Temporary fix for cryptography issues. (#73530)

This commit is contained in:
Matt Clay 2021-02-08 14:35:00 -08:00 committed by GitHub
parent aca5b0e43b
commit 1a2da990a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 55 additions and 5 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- ansible-test - Temporarily limit ``cryptography`` to versions before 3.4 to enable tests to function.

View file

@ -0,0 +1 @@
needs/target/setup_remote_tmp_dir

View file

@ -0,0 +1 @@
cryptography >= 2.5, < 3.4

View file

@ -1,6 +1,9 @@
- name: Setup remote constraints
include_tasks: setup-remote-constraints.yml
- name: Install Paramiko for Python 3 on Alpine - name: Install Paramiko for Python 3 on Alpine
pip: # no apk package manager in core, just use pip pip: # no apk package manager in core, just use pip
name: paramiko name: paramiko
extra_args: "-c {{ remote_constraints }}"
environment: environment:
# Not sure why this fixes the test, but it does. # Not sure why this fixes the test, but it does.
SETUPTOOLS_USE_DISTUTILS: stdlib SETUPTOOLS_USE_DISTUTILS: stdlib

View file

@ -1,6 +1,9 @@
- name: Setup remote constraints
include_tasks: setup-remote-constraints.yml
- name: Install Paramiko for Python 3 on MacOS - name: Install Paramiko for Python 3 on MacOS
pip: # no homebrew package manager in core, just use pip pip: # no homebrew package manager in core, just use pip
name: paramiko name: paramiko
extra_args: "-c {{ remote_constraints }}"
environment: environment:
# Not sure why this fixes the test, but it does. # Not sure why this fixes the test, but it does.
SETUPTOOLS_USE_DISTUTILS: stdlib SETUPTOOLS_USE_DISTUTILS: stdlib

View file

@ -4,6 +4,9 @@
# installation without a virtualenv succeeds # installation without a virtualenv succeeds
pip: pip:
name: pip==18.1 name: pip==18.1
- name: Setup remote constraints
include_tasks: setup-remote-constraints.yml
- name: Install Paramiko for Python 3 on FreeBSD 11 - name: Install Paramiko for Python 3 on FreeBSD 11
pip: # no py36-paramiko package exists for FreeBSD 11 pip: # no py36-paramiko package exists for FreeBSD 11
name: paramiko name: paramiko
extra_args: "-c {{ remote_constraints }}"

View file

@ -1,3 +1,6 @@
- name: Setup remote constraints
include_tasks: setup-remote-constraints.yml
- name: Install Paramiko for Python 3 on RHEL 8 - name: Install Paramiko for Python 3 on RHEL 8
pip: # no python3-paramiko package exists for RHEL 8 pip: # no python3-paramiko package exists for RHEL 8
name: paramiko name: paramiko
extra_args: "-c {{ remote_constraints }}"

View file

@ -0,0 +1,12 @@
- name: Setup remote temporary directory
include_role:
name: setup_remote_tmp_dir
- name: Record constraints.txt path on remote host
set_fact:
remote_constraints: "{{ remote_tmp_dir }}/constraints.txt"
- name: Copy constraints.txt to remote host
copy:
src: "constraints.txt"
dest: "{{ remote_constraints }}"

View file

@ -4,5 +4,5 @@
set -eux set -eux
source virtualenv.sh # for pip installs, if needed, otherwise unused source virtualenv.sh # for pip installs, if needed, otherwise unused
ansible-playbook ../setup_paramiko/install.yml -i ../setup_paramiko/inventory "$@" ANSIBLE_ROLES_PATH=../ ansible-playbook ../setup_paramiko/install.yml -i ../setup_paramiko/inventory "$@"
trap 'ansible-playbook ../setup_paramiko/uninstall.yml -i ../setup_paramiko/inventory "$@"' EXIT trap 'ansible-playbook ../setup_paramiko/uninstall.yml -i ../setup_paramiko/inventory "$@"' EXIT

View file

@ -273,7 +273,9 @@ def get_cryptography_requirement(args, python, python_version): # type: (Enviro
# see https://cryptography.io/en/latest/changelog.html#v3-2 # see https://cryptography.io/en/latest/changelog.html#v3-2
cryptography = 'cryptography < 3.2' cryptography = 'cryptography < 3.2'
else: else:
cryptography = 'cryptography' # cryptography 3.4+ fails to install on many systems
# this is a temporary work-around until a more permanent solution is available
cryptography = 'cryptography < 3.4'
else: else:
# cryptography 2.1+ requires setuptools 18.5+ # cryptography 2.1+ requires setuptools 18.5+
# see https://github.com/pyca/cryptography/blob/62287ae18383447585606b9d0765c0f1b8a9777c/setup.py#L26 # see https://github.com/pyca/cryptography/blob/62287ae18383447585606b9d0765c0f1b8a9777c/setup.py#L26

View file

@ -4,17 +4,37 @@ __metaclass__ = type
import os import os
import re import re
import shutil
import subprocess import subprocess
import sys import sys
import tempfile
def main(): def main():
base_dir = os.getcwd() + os.path.sep base_dir = os.getcwd() + os.path.sep
docs_dir = os.path.abspath('docs/docsite') docs_dir = os.path.abspath('docs/docsite')
cmd = ['make', 'base_singlehtmldocs']
# TODO: Remove this temporary hack to constrain 'cryptography' when we have
# a better story for dealing with it.
tmpfd, tmp = tempfile.mkstemp()
requirements_txt = os.path.join(base_dir, 'requirements.txt')
shutil.copy2(requirements_txt, tmp)
lines = []
with open(requirements_txt, 'r') as f:
for line in f.readlines():
if line.strip() == 'cryptography':
line = 'cryptography < 3.4\n'
lines.append(line)
with open(requirements_txt, 'w') as f:
f.writelines(lines)
try:
cmd = ['make', 'base_singlehtmldocs']
sphinx = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=docs_dir) sphinx = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=docs_dir)
stdout, stderr = sphinx.communicate() stdout, stderr = sphinx.communicate()
finally:
shutil.move(tmp, requirements_txt)
stdout = stdout.decode('utf-8') stdout = stdout.decode('utf-8')
stderr = stderr.decode('utf-8') stderr = stderr.decode('utf-8')