Description of problem: salt is completely broken with Python 3.12. It fails to import due to `ssl.match_hostname` being removed from Python 3.12 and the backport package not being Required. This is breaking python-pytest-testinfra's test suite. The salt package should be running some sort of tests or impact check to catch these issues. Version-Release number of selected component (if applicable): salt-3006.1-3.fc39.noarch How reproducible: Always Steps to Reproduce: 1. python3 -c 'import salt.client' Actual results: Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python3.12/site-packages/salt/client/__init__.py", line 28, in <module> import salt.cache File "/usr/lib/python3.12/site-packages/salt/cache/__init__.py", line 12, in <module> import salt.loader File "/usr/lib/python3.12/site-packages/salt/loader/__init__.py", line 23, in <module> import salt.utils.event File "/usr/lib/python3.12/site-packages/salt/utils/event.py", line 67, in <module> import salt.ext.tornado.iostream File "/usr/lib/python3.12/site-packages/salt/ext/tornado/iostream.py", line 41, in <module> from salt.ext.tornado.netutil import ssl_wrap_socket, ssl_match_hostname, SSLCertificateError, _client_ssl_defaults, _server_ssl_defaults File "/usr/lib/python3.12/site-packages/salt/ext/tornado/netutil.py", line 57, in <module> import backports.ssl_match_hostname ModuleNotFoundError: No module named 'backports' [ERROR ] An un-handled exception was caught by Salt's global exception handler: ModuleNotFoundError: No module named 'backports' Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python3.12/site-packages/salt/client/__init__.py", line 28, in <module> import salt.cache File "/usr/lib/python3.12/site-packages/salt/cache/__init__.py", line 12, in <module> import salt.loader File "/usr/lib/python3.12/site-packages/salt/loader/__init__.py", line 23, in <module> import salt.utils.event File "/usr/lib/python3.12/site-packages/salt/utils/event.py", line 67, in <module> import salt.ext.tornado.iostream File "/usr/lib/python3.12/site-packages/salt/ext/tornado/iostream.py", line 41, in <module> from salt.ext.tornado.netutil import ssl_wrap_socket, ssl_match_hostname, SSLCertificateError, _client_ssl_defaults, _server_ssl_defaults File "/usr/lib/python3.12/site-packages/salt/ext/tornado/netutil.py", line 57, in <module> import backports.ssl_match_hostname Expected results: python successfully imports the package.
I suppose the code in salt assumes that we are at an old Python version when ssl.match_hostname cannot be imported. This observation is consistent with how the requirement is specified in https://github.com/saltstack/salt/blob/v3006.1/requirements/static/pkg/linux.in#L4 backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7' salt upstream needs to be fixed to either bring this dependency in also on Python 3.12+ (however, as said in bz2223440: backports.ssl_match_hostname is dead upstream -- it's a backport of Python 3.5 code for older Pythons -- I strongly advise against reanimating the package) or using e.g. the urllib3.util.ssl_match_hostname from the actively maintained urllib3 package, which is transitively required by salt anyway (trough requests).
I've created a patch to use urllib3.util.ssl_match_hostname. It works, but I'm not sending it upstream, as the nect release will be dropping the bundled tornado code.