search

pypa / manylinux

Python wheels that work on any linux (almost)
MIT License
1.45k stars 218 forks source link

chore: use system OpenSSL for Python 3.6 & 3.7 #1532

Closed mayeut closed 1 year ago

mayeut commented 1 year ago

Python 3.6 & 3.7 do not have support for OpenSSL 3.0.x In order to move to OpenSSL 3.0.x for Python 3.8+, those older Python (now EOL) will always use the system OpenSSL version rather than the 1.1.1 that was built by manylinux in case the system version was older than 1.1.1

This only impacts manylinux2014 (system OpenSSL is 1.0.2), all other supported base images are using OpenSSL>=1.1.1

mayeut commented 1 year ago

It's been visible for a week with no objections reported, let's merge this.

agrenott commented 11 months ago

Hi, Not sure this was actually expected, but this change breaks urllib3 on python 3.7.

Using manylinux2014_x86_64:2023-10-03-72cdc42:

(venv) [root@98e41672d265 /]# pip install urllib3
Collecting urllib3
  Downloading urllib3-2.0.7-py3-none-any.whl (124 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 124.2/124.2 kB 3.3 MB/s eta 0:00:00
Installing collected packages: urllib3
Successfully installed urllib3-2.0.7

[notice] A new release of pip is available: 23.0.1 -> 23.3.1
[notice] To update, run: pip install --upgrade pip
(venv) [root@98e41672d265 /]# python
Python 3.7.17 (default, Oct  3 2023, 01:42:52)
[GCC 10.2.1 20210130 (Red Hat 10.2.1-11)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib3
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/venv/lib/python3.7/site-packages/urllib3/__init__.py", line 42, in <module>
    "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently "
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'OpenSSL 1.0.2k-fips  26 Jan 2017'. See: https://github.com/urllib3/urllib3/issues/2168
>>>

(venv) [root@98e41672d265 /]# python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2k-fips  26 Jan 2017

While on older quay.io/pypa/manylinux2014_x86_64:2022-11-27-b2d7fda this works as expected:

(venv) [root@b5e6c670069c /]# pip install urllib3
Collecting urllib3
  Downloading urllib3-2.0.7-py3-none-any.whl (124 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 124.2/124.2 KB 3.0 MB/s eta 0:00:00
Installing collected packages: urllib3
Successfully installed urllib3-2.0.7
WARNING: You are using pip version 22.0.4; however, version 23.3.1 is available.
You should consider upgrading via the '/venv/bin/python -m pip install --upgrade pip' command.
(venv) [root@b5e6c670069c /]# python
Python 3.7.15 (default, Nov 27 2022, 13:37:00)
[GCC 10.2.1 20210130 (Red Hat 10.2.1-11)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib3

(venv) [root@b5e6c670069c /]# python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.1.1s  1 Nov 2022