URL: https://github.com/freeipa/freeipa/pull/255
Title: #255: Adjustments for setup requirements
tiran commented:
"""
@martbab Welcome to the party! This discussion has been running for a very long
time and in multiple places. Let me bring you up to speed.
First of all the requirements in ```ipasetup.py``` are completely unrelated to
distribution packaging (RPM, DEB, whatever). PyPI packaging follows slightly
different rules. For example you don't get carefully curated packages,
downstream patches for build issues or a known working set of packages. It's a
bit more wild west and fast moving. I was against bumping the version in the
spec file because the bump is not required for my work. The other insisted on
it.
Next up a version information like "cryptography >= 0.9" means that any version
equal or greater than 0.9 is known to work. If you follow upstream development
of OpenSSL and Cryptography closely then you are aware that any version of
cryptography < 1.3 does no longer compile against a recent version of OpenSSL
1.0.2. CFFI bindings are very sensitive to subtle changes in the ABI and C API.
OpenSSL tend to break both every now and then.
Finally this discussion is pointless. I will bump the version requirements of
cryptography to 1.7.0 in a matter of weeks. BZ for RHEL has been filed. The
version 1.7.0 hasn't been released yet. it will contain two important fixes
(lock and osrandom) and a new feature for @frasertweedale (multi RDN).
```
$ python3 -m venv /tmp/cryptovenv
$ . /tmp/cryptovenv/bin/activate
(cryptovenv) $ pip install 'cryptography==0.9'
Collecting cryptography==0.9
Downloading cryptography-0.9.tar.gz (302kB)
100% |████████████████████████████████| 303kB 122kB/s
Collecting idna (from cryptography==0.9)
Using cached idna-2.1-py2.py3-none-any.whl
Collecting pyasn1 (from cryptography==0.9)
Using cached pyasn1-0.1.9-py2.py3-none-any.whl
Collecting six>=1.4.1 (from cryptography==0.9)
Using cached six-1.10.0-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): setuptools in
./cryptovenv/lib/python3.5/site-packages (from cryptography==0.9)
Collecting cffi>=0.8 (from cryptography==0.9)
Using cached cffi-1.9.1.tar.gz
Collecting pycparser (from cffi>=0.8->cryptography==0.9)
Installing collected packages: idna, pyasn1, six, pycparser, cffi, cryptography
Running setup.py install for cffi ... done
Running setup.py install for cryptography ... error
Complete output from command /tmp/cryptovenv/bin/python3 -u -c "import
setuptools,
tokenize;__file__='/tmp/pip-build-_2z81799/cryptography/setup.py';exec(compile(getattr(tokenize,
'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))"
install --record /tmp/pip-83qpivr4-record/install-record.txt
--single-version-externally-managed --compile --install-headers
/tmp/cryptovenv/include/site/python3.5/cryptography:
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.5
creating build/lib.linux-x86_64-3.5/cryptography
...
running build_ext
building '_Cryptography_cffi_1251de2xc302a38b' extension
creating build/temp.linux-x86_64-3.5
creating build/temp.linux-x86_64-3.5/src
creating build/temp.linux-x86_64-3.5/src/cryptography
creating build/temp.linux-x86_64-3.5/src/cryptography/hazmat
creating build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings
creating
build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings/__pycache__
gcc -pthread -Wno-unused-result -Wsign-compare
-DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
-D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/tmp/cryptovenv/include
-I/usr/include/python3.5m -c
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c
-o
build/temp.linux-x86_64-3.5/src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.o
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:505:6:
error: conflicting types for ‘BIO_new_mem_buf’
BIO *BIO_new_mem_buf(void *, int);
^~~~~~~~~~~~~~~
In file included from /usr/include/openssl/asn1.h:65:0,
from
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:220:
/usr/include/openssl/bio.h:692:6: note: previous declaration of
‘BIO_new_mem_buf’ was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2019:15:
error: ‘SSLv2_method’ redeclared as different kind of symbol
SSL_METHOD* (*SSLv2_method)(void) = NULL;
^~~~~~~~~~~~
In file included from
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
/usr/include/openssl/ssl.h:2287:19: note: previous declaration of
‘SSLv2_method’ was here
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
^~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2020:15:
error: ‘SSLv2_client_method’ redeclared as different kind of symbol
SSL_METHOD* (*SSLv2_client_method)(void) = NULL;
^~~~~~~~~~~~~~~~~~~
In file included from
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
/usr/include/openssl/ssl.h:2289:19: note: previous declaration of
‘SSLv2_client_method’ was here
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
^~~~~~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:2021:15:
error: ‘SSLv2_server_method’ redeclared as different kind of symbol
SSL_METHOD* (*SSLv2_server_method)(void) = NULL;
^~~~~~~~~~~~~~~~~~~
In file included from
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:316:0:
/usr/include/openssl/ssl.h:2288:19: note: previous declaration of
‘SSLv2_server_method’ was here
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
^~~~~~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:
In function ‘_cffi_f_EC_GFp_nistp224_method’:
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:24411:14:
warning: implicit declaration of function ‘EC_GFp_nistp224_method’
[-Wimplicit-function-declaration]
{ result = EC_GFp_nistp224_method(); }
^~~~~~~~~~~~~~~~~~~~~~
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_1251de2xc302a38b.c:24411:12:
warning: assignment makes pointer from integer without a cast
[-Wint-conversion]
{ result = EC_GFp_nistp224_method(); }
^
error: command 'gcc' failed with exit status 1
----------------------------------------
Command "/tmp/cryptovenv/bin/python3 -u -c "import setuptools,
tokenize;__file__='/tmp/pip-build-_2z81799/cryptography/setup.py';exec(compile(getattr(tokenize,
'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))"
install --record /tmp/pip-83qpivr4-record/install-record.txt
--single-version-externally-managed --compile --install-headers
/tmp/cryptovenv/include/site/python3.5/cryptography" failed with error code 1
in /tmp/pip-build-_2z81799/cryptography
```
## 1.2
```
$ pip install 'cryptography==1.2'
...
running build_ext
generating cffi module 'build/temp.linux-x86_64-3.5/_padding.c'
creating build/temp.linux-x86_64-3.5
generating cffi module 'build/temp.linux-x86_64-3.5/_constant_time.c'
generating cffi module 'build/temp.linux-x86_64-3.5/_openssl.c'
building '_openssl' extension
creating build/temp.linux-x86_64-3.5/build
creating build/temp.linux-x86_64-3.5/build/temp.linux-x86_64-3.5
gcc -pthread -Wno-unused-result -Wsign-compare
-DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
-D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/tmp/cryptovenv/include
-I/usr/include/python3.5m -c build/temp.linux-x86_64-3.5/_openssl.c -o
build/temp.linux-x86_64-3.5/build/temp.linux-x86_64-3.5/_openssl.o
build/temp.linux-x86_64-3.5/_openssl.c:737:6: error: conflicting types for
‘BIO_new_mem_buf’
BIO *BIO_new_mem_buf(void *, int);
^~~~~~~~~~~~~~~
In file included from /usr/include/openssl/asn1.h:65:0,
from build/temp.linux-x86_64-3.5/_openssl.c:445:
/usr/include/openssl/bio.h:692:6: note: previous declaration of
‘BIO_new_mem_buf’ was here
BIO *BIO_new_mem_buf(const void *buf, int len);
^~~~~~~~~~~~~~~
error: command 'gcc' failed with exit status 1
----------------------------------------
Command "/tmp/cryptovenv/bin/python3 -u -c "import setuptools,
tokenize;__file__='/tmp/pip-build-c4zo1h2l/cryptography/setup.py';exec(compile(getattr(tokenize,
'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))"
install --record /tmp/pip-xlaxncs5-record/install-record.txt
--single-version-externally-managed --compile --install-headers
/tmp/cryptovenv/include/site/python3.5/cryptography" failed with error code 1
in /tmp/pip-build-c4zo1h2l/cryptography
```
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/255#issuecomment-263666139
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
