1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.PYTHON

  • python-cryptography, Rust, and OpenSSL 3.0

    From Simon Chopin@21:1/5 to All on Wed Dec 1 14:00:01 2021
    Hi,

    TL;DR: Does it make sense to upload the intermediary upstream version
    3.4.8 or rather wait for someone to work on the Rust-based later versions?

    I'm currently working on the OpenSSL 3.0 transition in Ubuntu, and python-cryptography in its current version in Debian and Ubuntu does not support it[0].

    The current version of the package is 3.3.2-1, whereas upstream is at
    36.0. Versioning scheme notwithstanding, upstream moves with a rapid
    pace, since 3.3.2 came out in February 2021.

    This package has recently gained some notoriety[1] for wanting
    to use Rust to replace parts of its C core. 3.4 introduces an optional dependency on the Rust toolchain, which became mandatory in 35.0 (think
    3.5).

    Said 35.0 release also brought OpenSSL 3.0 support, which is why I first
    tried to update the package directly to 35.0 (36.0 wasn't out at the
    time), but it needs a good few packages that aren't, or weren't at the time,
    in the Debian archive, with transitive dependencies on crates that
    aren't necessarily version-compatible with what's currently in Debian. Furthermore, dh-python and pybuild aren't necessarily ready for the
    setuptools Rust extension.

    So, instead I opted for packaging the last Rust-optional version, 3.4.8,
    and backported the necessary OpenSSL 3.0 patches. I posted the result of
    this work on Salsa[2].

    Now that the OpenSSL 3 transition has started in Ubuntu, I plan on
    uploading this package to our archive as I lack the time to do the
    necessary work for the Rust enablement, but I'm wondering if it makes
    sense to do the same in Debian?

    Cheers,
    Simon

    PS: please keep me in CC, as I'm not subscribed to the ML.

    [0]: https://bugs.launchpad.net/ubuntu/+source/python-cryptography/+bug/1946189 [1]: https://lwn.net/Articles/845535/
    [2]: https://salsa.debian.org/python-team/packages/python-cryptography/-/merge_requests/6

    --
    Simon Chopin
    Foundations Team Ubuntu MOTU simon.chopin@canonical.com schopin@ubuntu.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrius Merkys@21:1/5 to Simon Chopin on Wed Dec 1 16:10:02 2021
    Hi Simon,

    On 2021-12-01 14:31, Simon Chopin wrote:
    TL;DR: Does it make sense to upload the intermediary upstream version
    3.4.8 or rather wait for someone to work on the Rust-based later versions?

    I would say yes. python-cryptography >= v3.4.6 is needed to update python-autobahn [1]. Thomas Goirand (in CC) said [2] he is already
    working on python-cryptography, thus it would be best to coordinate
    uploads with him.

    [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995431
    [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994914#19

    Best,
    Andrius

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thomas Goirand@21:1/5 to Andrius Merkys on Wed Dec 1 18:30:02 2021
    On 12/1/21 4:05 PM, Andrius Merkys wrote:
    Hi Simon,

    On 2021-12-01 14:31, Simon Chopin wrote:
    TL;DR: Does it make sense to upload the intermediary upstream version
    3.4.8 or rather wait for someone to work on the Rust-based later versions?

    I would say yes. python-cryptography >= v3.4.6 is needed to update python-autobahn [1]. Thomas Goirand (in CC) said [2] he is already
    working on python-cryptography, thus it would be best to coordinate
    uploads with him.

    [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995431
    [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994914#19

    Best,
    Andrius


    Did ?!? I believe I wrote I was working on python-autobahn, but I have
    to admit I completely failed my duty (busy on other stuff, like Ceph and
    many other RC bug fixing).

    At this point, I believe I must accept NMUs, or at least patches,
    otherwise it will take forever...

    Cheers,

    Thomas Goirand (zigo)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Tristan Seligmann@21:1/5 to Stefano Rivera on Wed Dec 1 21:00:01 2021
    On Wed, 1 Dec 2021 at 21:34, Stefano Rivera <stefanor@debian.org> wrote:

    Hi Simon (2021.12.01_12:31:20_+0000)
    Now that the OpenSSL 3 transition has started in Ubuntu, I plan on uploading this package to our archive as I lack the time to do the necessary work for the Rust enablement, but I'm wondering if it makes
    sense to do the same in Debian?

    I'd assume, yes.

    We were waiting on PyO3, primarily, I think. I see it's in unstable, but hasn't made it to testing, yet. I'll do a source-only upload.


    Thanks for the patches, Simon; I am working on testing and uploading this version as an intermediate step while we resolve the Rust issue. As far as
    Rust goes, it should be straightforward packaging the missing dependencies here, but unfortunately I have not been able to do much Debian-related work recently.

    <div dir="ltr"><div dir="ltr">On Wed, 1 Dec 2021 at 21:34, Stefano Rivera &lt;<a href="mailto:stefanor@debian.org">stefanor@debian.org</a>&gt; wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-
    left:1px solid rgb(204,204,204);padding-left:1ex">Hi Simon (2021.12.01_12:31:20_+0000)<br>
    &gt; Now that the OpenSSL 3 transition has started in Ubuntu, I plan on<br> &gt; uploading this package to our archive as I lack the time to do the<br> &gt; necessary work for the Rust enablement, but I&#39;m wondering if it makes<br>
    &gt; sense to do the same in Debian?<br>

    I&#39;d assume, yes.<br>

    We were waiting on PyO3, primarily, I think. I see it&#39;s in unstable, but<br>
    hasn&#39;t made it to testing, yet. I&#39;ll do a source-only upload.<br></blockquote><div><br></div><div>Thanks for the patches, Simon; I am working on testing and uploading this version as an intermediate step while we resolve the Rust issue. As far as
    Rust goes, it should be straightforward packaging the missing dependencies here, but unfortunately I have not been able to do much Debian-related work recently. </div></div></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefano Rivera@21:1/5 to All on Wed Dec 1 20:40:02 2021
    Hi Simon (2021.12.01_12:31:20_+0000)
    Now that the OpenSSL 3 transition has started in Ubuntu, I plan on
    uploading this package to our archive as I lack the time to do the
    necessary work for the Rust enablement, but I'm wondering if it makes
    sense to do the same in Debian?

    I'd assume, yes.

    We were waiting on PyO3, primarily, I think. I see it's in unstable, but
    hasn't made it to testing, yet. I'll do a source-only upload.

    SR

    --
    Stefano Rivera
    http://tumbleweed.org.za/
    +1 415 683 3272

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrius Merkys@21:1/5 to Thomas Goirand on Thu Dec 2 09:10:01 2021
    Hi Thomas,

    On 2021-12-01 19:22, Thomas Goirand wrote:
    On 12/1/21 4:05 PM, Andrius Merkys wrote:
    On 2021-12-01 14:31, Simon Chopin wrote:
    TL;DR: Does it make sense to upload the intermediary upstream version
    3.4.8 or rather wait for someone to work on the Rust-based later versions? >>
    I would say yes. python-cryptography >= v3.4.6 is needed to update
    python-autobahn [1]. Thomas Goirand (in CC) said [2] he is already
    working on python-cryptography, thus it would be best to coordinate
    uploads with him.

    [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995431
    [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994914#19

    Did ?!? I believe I wrote I was working on python-autobahn, but I have
    to admit I completely failed my duty (busy on other stuff, like Ceph and
    many other RC bug fixing).

    I must have misinterpreted your words, sorry. You were indeed talking
    about python-autobahn.

    At this point, I believe I must accept NMUs, or at least patches,
    otherwise it will take forever...

    OK. I believe I have the update of python-autobahn ready in my fork [3].
    I will submit PRs whenever python-cryptography 3.4.8 is uploaded.

    [3] https://salsa.debian.org/merkys/python-autobahn

    Best,
    Andrius

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Tristan Seligmann@21:1/5 to All on Thu Dec 2 11:10:01 2021
    python-cryptography_3.4.8-1_source.changes uploaded successfully to
    localhost

    On Wed, 1 Dec 2021 at 21:38, Tristan Seligmann <mithrandi@mithrandi.net>
    wrote:

    On Wed, 1 Dec 2021 at 21:34, Stefano Rivera <stefanor@debian.org> wrote:

    Hi Simon (2021.12.01_12:31:20_+0000)
    Now that the OpenSSL 3 transition has started in Ubuntu, I plan on
    uploading this package to our archive as I lack the time to do the
    necessary work for the Rust enablement, but I'm wondering if it makes
    sense to do the same in Debian?

    I'd assume, yes.

    We were waiting on PyO3, primarily, I think. I see it's in unstable, but
    hasn't made it to testing, yet. I'll do a source-only upload.


    Thanks for the patches, Simon; I am working on testing and uploading this version as an intermediate step while we resolve the Rust issue. As far as Rust goes, it should be straightforward packaging the missing dependencies here, but unfortunately I have not been able to do much Debian-related work recently.


    <div dir="ltr"><span style="">&gt; python-cryptography_3.4.8-1_so</span><span style="">urce.changes uploaded successfully to localhost</span><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 1 Dec 2021 at 21:38, Tristan
    Seligmann &lt;<a href="mailto:mithrandi@mithrandi.net">mithrandi@mithrandi.net</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">
    On Wed, 1 Dec 2021 at 21:34, Stefano Rivera &lt;<a href="mailto:stefanor@debian.org" target="_blank">stefanor@debian.org</a>&gt; wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px
    solid rgb(204,204,204);padding-left:1ex">Hi Simon (2021.12.01_12:31:20_+0000)<br>
    &gt; Now that the OpenSSL 3 transition has started in Ubuntu, I plan on<br> &gt; uploading this package to our archive as I lack the time to do the<br> &gt; necessary work for the Rust enablement, but I&#39;m wondering if it makes<br>
    &gt; sense to do the same in Debian?<br>

    I&#39;d assume, yes.<br>

    We were waiting on PyO3, primarily, I think. I see it&#39;s in unstable, but<br>
    hasn&#39;t made it to testing, yet. I&#39;ll do a source-only upload.<br></blockquote><div><br></div><div>Thanks for the patches, Simon; I am working on testing and uploading this version as an intermediate step while we resolve the Rust issue. As far as
    Rust goes, it should be straightforward packaging the missing dependencies here, but unfortunately I have not been able to do much Debian-related work recently. </div></div></div>
    </blockquote></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrius Merkys@21:1/5 to Tristan Seligmann on Thu Dec 2 11:40:02 2021
    On 2021-12-02 11:42, Tristan Seligmann wrote:
    python-cryptography_3.4.8-1_source.changes uploaded successfully to localhost

    Great, thanks a lot!

    Best,
    Andrius

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)