[BUG] x509 fails to load M2Crypto module on Ubuntu 22.04 (jammy) · Issue #63620 · saltstack/salt

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

含蓄的莲藕 · Modify an XML file ...· 3 月前 ·

另类的单车 · 深入理解Qt定时器：QTimer的魅力与挑战 ...· 3 月前 ·

坏坏的板栗 · 关于java使用geotools中的GeoT ...· 6 月前 ·

考研的猕猴桃 · 该登录名来自不受信任的域不能与windows ...· 1 年前 ·

不羁的电影票 · 今昔何夕7-爱情游戏-🌈️包子漫畫· 1 年前 ·

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Description
On Ubuntu 22.04 (Jammy) the x509 state fails because the M2Crypto module has been renamed:

    Function: x509.pem_managed
        Name: /usr/local/share/ca-certificates/ca.crt
      Result: False
     Comment: State 'x509.pem_managed' was not found in SLS 'pki-client'
              Reason: 'x509' __virtual__ returned False: Could not load x509 state: m2crypto unavailable
This also happens for the x509.pem_managed and x509.private_key_managed functions.
When opening a Python shell, it is possible to load M2Crypt with capitalized M and C:
Python 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import M2Crypto
>>> import m2crypto
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ModuleNotFoundError: No module named 'm2crypto'
Setup
cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
apt search python3-m2crypto
[...]
python3-m2crypto/jammy,now 0.38.0-1ubuntu5 amd64 [installed]
  Python wrapper for the OpenSSL library (Python 3 modules)
Steps to Reproduce the behavior

Set up an Ubuntu 22.04 server and use the x509 state.
Expected behavior

The python3-m2crypto package should be found and used by the x509 module
Versions Report
salt --versions-report
ii  salt-common                            3005.1+ds-4                             amd64        shared libraries that salt requires for all packages
ii  salt-minion                            3005.1+ds-4                             all          client package for salt, the distributed remote execution system
It seems t he M2Crypto module is not found
Salt Version:
          Salt: 3005.1
Dependency Versions:
          cffi: 1.14.6
      cherrypy: 18.6.1
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.0
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
        Python: 3.9.16 (main, Jan  6 2023, 22:50:07)
  python-gnupg: 0.4.8
        PyYAML: 5.4.1
         PyZMQ: 23.2.0
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4
System Versions:
          dist: ubuntu 22.04 jammy
        locale: utf-8
       machine: x86_64
       release: 5.15.0-58-generic
        system: Linux
       version: Ubuntu 22.04 jammy
Additional context

Works fine for other Debian & Ubuntu versions.
          @svenseeberg I'm getting this same error. Ubuntu 22.04, salt 3005.1. I have verified M2Crypto is installed on the minion. I don't understand your fix. salt-pip: is that specific to the new onedir install? I'm still on the classic packages. I'm running arm64, and I don't think onedir is an option for me yet. Any thoughts on another fix?
          Can you check which package versions are installed and see if the file is in the package?
root@minion ~ # dpkg -l | grep salt
ii  salt-common                            3005.1+ds-4                             amd64        shared libraries that salt requires for all packages
ii  salt-minion                            3005.1+ds-4                             all          client package for salt, the distributed remote execution system
root@minion ~ # which salt-pip
/usr/bin/salt-pip
root@minion ~ # apt-file search /usr/bin/salt-pip
salt-common: /usr/bin/salt-pip
You may need to run apt install apt-file; apt-file update first.
          @svenseeberg
root@minion:~# dpkg -l | grep salt
ii  salt-common                      3005.1+ds-2                             all          shared libraries that salt requires for all packages
ii  salt-minion                      3005.1+ds-2                             all          client package for salt, the distributed remote execution system
root@minion:~# which salt-pip
root@minion:~# apt-file search /usr/bin/salt-pip
root@minion:~# ls -la /usr/bin/|grep salt
-rwxr-xr-x  1 root   root          380 Sep 29 15:10 salt-call
-rwxr-xr-x  1 root   root          384 Sep 29 15:10 salt-minion
-rwxr-xr-x  1 root   root          964 Sep 29 15:10 salt-proxy
          What I can see is that different versions are installed: 3005.1+ds-2 vs 3005.1+ds-4. Also, the architecture is different: amd64 vs all.
The sources file looks like this on my machine:
root@minion ~ # cat /etc/apt/sources.list.d/salt.list
deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/22.04/amd64/latest jammy main