Opened 8 years ago

Closed 7 years ago

#174 closed defect (fixed)

foolscap 0.6.1 has no such extra feature 'secure_connections'

Reported by: Zooko Owned by: Brian Warner
Priority: major Milestone: 0.6.4
Component: packaging Version: 0.6.1
Keywords: install packaging review-needed Cc: davidsarah


People installing Tahoe-LAFS can have a problem if the foolscap package they've installed was built or installed without setuptools. In that case, the foolscap package doesn't contain metadata declaring that it can support an extra feature named 'secure_connections', but Tahoe-LAFS contains metadata specifying that it requires that extra feature from foolscap. Please see for details.

Change History (10)

comment:1 Changed 8 years ago by Zooko

I sent a pull request for a patch that contains one solution:

comment:2 Changed 8 years ago by davidsarah

Cc: davidsarah added
Keywords: install packaging review-needed added
Milestone: undecided0.6.2

comment:3 Changed 8 years ago by Zooko

I confirmed that ipython has eliminated their use of foolscap in their current development version (not yet released). Here's the most recent stable release -- v0.10:

install docs about foolscap: code:

and the current development trunk which is intended to be released as "v0.11":

install docs about zero mq: code:

This makes things easier from the perspective of foolscap maintainers--Tahoe-LAFS is now the only known project which will depend on foolscap in its next major release.

On the other hand, for users of ipython, it looks like this makes security significantly more complicated. Compare:

Too bad for them.

comment:4 Changed 8 years ago by Zooko

Unfortunately the "tahoe-lafs" package that comes with Ubuntu Natty 11.04 suffers from this problem, and cannot be used since it always raises pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'. Here is the bug report for Ubuntu:

Last edited 8 years ago by Zooko (previous) (diff)

comment:5 Changed 8 years ago by Julian Taylor

this is a packaging issue has been fixed in ubuntu oneiric

comment:6 Changed 8 years ago by Zooko

Owner: set to Brian Warner

We've decided that foolscap won't fix this -- it won't require setuptools to build nor will it unconditionally require pyOpenSSL, and therefore foolscap distributions won't reliably declare their dependency on pyOpenSSL. Therefore packages which require foolscap's secure connections feature (of which there is only one known such thing--Tahoe-LAFS--need to declare a dependency on pyOpenSSL themselves.

It might be nice to signal to any other users that the declaration of the secure_connections extra is unreliable and deprecated, so that they don't depend on it.

comment:7 Changed 7 years ago by Brian Warner

would removing this:

    setup_args['extras_require'] = { 'secure_connections' : ["pyOpenSSL"] }

from Foolscap's be a reasonable approach? Plus making a note in the docs (aimed at packagers of dependent projects) telling them to explicitly depend upon pyOpenSSL if they want secure connections?

comment:8 Changed 7 years ago by Zooko

Yes, I would suggest removing that line, since a thing that works only some of the time (when setuptools is present) is worse than a thing that never works.

comment:9 Changed 7 years ago by Zooko

Here's a pull request that I think would fix this ticket so that we can correctly close it as WONTFIX or FIXED:

comment:10 Changed 7 years ago by Brian Warner

Milestone: eventually0.6.4
Resolution: fixed
Status: newclosed

Fixed, by removing the extras_require line, in [da9daa7].

Note: See TracTickets for help on using tickets.