Add support for Python 3.10

[icemac]

• This PR requires Sphinx 4.2.0 to be released as the first Python 3.10 compatible version. Sphinx doesn't support python 3.10 sphinx-doc/sphinx#9562 says that this will happen next weekend.
• And Python 3.10.0-rc.2 has not arrived at GHA, yet.
• This PR should be updated with Update to Python 3.10 as default. meta#124

[icemac]

Trying to release this merge using zest.releaser I got the following traceback:

Traceback (most recent call last):
  File "/.../lib/python3.7/urllib/request.py", line 1350, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/.../lib/python3.7/http/client.py", line 1281, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/.../lib/python3.7/http/client.py", line 1327, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/.../lib/python3.7/http/client.py", line 1276, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/.../lib/python3.7/http/client.py", line 1036, in _send_output
    self.send(msg)
  File "/.../lib/python3.7/http/client.py", line 976, in send
    self.connect()
  File "/.../lib/python3.7/http/client.py", line 1451, in connect
    server_hostname=server_hostname)
  File "/.../lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/.../lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/.../lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/.../bin/fullrelease", line 8, in <module>
    sys.exit(main())
  File "/.../lib/python3.7/site-packages/zest/releaser/fullrelease.py", line 27, in main
    releaser.run()
  File "/.../lib/python3.7/site-packages/zest/releaser/baserelease.py", line 423, in run
    self.execute()
  File "/.../lib/python3.7/site-packages/zest/releaser/release.py", line 83, in execute
    self._release()
  File "/.../lib/python3.7/site-packages/zest/releaser/release.py", line 332, in _release
    self._upload_distributions(package)
  File "/.../lib/python3.7/site-packages/zest/releaser/release.py", line 174, in _upload_distributions
    if not self._ask_upload(package, server, register):
  File "/.../lib/python3.7/site-packages/zest/releaser/release.py", line 193, in _ask_upload
    if server == 'pypi' and not package_in_pypi(package):
  File "/.../lib/python3.7/site-packages/zest/releaser/release.py", line 52, in package_in_pypi
    urllib2.urlopen(url)
  File "/.../lib/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/.../lib/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/.../lib/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/.../lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/.../lib/python3.7/urllib/request.py", line 1393, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/.../lib/python3.7/urllib/request.py", line 1352, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)>

Has anyone else already seen such a beast?
(Uploading using twine worked fine!)

[mauritsvanrees]

I have seen an SSL or other connection error for PyPI once or twice the past few days. Retrying worked.

zest.releaser uses twine for upload, but in the part above, it only checks whether you have a user in your ~/.pypirc or elsewhere with authorization for this package.
I do wonder if this check still makes sense, and if it works with access keys, two factor authentication, or other ways of authenticating.

Ah, no: the part above does something else: it checks whether the package is actually on PyPI already. This helps avoid uploading an internal secret package to public PyPI.

Anyway, my guess is that this is just a temporary problem.

[icemac]

@mauritsvanrees Thank you you your reply. For another package release retry did not help, so I skipped the retry here and went straight to the manual upload via twine.