URL: https://github.com/freeipa/freeipa/pull/255
Title: #255: Adjustments for setup requirements

tiran commented:
"""
@martbab Welcome to the party! This discussion has been running for a very long 
time and in multiple places. Let me bring you up to speed.

First of all the requirements in ```ipasetup.py``` are completely unrelated to 
distribution packaging (RPM, DEB, whatever). PyPI packaging follows slightly 
different rules. For example you don't get carefully curated packages, 
downstream patches for build issues or a known working set of packages. It's a 
bit more wild west and fast moving. I was against bumping the version in the 
spec file because the bump is not required for my work. The other insisted on 
it.

Next up a version information like "cryptography >= 0.9" means that any version 
equal or greater than 0.9 is known to work. If you follow upstream development 
of OpenSSL and Cryptography closely then you are aware that any version of 
cryptography < 1.3 does no longer compile against a recent version of OpenSSL 
1.0.2. CFFI bindings are very sensitive to subtle changes in the ABI and C API. 
OpenSSL tend to break both every now and then.

Finally this discussion is pointless. I will bump the version requirements of 
cryptography to 1.7.0 in a matter of weeks. BZ for RHEL has been filed. The 
version 1.7.0 hasn't been released yet. it will contain two important fixes 
(lock and osrandom) and a new feature for @frasertweedale (multi RDN).

```
$ python3 -m venv /tmp/cryptovenv
$ . /tmp/cryptovenv/bin/activate
(cryptovenv) $ pip install 'cryptography==0.9' 
Collecting cryptography==0.9
  Downloading cryptography-0.9.tar.gz (302kB)
    100% |████████████████████████████████| 303kB 122kB/s 
Collecting idna (from cryptography==0.9)
  Using cached idna-2.1-py2.py3-none-any.whl
Collecting pyasn1 (from cryptography==0.9)
  Using cached pyasn1-0.1.9-py2.py3-none-any.whl
Collecting six>=1.4.1 (from cryptography==0.9)
  Using cached six-1.10.0-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): setuptools in 
./cryptovenv/lib/python3.5/site-packages (from cryptography==0.9)
Collecting cffi>=0.8 (from cryptography==0.9)
  Using cached cffi-1.9.1.tar.gz
Collecting pycparser (from cffi>=0.8->cryptography==0.9)
Installing collected packages: idna, pyasn1, six, pycparser, cffi, cryptography
  Running setup.py install for cffi ... done
  Running setup.py install for cryptography ... error
    Complete output from command /tmp/cryptovenv/bin/python3 -u -c "import 
setuptools, 
tokenize;__file__='/tmp/pip-build-_2z81799/cryptography/setup.py';exec(compile(getattr(tokenize,
 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" 
install --record /tmp/pip-83qpivr4-record/install-record.txt 
--single-version-externally-managed --compile --install-headers 
/tmp/cryptovenv/include/site/python3.5/cryptography:
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.5
    creating build/lib.linux-x86_64-3.5/cryptography
...
    running build_ext
    building '_Cryptography_cffi_1251de2xc302a38b' extension
    creating build/temp.linux-x86_64-3.5
    creating build/temp.linux-x86_64-3.5/src
    creating build/temp.linux-x86_64-3.5/src/cryptography
    creating build/temp.linux-x86_64-3.5/src/cryptography/hazmat
    creating build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings
    creating 
build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings/__pycache__
    gcc -pthread -Wno-unused-result -Wsign-compare 
-DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall 
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches 
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic 
-D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/tmp/cryptovenv/include 
-I/usr/include/python3.5m -c 
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c
 -o 
build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.o
    
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:505:6:
 error: conflicting types for ‘BIO_new_mem_buf’
     BIO *BIO_new_mem_buf(void *, int);
          ^~~~~~~~~~~~~~~
    In file included from /usr/include/openssl/asn1.h:65:0,
                     from 
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:220:
    /usr/include/openssl/bio.h:692:6: note: previous declaration of 
‘BIO_new_mem_buf’ was here
     BIO *BIO_new_mem_buf(const void *buf, int len);
          ^~~~~~~~~~~~~~~
    
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2019:15:
 error: ‘SSLv2_method’ redeclared as different kind of symbol
     SSL_METHOD* (*SSLv2_method)(void) = NULL;
                   ^~~~~~~~~~~~
    In file included from 
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
    /usr/include/openssl/ssl.h:2287:19: note: previous declaration of 
‘SSLv2_method’ was here
     const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
                       ^~~~~~~~~~~~
    
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2020:15:
 error: ‘SSLv2_client_method’ redeclared as different kind of symbol
     SSL_METHOD* (*SSLv2_client_method)(void) = NULL;
                   ^~~~~~~~~~~~~~~~~~~
    In file included from 
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
    /usr/include/openssl/ssl.h:2289:19: note: previous declaration of 
‘SSLv2_client_method’ was here
     const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
                       ^~~~~~~~~~~~~~~~~~~
    
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2021:15:
 error: ‘SSLv2_server_method’ redeclared as different kind of symbol
     SSL_METHOD* (*SSLv2_server_method)(void) = NULL;
                   ^~~~~~~~~~~~~~~~~~~
    In file included from 
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
    /usr/include/openssl/ssl.h:2288:19: note: previous declaration of 
‘SSLv2_server_method’ was here
     const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
                       ^~~~~~~~~~~~~~~~~~~
    
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:
 In function ‘_cffi_f_EC_GFp_nistp224_method’:
    
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:24411:14:
 warning: implicit declaration of function ‘EC_GFp_nistp224_method’ 
[-Wimplicit-function-declaration]
       { result = EC_GFp_nistp224_method(); }
                  ^~~~~~~~~~~~~~~~~~~~~~
    
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:24411:12:
 warning: assignment makes pointer from integer without a cast 
[-Wint-conversion]
       { result = EC_GFp_nistp224_method(); }
                ^
    error: command 'gcc' failed with exit status 1
    
    ----------------------------------------
Command "/tmp/cryptovenv/bin/python3 -u -c "import setuptools, 
tokenize;__file__='/tmp/pip-build-_2z81799/cryptography/setup.py';exec(compile(getattr(tokenize,
 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" 
install --record /tmp/pip-83qpivr4-record/install-record.txt 
--single-version-externally-managed --compile --install-headers 
/tmp/cryptovenv/include/site/python3.5/cryptography" failed with error code 1 
in /tmp/pip-build-_2z81799/cryptography
```


## 1.2

```
$ pip install 'cryptography==1.2'
...
    running build_ext
    generating cffi module 'build/temp.linux-x86_64-3.5/_padding.c'
    creating build/temp.linux-x86_64-3.5
    generating cffi module 'build/temp.linux-x86_64-3.5/_constant_time.c'
    generating cffi module 'build/temp.linux-x86_64-3.5/_openssl.c'
    building '_openssl' extension
    creating build/temp.linux-x86_64-3.5/build
    creating build/temp.linux-x86_64-3.5/build/temp.linux-x86_64-3.5
    gcc -pthread -Wno-unused-result -Wsign-compare 
-DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall 
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches 
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic 
-D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/tmp/cryptovenv/include 
-I/usr/include/python3.5m -c build/temp.linux-x86_64-3.5/_openssl.c -o 
build/temp.linux-x86_64-3.5/build/temp.linux-x86_64-3.5/_openssl.o
    build/temp.linux-x86_64-3.5/_openssl.c:737:6: error: conflicting types for 
‘BIO_new_mem_buf’
     BIO *BIO_new_mem_buf(void *, int);
          ^~~~~~~~~~~~~~~
    In file included from /usr/include/openssl/asn1.h:65:0,
                     from build/temp.linux-x86_64-3.5/_openssl.c:445:
    /usr/include/openssl/bio.h:692:6: note: previous declaration of 
‘BIO_new_mem_buf’ was here
     BIO *BIO_new_mem_buf(const void *buf, int len);
          ^~~~~~~~~~~~~~~
    error: command 'gcc' failed with exit status 1
    
    ----------------------------------------
Command "/tmp/cryptovenv/bin/python3 -u -c "import setuptools, 
tokenize;__file__='/tmp/pip-build-c4zo1h2l/cryptography/setup.py';exec(compile(getattr(tokenize,
 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" 
install --record /tmp/pip-xlaxncs5-record/install-record.txt 
--single-version-externally-managed --compile --install-headers 
/tmp/cryptovenv/include/site/python3.5/cryptography" failed with error code 1 
in /tmp/pip-build-c4zo1h2l/cryptography
```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/255#issuecomment-263666139
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to