Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dev-python/cryptography ~ia64 removal CI run #23087

Closed
wants to merge 26 commits into from
Closed

dev-python/cryptography ~ia64 removal CI run #23087

wants to merge 26 commits into from

Conversation

mgorny
Copy link
Member

@mgorny mgorny commented Nov 26, 2021

So it happened and cryptography upstream has made a release requiring Rust. This means that long-term we're losing this package at least for alpha, hppa and ia64. Other arches (e.g. ppc) are heavily depending on Gentoo maintainers finally making Rust work on them (it's apparently supported upstream).

~ia64 should have the lowest number of keywords on Python packages, so let's start estimating the damage by dekeywording cryptography there.

@mgorny mgorny added the no assignee limit Ignore assignee limit, and ping as many maintainers as it takes. label Nov 26, 2021
@gentoo-bot
Copy link

Pull Request assignment

Submitter: @mgorny
Areas affected: ebuilds, profiles
Packages affected: app-misc/ca-certificates, dev-python/cherrypy, dev-python/cryptography, dev-python/dnspython, dev-python/keyring...

app-misc/ca-certificates: @gentoo/base-system
dev-python/cherrypy: @gentoo/python
dev-python/cryptography: @gentoo/python
dev-python/dnspython: @gentoo/python
dev-python/keyring: @prometheanfire, @gentoo/openstack, @gentoo/python
dev-python/ndg-httpsclient: @gentoo/python
dev-python/paramiko: @gentoo/python, @aliceinwire
dev-python/pyftpdlib: @gentoo/python
dev-python/pyopenssl: @gentoo/python
dev-python/secretstorage: @gentoo/python
dev-python/service_identity: @gentoo/python
dev-python/trustme: williamh, @gentoo/python
dev-python/twine: @gentoo/python

Linked bugs

Bugs linked: 827354

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

Docs: Code of ConductCopyright policy (expl.) ● DevmanualGitHub PRsProxy-maint guide

@gentoo-bot gentoo-bot added assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. labels Nov 26, 2021
@mgorny mgorny added the do not merge Please DO NOT MERGE this PR. It will not be assigned but it will be scanned by CI. label Nov 26, 2021
@mgorny
Copy link
Member Author

mgorny commented Nov 26, 2021

TODO: try to figure out if we can selectively skip tests in some of these packages

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2021-11-26 11:35 UTC
Newest commit scanned: a85a86b
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/0ae41edd8c/output.html

@mgorny
Copy link
Member Author

mgorny commented Nov 26, 2021
edited
Loading

Test checklist:

  • dev-python/aiohttp: handles missing trustme gracefully
  • dev-python/cheroot: added conditional EPYTEST_IGNORE
  • dev-python/fs: we're already skipping 'em
  • dev-python/passlib: handles missing deps gracefully
  • dev-python/pip: patched, submitted upstream Move cryptography-based imports into fixture  pypa/pip#10686
  • dev-python/pypiserver: added EPYTEST_DESELECT
  • dev-python/requests: patched, submitted upstream
  • dev-python/requests-toolbelt: added conditional EPYTEST_IGNORE
  • dev-python/trio: we're already skipping 'em
  • dev-python/twisted: seems to handle missing deps gracefully
  • dev-python/urllib3
  • dev-python/werkzeug: added EPYTEST_DESELECT

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2021-11-26 13:55 UTC
Newest commit scanned: 5ecb73c
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/78c73ebdfd/output.html

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2021-11-26 16:05 UTC
Newest commit scanned: 234d208
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/a200561100/output.html

@mgorny
Copy link
Member Author

mgorny commented Nov 27, 2021

(note: temporary breakage while pip is being rekeyworded)

@mgorny mgorny added the noci Skip CI for this pull request label Nov 27, 2021
@mgorny mgorny force-pushed the crypto-ia64 branch 2 times, most recently from e4c95c0 to a9bb876 Compare November 28, 2021 11:06
@mgorny mgorny removed noci Skip CI for this pull request assigned PR successfully assigned to the package maintainer(s). do not merge Please DO NOT MERGE this PR. It will not be assigned but it will be scanned by CI. labels Nov 28, 2021
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2021-11-28 11:55 UTC
Newest commit scanned: 656021d
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/4abf6d8248/output.html

@mgorny
profiles/arch/ia64: Mask flags depending on cryptography
7166fe8 
Since dev-python/cryptography now requires Rust, let's establish
the level of damage caused by it not supporting IA64 at all.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/aiohttp: Skip optional trustme dep on non-Rust arches
87975e9 
The test suite handles missing trustme gracefully, so require it only
on architectures that are supported by Rust.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/pip: Skip cryptography dep on non-Rust arches
c35d91e 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/pypiserver: Skip twine dep on non-Rust arches
7e3b073 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/requests: Skip trustme dep on non-Rust arches
f178728 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/requests-toolbelt: Skip pyopenssl dep on non-Rust arches
8a8f2ef 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/cheroot: Make SSL-related test-dep non-obligatory
21be404 
Since the SSL test deps (pyopenssl & trustme) both implicitly depend
on Rust now, make them non-obligatory to save arches not supported
by Rust (e.g. ia64).

Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/passlib: Skip cryptography dep on non-Rust arches
7ec876b 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/twisted: Skip SSL test dep on non-Rust arches
086ec33 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/twisted: Remove ancient blockers
29ae68e 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/werkzeug: Skip cryptography dep on non-Rust arches
7cb5812 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/aiohttp: Remove ~ia64 on old versions
ea3899c 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/fs: Remove ~ia64 from old version
946a30d 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/paramiko: Remove ~ia64 (due to Rust)
13853a8 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/twine: Remove ~ia64 (due to Rust)
43bca21 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/keyring: Remove ~ia64 (due to Rust)
43d998c 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/secretstorage: Remove ~ia64 (due to Rust)
26664be 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/trustme: Remove ~ia64 (due to Rust)
f7f6ca4 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/dnspython: Remove ~ia64 (due to Rust)
4b6d117 
While technically only dnspython-2 requires cryptography, we do not want
more consumers blocking the removal of dnspython-1.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/ndg-httpsclient: Remove ~ia64 (due to Rust)
8264d7b 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/cherrypy: Remove ~ia64 (due to Rust)
8b41168 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/pyftpdlib: Remove ~ia64 (due to Rust)
b43d25f 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/service_identity: Remove ~ia64 (due to Rust)
30bf3a9 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/pyopenssl: Remove ~ia64 (due to Rust)
bb0d17c 
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
app-misc/ca-certificates: Eliminate the dep on cryptography
7d89b0e 
The dev-python/cryptography package is no longer portable, due to Rust,
so avoid the dependency to make ca-certificates portable again.
Apparently, it is used only for some upstream QA check.

Closes: https://bugs.gentoo.org/827354
Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
dev-python/cryptography: Proactively remove ~ia64 (due to Rust)
7f398c6 
Since the new cryptography versions require Rust and Rust does not work
on ia64 at all, proactively remove the keyword and clean up its
reverse dependencies.  This should save us from having to deal with it
last minute when a new vulnerability is discovered in cryptography,
and we have to urgently clean up the old versions.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
@mgorny
Copy link
Member Author

mgorny commented Nov 28, 2021

Merged.

@mgorny mgorny closed this Nov 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arthurzam arthurzam arthurzam approved these changes

Assignees
No one assigned
Labels
bug linked Bug/Closes found in footer, and cross-linked with the PR. no assignee limit Ignore assignee limit, and ping as many maintainers as it takes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mgorny @gentoo-bot @gentoo-repo-qa-bot @arthurzam