Require at least cryptography>=2.7

melwitt · melwitt · commit 6caedfd97675 · 2019-06-27T15:45:31.000Z
Version 2.6 of the cryptography library [1] added support for ed25519 ssh keys. This works with OpenSSL >= 1.1.1b. In nova, we can enable people to use ed25519 ssh keys by using the necessary cryptography library version. Users must make sure they have a new enough OpenSSL version, else they won't be able to generate ed25519 ssh keys using ssh-keygen in the first place. I did a local test using Ubuntu 18.04 and things "just worked" when I generated a ed25519 ssh key and imported it into nova. I left a comment on the launchpad bug accordingly. This updates our minimum version to the latest available version 2.7. Closes-Bug: #1555521 [1] https://cryptography.io/en/latest/changelog/#v2-6 Change-Id: Id4a4e1ae4c0acd40c1fc32c3b82a8d8a62d4624d
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -14,7 +14,7 @@ cmd2==0.8.1
 colorama==0.3.9
 contextlib2==0.5.5;python_version=='2.7'
 coverage==4.0
-cryptography==2.1.4
+cryptography==2.7
 cursive==0.2.1
 ddt==1.0.1
 debtcollector==1.19.0
diff --git a/requirements.txt b/requirements.txt
@@ -10,7 +10,7 @@ Jinja2>=2.10 # BSD License (3 clause)
 keystonemiddleware>=4.20.0 # Apache-2.0
 lxml!=3.7.0,>=3.4.1 # BSD
 Routes>=2.3.1 # MIT
-cryptography>=2.1.4 # BSD/Apache-2.0
+cryptography>=2.7 # BSD/Apache-2.0
 WebOb>=1.8.2 # MIT
 # NOTE(mriedem): greenlet 0.4.14 does not work with older versions of gcc on
 # ppc64le systems, see https://github.com/python-greenlet/greenlet/issues/136.
