276105 – security/py-cryptography: pulls undesired rust highly increasing carbon footprint

Bug 276105 - security/py-cryptography: pulls undesired rust highly increasing carbon footprint

Summary: security/py-cryptography: pulls undesired rust highly increasing carbon footp...

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Po-Chuan Hsieh

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-01-03 18:47 UTC by Marek Zarychta
Modified:	2024-02-29 07:18 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (sunpoet)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marek Zarychta 2024-01-03 18:47:54 UTC

I am not using rust. Please make devel/py-setuptools-rust@py311 dependency optional.

Building rust while possible, seems to be a waste of time and resources here. Please contribute to the reduction of carbon footprint.

===>>> All >> py311-cryptography-3.4.8_1,1 (24/24)

===>>> Currently installed version: py311-cryptography-3.4.8_1,1
===>>> Port directory: /basejail/usr/ports/security/py-cryptography@py311

===>>> Launching 'make checksum' for security/py-cryptography@py311 in background
===>>> Gathering dependency list for security/py-cryptography@py311 from ports
===>>> Launching child to install devel/py-setuptools-rust@py311

===>>> All >> py311-cryptography-3.4.8_1,1 >> devel/py-setuptools-rust@py311 (25/25)

===>>> Port directory: /basejail/usr/ports/devel/py-setuptools-rust@py311

===>>> Launching 'make checksum' for devel/py-setuptools-rust@py311 in background
===>>> Gathering dependency list for devel/py-setuptools-rust@py311 from ports
===>>> Launching child to install devel/py-semantic-version@py311

===>>> All >> py311-cryptography-3.4.8_1,1 >> devel/py-setuptools-rust@py311 >> devel/py-semantic-version@py311 (26/26)

===>>> Port directory: /basejail/usr/ports/devel/py-semantic-version@py311

===>>> Launching 'make checksum' for devel/py-semantic-version@py311 in background
===>>> Gathering dependency list for devel/py-semantic-version@py311 from ports
===>>> Initial dependency check complete for devel/py-semantic-version@py311

===>>> Continuing initial dependency check for devel/py-setuptools-rust@py311
===>>> Launching child to install lang/rust

===>>> All >> py311-cryptography-3.4.8_1,1 >> devel/py-setuptools-rust@py311 >> lang/rust (27/27)

Comment 1 Vladimir Druzenko freebsd_committer

2024-01-03 19:27:20 UTC

Use "DEFAULT_VERSIONS+= pycryptography=legacy" in make.conf.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254853#c61

And say thanks to developers of the upstream for poisoning the cryptography:
https://github.com/pyca/cryptography/issues/9381
https://github.com/pyca/cryptography/issues/9382
https://github.com/pyca/cryptography/issues/7655

Also if you use security/py-openssl, then you need version not newer than 21.x.
But maybe it doesn't support OpenSSL 3.0 - you can't use it on FreeBSD 14+…

Comment 2 Marek Zarychta 2024-01-03 19:32:15 UTC

(In reply to Vladimir Druzenko from comment #1)

That's very informative, thank you for the feedback vvd@

Comment 3 Marek Zarychta 2024-01-04 11:14:52 UTC

There is also https://github.com/pyca/cryptography/issues/8770

Comment 4 Marek Zarychta 2024-02-29 06:36:38 UTC

Rust programming language is ubiquitous. There is no escape neither turning back to building rust-dependent ports by hand.

Comment 5 Vladimir Druzenko freebsd_committer

2024-02-29 07:18:00 UTC

(In reply to Marek Zarychta from comment #4)
And this is very sad… :-(