Christian Heimes <li...@cheimes.de> added the comment: It's a bit more complicated. FreeIPA uses cryptography, which uses asn1crypto, which uses ctypes, which is broken in mod_wsgi due to bpo-34651. It's not just FreeIPA that is affected by the issue. Any application running in mod_wsgi is potentially affected and broken by bpo-34651.
1a) (modify FreeIPA) is not possible. IPA requires the additional features of the subprocess module. 1b) (modify ctypes) should be done in a separate ticket. I'm not sure why subprocess does not use posix_spawn() here. I guess it's the default value "close_fds=True"? 2) (avoid subinterpreters) would require a rewrite of mod_wsgi 3) (revert bpo-34651) is IMHO required for _posixsubprocess.fork_exec(). bpo-34651 is a backwards incompatible change that breaks existing applications that uses mod_wsgi. At least _posixsubprocess.fork_exec() should be reverted and the removal of fork() support should go through a proper deprecation cycle of two releases. I'm bumping this up to release blocker and CC Łukasz. ---------- nosy: +lukasz.langa priority: critical -> release blocker _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37951> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
