Python 2.5 support

[pytoxbot]

• Bitbucket: https://bitbucket.org/hpk42/tox/issue/91
• Originally reported by: @acdha
• Originally created at: 2013-03-17T18:50:12.858

tox currently lists Python 2.5 as the earliest supported version. Unfortunately, it no longer works because PyPI changed to require SSL, which breaks on Python 2.5 unless you have installed the ssl backport (see http://www.pip-installer.org/en/latest/logic.html#ssl-backport).

At first, I thought I could do this within my commands stanza but ran into two problems:

• Due to warn if a command does not come from the venv #2, you cannot simply use curl to fetch the package ("test command found but not installed in testenv")
• Even if that worked, {[section]name} subsitution does not work for commands #38 would mean that you'd be forced to copy and paste around the inability to do something like this:

#!ini
deps =
    # Do nothing because pip is broken on Python 2.5
    # http://www.pip-installer.org/en/latest/logic.html#ssl-backport
commands =
    curl -s -o {envtmpdir}/ssl-1.15.tar.gz https://pypi.python.org/packages/source/s/ssl/ssl-1.15.tar.gz
    pip install {envtmpdir}/ssl-1.15.tar.gz
    pip install -r {toxinidir}/tests/requirements_25.txt
    pip install django==1.3
    {[testenv]commands}

I think it'd either make sense to have an automatic hook to install ssl on Python 2.5 or simply drop support for it as it's rather old and backport RPMs are available for legacy Red Hat users.

[pytoxbot]

Original comment by @hpk42

tox-1.6 has support for python2.5. See the announcements. It basically ships with a copy of virtualenv-1.9.1 and downgrades pip to <1.4, and adds default "--insecure" to the (new in tox-1.6) installer_command defaults.

I went a bit too far, i guess, in that you can even run tox itself on python2.5. That is strictly speaking not neccessary. I am probably going to drop support for python2.5 for tox itself but try to keep it able to run the project-under-test against python2.5

[pytoxbot]

Original comment by @hpk42

ref issue91 - use a vendored virtualenv-1.9.1 when creating python-2.5 environments.
Merged in mete0r_kr/tox/use-venv191-pip13-for-python25 (pull request #65)

use inlined virtualenv-1.9.1 and pip<1.4 for CPython 2.5 / Jython 2.5 (revised)

→ <<cset 2f81a12f84bc>>

[pytoxbot]

Original comment by @qwcode

@ssokolow and I talked offline. he did end up getting "PIP_INSECURE = 1" to work, and it works for me too, so that's a real option for people.

[pytoxbot]

Original comment by @qwcode

@ssokolow , I used that config to test py25 locally in the 1.3 release branch for pip last week. I went back and forth now 3 times to confirm it. so, I'm not sure why you wouldn't see it work. the error you are getting is the "You don't have an importable ssl module..."?

[pytoxbot]

Original comment by @ssokolow

Ok, so BitBucket's spam filter is overzealous and too stupid to also withhold the e-mail notifications for spam.

@qwcode In reply to your comments that have been un-spammed so far, I tried the tox.ini snippet you gave but it seems to have no effect so I went back to listing --insecure as a dependency for [testenv:py25] and [testenv:jython].

[pytoxbot]

Original comment by @qwcode

I'm using the web interface to make comments. I see my comments preserved here (but only when I'm logged in.)

I'm able to comment on other projects fine and have them show when I'm not logged in.
https://bitbucket.org/PSF/python-meta-packaging/issue/1/set-up-sphinx-readthedocs

[pytoxbot]

Original comment by @ssokolow

We seem to have a problem with BitBucket's bugs system. Someone named Marcus Smith (two users have that name) has sent two messages and I received them but they haven't shown up on this page. I've reported a bug in BitBucket.

I'd try replying to test if it's the "reply to this e-mail to respond" that's doing it, but BitBucket seems to use a generic reply-to address rather than the hash-style ones GitHub uses so I'm almost certain my use of multiple From addresses (none of which are my BitBucket one) would break things. (I've also reported that as well as the lack of hyperlinks in the notification e-mails)

[pytoxbot]

Original comment by @qwcode

@ssokolow , no need to fake it with --insecure as package name. see my comment above.

[pytoxbot]

Original comment by @ssokolow

@acdha No argument. I was just saying that, for the impatient, tox won't refuse --insecure for not being a package name or URL.

@hpk42 I wish I could provide a patch but I've already patched my way into being about a week and a half behind on my French coursework.

I'd rather not engage in any more "productive procrastination" in the near future but I'll keep it in mind in case I do get far enough ahead. Just setting up tox on one of my projects and fixing test failures ate up four hours yesterday and I'd only budgeted three for leisure.

[pytoxbot]

Original comment by @qwcode

not ideal, but know that you can do this now, and not get the "NoSSLError" exception

[testenv:py25]
setenv =
    PIP_INSECURE = 1

this follow's pip's convention that any cli option can also be set as an environment variable.

having py25 support at all, was a bonus in pip-1.3.1.
there was a discussion to drop py25, but adding support for it in some form won out.

pip-1.4 is dropping py25 btw.

[pytoxbot]

Original comment by @hpk42

Am open to patches - might be a while before i get to it myself, otherwise, because i have no need for python2.5 support myself.

[pytoxbot]

Original comment by @acdha

@ssokolow I would prefer to fix Python 2.5 support but I don't like the idea of running Python 2.5 in a known-insecure mode, particularly as PyPI continues to be a high-interest target. I think @hpk42 has a reasonably strategy of hard-coding the MD5 hash for the ssl package so tox can download, verify and install it when creating a Python 2.5 environment. This will be annoying if the SSL module is updated so it'd probably be a good idea to immediately follow it with pip install --upgrade ssl just in case.

[pytoxbot]

Original comment by @ssokolow

@acdha I wouldn't consider dropping Python 2.5 support on account of this until Jython 2.7 is complete and stable since Jython 2.5 seems to suffer from the same problem.

Also, there are some things (eg. mIRC plugins) which still embed 2.5 and I currently support them in one of my projects but, if tox dropped support, my only remaining option of acceptable convenience would be pushing to Travis CI and praying.

As for getting it to work right now, tox won't complain if you toss --insecure into the deps for py25 and, if I understand the situation correctly, that just gets you back the behaviour that was default when py25 was working.

(Let's just hope that --insecure will become a no-op if SSL is available. I don't have time to code-dive right now.)

[pytoxbot]

Original comment by @hpk42

I don't see the point of using or requiring curl. On py25 We can just use urllib.urlopen() and download the file, hardcode the MD5 sum in the tox release, verify it and then call pip to install the tar file, and then proceed?

[pytoxbot]

Original comment by @alfredodeza

I spoke briefly with @carljm and @jezdez about this problem and they seemed that a decision needs to be made as to where exactly the SSL library would need to end up.

This is obviously a problem for me as well and would prefer an option where I am not required to curl something. That implementation would be painful in a production-like environment where I need to test 2.5

[pytoxbot]

Original comment by @acdha

I think the curl hackaround might be our best option: it's available just about everywhere and it seems reasonable to say that if you wish to run tests on Python 2.5, you should have curl somewhere in the path.

[pytoxbot]

Original comment by @hpk42

Now i see why pip won't try to install ssl - it cannot use ssl for it. One solution would have been to include the particular ssl-1.15 MD5 in pip's source code. This is harder to do from the tox side.

[pytoxbot]

Original comment by @hpk42

I think there was talk to include ssl with pip for python2.5. If that doesn't happen we could install it ourselves.