search

soroco / pyce

Encrypted Python Execution
Apache License 2.0
198 stars 26 forks source link

Pip fails to install on python3.8 and above, >cryptogrpahy 2.3 #31

Open otheus opened 2 years ago

otheus commented 2 years ago

The hard dependency on cryptography 2.3.1 is a serious problem. I can install pyce successfully by ignoring dependencies. the requirement on < 3.7 seems overly cautious. Or does python regularly break stuff from version to version?

# pip install --ignore-requires-python --no-deps pyce

but will it work? there are no included test cases.

Otherwise, many problems ensue, which I try to document below:

python: 3.9.7, 3.8.10 pip: 20.3.4

Starting new HTTPS connection (1): pypi.org:443
https://pypi.org:443 "GET /simple/pyce/ HTTP/1.1" 304 0
  Link requires a different Python (3.9.7 not in: '>=3.6, <=3.7'): https://files.pythonhosted.org/packages/0a/b8/4730349f86114d4ad6410e2d363855fefa42e37218886c833154cbae824d/pyce-1.0.0-py3-none-any.whl#sha256=33d77ebe84414bb7ae23229bea9fe3ec6a492d618e8f836a1867f5aae69712a6 (from https://pypi.org/simple/pyce/) (requires-python:>=3.6, <=3.7)
  Link requires a different Python (3.9.7 not in: '>=3.6, <=3.7'): https://files.pythonhosted.org/packages/40/cf/9e4f0a388e6bea327af5f5fcba0002c9c64bc77d6d08ba02812669008111/pyce-1.0.0.tar.gz#sha256=0eeea00d70385740d59ecbb1482101973fee2ac876203155f00f6a0e6f34426e (from https://pypi.org/simple/pyce/) (requires-python:>=3.6, <=3.7)
  Link requires a different Python (3.9.7 not in: '>=3.7, <3.8'): https://files.pythonhosted.org/packages/39/79/cba14351f49d92d9ece1a5d25700808304a13ba7c57c275397ff7945b894/pyce-2.0.0-py3-none-any.whl#sha256=3a679de025d444dc66250ed73a52f61ef2930ff595b69ba471d6ba438253f877 (from https://pypi.org/simple/pyce/) (requires-python:>=3.7, <3.8)
  Link requires a different Python (3.9.7 not in: '>=3.7, <3.8'): https://files.pythonhosted.org/packages/4e/cd/9d8d9299e8ad81a0fa0352d242f269a2789228c3976f622c9364ef7e2723/pyce-2.0.0.tar.gz#sha256=edb5d4d44ebec0453f76d7930c85c92af2c036b6ecd5d1ad83f6c3213c7be758 (from https://pypi.org/simple/pyce/) (requires-python:>=3.7, <3.8)
Given no hashes to check 0 links for project 'pyce': discarding no candidates
ERROR: Could not find a version that satisfies the requirement pyce
ERROR: No matching distribution found for pyce

--ignore-requires-python gets me passed the above error.

But now I have cffi problems..

Collecting cffi!=1.11.3,>=1.7
  Downloading cffi-1.15.0.tar.gz (484 kB)
     |██████████▏                     | 153 kB 3.8 MB/s eta 0:00:01ERROR: Exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/pip/_vendor/resolvelib/resolvers.py", line 171, in _merge_into_criterion
    crit = self.state.criteria[name]
KeyError: 'cffi'

Cffi is required by 'cryptography'. But I can install this with alpine:

apk add py3-cffi
apk add py3-cryptography

(success)

Now, the pip install tries to replace the cryptography module (3.x) with 2.3.1, and of course it wants to compile.

pip  install --ignore-requires-python pyce -v
...
    gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -g -fno-semantic-interposition -g -fno-semantic-interposition -g -fno-semantic-interposition -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python3.8 -c build/temp.linux-aarch64-3.8/_openssl.c -o build/temp.linux-aarch64-3.8/build/temp.linux-aarch64-3.8/_openssl.o -Wconversion -Wno-error=sign-conversion
    build/temp.linux-aarch64-3.8/_openssl.c:57:10: fatal error: Python.h: No such file or directory
       57 | #include <Python.h>
          |          ^~~~~~~~~~
    compilation terminated.
    error: command 'gcc' failed with exit status 1
    Running setup.py install for cryptography ... error

...

  Replacing /usr/lib/python3.8/site-packages/cryptography from /usr/lib/python3.8/site-packages/~ryptography
  Replacing /usr/lib/python3.8/site-packages/cryptography-3.3.2-py3.8.egg-info from /usr/lib/python3.8/site-packages/~ryptography-3.3.2-py3.8.egg-info
ERROR: Command errored out with exit status 1: /usr/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-udngud2t/cryptography_04c4441d2e864f5d807f3ad1be83458c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-udngud2t/cryptography_04c4441d2e864f5d807f3ad1be83458c/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-jo2yh9iw/install-record.txt --single-version-externally-managed --compile --install-headers /usr/include/python3.8/cryptography Check the logs for full command output.
Exception information:
Traceback (most recent call last

(tried many versions, usually failing with) /usr/lib/gcc/aarch64-alpine-linux-musl/10.2.1/../../../../aarch64-alpine-linux-musl/bin/ld: cannot find -lssp_nonshared



Also, I'm not keen on creating an entire development distribution for a docker container.
otheus commented 2 years ago

Note: I confirmed that installation per above does function correctly wrt one sample module I wrote. ie,

using python: 3.8, pip 20.3.4, cryptography 3.3.2

pip install --ignore-requires-python --no-deps pyce

seems to work without errors.

rhnld25 commented 1 year ago

If the devs can update their package to support the latest versions of Python, it would be very helpful for my project. FYI, I'm using Python 3.10.9. Hopefully can get some updates in a short time.