We recently bumped the cryptography library past 42.x, which seems to have a conflict with a conda-managed openssl installed in all of our base images. For now, reverting that change seems like enough of a bandaid, but we should come back to this later.
If you install garden from github in a notebook and then try to import garden_ai, you get something like the following:
File /opt/conda/lib/python3.11/site-packages/OpenSSL/crypto.py:1635, in X509StoreFlags()
1633 EXPLICIT_POLICY: int = _lib.X509_V_FLAG_EXPLICIT_POLICY
1634 INHIBIT_MAP: int = _lib.X509_V_FLAG_INHIBIT_MAP
-> 1635 NOTIFY_POLICY: int = _lib.X509_V_FLAG_NOTIFY_POLICY
1636 CHECK_SS_SIGNATURE: int = _lib.X509_V_FLAG_CHECK_SS_SIGNATURE
1637 PARTIAL_CHAIN: int = _lib.X509_V_FLAG_PARTIAL_CHAIN
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'
but you won't get this if cryptography<42.0. You also don't seem to get this if you're in a container without conda.
Hot take: base images shouldn't have a conda install by default. we can offer :base-*-conda variety of the base images for the diehards if we really need to, but it makes all of our images heavier than they need to be and is yet another source of mysterious library incompatibilities in the images.
If we do keep some base images with conda, we'll need to build the images differently than how we currently do so that they're compatible with most recent versions of cryptography etc.
We recently bumped the cryptography library past 42.x, which seems to have a conflict with a conda-managed openssl installed in all of our base images. For now, reverting that change seems like enough of a bandaid, but we should come back to this later.
If you install garden from github in a notebook and then try to
import garden_ai, you get something like the following:but you won't get this if
cryptography<42.0. You also don't seem to get this if you're in a container without conda.Hot take: base images shouldn't have a conda install by default. we can offer
:base-*-condavariety of the base images for the diehards if we really need to, but it makes all of our images heavier than they need to be and is yet another source of mysterious library incompatibilities in the images.If we do keep some base images with conda, we'll need to build the images differently than how we currently do so that they're compatible with most recent versions of cryptography etc.