Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python2Packages.cryptography*: pin at 2.9.2 #94852

Merged
merged 2 commits into from Aug 9, 2020
Merged

python2Packages.cryptography*: pin at 2.9.2 #94852

merged 2 commits into from Aug 9, 2020

Conversation

jonringer
Copy link
Contributor

@jonringer jonringer commented Aug 7, 2020
edited

Motivation for this change

cryptography dropped support for python in version 3.0

I consider this a crucial package, and will make an exception to "not worry about python2 breakages" for it.

Noticed it was broken in: #94851

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@jonringer jonringer requested a review from FRidh as a code owner August 7, 2020 07:50
@ofborg ofborg bot requested a review from primeos August 7, 2020 08:08
@FRidh
Copy link
Member

FRidh commented Aug 7, 2020

I am a bit confused with their error message. They say its no longer supported, yet it does function, not? So do they mean you need to use 2.x for Python 2?

@jonringer
Copy link
Contributor Author

@FRidh I believe the wheel will build and install, but where I noticed it was the werkzeug package, which tried to link against it, and headers from the cryptography package cause an error to be thrown.

@alex
Copy link

alex commented Aug 7, 2020

cryptography 3.0 supports Python 2.7, it's emitting a warning, but functions in full.

@jonringer
Copy link
Contributor Author

jonringer commented Aug 8, 2020
edited

cryptography 3.0 supports Python 2.7, it's emitting a warning, but functions in full.

Yes, but it can be propagated as an exception, which in some cases causes failures:

running install tests
============================= test session starts ==============================
platform linux2 -- Python 2.7.18, pytest-4.6.9, py-1.8.1, pluggy-0.13.1
rootdir: /build/Werkzeug-1.0.1, inifile: setup.cfg, testpaths: tests
plugins: hypothesis-4.57.1, timeout-1.3.3
INTERNALERROR> Traceback (most recent call last):
INTERNALERROR>   File "/nix/store/33hyw9va8v4ppi69wkkf19mq4m47in0x-python2.7-pytest-4.6.9/lib/python2.7/site-packages/_pytest/main.py", line 206, in wrap_session
INTERNALERROR>     session.exitstatus = doit(config, session) or 0
INTERNALERROR>   File "/nix/store/33hyw9va8v4ppi69wkkf19mq4m47in0x-python2.7-pytest-4.6.9/lib/python2.7/site-packages/_pytest/main.py", line 249, in _main
INTERNALERROR>     config.hook.pytest_collection(session=session)
INTERNALERROR>   File "/nix/store/z00g1s6yygamgm933lpfcfr5dps130d7-python2.7-pluggy-0.13.1/lib/python2.7/site-packages/pluggy/hooks.py", line 286, in __call__
INTERNALERROR>     return self._hookexec(self, self.get_hookimpls(), kwargs)
INTERNALERROR>   File "/nix/store/z00g1s6yygamgm933lpfcfr5dps130d7-python2.7-pluggy-0.13.1/lib/python2.7/site-packages/pluggy/manager.py", line 93, in _hookexec
INTERNALERROR>     return self._inner_hookexec(hook, methods, kwargs)
INTERNALERROR>   File "/nix/store/z00g1s6yygamgm933lpfcfr5dps130d7-python2.7-pluggy-0.13.1/lib/python2.7/site-packages/pluggy/manager.py", line 87, in <lambda>
INTERNALERROR>     firstresult=hook.spec.opts.get("firstresult") if hook.spec else False,
INTERNALERROR>   File "/nix/store/z00g1s6yygamgm933lpfcfr5dps130d7-python2.7-pluggy-0.13.1/lib/python2.7/site-packages/pluggy/callers.py", line 208, in _multicall
INTERNALERROR>     return outcome.get_result()
INTERNALERROR>   File "/nix/store/z00g1s6yygamgm933lpfcfr5dps130d7-python2.7-pluggy-0.13.1/lib/python2.7/site-packages/pluggy/callers.py", line 81, in get_result
INTERNALERROR>     _reraise(*ex)  # noqa
INTERNALERROR>   File "/nix/store/z00g1s6yygamgm933lpfcfr5dps130d7-python2.7-pluggy-0.13.1/lib/python2.7/site-packages/pluggy/callers.py", line 182, in _multicall
INTERNALERROR>     next(gen)  # first yield
INTERNALERROR>   File "/nix/store/33hyw9va8v4ppi69wkkf19mq4m47in0x-python2.7-pytest-4.6.9/lib/python2.7/site-packages/_pytest/warnings.py", line 151, in pytest_collection
INTERNALERROR>     config=config, ihook=config.hook, when="collect", item=None
INTERNALERROR>   File "/nix/store/hngp562dxvyj3pfvph1nyqnr03sswxy5-python-2.7.18/lib/python2.7/contextlib.py", line 17, in __enter__
INTERNALERROR>     return self.gen.next()
INTERNALERROR>   File "/nix/store/33hyw9va8v4ppi69wkkf19mq4m47in0x-python2.7-pytest-4.6.9/lib/python2.7/site-packages/_pytest/warnings.py", line 88, in catch_warnings_for_item
INTERNALERROR>     _setoption(warnings, arg)
INTERNALERROR>   File "/nix/store/33hyw9va8v4ppi69wkkf19mq4m47in0x-python2.7-pytest-4.6.9/lib/python2.7/site-packages/_pytest/warnings.py", line 27, in _setoption
INTERNALERROR>     category = wmod._getcategory(category)
INTERNALERROR>   File "/nix/store/hngp562dxvyj3pfvph1nyqnr03sswxy5-python-2.7.18/lib/python2.7/warnings.py", line 184, in _getcategory
INTERNALERROR>     m = __import__(module, None, None, [klass])
INTERNALERROR>   File "/nix/store/3s9ccfy0skm5j5np2m0w5hj1krriszsq-python2.7-requests-2.23.0/lib/python2.7/site-packages/requests/__init__.py", line 95, in <module>
INTERNALERROR>     from urllib3.contrib import pyopenssl
INTERNALERROR>   File "/nix/store/p755baihnv13nb7208w2al7lh040k040-python2.7-urllib3-1.25.9/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 46, in <module>
INTERNALERROR>     import OpenSSL.SSL
INTERNALERROR>   File "/nix/store/9cxly8d1hgpbzi3di21y8x8gh6plr1bc-python2.7-pyOpenSSL-19.1.0/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
INTERNALERROR>     from OpenSSL import crypto, SSL
INTERNALERROR>   File "/nix/store/9cxly8d1hgpbzi3di21y8x8gh6plr1bc-python2.7-pyOpenSSL-19.1.0/lib/python2.7/site-packages/OpenSSL/crypto.py", line 12, in <module>
INTERNALERROR>     from cryptography import x509
INTERNALERROR>   File "/nix/store/40xxakvwz3y67rblf981x0md38sgq41y-python2.7-cryptography-3.0/lib/python2.7/site-packages/cryptography/__init__.py", line 39, in <module>
INTERNALERROR>     CryptographyDeprecationWarning,
INTERNALERROR> CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.

========================= no tests ran in 0.06 seconds =========================
builder for '/nix/store/3v99y8m56xmjch2yqk7rbsdach92jsd6-python2.7-Werkzeug-1.0.1.drv' failed with exit code 3
error: build of '/nix/store/3v99y8m56xmjch2yqk7rbsdach92jsd6-python2.7-Werkzeug-1.0.1.drv' on 'ssh://build' failed: builder for '/nix/store/3v99y8m56xmjch2yqk7rbsdach92jsd6-python2.7-Werkzeug-1.0.1.drv' failed with exit code 3
builder for '/nix/store/3v99y8m56xmjch2yqk7rbsdach92jsd6-python2.7-Werkzeug-1.0.1.drv' failed with exit code 1
error: build of '/nix/store/3v99y8m56xmjch2yqk7rbsdach92jsd6-python2.7-Werkzeug-1.0.1.drv' failed

@FRidh
Copy link
Member

FRidh commented Aug 8, 2020
edited

Right, that is pyca/cryptography#5335. It's really annoying! Upstream did suggest how to handle it, by setting a certain value in case of pytest. pyca/cryptography#5346. I think the best approach is to patch it out.

@jonringer
Copy link
Contributor Author

jonringer commented Aug 9, 2020
edited

Although the "proper" thing would be to go to each individual package that's failing, and filter the warnings as upstream prescribes, but this is more time and effort that I would rather not spend on python2.

Since python2 is in a "deprecated" state, I think having a deprecated package is alright for now, until python2 is removed completely (when it eventually becomes a severe security threat, or unreasonable maintenance burden)

@jonringer jonringer merged commit 6f17a51 into NixOS:master Aug 9, 2020
@jonringer jonringer deleted the pin-crypto branch August 9, 2020 18:08
@jonringer
Copy link
Contributor Author

evaluation for fixed packages https://hydra.nixos.org/eval/1605494

This was referenced Dec 12, 2020
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FRidh FRidh Awaiting requested review from FRidh

@primeos primeos Awaiting requested review from primeos

Assignees
No one assigned
Labels
6.topic: python 10.rebuild-darwin: 501-1000 10.rebuild-darwin: 501+ 10.rebuild-linux: 501-1000 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jonringer @FRidh @alex