Opened 14 years ago

Closed 13 years ago

#174 closed defect (fixed)

foolscap 0.6.1 has no such extra feature 'secure_connections'

Reported by: Zooko Owned by: Brian Warner
Priority: major Milestone: 0.6.4
Component: packaging Version: 0.6.1
Keywords: install packaging review-needed Cc: davidsarah

Description

People installing Tahoe-LAFS can have a problem if the foolscap package they've installed was built or installed without setuptools. In that case, the foolscap package doesn't contain metadata declaring that it can support an extra feature named 'secure_connections', but Tahoe-LAFS contains metadata specifying that it requires that extra feature from foolscap. Please see http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1383 for details.

Change History (10)

comment:1 Changed 14 years ago by Zooko

I sent a pull request for a patch that contains one solution:

https://github.com/warner/foolscap/pull/1

comment:2 Changed 14 years ago by davidsarah

Cc: davidsarah added
Keywords: install packaging review-needed added
Milestone: undecided0.6.2

comment:3 Changed 14 years ago by Zooko

I confirmed that ipython has eliminated their use of foolscap in their current development version (not yet released). Here's the most recent stable release -- v0.10:

install docs about foolscap: http://ipython.github.com/ipython-doc/stable/html/install/install.html#dependencies-for-ipython-kernel-parallel-computing

setup.py code: https://github.com/ipython/ipython/blob/528a43e775ecdb9ef6e9a20deef5e2b8b5077ac7/setup.py#L179

and the current development trunk which is intended to be released as "v0.11":

install docs about zero mq: http://ipython.github.com/ipython-doc/dev/install/install.html#dependencies-for-ipython-parallel-parallel-computing

setup.py code: https://github.com/ipython/ipython/blob/master/setup.py#L211

This makes things easier from the perspective of foolscap maintainers--Tahoe-LAFS is now the only known project which will depend on foolscap in its next major release.

On the other hand, for users of ipython, it looks like this makes security significantly more complicated. Compare:

http://ipython.github.com/ipython-doc/stable/html/parallel/parallel_security.html

http://ipython.github.com/ipython-doc/dev/parallel/parallel_security.html

Too bad for them.

comment:4 Changed 14 years ago by Zooko

Unfortunately the "tahoe-lafs" package that comes with Ubuntu Natty 11.04 suffers from this problem, and cannot be used since it always raises pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'. Here is the bug report for Ubuntu: https://bugs.launchpad.net/foolscap/+bug/782414

Last edited 14 years ago by Zooko (previous) (diff)

comment:5 Changed 14 years ago by Julian Taylor

this is a packaging issue has been fixed in ubuntu oneiric

comment:6 Changed 13 years ago by Zooko

Owner: set to Brian Warner

We've decided that foolscap won't fix this -- it won't require setuptools to build nor will it unconditionally require pyOpenSSL, and therefore foolscap distributions won't reliably declare their dependency on pyOpenSSL. Therefore packages which require foolscap's secure connections feature (of which there is only one known such thing--Tahoe-LAFS--need to declare a dependency on pyOpenSSL themselves.

http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1383#comment:35

It might be nice to signal to any other users that the declaration of the secure_connections extra is unreliable and deprecated, so that they don't depend on it.

comment:7 Changed 13 years ago by Brian Warner

would removing this:

    setup_args['extras_require'] = { 'secure_connections' : ["pyOpenSSL"] }

from Foolscap's setup.py be a reasonable approach? Plus making a note in the docs (aimed at packagers of dependent projects) telling them to explicitly depend upon pyOpenSSL if they want secure connections?

comment:8 Changed 13 years ago by Zooko

Yes, I would suggest removing that line, since a thing that works only some of the time (when setuptools is present) is worse than a thing that never works.

comment:9 Changed 13 years ago by Zooko

Here's a pull request that I think would fix this ticket so that we can correctly close it as WONTFIX or FIXED: https://github.com/warner/foolscap/pull/7

comment:10 Changed 13 years ago by Brian Warner

Milestone: eventually0.6.4
Resolution: fixed
Status: newclosed

Fixed, by removing the extras_require line, in [da9daa7].

Note: See TracTickets for help on using tickets.