Environment problems with Debian Trixie and endesive

[wuschLOR]

When trying to install on Debian Trixie there is a problem with the new way the pip packages are handled. To my understanding system wide installation with pip is not possible anymore.

Way to reproduce:

1. download the .deb
2. install sudo apt-get install ./Downloads/simple-signer.deb
3. run simple-signer

Output

$ sudo apt-get install ./Downloads/simple-signer.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'simple-signer' instead of './Downloads/simple-signer1.deb'
The following package was automatically installed and is no longer required:
  libnfs13
Use 'sudo apt autoremove' to remove it.
The following NEW packages will be installed:
  simple-signer
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 0 B/8.236 B of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 /home/ba4my2/Downloads/simple-signer1.deb simple-signer all 1.5.0-2 [8.236 B]
Selecting previously unselected package simple-signer.
(Reading database ... 656287 files and directories currently installed.)
Preparing to unpack .../Downloads/simple-signer1.deb ...
Unpacking simple-signer (1.5.0-2) ...
Setting up simple-signer (1.5.0-2) ...
error: externally-managed-environment

× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
    python3-xyz, where xyz is the package you are trying to
    install.

    If you wish to install a non-Debian-packaged Python package,
    create a virtual environment using python3 -m venv path/to/venv.
    Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
    sure you have python3-full installed.

    If you wish to install a non-Debian packaged Python application,
    it may be easiest to use pipx install xyz, which will manage a
    virtual environment for you. Make sure you have pipx installed.

    See /usr/share/doc/python3.11/README.venv for more information.

note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
dpkg: error processing package simple-signer (--configure):
 installed simple-signer package post-installation script subprocess returned error exit status 1
Processing triggers for desktop-file-utils (0.26-1) ...
Processing triggers for mailcap (3.70+nmu1) ...
Errors were encountered while processing:
 simple-signer
E: Sub-process /usr/bin/dpkg returned an error code (1)

So right now Simple signer is installed but can't run missing endesive.

$ simple-signer 
Traceback (most recent call last):
  File "/usr/bin/simple-signer", line 15, in <module>
    from endesive.pdf import cms
ModuleNotFoundError: No module named 'endesive'

[schorschii]

Thanks for reporting, this is also relevant for my other projects. I'm currently testing a Debian package postinst script creating a system-wide venv in the venv branch.

There is another issue with the oscrypto python library in Debian Trixie. If you want to test my venv branch on Trixie, you need to apply this patch manually until a new version of oscrypto is released.

[jens-st]

This patch worked for me on Debian 12 with Simple-Signer Package already installed. OpenSSL has currently more than 1 digit in the 3rd place of the version string.

--- a/usr/local/lib/python3.11/dist-packages/oscrypto/_openssl/_libcrypto_cffi.py
+++ b/usr/local/lib/python3.11/dist-packages/oscrypto/_openssl/_libcrypto_cffi.py
@@ -37,7 +37,7 @@

 is_libressl = 'LibreSSL' in version_string

-version_match = re.search('\\b(\\d\\.\\d\\.\\d[a-z]*)\\b', version_string)
+version_match = re.search('\\b(\\d\\.\\d\\.\\d+[a-z]*)\\b', version_string)
 if not version_match:
     version_match = re.search('(?<=LibreSSL )(\\d\\.\\d(\\.\\d)?)\\b', version_string)
 if not version_match:

[schorschii]

@wuschLOR v1.5.2 with the new packaging method is released. I would be happy if you test it and give some feedback.