From: Stuart Henderson <stu@spacehopper.org>
Subject: Re: salt: NameError: name 'rsa' is not defined
To: Theo Buehler <tb@theobuehler.org>
Cc: Mikolaj Kucharski <mikolaj@kucharski.name>, robert@openbsd.org, ports@openbsd.org
Date: Thu, 22 Aug 2024 11:50:02 +0100

On 2024/08/22 12:07, Theo Buehler wrote:
> + robert
> 
> On Thu, Aug 22, 2024 at 09:56:13AM +0000, Mikolaj Kucharski wrote:
> > On Thu, Aug 22, 2024 at 11:52:37AM +0200, Theo Buehler wrote:
> > > >   File "/usr/local/lib/python3.11/site-packages/salt/crypt.py", line 147, in gen_keys
> > > >     gen = rsa.generate_private_key(e, keysize)
> > > >           ^^^
> > > > NameError: name 'rsa' is not defined
> > > > 2024-08-22 08:31:45,971 [salt.crypt                                                  :284 ][INFO    ][39203] Generating keys: /etc/salt/pki/minion
> > > > --->8---

salt/crypt.py has a conditional import that sets HAS_CRYPTOGRAPHY = True
if present, and some functions are checking that, so it seems that there
is some intention to have salt working if pyca isn't available - but
gen_keys does not do so.

I think this was a mistake in
https://github.com/saltstack/salt/commit/6fe58ffd30560ef83b8bd40342a81b3e1f6c228d

> > > > Log file grows rapidly with above errors. I noticed this recently, so I
> > > > am not sure when this exactly started to happen.
> > > 
> > > rsa seems to be used from py3-cryptography if available. Does the noise
> > > go away when you install that?
> > 
> > Yes, running `pkg_add -a py3-cryptography` solves the issue.
> 
> So I guess we want this, although I'm not 100% sure. cryptography is
> listed in some files below requirements/ but I don't know what that
> really means.

OK sthen. If upstream change anything relating to that commit we can
revisit it, but this matches the current reality.

> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/sysutils/salt/Makefile,v
> diff -u -p -r1.186 Makefile
> --- Makefile	4 Aug 2024 05:58:23 -0000	1.186
> +++ Makefile	22 Aug 2024 09:58:43 -0000
> @@ -17,6 +17,7 @@ COMMENT =		remote execution and configur
>  
>  MODPY_EGG_VERSION =	3006.9
>  DISTNAME =		salt-${MODPY_EGG_VERSION}
> +REVISION =		0
>  
>  CATEGORIES =		sysutils net devel
>  
> @@ -40,6 +41,7 @@ BUILD_DEPENDS =		textproc/py-yaml${MODPY
>  RUN_DEPENDS =		devel/py-looseversion${MODPY_FLAVOR} \
>  			devel/py-jmespath${MODPY_FLAVOR} \
>  			net/py-msgpack${MODPY_FLAVOR}>=0.6.2v0 \
> +			security/py-cryptography${MODPY_FLAVOR} \
>  			textproc/py-MarkupSafe${MODPY_FLAVOR} \
>  			textproc/py-yaml${MODPY_FLAVOR} \
>  			www/py-jinja2${MODPY_FLAVOR} \
>