Bug 1553517
Summary: | Bump python-cryptography to >=2.1 | |||
---|---|---|---|---|
Product: | [Community] RDO | Reporter: | Carlos Goncalves <cgoncalves> | |
Component: | distribution | Assignee: | Alfredo Moralejo <amoralej> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Shai Revivo <srevivo> | |
Severity: | urgent | Docs Contact: | ||
Priority: | unspecified | |||
Version: | trunk | CC: | amoralej, amuller, jschluet, markmc, srevivo | |
Target Milestone: | --- | Keywords: | Rebase | |
Target Release: | trunk | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1553752 1556933 (view as bug list) | Environment: | ||
Last Closed: | 2018-03-29 07:57:51 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1553520, 1553521, 1554409, 1556933 |
Description
Carlos Goncalves
2018-03-09 01:09:24 UTC
python-cryptography>=1.9 is not good enough as recently discovered with a new gate using lower-constraints [1]. Octavia requires python-cryptography>=2.1. Version bump being requested upstream for global-requirements.txt and lower-constraints.txt in [2]. [1] https://review.openstack.org/#/c/553134/ [2] https://review.openstack.org/#/c/553136/ We are bumping python-cryptography to 2.1.4. This introduces new dependencies: - cryptography-vectors (required same version as cryptography) - python-cffi >= 1.7.0 is required for updated cryptography (updating to 1.11.2, overriding version in RHEL7) - python-asn1crypto = 0.23.0, new dependency for updated python-cryptography Currently we are hitting an issue because of a non-backwards compatible change in python-cryptography-2.1: BACKWARDS INCOMPATIBLE: :attr:`DNSName.value <cryptography.x509.DNSName.value>`, :attr:`RFC822Name.value <cryptography.x509.RFC822Name.value>`, and :attr:`UniformResourceIdentifier.value <cryptography.x509.UniformResourceIdentifier.value>` will now return an :term:`A-label` string when parsing a certificate containing an internationalized domain name (IDN) or if the caller passed a :term:`U-label` to the constructor. See below for additional deprecations related to this change. This is making puppet-openstack-integration jobs to fail and we are still evaluating the impact. |