Bug 2029015 - Please branch and build pyOpenSSL in epel9
Summary: Please branch and build pyOpenSSL in epel9
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: pyOpenSSL
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paul Wouters
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 2041992 (view as bug list)
Depends On:
Blocks: 2029011 2041988
TreeView+ depends on / blocked
 
Reported: 2021-12-04 04:40 UTC by Carl George 🤠
Modified: 2022-01-19 03:37 UTC (History)
6 users (show)

Fixed In Version: pyOpenSSL-21.0.0-1.el9
Clone Of:
Environment:
Last Closed: 2022-01-06 16:58:02 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-348 0 None None None 2021-12-04 04:52:31 UTC

Description Carl George 🤠 2021-12-04 04:40:40 UTC 
Please branch and build pyOpenSSL in epel9.

If you do not wish to maintain pyOpenSSL in epel9, or do not think you will be able to do this in a timely manner, I would be happy to be a co-maintainer of the package.
Comment 1 Paul Wouters 2021-12-06 22:57:00 UTC 
as per upstream https://pypi.org/project/pyOpenSSL/


The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.


So before just blindly adding this to epel9, is it feasable to try and switch and not add this package to epel9 ?
Comment 2 Carl George 🤠 2021-12-07 04:55:09 UTC 
Thanks for pointing that out.  I've opened an issue with centpkg upstream to request this.

https://git.centos.org/centos/centpkg/issue/52

That said, there are a significant number of Fedora packages that still buildrequire or require pyOpenSSL.  All of them are currently blocked from being added to EPEL9 just like centpkg is unless pyOpenSSL is added to EPEL9.  It would be great if they can all port to cryptography, but I doubt that will happen quickly.  For posterity here is the current list:

PyDrive2
azure-cli
centpkg
ceph-mgr-modules-core
conda
deluge-common
fedmsg
fedora-messaging
gajim
gphotoframe
lecm
matrix-synapse
module-build-service
nordugrid-arc
nordugrid-arc-acix-core
odcs
openvswitch
ovn
python-acme
python-aioopenssl
python-aiosasl
python-asyncssh
python-certbot-nginx
python-cheroot
python-etcd
python-eventlet
python-gear
python-glanceclient
python-josepy
python-ndg_httpsclient
python-paste
python-pem
python-requests-credssp
python-requests-toolbelt
python-service-identity
python-trustme
python-twisted
python-txtorcon
python3-PyDrive2
python3-acme
python3-aioopenssl
python3-azure-cli-core
python3-azure-sdk-tools
python3-certbot-nginx
python3-cheroot
python3-conda
python3-edgegrid
python3-fedmsg
python3-fedora-messaging
python3-glanceclient
python3-impacket
python3-josepy
python3-nbxmpp
python3-ndg_httpsclient
python3-oauth2client
python3-odcs-common
python3-paste
python3-pyaib
python3-pysaml2
python3-rdopkg
python3-requests-credssp
python3-requests-pkcs12
python3-scrapy
python3-service-identity
python3-twisted+tls
python3-yubikey-manager
sagemath
yubikey-manager

If we want to push these various upstreams into following the upstream pyOpenSSL guidance of porting to cryptography, we should start by deprecating pyOpenSSL in Fedora.

https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/
Comment 3 Paul Wouters 2021-12-07 15:24:22 UTC 
ugh. okay, that's way too many packages to fixup, so I'll just branch for now.
Comment 4 Carl George 🤠 2022-01-06 16:58:02 UTC 
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-2b3a9f0e54
Comment 5 Orion Poplawski 2022-01-19 03:37:50 UTC 
*** Bug 2041992 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.