-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use requires[security]
in the requirements instead of just requires
#1563
Conversation
I think we should leave it up to users to figure out if they need those additional packages. A sizable amount of users don't require TLS at all when communicating with the engine over a UNIX socket / Windows npipe. |
@shin How would you feel about a |
… also installs: pyOpenSSL, cryptography, idna and installs cryptography's version of openssl in Mac OS (which by default has an ancient version of openssl that doesn't support TLS 1.2). Signed-off-by: cyli <cyli@twistedmatrix.com>
(I'm not sure what is causing the windows failure) |
Looks like building the
Do we need those changes to |
Not sure what version of |
This should work: shin-@eeb29b9 |
@shin- Ah ok, thank you! Will update. |
I guess 1.8.1 is only available on UNIX platforms? |
@shin- I believe there a wheels for windows: https://pypi.org/project/cryptography/1.8.1/#files |
tox.ini
Outdated
skipsdist=True | ||
|
||
[testenv] | ||
usedevelop=True | ||
commands = | ||
py.test -v --cov=docker {posargs:tests/unit} | ||
platform = | ||
windows: windows |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be
{py27,py33,py34,py35}-windows: windows
and ditto for the other relevant lines.
If you're asking whether I feel bad already for giving you this advice: yes but I have no better advice :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, good point, thanks!
tox.ini
Outdated
linux: linux | ||
darwin: darwin | ||
install_command = | ||
{py27,py33,py34,py35}-windows: pip install --only-binary=cryptography {opts} {packages} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you probably want to put an install command here too, because otherwise things will break :(
{py27,...}-{darwin,linux}: pip install {opts} {packages}
all dependencies of dependencies as well so we can get a consistent build. Signed-off-by: cyli <cyli@twistedmatrix.com>
@shin- Looks like we were using an older version of tox/virtualenv in appveyor, which installed an older version of pip, which for some reason did not find a matching wheel. |
…t pip. Signed-off-by: Ying <ying.li@docker.com>
I wasn't sure if this was in reference to the appveyor failure or a more general question about the extra packages in the requirements.txt in this particular PR. If the latter, I have mainly been following the advice in https://caremad.io/posts/2013/07/setup-vs-requirement/ and https://packaging.python.org/discussions/install-requires-vs-requirements/#requirements-files, where the Happy to dump that in something else, like |
Sorry for neglecting this for so long, I thought I had merged it. Thank you! |
No worries, thank you! |
This installs a few more packages, but guarantees that at least on Mac OS a newer version of openssl is used instead of the default, which doesn't support TLS 1.2. I think the openssl is provided for Windows wheels too.
See https://stackoverflow.com/questions/31811949/pip-install-requestssecurity-vs-pip-install-requests-difference.
An alternative is to specify a "security" option similar to requests: see https://github.com/kennethreitz/requests/blob/master/setup.py#L98.
Also since the
requirements.txt
is pinning specific versions, I just pinned everything (including deps of deps) for a consistent build.