Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python37Packages.cryptography: 2.5 -> 2.6.1 #56690

Merged
merged 3 commits into from Apr 23, 2019
Merged

python37Packages.cryptography: 2.5 -> 2.6.1 #56690

merged 3 commits into from Apr 23, 2019

Conversation

primeos
Copy link
Member

@primeos primeos commented Mar 2, 2019

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@primeos primeos requested a review from FRidh as a code owner March 2, 2019 11:27
@FRidh FRidh self-assigned this Mar 2, 2019
dtzWill
dtzWill approved these changes Mar 7, 2019
View reviewed changes
Copy link
Member

@dtzWill dtzWill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Looking at changelog for 2.6.1, this also helps use OpenSSL 1.1.x goodness once we switch over!

@worldofpeace
Copy link
Contributor

@FRidh @dotlambda

Is this good for merge into staging?

@FRidh
Copy link
Member

FRidh commented Mar 31, 2019

I have not yet run a job on Hydra as it's already overloaded with the release branch and such. I intend to run a job a week or so after the release, although actually I think everything will be fine.

@worldofpeace
Copy link
Contributor

worldofpeace commented Mar 31, 2019
edited

I have not yet run a job on Hydra as it's already overloaded with the release branch and such. I intend to run a job a week or so after the release, although actually I think everything will be fine.

Ah I see, you think it should be fine. But if there's any problems a hydra job would reveal it would probably be a good idea 👍

Thanks.

@worldofpeace worldofpeace mentioned this pull request Apr 13, 2019
Closed
10 tasks
@eadwu eadwu mentioned this pull request Apr 14, 2019
Merged
10 tasks
eadwu
eadwu reviewed Apr 20, 2019
View reviewed changes
pkgs/development/python-modules/cryptography/default.nix
};

outputs = [ "out" "dev" ];

buildInputs = [ openssl cryptography_vectors ]
buildInputs = [ openssl ]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should openssl be pointed towards openssl_1_1? At least for sourcehut to work support for ed25519 is needed which isn't provided by the default openssl.

    File "/nix/store/jszvzjmq5nx90dlw8d80hcyfwzzqzj7p-python3.7-cryptography-2.6.1/lib/python3.7/site-packages/cryptography/hazmat/primitives/asymmetric/ed25519.py", line 63, in from_private_bytes
      _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
  cryptography.exceptions.UnsupportedAlgorithm: ed25519 is not supported by this version of OpenSSL.

@dtzWill
Copy link
Member

dtzWill commented Apr 22, 2019 via email

@primeos
Copy link
Member Author

primeos commented Apr 22, 2019

@eadwu @dtzWill I would prefer to change the OpenSSL version in another PR, optimally in #22357, to avoid the risk of breaking too many things at once and test it more extensively.

This PR is open for way too long now and should be pretty safe to merge (I'm not aware of any problems due to past updates of cryptography - apart from a few warning messages).
I'll run a few rebuilds and merge this if there aren't any problems (though I am not sure how useful that actually is as most failures would probably occur at runtime - apart from failures due to pinned versions, but that wasn't a problem in the past and shouldn't have changed).

primeos and others added 3 commits April 22, 2019 12:29
@primeos
python37Packages.cryptography: Improve the test vectors integration
22714ad 
This should make the management easier. The package cryptography_vectors
contains the test vectors for cryptography and should therefore always
have the same version. By linking the version of cryptography_vectors to
cryptography, this simply cannot be forgotten.
@primeos
python37Packages.cryptography: 2.5 -> 2.6.1
047af23 
Changelog:
https://cryptography.io/en/latest/changelog/#v2-6-1

Important changes:
- BACKWARDS INCOMPATIBLE: Removed
  cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
  and
  cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
  which had been deprecated for nearly 4 years. Use
  encode_dss_signature() and decode_dss_signature() instead.
- BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial,
  which had been deprecated for nearly 3 years. Use serial_number
  instead.
@worldofpeace @primeos
pythonPackages.cryptography: vectors are checkInputs
186fc20
@dtzWill
Copy link
Member

dtzWill commented Apr 22, 2019 via email

@primeos
Copy link
Member Author

primeos commented Apr 23, 2019

Ok, great - yeah it's really time to switch to OpenSSL 1.1 in general...

I ran most rebuilds and didn't notice any failures that are related to this PR and this update should be fine :)

@primeos primeos merged commit c93fd4a into NixOS:staging Apr 23, 2019
@worldofpeace
Copy link
Contributor

❇️ 🎆

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eadwu eadwu eadwu left review comments

@dtzWill dtzWill dtzWill approved these changes

@worldofpeace worldofpeace worldofpeace approved these changes

@FRidh FRidh Awaiting requested review from FRidh

Assignees

@FRidh FRidh

Labels
6.topic: python 8.has: package (update) 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@primeos @worldofpeace @FRidh @dtzWill @eadwu @infinisil @GrahamcOfBorg