Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 611568 (pycryptodome-tracker) - [TRACKER] dev-python/pycryptodome migration
Summary: [TRACKER] dev-python/pycryptodome migration
Alias: pycryptodome-tracker
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Python Gentoo Team
Keywords: Tracker
Depends on: 611570 611572 611574 611576 611578 611580 611582 611584 611586 611588 611590 611592 611594 611596 611598 611600 611602 611604 611606 611608 611610 611612 611614 611616 611618 611620 611622 611624 611626 611628 611630 611632 611634 611636 611638 611640 611642 611644 611646 611648 611650 613760 669658 702506 715482
Blocks: CVE-2018-6594
  Show dependency tree
Reported: 2017-03-03 23:08 UTC by Michał Górny
Modified: 2020-06-11 06:27 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-03-03 23:08:55 UTC
dev-python/pycryptodome is a fork of discontinued dev-python/pycrypto. Since the latter is dead since 2014, it'd be reasonable to replace its uses with the former.

As usual, the packages are partially compatible and block one another. What to do:

1. If the package works both with pycrypto and pycryptodome, and does not use pkg_resources or any other magic to enforce a particular package, you can just add ||-dep like:

  || ( dev-python/pycryptodome[${PYTHON_USEDEP}] dev-python/pycrypto[${PYTHON_USEDEP}] )

2. If the code works both with pycrypto and pycryptodome but pkg_resources enforce pycrypto, send a trivial patch upstream to switch to pycryptodome and then we can switch as well.

3. If the code does not work with pycryptodome, I'm afraid you'll end up having to prepare a bigger patch that updates the code to use the new APIs.
Comment 1 Chí-Thanh Christopher Nguyễn gentoo-dev 2017-03-06 13:11:48 UTC
commit 82c3d61152a5527a0f68869918c92ee2d0e46b51
Author: Chí-Thanh Christopher Nguyễn <>
Date:   Mon Mar 6 14:10:09 2017 +0100

    app-forensics/volatility: version bump, allow building against pycryptodome
    Package-Manager: Portage-2.3.3, Repoman-2.3.1
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-25 07:34:41 UTC
I see no keyword request for the remainder of the architectures. Only amd64 and x86 have keywords now. If you want to end the migration this year, you might want to start that up now.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-25 07:36:58 UTC
(In reply to Jeroen Roovers from comment #2)
> If you want to end the migration this year

end => finish
Comment 4 ephemer0l 2017-06-02 20:50:34 UTC
620458 depends on this bug
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-04-17 11:00:15 UTC
So FWICS potr->poezio are the only blockers.  Plus cleanup of bittornado and s3ql.
Comment 6 Sam James archtester gentoo-dev Security 2020-06-11 01:20:32 UTC
(In reply to Michał Górny from comment #5)
> So FWICS potr->poezio are the only blockers.  Plus cleanup of bittornado and
> s3ql.

Done, I think.