-
Notifications
You must be signed in to change notification settings - Fork 634
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Libsodium not bundled in Windows wheels #1148
Comments
It looks like the bundled zeromq probably isn't compiled with libsodium (unsurprising since it doesn't bundle libsodium), and the built-in tweetnacl is not as fast. And since the conda package doesn't depend on libsodium, I'm guessing it uses tweetnacl as well. |
Confirm that when I install from source using my system zeromq (which is compiled against libsodium), then the result is fast encryption. |
So I made a mistake: as mentioned in the anaconda thread, pyzmq's conda package does depend on zeromq, and it links against it correctly. But it doesn't link against libsodium. So the problem with pyzmq not having fast crypto in conda is probably a problem with zeromq's packaging there, not pyzmq. The remaining non-ideal situation for pyzmq is that its bundled zeromq does not include libsodium, so a pip-installed pyzmq has slow crypto. Even if you have libsodium and libzmq, pip install by default on linux installs a precompiled wheel which seemingly doesn't use libsodium. |
I believe this should be addressed with the 4.2.3 build 3 zeromq packages. @chrisjbillington can you run your benchmarks using these packages? |
Thanks! I can confirm that with the _3 build of conda zeromq I get fast crypto:
But with pip installed pyzmq (
indicating there is a remaining problem with the wheel that pip installs but not with the conda pyzmq or zeromq packages. |
The pyzmq linux wheels are meant to link libsodium, but I checked and you are right that they don't. I've fixed the builder so the next pyzmq wheels on Linux will bundle libsodium. |
Thanks! And just to clarify, the Windows wheels do not link to libsodium and are not meant to, is that correct? |
Right. |
Please don't use tweetnacl in production anywhere - it would be preferable to disable curve completely |
Can anyone explain why this is? |
.. and if:
.. and given @bluca said ..
.. how are people meant to use curve encryption with pyzmq on Windows? |
I'm not opposed to using libsodium in the Windows wheels, I just don't know how to do it. Help would be welcome because I don't have time to work on it and won't for the foreseeable future. @SylvainCorlay recently fixed the zeromq builds in conda-forge to link libsodium and pyzmq to link zeromq, so if you use pyzmq from conda-forge you should get zeromq with libsodium. So my recommendation for Windows users would be to use conda to get pyzmq. |
I have this working now afaict, just need to release the packages. If the conda-forge are using zeromq < 4.2.4 then expect lots of bugs. |
Conda-forge uses "4.2.5". |
Ah good. |
Windows wheels now have properly built libsodium |
🥳 Fantastic. Now I can recommend venvs for pyzmq packages on Windows with little downside! @minrk FWIW the latest pyzmq windows conda package has no curve support at all due to zeromq not linking to libsodium (and I guess the tweetnacl fallback is either disabled or has been removed): ContinuumIO/anaconda-issues#13339 Obviously this is anaconda's bug and not yours, but thought you might want to know. |
Yup, seems like an anaconda issue. The conda-forge zeromq package on Windows links libsodium, I believe. If that's not the case, please report it |
Nope, Windows conda-forge builds don't link libsodium, despite depending on it. I'll look at fixing that. |
Fixed on conda-forge: conda-forge/zeromq-feedstock#71 |
I was dissatisfied with the speed of zeromq curve encryption, until I noticed that it appears to vary by an order of magnitude across different ways of installing pyzmq. This script:
Returns the following for all the different Pythons I have installed, where I have anaconda2 and anaconda3, which came with pyzmq, system python 2 and 3, for which I installed pyzmq via apt, and two virtualenvs that I made using system Python 2 and 3, and installed pyzmq using
pip install pyzmq --install-option="--zmq=bundled"
As you can see, the speed of encryption varies a lot, and in particular, is slowest with the fresh virtualenvs with the pip install and bundled zmq, and is fastest with the system versions.
At first it seems like zeromq 4.2 is what makes it fast - until you see that anaconda3 with zmq 4.2.2 is still way slower than the system ones. So it seems it's probably something about configuration rather than the specific versions of zmq in use.
So it appears maybe the bundled zeromq is a a bit slow with the encryption, and it would be better if the default install resulted in fast crypto. My users are mostly using anaconda, so if whatever ends up in anaconda could be as fast as the versions in the Ubuntu repos, that would be great!
The text was updated successfully, but these errors were encountered: