replace m2crypto with shelling to openssl

Bug #917851 reported by Monty Taylor
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Brian Waldon
OpenStack Core Infrastructure
Fix Released
Andrew Hutchings
nova (Ubuntu)
Fix Released

Bug Description

M2Crypto has been effectively abandoned by upstream. Bugs/patches are not being worked on or accepted, no code has gone in to the repo in over a year and direct messages to the maintainer go unanswered.

With that in mind, it would be great if we stopped depending on it. The current bug is minor, but if something larger comes up in the future we don't have much recourse - and our use of it right now is small.

Revision history for this message
Monty Taylor (mordred) wrote :

In addition to removing use in the code, removing it from pip-requires and from the special case apt-get install inside of should be done.

Changed in openstack-ci:
assignee: nobody → Andrew Hutchings (linuxjedi)
importance: Undecided → High
status: New → Triaged
Revision history for this message
Jay Pipes (jaypipes) wrote :

A sorry tale of fail indeed. ++ for getting rid of M2Crypto.

Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → Wishlist
milestone: none → essex-3
status: New → Confirmed
Revision history for this message
Vish Ishaya (vishvananda) wrote :

Turns out we only use m2crypto in two tests and to do the DH key exchange for the guest agent. The tests should be pretty simple to rip out or replace. The DH code could be a little more complex.

Thierry Carrez (ttx)
Changed in nova:
milestone: essex-3 → essex-4
Changed in openstack-ci:
status: Triaged → In Progress
Brian Waldon (bcwaldon)
Changed in nova:
assignee: nobody → Brian Waldon (bcwaldon)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master

Changed in nova (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Submitter: Jenkins
Branch: master

commit 3759bcf3fc58d3f9186b8759e1f0926419c4a594
Author: Brian Waldon <email address hidden>
Date: Tue Jan 31 20:50:48 2012 -0800

    Excise M2Crypto!

    This required rewriting our Diffie-Hellman-Merkle implementation for
    set_admin_password in xen. Fixes bug 917851.

    Change-Id: Ic4cdcc06221f003aec2dcd5ba05a1a9ad19d39c9

Changed in nova:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 2012.1~e4~20120203.12454-0ubuntu1

nova (2012.1~e4~20120203.12454-0ubuntu1) precise; urgency=low

  [ Adam Gandelman ]
  [Chuck Short]
  * New upstream version.
  * debian/control: Replace m2crpto with python-crypto.
    (LP: #917851)
  * debian/*, debian/nova-common.postinst,
    debian/nova_sudoers: Change default shell to /bin/false.
    (LP: #890362)

  [Adam Gandleman]
  * debian/nova-common.{install, postinst}: Install policy.json on all
    Nova nodes (LP: #923817)
  * debian/rules: Remove installation of policy.json (moved to nova-common),
    point to the correct upstream git repository.
 -- Chuck Short <email address hidden> Fri, 03 Feb 2012 09:03:12 -0500

Changed in nova (Ubuntu):
status: Triaged → Fix Released
Thierry Carrez (ttx)
Changed in nova:
status: Fix Committed → Fix Released
Monty Taylor (mordred)
Changed in openstack-ci:
status: In Progress → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: essex-4 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.