Package Details: salt-py3 3002.2-2

Git Clone URL: https://aur.archlinux.org/salt-py3.git (read-only, click to copy)
Package Base: salt-py3
Description: Central system and configuration manager
Upstream URL: http://saltstack.org/
Licenses: Apache
Conflicts: salt, salt-raet, salt-zmq
Provides: salt
Replaces: salt, salt-raet, salt-zmq
Submitter: zer0def
Maintainer: zer0def (xuhcc)
Last Packager: zer0def
Votes: 9
Popularity: 0.46
First Submitted: 2020-01-21 13:36
Last Updated: 2020-12-02 17:20

Latest Comments

1 2 3 Next › Last »

zer0def commented on 2021-02-02 23:29

On release it used to be the case that upstream expected pycryptodomex was newer than Arch's, so it required patching that's no longer needed, but since there's no harm in keeping it unless a major pycryptodomex version breaking API compatibility or a new Saltstack version are released, it remains there.

bryceml commented on 2021-02-02 22:15

https://github.com/saltstack/salt-pack-py3/blob/develop/file_roots/pkg/salt/3002_2/amzn2/sources/salt-pycryptodomex_requirements.patch

The official upstream packages patch to require older versions of pycryptodomex, so if that's needed here, that should be fine to do.

zer0def commented on 2021-01-29 15:07

The argument for refusing to adopt >=3000 has it's own merit, as is upstream's decision to bundle a barely-maintained dependency, instead of porting over, so… yes? That's on top of py2 being out of support, so effectively dead.

xamindar commented on 2021-01-29 14:57

I guess we should be moving to this aur package? It's pretty ridiculous the package in the official repositories is so out of date. Saltstack even has it "archived" and no longer receiving vulnerability patches.

tqre commented on 2020-12-19 15:36

python-pyzmq got it's update. I tested the PKGBUILD without the egg-requires.txt and zeromq-requirements.txt fixes, and everything is working fine now.

zer0def commented on 2020-12-02 17:27

Thanks for the detailed report, tqre, updated with changes that at least manage to make pings work, so in case of additional hurdles, feel free to tell me how bad of a repackage that was. :)

tqre commented on 2020-12-02 13:54

I did a rebuild as we have python 3.9 in our hands. Good news is that python-pycryptodomex is now updated in the Arch packages.

The bad news is that python-pyzmq faces the now same issue: the new version requirement with python 3.9 is pyzmq 19.0.2, and we have 19.0.1 in the Community repo at the moment.

I did NOT manage to make it work with python 3.9 and pyzmq 19.0.1, so the rebuild basically broke my testing environment.

vrein commented on 2020-10-22 13:48

Here is my salt-master logs:

Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 567, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 884, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 775, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (pycryptodomex 3.9.7 (/usr/lib/python3.8/site-packages), Requirement.parse('pycryptodomex>=3.9.8'), {'salt'})

UPD: Thanks for package update, seems working with your fixes!
UPD2: Sorry if I'm misbehavior, I just was strongly discouraged by tries to setup latest salt on arch with python3. zer0def, thank you for clarifying details about salt's vulnerabilities.

zer0def commented on 2020-10-22 13:44

Before we go about making broad statements, there may be complicating factors related to updating some software, as there used to be with Salt before upstream just snorted a version of Tornado 5 into their codebase (AFAIR, with release 3000), because it was easier than porting it over to 6.

If the user bothers to look at git diff v3000..master salt/ext/tornado in the source repository, all changes made to bundled Tornado since inclusion have been cosmetic, which, given how many people had their infrastructures compromised by flaunting their salt-masters to the Internet the last time around there was a 10/10 CVE, makes you wonder whether there's another one, possibly lurking inside there, so I would say Demize is making a safe call by effectively abandoning the package through a punt down to AUR.

Seems to be working Just Fine™ with older pycryptodomex, so it's probably just left-over from development.

vrein commented on 2020-10-22 13:28

There is a bunch of outdated packages in https://www.archlinux.org/packages/?packager=demize, so it may take a long while for update.
Also I looked at https://github.com/archlinux/svntogit-community, this is a ro mirror of svn repo, so I can't just PR new version there.
Will wait for new version from packager :)
Thanks!