--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/nova/patches/09-remove-pycrypto.patch Wed Sep 07 14:48:42 2016 -0700
@@ -0,0 +1,113 @@
+This patch is for the removal of PyCrypto dependency in Nova. It
+consists of the result of two upstream changesets, one of which added
+support for Paramiko 2.0 and the other which removed support for
+earlier Paramiko versions and with that, the PyCrypto dependency.
+
+This patch can be removed in post-Mitaka releases.
+
+commit 6b1293fd6f5bcb35f317f36c540f543b1192928c
+Author: Sean Dague <[email protected]>
+Date: Tue May 10 11:39:11 2016 -0400
+
+ Drop paramiko < 2 compat code
+
+ This drops the paramiko < 2 compatibility code so we only need to
+ support one major version.
+
+ Depends-On: I2369638282b4fefccd8484a5039fcfa9795069a7
+ (global requirements change)
+
+ Change-Id: Ife4df9e64299e1182d77d568d1deed5ec3b608b3
+ Closes-Bug: #1483132
+
+commit c05b338f163e0bafbe564c6c7c593b819f2f2eac
+Author: Corey Wright <[email protected]>
+Date: Tue May 3 23:13:24 2016 -0500
+
+ crypto: Add support for Paramiko 2.x
+
+ Only use PyCrypto/PyCryptodome work-around with Paramiko 1.x and use
+ straight-forward Paramiko interface with 2.x.
+
+ TODO: Revert this and PyCrypto/PyCryptodome work-around when Paramiko
+ is upgraded to 2.x (ie replace `generate_keys(bits)` call with
+ `paramiko.RSAKey.generate(bits)`).
+
+ Change If88beeb3983705621fe736995939ac20b2daf1f3 added a work-around
+ for the partially-PyCrypto-compatible PyCryptodome causing Paramiko,
+ which has a dependency on PyCrypto, to break. This work-around
+ entails implementing Paramiko internals (ie how to generate a key) in
+ Nova in a way compatible with both PyCrypto and PyCryptodom.
+
+ This work-around is itself a source of failure with Paramiko 2 which
+ has replaced the PyCrypto requirement with the cryptography Python
+ package. As Paramiko no longer depends on PyCrypto, Nova doesn't have
+ an explicit PyCrypto requirement, and there's no implicit dependency
+ on PyCrypto, when Nova tries to import PyCrypto it fails. Even if
+ PyCrypto was installed, the work-around would still fail because the
+ Paramiko interface that Nova is using as part of the work-around
+ changed with the major version change (ie 1.x => 2.x).
+
+ Change-Id: I5d6543e690a3b4495476027fd8a4894ff8c42bf6
+ Related-Bug: #1483132
+
+--- nova-13.1.0/nova/crypto.py.~1~ 2016-06-14 08:45:49.000000000 -0700
++++ nova-13.1.0/nova/crypto.py 2016-07-06 18:28:56.554038265 -0700
+@@ -26,7 +26,6 @@ import base64
+ import binascii
+ import os
+
+-from Crypto.PublicKey import RSA
+ from cryptography import exceptions
+ from cryptography.hazmat import backends
+ from cryptography.hazmat.primitives.asymmetric import padding
+@@ -162,27 +161,8 @@ def generate_x509_fingerprint(pem_key):
+ 'Error message: %s') % ex)
+
+
+-def generate_key(bits):
+- """Generate a paramiko RSAKey"""
+- # NOTE(dims): pycryptodome has changed the signature of the RSA.generate
+- # call. specifically progress_func has been dropped. paramiko still uses
+- # pycrypto. However some projects like latest pysaml2 have switched from
+- # pycrypto to pycryptodome as pycrypto seems to have been abandoned.
+- # paramiko project has started transition to pycryptodome as well but
+- # there is no release yet with that support. So at the moment depending on
+- # which version of pysaml2 is installed, Nova is likely to break. So we
+- # call "RSA.generate(bits)" which works on both pycrypto and pycryptodome
+- # and then wrap it into a paramiko.RSAKey
+- rsa = RSA.generate(bits)
+- key = paramiko.RSAKey(vals=(rsa.e, rsa.n))
+- key.d = rsa.d
+- key.p = rsa.p
+- key.q = rsa.q
+- return key
+-
+-
+ def generate_key_pair(bits=2048):
+- key = generate_key(bits)
++ key = paramiko.RSAKey.generate(bits)
+ keyout = six.StringIO()
+ key.write_private_key(keyout)
+ private_key = keyout.getvalue()
+--- nova-13.1.0/nova/tests/unit/test_crypto.py.~1~ 2016-06-14 08:45:49.000000000 -0700
++++ nova-13.1.0/nova/tests/unit/test_crypto.py 2016-07-06 18:28:56.554545025 -0700
+@@ -362,7 +362,7 @@ class KeyPairTest(test.NoDBTestCase):
+ keyin.seek(0)
+ key = paramiko.RSAKey.from_private_key(keyin)
+
+- with mock.patch.object(crypto, 'generate_key') as mock_generate:
++ with mock.patch.object(paramiko.RSAKey, 'generate') as mock_generate:
+ mock_generate.return_value = key
+ (private_key, public_key, fingerprint) = crypto.generate_key_pair()
+ self.assertEqual(self.rsa_pub, public_key)
+--- nova-13.1.0/requirements.txt.~2~ 2016-07-06 18:28:56.409131200 -0700
++++ nova-13.1.0/requirements.txt 2016-07-06 18:28:56.555735710 -0700
+@@ -13,7 +13,6 @@ lxml>=2.3 # BSD
+ Routes!=2.0,!=2.1,!=2.3.0,>=1.12.3;python_version=='2.7' # MIT
+ Routes!=2.0,!=2.3.0,>=1.12.3;python_version!='2.7' # MIT
+ cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0
+-pycrypto>=2.6 # Public Domain
+ WebOb>=1.2.3 # MIT
+ greenlet>=0.3.2 # MIT
+ PasteDeploy>=1.5.0 # MIT