Bug 248712

Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/184571205

Comment 2 Kubilay Kocak 2020-09-20 11:38:51 UTC

Comment on attachment 217292 [details]
security/py-stem: Replace pycrypto with cryptography

Approved by: portmgr (maintainer timeout: > 2 weeks)

Pending QA)

Comment 3 Kubilay Kocak 2020-09-20 11:39:20 UTC

@John Can you provide some additional text for the commit log message which explains the 'why' of the dependency change. Thanks!

(In reply to Kubilay Kocak from comment #3)

pycrypto appears to be abandonware. The project has not released a new version since October 2013, and there have been no new commits to the official github repo [0] since June 2014. As noted in the issue description, the Stem project has deprecated pycrypto as an optional dependency and integrated with cryptography as its preferred replacement.

[0] https://github.com/pycrypto/pycrypto

(In reply to Kubilay Kocak from comment #2)
When you say this is approved "Pending QA", I am not sure what that means, and I worry that it dissuades potential committers who might otherwise take action to commit this patch. I reported positive portlint and poudriere results in the PR description, and the CI/CD machinery for which we have @swills to thank set "buildisok". The bar is too high. It is also unspecific.

What steps could I possibly take to move things along? What would satisfy "needs-qa"? What is missing here?

Actually, the Stem FAQ explicitly states that Stem does not have any dependencies; it will use cryptography if it is available, but it does not depend on it. So maybe it would be best to just delete the dependency.
https://stem.torproject.org/faq.html#does-stem-have-any-dependencies

If you decide to depend on a crypto package anyway, I can confirm that it works with security/py-pycryptodome as well (and pycrypto and pycryptodome conflict).

Comment 7 Carlo Strub 2021-01-24 19:41:28 UTC

Agreed. Maybe it is best to remove the dependency.

Comment 8 Vinícius Zavam 2022-08-06 17:23:25 UTC

Created attachment 235722 [details]
[PATCH] security/py-stem: update cryptography modules, as used by upstream

here I am adding an updated version of the first patch. it follows the changes made in upstream.

this one is confirmed to UNBREAK a prt depending on 'security/py-steam' (linked as Blocked here in bugzilla already).

if that's also the case, I would be also interested on adopting 'stem'. much appreciated

Comment 9 Vinícius Zavam 2022-08-06 17:25:59 UTC

looping rene@ to flag attention to a patch fixing a DEPRECATED port, scheduled to be removed, just in case

Comment 10 Rene Ladan 2022-08-06 19:58:51 UTC

(In reply to Vinícius Zavam from comment #9)

No need for my approval (but perhaps that's just because of the maintainer-feedback flags which in turn might be a quirk in Bugzilla?), feel free to fix this port.

The pending-QA is indeed vague IMO and since Koobs never answered that question it would be fair to ignore it.

Comment 11 commit-hook 2022-08-07 15:00:22 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f2a9a5c3bbd57761069645e422ed63fc64a694bd

commit f2a9a5c3bbd57761069645e422ed63fc64a694bd
Author:     Vinícius Zavam <egypcio@FreeBSD.org>
AuthorDate: 2022-08-07 14:53:48 +0000
Commit:     Vinícius Zavam <egypcio@FreeBSD.org>
CommitDate: 2022-08-07 14:59:16 +0000

    security/py-stem: Replace 'pycrypto with 'cryptography'

      * Fix 'DEPRECATED';
      * Maintainer reset per long time hiatus in Bugzilla (6months+);
      * Replace 'pycrypto with 'cryptography' (follow upstream);

      https://gitlab.torproject.org/legacy/trac/-/issues/21086#note_2236877

    PR:             248712
    Reported by:    John W. O'Brien <john % saltant.com>
    Approved by:    rene@

 security/py-stem/Makefile | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)