Temporary fix for cryptography issues. (#73530)
This commit is contained in:
parent
aca5b0e43b
commit
1a2da990a4
11 changed files with 55 additions and 5 deletions
2
changelogs/fragments/cryptography-fix.yml
Normal file
2
changelogs/fragments/cryptography-fix.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- ansible-test - Temporarily limit ``cryptography`` to versions before 3.4 to enable tests to function.
|
1
test/integration/targets/setup_paramiko/aliases
Normal file
1
test/integration/targets/setup_paramiko/aliases
Normal file
|
@ -0,0 +1 @@
|
||||||
|
needs/target/setup_remote_tmp_dir
|
1
test/integration/targets/setup_paramiko/constraints.txt
Normal file
1
test/integration/targets/setup_paramiko/constraints.txt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
cryptography >= 2.5, < 3.4
|
|
@ -1,6 +1,9 @@
|
||||||
|
- name: Setup remote constraints
|
||||||
|
include_tasks: setup-remote-constraints.yml
|
||||||
- name: Install Paramiko for Python 3 on Alpine
|
- name: Install Paramiko for Python 3 on Alpine
|
||||||
pip: # no apk package manager in core, just use pip
|
pip: # no apk package manager in core, just use pip
|
||||||
name: paramiko
|
name: paramiko
|
||||||
|
extra_args: "-c {{ remote_constraints }}"
|
||||||
environment:
|
environment:
|
||||||
# Not sure why this fixes the test, but it does.
|
# Not sure why this fixes the test, but it does.
|
||||||
SETUPTOOLS_USE_DISTUTILS: stdlib
|
SETUPTOOLS_USE_DISTUTILS: stdlib
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
|
- name: Setup remote constraints
|
||||||
|
include_tasks: setup-remote-constraints.yml
|
||||||
- name: Install Paramiko for Python 3 on MacOS
|
- name: Install Paramiko for Python 3 on MacOS
|
||||||
pip: # no homebrew package manager in core, just use pip
|
pip: # no homebrew package manager in core, just use pip
|
||||||
name: paramiko
|
name: paramiko
|
||||||
|
extra_args: "-c {{ remote_constraints }}"
|
||||||
environment:
|
environment:
|
||||||
# Not sure why this fixes the test, but it does.
|
# Not sure why this fixes the test, but it does.
|
||||||
SETUPTOOLS_USE_DISTUTILS: stdlib
|
SETUPTOOLS_USE_DISTUTILS: stdlib
|
||||||
|
|
|
@ -4,6 +4,9 @@
|
||||||
# installation without a virtualenv succeeds
|
# installation without a virtualenv succeeds
|
||||||
pip:
|
pip:
|
||||||
name: pip==18.1
|
name: pip==18.1
|
||||||
|
- name: Setup remote constraints
|
||||||
|
include_tasks: setup-remote-constraints.yml
|
||||||
- name: Install Paramiko for Python 3 on FreeBSD 11
|
- name: Install Paramiko for Python 3 on FreeBSD 11
|
||||||
pip: # no py36-paramiko package exists for FreeBSD 11
|
pip: # no py36-paramiko package exists for FreeBSD 11
|
||||||
name: paramiko
|
name: paramiko
|
||||||
|
extra_args: "-c {{ remote_constraints }}"
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
- name: Setup remote constraints
|
||||||
|
include_tasks: setup-remote-constraints.yml
|
||||||
- name: Install Paramiko for Python 3 on RHEL 8
|
- name: Install Paramiko for Python 3 on RHEL 8
|
||||||
pip: # no python3-paramiko package exists for RHEL 8
|
pip: # no python3-paramiko package exists for RHEL 8
|
||||||
name: paramiko
|
name: paramiko
|
||||||
|
extra_args: "-c {{ remote_constraints }}"
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
- name: Setup remote temporary directory
|
||||||
|
include_role:
|
||||||
|
name: setup_remote_tmp_dir
|
||||||
|
|
||||||
|
- name: Record constraints.txt path on remote host
|
||||||
|
set_fact:
|
||||||
|
remote_constraints: "{{ remote_tmp_dir }}/constraints.txt"
|
||||||
|
|
||||||
|
- name: Copy constraints.txt to remote host
|
||||||
|
copy:
|
||||||
|
src: "constraints.txt"
|
||||||
|
dest: "{{ remote_constraints }}"
|
|
@ -4,5 +4,5 @@
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
source virtualenv.sh # for pip installs, if needed, otherwise unused
|
source virtualenv.sh # for pip installs, if needed, otherwise unused
|
||||||
ansible-playbook ../setup_paramiko/install.yml -i ../setup_paramiko/inventory "$@"
|
ANSIBLE_ROLES_PATH=../ ansible-playbook ../setup_paramiko/install.yml -i ../setup_paramiko/inventory "$@"
|
||||||
trap 'ansible-playbook ../setup_paramiko/uninstall.yml -i ../setup_paramiko/inventory "$@"' EXIT
|
trap 'ansible-playbook ../setup_paramiko/uninstall.yml -i ../setup_paramiko/inventory "$@"' EXIT
|
||||||
|
|
|
@ -273,7 +273,9 @@ def get_cryptography_requirement(args, python, python_version): # type: (Enviro
|
||||||
# see https://cryptography.io/en/latest/changelog.html#v3-2
|
# see https://cryptography.io/en/latest/changelog.html#v3-2
|
||||||
cryptography = 'cryptography < 3.2'
|
cryptography = 'cryptography < 3.2'
|
||||||
else:
|
else:
|
||||||
cryptography = 'cryptography'
|
# cryptography 3.4+ fails to install on many systems
|
||||||
|
# this is a temporary work-around until a more permanent solution is available
|
||||||
|
cryptography = 'cryptography < 3.4'
|
||||||
else:
|
else:
|
||||||
# cryptography 2.1+ requires setuptools 18.5+
|
# cryptography 2.1+ requires setuptools 18.5+
|
||||||
# see https://github.com/pyca/cryptography/blob/62287ae18383447585606b9d0765c0f1b8a9777c/setup.py#L26
|
# see https://github.com/pyca/cryptography/blob/62287ae18383447585606b9d0765c0f1b8a9777c/setup.py#L26
|
||||||
|
|
|
@ -4,17 +4,37 @@ __metaclass__ = type
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
|
import tempfile
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
base_dir = os.getcwd() + os.path.sep
|
base_dir = os.getcwd() + os.path.sep
|
||||||
docs_dir = os.path.abspath('docs/docsite')
|
docs_dir = os.path.abspath('docs/docsite')
|
||||||
cmd = ['make', 'base_singlehtmldocs']
|
|
||||||
|
|
||||||
sphinx = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=docs_dir)
|
# TODO: Remove this temporary hack to constrain 'cryptography' when we have
|
||||||
stdout, stderr = sphinx.communicate()
|
# a better story for dealing with it.
|
||||||
|
tmpfd, tmp = tempfile.mkstemp()
|
||||||
|
requirements_txt = os.path.join(base_dir, 'requirements.txt')
|
||||||
|
shutil.copy2(requirements_txt, tmp)
|
||||||
|
lines = []
|
||||||
|
with open(requirements_txt, 'r') as f:
|
||||||
|
for line in f.readlines():
|
||||||
|
if line.strip() == 'cryptography':
|
||||||
|
line = 'cryptography < 3.4\n'
|
||||||
|
lines.append(line)
|
||||||
|
|
||||||
|
with open(requirements_txt, 'w') as f:
|
||||||
|
f.writelines(lines)
|
||||||
|
|
||||||
|
try:
|
||||||
|
cmd = ['make', 'base_singlehtmldocs']
|
||||||
|
sphinx = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=docs_dir)
|
||||||
|
stdout, stderr = sphinx.communicate()
|
||||||
|
finally:
|
||||||
|
shutil.move(tmp, requirements_txt)
|
||||||
|
|
||||||
stdout = stdout.decode('utf-8')
|
stdout = stdout.decode('utf-8')
|
||||||
stderr = stderr.decode('utf-8')
|
stderr = stderr.decode('utf-8')
|
||||||
|
|
Loading…
Reference in a new issue