On Tue, Mar 01, 2016 at 04:13:41PM -0800, Christopher Allan Webber wrote: > Christopher Allan Webber writes: > > > Most of Guix seems to be working just fine with the grafts support and > > grafting of openssl. However, unlike most grafts that will be done > > probably, this one removes a feature, and that seems to be creating > > problems in Python land. > > > > >>> from urllib.request import HTTPSHandler > > Traceback (most recent call last): > > File "<stdin>", line 1, in <module> > > ImportError: cannot import name 'HTTPSHandler' > > As expected, this is for the same reasons offlineimap seemed to have > problems: > > cwebber@oolong:~/devel/mediagoblin$ python3 > Python 3.4.3 (default, Jan 1 1970, 00:00:01) > [GCC 4.9.3] on linux > Type "help", "copyright", "credits" or "license" for more information. > >>> import ssl > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > File > "/gnu/store/1spkp48cbbzg6ic5qkv3qpm3mvsgwkys-python-3.4.3/lib/python3.4/ssl.py", > line 97, in <module> > import _ssl # if we can't import it, let the error propagate > ImportError: > /gnu/store/1spkp48cbbzg6ic5qkv3qpm3mvsgwkys-python-3.4.3/lib/python3.4/lib-dynload/_ssl.cpython-34m.so: > undefined symbol: SSLv2_method
We need to get that SSLv2 out of there! > > This leads to my suspicion that it's not really grafting's fault here, > it's the *removal* of a piece of code, thus making things > abi-incompatible with the system we built. Hopefully most grafting > situations won't require this. I think that's right? :) It seems like most security updates are ABI compatible, thankfully. This was a special case since it removed an insecure protocol completely. > > Unfortunately, I'd say that ssl and python isn't really optional! > Is it possible to graft on top of a graft? Could we rebuild Python > based on the grafted openssl, and then graft things on top of the > grafted Python? :) > > >
