Opened 7 years ago

Closed 6 years ago

#174 closed defect (fixed)

foolscap 0.6.1 has no such extra feature 'secure_connections'

Reported by: zooko Owned by: warner
Priority: major Milestone: 0.6.4
Component: packaging Version: 0.6.1
Keywords: install packaging review-needed Cc: davidsarah

Description

People installing Tahoe-LAFS can have a problem if the foolscap package they've installed was built or installed without setuptools. In that case, the foolscap package doesn't contain metadata declaring that it can support an extra feature named 'secure_connections', but Tahoe-LAFS contains metadata specifying that it requires that extra feature from foolscap. Please see http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1383 for details.

Change History (10)

comment:1 Changed 7 years ago by zooko

I sent a pull request for a patch that contains one solution:

https://github.com/warner/foolscap/pull/1

comment:2 Changed 7 years ago by davidsarah

  • Cc davidsarah added
  • Keywords install packaging review-needed added
  • Milestone changed from undecided to 0.6.2

comment:3 Changed 7 years ago by zooko

I confirmed that ipython has eliminated their use of foolscap in their current development version (not yet released). Here's the most recent stable release -- v0.10:

install docs about foolscap: http://ipython.github.com/ipython-doc/stable/html/install/install.html#dependencies-for-ipython-kernel-parallel-computing

setup.py code: https://github.com/ipython/ipython/blob/528a43e775ecdb9ef6e9a20deef5e2b8b5077ac7/setup.py#L179

and the current development trunk which is intended to be released as "v0.11":

install docs about zero mq: http://ipython.github.com/ipython-doc/dev/install/install.html#dependencies-for-ipython-parallel-parallel-computing

setup.py code: https://github.com/ipython/ipython/blob/master/setup.py#L211

This makes things easier from the perspective of foolscap maintainers--Tahoe-LAFS is now the only known project which will depend on foolscap in its next major release.

On the other hand, for users of ipython, it looks like this makes security significantly more complicated. Compare:

http://ipython.github.com/ipython-doc/stable/html/parallel/parallel_security.html

http://ipython.github.com/ipython-doc/dev/parallel/parallel_security.html

Too bad for them.

comment:4 Changed 7 years ago by zooko

Unfortunately the "tahoe-lafs" package that comes with Ubuntu Natty 11.04 suffers from this problem, and cannot be used since it always raises pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'. Here is the bug report for Ubuntu: https://bugs.launchpad.net/foolscap/+bug/782414

Last edited 7 years ago by zooko (previous) (diff)

comment:5 Changed 7 years ago by jtaylor

this is a packaging issue has been fixed in ubuntu oneiric

comment:6 Changed 7 years ago by zooko

  • Owner set to warner

We've decided that foolscap won't fix this -- it won't require setuptools to build nor will it unconditionally require pyOpenSSL, and therefore foolscap distributions won't reliably declare their dependency on pyOpenSSL. Therefore packages which require foolscap's secure connections feature (of which there is only one known such thing--Tahoe-LAFS--need to declare a dependency on pyOpenSSL themselves.

http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1383#comment:35

It might be nice to signal to any other users that the declaration of the secure_connections extra is unreliable and deprecated, so that they don't depend on it.

comment:7 Changed 7 years ago by warner

would removing this:

    setup_args['extras_require'] = { 'secure_connections' : ["pyOpenSSL"] }

from Foolscap's setup.py be a reasonable approach? Plus making a note in the docs (aimed at packagers of dependent projects) telling them to explicitly depend upon pyOpenSSL if they want secure connections?

comment:8 Changed 7 years ago by zooko

Yes, I would suggest removing that line, since a thing that works only some of the time (when setuptools is present) is worse than a thing that never works.

comment:9 Changed 7 years ago by zooko

Here's a pull request that I think would fix this ticket so that we can correctly close it as WONTFIX or FIXED: https://github.com/warner/foolscap/pull/7

comment:10 Changed 6 years ago by warner

  • Milestone changed from eventually to 0.6.4
  • Resolution set to fixed
  • Status changed from new to closed

Fixed, by removing the extras_require line, in [da9daa7].

Note: See TracTickets for help on using tickets.