Convert remaining python2 applications over to python3

[jonringer]

In https://github.com/NixOS/nixpkgs/pull/101929 we have many important programs (e.g. cachix) still using python2 in their builds. This list doesn't constitute python2 applications, but rather packages which have python2Packages.cryptography somewhere in their dependency graph. So these will be affected when python2Packages.cryptography does get marked as vulnerable.

This issue to track the conversion process over to python3, packages still needing to be converted are listed below. This list isn't exhaustive, just those that use the soon-to-be-marked-vulnerable pythonPackages.cryptography:

Finding the dependency

For most dependencies, it should be pretty obvious where python2 comes from, for more "difficult" packages. You may need to do some digging.

nix-tree + nix-instantiate

you can run nix-shell -p nix-tree --run "nix-tree $(nix-instantiate default.nix -A <package>) to get the entire build dependency tree, then search for the cryptography package, and then you should be able to trace which dependencies are introducing it.

nix why-depends

alternatively, you can use nix why-depends nix why-depends --all -f default.nix <package> python2Packages.cryptography can also be used, however, this will require you to re-build the package, which may take more time than parsing the dependency tree above

• [x] alibuild #102111
• [x] amazon-glacier-cmd-interface
• [x] aria2 #100191
• [x] asciidoc-full-with-plugins https://github.com/NixOS/nixpkgs/pull/102398
• [x] babashka (through graal)
• [x] broadlink-cli #102162
• [x] buttersink (packaging doesn't work with python3)
• [x] cachix
• [x] carddav (currently, upstream only offers python2)
• [x] CastXML #101996
• [x] check-esxi-hardware
• [x] clj-kondo (through graal)
• [x] cloudmonkey no longer a python package
• [x] csv_fast_export https://github.com/NixOS/nixpkgs/pull/102375
• [x] datadog-agent https://github.com/NixOS/nixpkgs/pull/136109
• [x] dd-agent removed
• [x] euca2ools (currently, upstream only offers python2)
• [x] gdown
• [x] git-review
• [x] glslviewer https://github.com/NixOS/nixpkgs/pull/102365
• [x] gnss-sdr - taken cared of in #99685
• [x] gnuradio - taken cared of in #99685
• [x] gnuradio-with-packages - taken cared of in #99685
• [x] google-app-engine-go-sdk
• [x] google-cloud-sdk
• [x] google-compute-engine
• [x] gqrx - taken cared of in #99685
• [x] gr-ais - taken cared of in #99685
• [x] gr-gsm - taken cared of in #99685
• [x] gr-limesdr - taken cared of in #99685
• [x] gr-nacl - taken cared of in #99685
• [x] gr-osmosdr - taken cared of in #99685
• [x] gr-rds - taken cared of in #99685
• [x] graal
• [x] haxor-news #102391
• [x] hercules-ci-agent
• [x] inspectrum - taken cared of in #99685
• [x] jvmci
• [x] kodi-plugin-yatp
• [x] mercurial
• [x] mx (not sure which package this is, likely related to graal though)
• [x] mysql-workbench https://github.com/NixOS/nixpkgs/pull/191174
• [x] ndn-cxx #102248
• [ ] nixops (currently, upstream only offers python2) https://github.com/NixOS/nixops/issues/1242
• [x] ocropus (currently, upstream only offers python2)
• [x] opae
• [x] ovito #102250
• [x] pantsbuild.pants (already broken)
• [x] persepolis
• [x] pipreqs #102389
• [x] pulseaudio-dlna-unstable (in progress, https://github.com/masmu/pulseaudio-dlna/tree/python3 , but not in releasable state)
• [x] pyside-apiextractor
• [x] pyside-generatorrunner
• [x] python3.7-aria2p #100191
• [x] python3.7-pygccxml #101996
• [x] python3.7-pyside
• [x] python3.7-pyside-shiboken
• [x] python3.7-pyside-tools
• [x] python3.8-aria2p #100191
• [x] python3.8-pygccxml #101996
• [x] python3.8-pyside
• [x] python3.8-pyside-shiboken
• [x] python3.8-pyside-tools
• [x] qradiolink - taken cared of in #99685
• [x] rabbitvcs (in progress) #102378
• [x] rmlint
• [x] sage #101447 #105615
• [x] smugline removed: #102610
• [x] trac (currently, upstream only offers python2)
• [x] tsung https://github.com/processone/tsung/pull/352
• [x] uget
• [x] uget-integrator
• [x] uutils-coreutils https://github.com/NixOS/nixpkgs/pull/102247
• [x] wal-e #102264
• [x] yle-dl
• [x] yoda
• [x] zabbix-cli (currently, upstream only offers python2)

[FRidh]

Working on this in https://github.com/NixOS/nixpkgs/pull/117570.

[stale[bot]]

I marked this as stale due to inactivity. → More info

[thiagokokada]

Some updates:

• tsung was updated to Python 3: https://github.com/NixOS/nixpkgs/pull/147536
• graalvm/jvmci/mx were removed quite some time ago: https://github.com/NixOS/nixpkgs/pull/141812. Both babashka and clojure-lsp uses graalvm-ce now, that doesn't depend on Python to build
• pulseaudi-dlna should be fixed on this PR: https://github.com/NixOS/nixpkgs/pull/146915

[rnhmjoj]

The only application left is NixOps, but there already is nixopsUnstable which does use Python 3. I'd say the issue can now be closed. The next step is https://github.com/NixOS/nixpkgs/pull/201859.