-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump python to 2.7.10 #8207
Bump python to 2.7.10 #8207
Conversation
jenkins build this please |
jenkins build this please |
jenkins build this please |
Let me know and I'll do some droid runtime |
@MartijnKaijser: yes please. |
We've been running 2.7 on windows for ages do hopefully it shouldn't be any issues. You want me to bump win32 as well so we're 2.7.10 across the board? |
@Paxxi python is by far the worst nightmare depend we have to cross-compile, so proper testing is warranted. Bumping windows as well would probably make sense, if you have time for it. |
Sorry for the question, but does this mean Python will be the same version on all platforms? I'm writing a tutorial on python scripting and a couple of users commented that you couldn't rely on some functions working on some platforms. |
jenkins build this please |
@zag2me part from platform specific differences, it should be the same, yes. But this is only valid for unified depends platforms. Standard linux uses system python and win32 has its own build as well. jenkins build this please |
got IOS to build. OSX32 build error unrelated |
doing some initial testing on Android ARM doesn't show any problems |
@wsnipex not sure if related? edit: edit2: |
@wsnipex Tested this for an hour on Android-ARM. So far no problems for me. Needs more testing though. @MartijnKaijser The SSL-Issue you are pointing to might indeed be related. Python's SSL-stack got an update some time in the 2.7-cycle which amongst others enables by-default certificate verification. @wsnipex Therefore it might be worthwhile to put some small note regarding this into the documentation for addon authors. |
@Rondom on win32 we already run 2.7.9 which doesn't have this problem. |
@MartijnKaijser You are right, this is some other problem. |
Could this be the reason for the ssl issue? |
Not sure if this is the right place to bring this up: Do we really want to disable SSL-cert validation by default? |
jenkins build this please |
Wondering about that as well. Just patching out the default doesn't seem like a fix. If SSL is broken then everything not relying on the default behavior would still be broken. |
@tamland any idea how we'd best pass a cacert to python on droid? |
This might fix this trac ticket? http://trac.kodi.tv/ticket/15883 |
@Paxxi do you have time to bump windows as well? |
i could take a try this weekend. Shouldn't be too difficult. PIL still has to be changed to Pillow on win32? |
Correct @martijn we build pillow as pil is mostly dead? It's not hard to build python but a bit annoying with the depends it has, afaik Berkley dB took me some time last try. |
jenkins build this please |
@FernetMenta to get SSL working with python on Pi I needed to: |
I've simply assumed that every platform besides android already has a trust cert provided by the OS. |
Where is this location on systems that don't have OpenSSL? |
I ran strace on the python in my kodi install directory and tried to open "https://amazon.co.uk" with urllib. Then grepped the strace output for cert.pem to find out where it expected it. Kodi seemed happy with the same path as python called directly. |
after reading https://hynek.me/articles/apple-openssl-verification-surprises/ I think we might need the same hack for OSX as for android. |
openssl version -d should print the default path. Take care to use our depends openssl binary |
depends does not build a openssl binary, just a lib |
https://github.com/xbmc/xbmc/blob/master/xbmc/interfaces/python/XBPython.cpp#L599-L601 should work for OSX as well |
@wsnipex I'm running on Pi using unified build, so python, openssl, curl etc are built from kodi tree which installs no cert.pem and doesn't look for it on system paths (it looks in kodi install tree but fails to find it). Would it make sense to install the certificate in kodi's install tree (and set SSL_CERT_FILE if necessary) by default when building with unified build system? |
works on OSX after having copied the cert to system/cert |
@popcornmix yeah, I guess we should do that, but also take care to not override it on platforms/installations where certs are available. btw, another method to find default paths is: |
this bumps unified depends platforms python to the latest 2,7 release 2.7.10
I'd appreciate testing.
fixes (#15883)