New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to cross compile due to cffi (0.14) #157
Comments
Antoine Bertin notifications@github.com writes:
Hi Antoine, First off, sorry to have caused you trouble building pyOpenSSL. The You can read about the reasoning behind the switch to using cffi here:
As you can see, cross compilation wasn't considered as part of that
I'm not sure I fully understand this concern. It's true that building It is true that cffi includes a hook which will invoke the C compiler at Are you aware of the ability, when using cffi, to build and distribute Or have you found problems with using this functionality in practice Or perhaps there's something else I don't understand about this
Given what I know about writing extension modules using the CPython/C
Any change brings the possibility of breaking someone's usage of That said, I acknowledge that the switch to cffi was a big one and had Clearly the efforts were insufficient - because it did break for you!
I considered the performance differences and decided to proceed anyway First, for many parts of the pyOpenSSL API the actual hard work is being Second, the cffi-based implementation of pyOpenSSL is much faster than I know everyone can't switch to PyPy yet - but more and more people
I hope I've explained this sufficiently here.
This sounds like it may bear further discussion. However, it probably My understanding is that Thanks |
Hah. By "this" I meant the pyopenssl-users list hosted on python.org. Sorry about that, I got confused by my new mail client. |
I didn't mean to be harsh, but after hours spend on pyOpenSSL (well, cryptography now) I was a bit pissed off :) I did a bit of investigation but I still don't understand what exactly is going on. I'll try to explain briefly what I've done: First I tried cross compiling cryptography like a standard module, it seems it installs cffi localy instead of relying on setuptools for the dependencies (weird, but not a problem). Then cffi is imported to do some additional steps I assume:
Obviously it fails, it tries to import a target library on the host machine. So second thing I tried is to remove the patch and install a native cffi for the host python and tweak the PYTHONPATH so it get picked up when cross compiling.
Here we can see the .so is compiled as expected but then it tries to import it (wtf?). This is where I'm lost, I don't get why it tries to import it and it seems to be an important step in the process done by cffi. The tests are done by compiling on a Debian 32bits VM and building for a x86_64 target but I have plenty other targets (ARM, PPC, etc.). Any help appreciated here 👍 |
From what I understand cryptography tries to import itself during setup (get_ext_modules in setup.py) to trigger compilation (in cryptography/hazmat/primitives/constant_time.py: This is the portion of the code used by cffi:
The problem here is In setup.py, cryptography should not import itself, this is considered a bad practice in general, but cffi's documentation says otherwise. While this is OK in most cases (host == target) it is not in case if cross compilation. I think the correct way to do that would be to call The issue is not in pyOpenSSL or cryptography but really in the internals of cffi. |
I've tested the solution that consists of calling
It fails for OpenSSLBinding because the At least it seems that we're on the right tracks to fix the issue, I'd be glad to test a patch for this. |
Since we won’t move from CFFI anytime soon and seems to be fixed-ish in cryptography I’m gonna close this. |
I maintain a Python package for Synology NAS at SynoCommunity/spksrc.
I had no problem cross compiling previous versions of pyOpenSSL, extensions were perfectly compiled, at compile time.
Since 0.14 it seems you switched to cffi which compiles the extensions at import time. The whole thing being done by cryptography under the hood. This is impossible to get to work on a cross compile environment because there is no compiler on the target. (SynoCommunity/spksrc#1225)
I wonder why the change, given that:
I'm obviously missing the pros of cffi here so please enlighten me.
Could you provide a way to avoid compilation at import time and do it at
setup.py build
time?The text was updated successfully, but these errors were encountered: