OpenStack Compute (nova)

pycryptodome breaks nova/barbican/glance/kite

Bug #1545370 reported by Davanum Srinivas (DIMS) on 2016-02-14

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Barbican	Fix Released	High	Douglas Mendizábal	Barbican mitaka-rc1 "RC1"
Glance	Fix Released	High	Unassigned
OpenStack Compute (nova)	Fix Released	High	Davanum Srinivas (DIMS)

Bug Description

pysaml2===4.0.3 drags in pycryptodome===3.4 which breaks Nova in the both unit tests and grenade.

nova.tests.unit.test_crypto.KeyPairTest.test_generate_key_pair_1024_bits
------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "nova/tests/unit/test_crypto.py", line 352, in test_generate_key_pair_1024_bits
        (private_key, public_key, fingerprint) = crypto.generate_key_pair(bits)
      File "nova/crypto.py", line 165, in generate_key_pair
        key = paramiko.RSAKey.generate(bits)
      File "/Users/dims/openstack/openstack/nova/.tox/py27/lib/python2.7/site-packages/paramiko/rsakey.py", line 146, in generate
        rsa = RSA.generate(bits, os.urandom, progress_func)
      File "/Users/dims/openstack/openstack/nova/.tox/py27/lib/python2.7/site-packages/Crypto/PublicKey/RSA.py", line 436, in generate
        if e % 2 == 0 or e < 3:
    TypeError: unsupported operand type(s) for %: 'NoneType' and 'int'

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2016-02-14:

It's easy to simulate this : https://review.openstack.org/#/c/279897/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-14: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/279909

Changed in nova:
assignee:	nobody → Davanum Srinivas (DIMS) (dims-v)
status:	New → In Progress

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2016-02-14:

Here's the evidence:
Barbican - https://review.openstack.org/#/c/279977/
Glance - https://review.openstack.org/#/c/279979/
Kite - https://review.openstack.org/#/c/279984/
Kite client - https://review.openstack.org/#/c/279985/

summary:

- pycryptodome breaks nova
+ pycryptodome breaks nova/barbican/glance/kite

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-02-14:

is capping pysaml2 not an option?

Matt Riedemann (mriedem) on 2016-02-15

Changed in nova:
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-15: Fix merged to nova (master)

Reviewed: https://review.openstack.org/279909
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1fd0f4f69b21cbd20c0eb0e2f8f4506061f4a211
Submitter: Jenkins
Branch: master

commit 1fd0f4f69b21cbd20c0eb0e2f8f4506061f4a211
Author: Davanum Srinivas <email address hidden>
Date: Sat Feb 13 21:22:54 2016 -0500

Tolerate installation of pycryptodome

Newer versions of pysaml2 uses pycryptodome, so if by
accident if this library gets installed, Nova breaks.

paramiko folks are working on this:
https://github.com/paramiko/paramiko/issues/637

In the meanwhile, we should tolerate if either pycrypto
or pycryptodome is installed.

Closes-Bug: #1545370
Change-Id: If88beeb3983705621fe736995939ac20b2daf1f3

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

Nikhil Komawar (nikhil-komawar) wrote on 2016-02-16:

related info http://markmail.org/message/hcytuqadscggayft

Changed in glance:
status:	New → Confirmed
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-17: Fix merged to glance (master)

Reviewed: https://review.openstack.org/280008
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=b5ffb569e0687b0016ea962348d8454c1517dde4
Submitter: Jenkins
Branch: master

commit b5ffb569e0687b0016ea962348d8454c1517dde4
Author: Davanum Srinivas <email address hidden>
Date: Sun Feb 14 12:44:39 2016 -0500

Tolerate installation of pycryptodome

Newer versions of pysaml2 uses pycryptodome, so if by
accident if this library gets installed, Glance breaks.

paramiko folks are working on this:
https://github.com/paramiko/paramiko/issues/637

In the meanwhile, we should tolerate if either pycrypto
or pycryptodome is installed.

Closes-Bug: #1545370
Change-Id: I8969382b380aa843a0826eded4b694251dd27922

Changed in glance:
status:	Confirmed → Fix Released

Revision history for this message

Thierry Carrez (ttx) wrote on 2016-03-03: Fix included in openstack/glance 12.0.0.0b3

This issue was fixed in the openstack/glance 12.0.0.0b3 development milestone.

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-03-03: Fix included in openstack/nova 13.0.0.0b3

This issue was fixed in the openstack/nova 13.0.0.0b3 development milestone.

Douglas Mendizábal (dougmendizabal) on 2016-03-09

Changed in barbican:
assignee:	nobody → Douglas Mendizábal (dougmendizabal)
importance:	Undecided → High
status:	New → Triaged
milestone:	none → mitaka-rc1

Dave McCowan (dave-mccowan) on 2017-02-23

Changed in barbican:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.