Bug 254853 - security/py-cryptography: Update to 3.4.7
Summary: security/py-cryptography: Update to 3.4.7
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kubilay Kocak
URL:
Keywords: needs-qa
Depends on: 254851
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-07 12:10 UTC by Jeroen Pulles
Modified: 2021-06-12 11:06 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (koobs)
koobs: maintainer-feedback? (dbaio)


Attachments
patch for 3.4.7 (8.25 KB, patch)
2021-04-07 12:10 UTC, Jeroen Pulles
no flags Details | Diff
Don't build rust modules (3.4.7 specific) (4.32 KB, patch)
2021-06-07 11:17 UTC, Jeroen Pulles
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Pulles 2021-04-07 12:10:33 UTC
Created attachment 223896 [details]
patch for 3.4.7

py-cryptography is now using a bit of rust in an extension; 

I've filed a bug for a new port for setuptools-rust, #254851

We've made this to work by USES=cargo, but then making sure that setuptools-rust does the compilation, with the CARGO_BUILD CARGO_INSTALL CARGO_TEST =no
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-06-04 02:02:55 UTC
Thanks Jeroen, does this depend on bug 254851? If so please add it to the Depends On field, thanks!
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-06-04 12:41:44 UTC
I have it from cryptography upstream that the 3.4 branch is safe to use without rust (and doesnt require it), as long as we set the environment variable to not use it.

Looks like the patch attached here is the reverse of what was intended?

@Jeroen Are you able to do a plain 3.4.x update here (adding the right env var not to use rust, see setup.py), and then create a separate issue for the future 35.0 branch coming soon that includes the changes you included here? (using rust).
Comment 3 Jeroen Pulles 2021-06-07 11:17:51 UTC
Created attachment 225623 [details]
Don't build rust modules (3.4.7 specific)

You mean setting `CRYPTOGRAPHY_DONT_BUILD_RUST=`. The setup.py still imports setuptools_rust. Under the assumption that it is completely safe to also remove the setuptools_rust import, I've patched setup.py, and not set the environment variable. 

I don't see anything else using CRYPTOGRAPHY_DONT_BUILD_RUST.

The environment variable is documented in https://cryptography.io/en/3.4.7/faq.html. It took me a while to understand that that instruction is gone with the master version of docs.
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2021-06-08 00:01:42 UTC
(In reply to Jeroen Pulles from comment #3)

Requesting clarity from upstream on the nature of the import error and the extent to which its related to, or should be conditional on the env var not being present
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2021-06-08 00:52:56 UTC
Upstream advises that:

 - patching out the error and passing the env var, if the tests pass, is OK
 - that they'll accept an upstream for conditionalizing the import/error block on the non presence of the env var
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2021-06-11 22:23:28 UTC
Minor changes to commit:

 - Use specific *_DEPENDS lines (with <version-specs>) over shared macros 
 - Add comment to patch "setuptools_rust try/except should be conditional on environment variable"