Closed arizvisa closed 4 years ago
s0undt3ch
commented
4 years ago What type of install were you doing? Latest, stable, git?
What salt version were you targeting to install?
Based on the issue description, I assume you were trying to bootstrap salt on a Fedora system. Which version of Fedora?
Ideally yes, we'd remove all pycrypto references, however, some older distro versions, or older versions of salt still depend/rely on pycrypto, so, it's not that simple.
arizvisa
commented
4 years ago It's in a Fedora 31 container. version is v3000.3. both stable and git result in the same results.
For now I'm temporarily switching to installing from the package manager as a workaround.
arizvisa
commented
4 years ago You're right that some older distro versions still rely on pycrypto.
but most distros support everything else, and there's zero references to either python-cryptography, or pycryptodomex in salt-boootstrap. which crypto library is the most supported one?
s0undt3ch
commented
4 years ago So, for Sodium (v3001) Salt will stop relying on pycrypto and will use pycryptodomex
s0undt3ch
commented
4 years ago Also, for Sodium, git based boostraps will require the use of pip(not system packages) and will thus respect Salt's requirements
arizvisa
commented
4 years ago Cool. Yeah. Pip has always been the safest way to bootstrap different salt versions on an arbitrary platform.
I'd like to switch back to installing via salt-bootstrap sometime soon instead of my project forcing you to base your generated salt-master on a fedora container and only being able to install the latest saltstack in the distro's package manager.. The pycrypto dependency is the only thing preventing this... unless i start introducing compilers into each generated infrastsructure.
Is it safe to assume that salt-bootstrap will completely transition to pycryptodomex when it gets synchronized to salt during the sodium (v3001) release? And so I can expect to revert around that time? will you guys drop support for some of the platforms on your os matrix?
bryceml
commented
4 years ago Can this be closed now that 3001 is released and depends on non-pycrypto crypto libraries?
arizvisa
commented
4 years ago Sure. I'll try and run salt-bootstrap this weekend and let you know if it's still trying to install pycrypto.
arizvisa
commented
4 years ago Awesome. With v3001 it seems to build properly without forcing you to compile pycrypto now.
Closing this issue. Feel free to reference a PR or commit for tracking though as I wasn't able to find one.
Description of Issue/Question
It seems that pycrypto is dead according to a number of issues such as saltstack/salt#51301, and a couple of others. This was done in favor of libraries such as m2crypto, pycryptodomex, cryptography, etc.
This is a great thing. However, salt-bootstrap still insists on preferring pycrypto. Since many distros have dropped the package this immediately requires building from source. It probably makes sense to synchronize salt-bootstrap to the decisions that are happening in the salt project.
Setup
Literally just grep
bootstrap-salt.shfor crypto.Steps to Reproduce Issue
Run salt-bootstrap in a Fedora container or anything and make sure autotools is not installed. This way it'll fail due to being unable to compile pycrypto. But you can grep it out of the source anyways.
Versions and Systems
Most recent version as of today: 2020.02.24