See tracker.
File "/tmp/portage/dev-python/dnspython-1.15.0/work/dnspython-1.15.0-python2_7/dns/dnssec.py", line 371, in _validate_rrsig if pubkey.verify(digest, sig): File "/usr/lib64/python2.7/site-packages/Crypto/PublicKey/DSA.py", line 385, in verify raise NotImplementedError("Use module Crypto.Signature.DSS instead") NotImplementedError: Use module Crypto.Signature.DSS instead etc. -- i.e. this one needs porting to non-deprecated APIs.
I've gone ahead and submitted a pull request upstream to add cryptodome support. This can be incorporated into the dnspython ebuild to migrate away from pycrypto. See: https://github.com/rthalley/dnspython/pull/290
Created attachment 511418 [details] ebuild updated for cryptodome.
dnspython is the only package in my system which holds the migration to pycryptodome so I would really appreciate some progress here. Python team: can you push this unofficial (https://github.com/rthalley/dnspython/pull/290.patch) patch and mask the ebuild perhaps? P.S. Thank you Daniel! I'm testing it locally for now
(In reply to Anton Bolshakov from comment #4) > dnspython is the only package in my system which holds the migration to > pycryptodome so I would really appreciate some progress here. The same case for me. Following is the patch I used for dnspython-1.15.0-r1.ebuild: --- a/dnspython-1.15.0-r1.ebuild 2018-04-27 03:39:30.000000000 +0800 +++ b/dnspython-1.15.0-r1.ebuild 2018-07-14 01:10:00.467357512 +0800 @@ -16,7 +16,8 @@ SLOT="0" KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-solaris" IUSE="examples test" -RDEPEND="dev-python/pycrypto[${PYTHON_USEDEP}] +RDEPEND="( || ( dev-python/pycrypto[${PYTHON_USEDEP}] + dev-python/pycryptodome[${PYTHON_USEDEP}] ) ) !dev-python/dnspython:py2 !dev-python/dnspython:py3" DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
Same here. @Zhixu Liu: you patch make emerge work in normal cases. but if oyu enable FEATURES=test you will notice that dnspython is broken then. We really need the mentioned patch for dnspython.
(In reply to Marc Schiffbauer from comment #6) > Same here. > > @Zhixu Liu: you patch make emerge work in normal cases. but if oyu enable > FEATURES=test you will notice that dnspython is broken then. > > We really need the mentioned patch for dnspython. Yes, I didn't use dnssec yet, so didn't find the problem. It seems we need to push upstream accept the merge request first. The other dns module is pydns, but it didn't support CHAOS class query yet, so we can't simply move to pydns.
This has been merged upstream now[1]. Can we get this into the tree ASAP? 1.https://github.com/rthalley/dnspython/pull/319/files
(In reply to Ian Whyman (thev00d00) from comment #8) > This has been merged upstream now[1]. > > Can we get this into the tree ASAP? > > 1.https://github.com/rthalley/dnspython/pull/319/files the current release is too far behind of this commit. It may be easier to push the latest snapshot instead https://github.com/pentoo/pentoo-overlay/tree/master/dev-python/dnspython
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3acbd46386aa68f85dfe8d50667680703a5703eb commit 3acbd46386aa68f85dfe8d50667680703a5703eb Author: Manuel Rüger <mrueg@gentoo.org> AuthorDate: 2018-08-05 13:05:34 +0200 Commit: Manuel Rüger <mrueg@gentoo.org> CommitDate: 2018-08-05 13:05:34 +0200 dev-python/dnspython: Snapshot that supports pycryptodome Package-Manager: Portage-2.3.43, Repoman-2.3.10 dev-python/dnspython/Manifest | 1 + .../dnspython/dnspython-1.16.0_pre20180731.ebuild | 43 ++++++++++++++++++++++ 2 files changed, 44 insertions(+)
Let's reuse this to stabilize the new version.
ppc stable
ppc64 stable
amd64 stable
x86 stable
alpha stable
sparc stable
ia64 stable
arm stable
hppa stable. Last arch, closing.