('pycrypto') }}
openstack/rpm-packaging:origin/master:requirements.txt:192:pycrypto>=2.6 #
Public Domain
openstack/rpm-packaging:origin/master:requirements.txt:228:# NOTE(dims): pysaml
4.0.3 uses pycryptodome instead of pycrypto, for mitaka
openstack/rpm-packaging:origin/master:requirements.txt:229:# we cannot switch
to pycryptodome as many projects are likely to break. So
openstack/rpm-packaging:origin/master:requirements.txt:231:# dependencies like
paramiko switch to pycryptodome, we should revisit this
openstack/rpm-packaging:origin/master:requirements.txt:232:# and fully switch
over to pycryptodome and stop using pycrypto
openstack/tatu:origin/master:requirements.txt:7:pycrypto>=2.6.1
openstack/tatu:origin/master:test-requirements.txt:7:pycrypto>=2.6.1
openstack/tatu:origin/master:scripts/get-user-cert:20:from Crypto.PublicKey
import RSA
openstack/tatu:origin/master:scripts/revoke-user-cert:20:from Crypto.PublicKey
import RSA
openstack/tatu:origin/master:tatu/api/models.py:17:from Crypto.PublicKey import
RSA
openstack/tatu:origin/master:tatu/db/models.py:13:from Crypto.PublicKey import
RSA
openstack/tatu:origin/master:tatu/ftests/test_api.py:13:from Crypto.PublicKey
import RSA
openstack/tatu:origin/master:tatu/tests/test_app.py:13:from Crypto.PublicKey
import RSA
Yours Tony.
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
