[Freeipa-devel] [freeipa PR#255][comment] Adjustments for setup requirements
tiran
freeipa-github-notification at redhat.com
Tue Nov 29 19:06:23 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/255
Title: #255: Adjustments for setup requirements
tiran commented:
"""
@martbab Welcome to the party! This discussion has been running for a very long time and in multiple places. Let me bring you up to speed.
First of all the requirements in ```ipasetup.py``` are completely unrelated to distribution packaging (RPM, DEB, whatever). PyPI packaging follows slightly different rules. For example you don't get carefully curated packages, downstream patches for build issues or a known working set of packages. It's a bit more wild west and fast moving. I was against bumping the version in the spec file because the bump is not required for my work. The other insisted on it.
Next up a version information like "cryptography >= 0.9" means that any version equal or greater than 0.9 is known to work. If you follow upstream development of OpenSSL and Cryptography closely then you are aware that any version of cryptography < 1.3 does no longer compile against a recent version of OpenSSL 1.0.2. CFFI bindings are very sensitive to subtle changes in the ABI and C API. OpenSSL tend to break both every now and then.
Finally this discussion is pointless. I will bump the version requirements of cryptography to 1.7.0 in a matter of weeks. BZ for RHEL has been filed. The version 1.7.0 hasn't been released yet. it will contain two important fixes (lock and osrandom) and a new feature for @frasertweedale (multi RDN).
```
$ python3 -m venv /tmp/cryptovenv
$ . /tmp/cryptovenv/bin/activate
(cryptovenv) $ pip install 'cryptography==0.9'
Collecting cryptography==0.9
Downloading cryptography-0.9.tar.gz (302kB)
100% |████████████████████████████████| 303kB 122kB/s
Collecting idna (from cryptography==0.9)
Using cached idna-2.1-py2.py3-none-any.whl
Collecting pyasn1 (from cryptography==0.9)
Using cached pyasn1-0.1.9-py2.py3-none-any.whl
Collecting six>=1.4.1 (from cryptography==0.9)
Using cached six-1.10.0-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): setuptools in ./cryptovenv/lib/python3.5/site-packages (from cryptography==0.9)
Collecting cffi>=0.8 (from cryptography==0.9)
Using cached cffi-1.9.1.tar.gz
Collecting pycparser (from cffi>=0.8->cryptography==0.9)
Installing collected packages: idna, pyasn1, six, pycparser, cffi, cryptography
Running setup.py install for cffi ... done
Running setup.py install for cryptography ... error
Complete output from command /tmp/cryptovenv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-_2z81799/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-83qpivr4-record/install-record.txt --single-version-externally-managed --compile --install-headers /tmp/cryptovenv/include/site/python3.5/cryptography:
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.5
creating build/lib.linux-x86_64-3.5/cryptography
...
running build_ext
building '_Cryptography_cffi_1251de2xc302a38b' extension
creating build/temp.linux-x86_64-3.5
creating build/temp.linux-x86_64-3.5/src
creating build/temp.linux-x86_64-3.5/src/cryptography
creating build/temp.linux-x86_64-3.5/src/cryptography/hazmat
creating build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings
creating build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings/__pycache__
gcc -pthread -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/tmp/cryptovenv/include -I/usr/include/python3.5m -c src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c -o build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.o
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:505:6: error: conflicting types for ‘BIO_new_mem_buf’
BIO *BIO_new_mem_buf(void *, int);
^~~~~~~~~~~~~~~
In file included from /usr/include/openssl/asn1.h:65:0,
from src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:220:
/usr/include/openssl/bio.h:692:6: note: previous declaration of ‘BIO_new_mem_buf’ was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2019:15: error: ‘SSLv2_method’ redeclared as different kind of symbol
SSL_METHOD* (*SSLv2_method)(void) = NULL;
^~~~~~~~~~~~
In file included from src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
/usr/include/openssl/ssl.h:2287:19: note: previous declaration of ‘SSLv2_method’ was here
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
^~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2020:15: error: ‘SSLv2_client_method’ redeclared as different kind of symbol
SSL_METHOD* (*SSLv2_client_method)(void) = NULL;
^~~~~~~~~~~~~~~~~~~
In file included from src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
/usr/include/openssl/ssl.h:2289:19: note: previous declaration of ‘SSLv2_client_method’ was here
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
^~~~~~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2021:15: error: ‘SSLv2_server_method’ redeclared as different kind of symbol
SSL_METHOD* (*SSLv2_server_method)(void) = NULL;
^~~~~~~~~~~~~~~~~~~
In file included from src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
/usr/include/openssl/ssl.h:2288:19: note: previous declaration of ‘SSLv2_server_method’ was here
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
^~~~~~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c: In function ‘_cffi_f_EC_GFp_nistp224_method’:
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:24411:14: warning: implicit declaration of function ‘EC_GFp_nistp224_method’ [-Wimplicit-function-declaration]
{ result = EC_GFp_nistp224_method(); }
^~~~~~~~~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:24411:12: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
{ result = EC_GFp_nistp224_method(); }
^
error: command 'gcc' failed with exit status 1
----------------------------------------
Command "/tmp/cryptovenv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-_2z81799/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-83qpivr4-record/install-record.txt --single-version-externally-managed --compile --install-headers /tmp/cryptovenv/include/site/python3.5/cryptography" failed with error code 1 in /tmp/pip-build-_2z81799/cryptography
```
## 1.2
```
$ pip install 'cryptography==1.2'
...
running build_ext
generating cffi module 'build/temp.linux-x86_64-3.5/_padding.c'
creating build/temp.linux-x86_64-3.5
generating cffi module 'build/temp.linux-x86_64-3.5/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-3.5/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-3.5/build
creating build/temp.linux-x86_64-3.5/build/temp.linux-x86_64-3.5
gcc -pthread -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/tmp/cryptovenv/include -I/usr/include/python3.5m -c build/temp.linux-x86_64-3.5/_openssl.c -o build/temp.linux-x86_64-3.5/build/temp.linux-x86_64-3.5/_openssl.o
build/temp.linux-x86_64-3.5/_openssl.c:737:6: error: conflicting types for ‘BIO_new_mem_buf’
BIO *BIO_new_mem_buf(void *, int);
^~~~~~~~~~~~~~~
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-3.5/_openssl.c:445:
/usr/include/openssl/bio.h:692:6: note: previous declaration of ‘BIO_new_mem_buf’ was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^~~~~~~~~~~~~~~
error: command 'gcc' failed with exit status 1
----------------------------------------
Command "/tmp/cryptovenv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-c4zo1h2l/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-xlaxncs5-record/install-record.txt --single-version-externally-managed --compile --install-headers /tmp/cryptovenv/include/site/python3.5/cryptography" failed with error code 1 in /tmp/pip-build-c4zo1h2l/cryptography
```
"""
See the full comment at https://github.com/freeipa/freeipa/pull/255#issuecomment-263666139
More information about the Freeipa-devel
mailing list