Bug 1761081

Summary: python-cryptography: Remove (sub)packages from Fedora 32+: python2-cryptography
Product: [Fedora] Fedora Reporter: Miro Hrončok <mhroncok>
Component: python-cryptographyAssignee: Jeremy Cline <jeremy>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: cheimes, cstratak, igor.raits, itamar, jeremy, lbalhar, mhroncok, ngompa13, nick, npmccallum, pviktori, rbarlow, terrycwk1994, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-cryptography-2.6.1-3.fc32 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-14 08:32:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1760139, 1761194    
Bug Blocks: 1625773, 1698500, 1761082, 1761083, 1761084, 1761085    

Description Miro Hrončok 2019-10-12 10:20:36 UTC 
In line with the Mass Python 2 Package Removal [0], the following (sub)packages of python-cryptography were marked for removal:

 * python2-cryptography

According to our query, those (sub)packages only provide a Python 2 importable module. If this is not true, please tell us why, so we can fix our query.

Please remove them from your package in Rawhide (Fedora 32).

Please don't remove packages from Fedora 31, it is past Beta Freeze.
Please don't do this for Fedora 30/29 either, removing packages from a released Fedora branch is forbidden.

As said in the change document, if there is no objection in a week, we will remove the package(s) as soon as we get to it. This change might not match your packaging style, so we'd prefer if you did the change. If you need more time, please let us know here.

If you do the change yourself, it would help us a lot by reducing the amount of packages we need to mass change.

We hope this doesn't come to you as a surprise. If you want to know our motivation for this, please read the change document [0].

[0] https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal
Comment 1 Christian Heimes 2019-10-12 19:31:57 UTC 
python-cryptography-2.7-2.fc32.src.rpm FTBFS, see scratch build https://koji.fedoraproject.org/koji/taskinfo?taskID=38243094

Two tests are failing on F32, I'll investigate on Monday:

=================================== FAILURES ===================================
_____________________ TestDH.test_dh_parameters_supported ______________________
self = <tests.hazmat.primitives.test_dh.TestDH object at 0x7f14a6900730>
backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>
    def test_dh_parameters_supported(self, backend):
        assert backend.dh_parameters_supported(23, 5)
>       assert not backend.dh_parameters_supported(23, 18)
E       assert not True
E        +  where True = <bound method Backend.dh_parameters_supported of <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>>(23, 18)
E        +    where <bound method Backend.dh_parameters_supported of <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>> = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>.dh_parameters_supported
tests/hazmat/primitives/test_dh.py:161: AssertionError
_____________ TestECDSACertificate.test_load_ecdsa_no_named_curve ______________
self = <tests.x509.test_x509.TestECDSACertificate object at 0x7f14a37a26a0>
backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>
    def test_load_ecdsa_no_named_curve(self, backend):
        _skip_curve_unsupported(backend, ec.SECP256R1())
        cert = _load_cert(
            os.path.join("x509", "custom", "ec_no_named_curve.pem"),
            x509.load_pem_x509_certificate,
            backend
        )
        with pytest.raises(NotImplementedError):
>           cert.public_key()
E           Failed: DID NOT RAISE <class 'NotImplementedError'>
tests/x509/test_x509.py:3731: Failed
Comment 2 Christian Heimes 2019-10-12 19:44:14 UTC 
test_load_ecdsa_no_named_curve is a known issue with OpenSSL 1.1.1d, https://github.com/pyca/cryptography/issues/4998
Comment 3 Lumír Balhar 2019-10-14 07:47:33 UTC 
I can confirm that in the latest build, Python 2 subpackage has been removed.
Comment 4 Christian Heimes 2019-10-14 08:32:01 UTC 
Fixed in python-cryptography-2.6.1-3.fc31, which also addresses FTBFS from #1761194

https://bodhi.fedoraproject.org/updates/FEDORA-2019-c69eb4cdb1