search

plone / buildout.coredev

Plone Core Development Buildout
http://docs.plone.org/develop/coredev/docs/
74 stars 75 forks source link

Pin cffi and cryptography to avoid issues with M1 macs and missing ru… #712

Closed tisto closed 3 years ago

tisto commented 3 years ago

…st complilers

tisto commented 3 years ago

@jenkins-plone-org please run jobs

jensens commented 3 years ago

I propose to put those in conditional sections, because on other platforms I prefer the more secure rust based installation. http://www.buildout.org/en/latest/topics/variables-extending-and-substitutions.html#conditional-configuration-sections

mauritsvanrees commented 3 years ago

Actually, cryptography is pinned to a much earlier 2.9.2. But this is only in tests.cfg. Earlier I already thought about just moving those to versions.cfg. It might be time for that. I will see about creating a PR for that. The constraints.txt that I compile already has those versions included.

Meanwhile, can you try cryptography 3.4.6? I see this includes a wheel for arm.

mauritsvanrees commented 3 years ago

Superseded by https://github.com/plone/buildout.coredev/pull/713

tisto commented 3 years ago

@mauritsvanrees I can try cryptography later today on my m1 when I am at home again. Though, cryptography fails because newer versions require a rust compiler installed on the system. This has nothing to do with the M1 or Python 2. We ran into this problem on our Ubuntu machines with Python 3 as well.

In order to not break existing buildout installations on prod servers, we should pin cryptography to a non-rust version IMHO. For Plone 6 we can make the rust compiler a system requirement and then go with a newer cryptography version.

jensens commented 3 years ago

@tisto, if there is a binary wheel no compiler is needed. In my perfect world all packages are available as bin-wheels for all major platforms, so no compiler at all is needed to install Plone.

tisto commented 3 years ago

@mauritsvanrees @jensens cryptography 3.4.6 works on my M1. Though, it fails on our Ubuntu Jenkins nodes because the rust compiler is not installed:

ModuleNotFoundError: No module named 'setuptools_rust'

No clue why it compiles and does not take the bin-wheel. I did not investigate this further though.

As said before, I think it would be better for most users to downgrade cryptography to the last non-rust version. This would give us some time to adapt. Just my 2c...

mauritsvanrees commented 3 years ago

@tisto Thanks for trying. In 3.4.6 I see most wheels have cp36 in their name, so that probably only supports CPython 3.6. There are a few others. So yes, we may run into problems with this. I will pin 3.3.2.