Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

duplicity: fix ssl problem #199822

Closed

Conversation

halfbusy
Copy link

@halfbusy halfbusy commented Dec 3, 2024

  • [x ] Have you followed the guidelines for contributing?
  • [x ] Have you ensured that your commits follow the commit style guide?
  • [ x] Have you checked that there aren't other open pull requests for the same formula update/change?
  • [x ] Have you built your formula locally with HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>, where <formula> is the name of the formula you're submitting?
  • [x ] Is your test running fine brew test <formula>, where <formula> is the name of the formula you're submitting?
  • [x ] Does your build pass brew audit --strict <formula> (after doing HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>)? If this is a new formula, does it pass brew audit --new <formula>?

Fixes issue:
duplicity 3.0.2 fails when using an s3 target due to outdated pyOpenSSL version.

    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/urllib3/contrib/pyopenssl.py", line 43, in <module>
      import OpenSSL.SSL  # type: ignore[import-untyped]
      ^^^^^^^^^^^^^^^^^^
    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/OpenSSL/__init__.py", line 8, in <module>
      from OpenSSL import crypto, SSL
    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/OpenSSL/crypto.py", line 1579, in <module>
      class X509StoreFlags(object):
      ...<19 lines>...
          CHECK_SS_SIGNATURE = _lib.X509_V_FLAG_CHECK_SS_SIGNATURE
    File "/opt/homebrew/Cellar/duplicity/3.0.2_1/libexec/lib/python3.13/site-packages/OpenSSL/crypto.py", line 1598, in X509StoreFlags
      NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'. Did you mean: 'X509_V_FLAG_EXPLICIT_POLICY'?

  Attempt of list Nr. 1 failed. AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'

Discussion:
https://gitlab.com/duplicity/duplicity/-/issues/835

Solution:
Upgrade to pyopenssl-24.3.0.

@github-actions github-actions bot added python Python use is a significant feature of the PR or issue rust Rust use is a significant feature of the PR or issue labels Dec 3, 2024
@daeho-ro daeho-ro changed the title duplicity 3.0.3 duplicity: fix ssl problem Dec 3, 2024
@daeho-ro daeho-ro force-pushed the duplicity-pyopenssl-upgrade branch from 3a6f14f to 44a9183 Compare December 3, 2024 05:31
@github-actions github-actions bot added the automerge-skip `brew pr-automerge` will skip this pull request label Dec 3, 2024
@daeho-ro daeho-ro force-pushed the duplicity-pyopenssl-upgrade branch from 44a9183 to 90bcdfe Compare December 3, 2024 13:18
@github-actions github-actions bot removed the automerge-skip `brew pr-automerge` will skip this pull request label Dec 3, 2024
url "https://files.pythonhosted.org/packages/54/9a/2a43c5dbf4507f86f7c43cba4195d5e25a81c988fd7b0ea779dfc9c6973f/pyOpenSSL-21.0.0.tar.gz"
sha256 "5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3"
url "https://files.pythonhosted.org/packages/c1/d4/1067b82c4fc674d6f6e9e8d26b3dff978da46d351ca3bac171544693e085/pyopenssl-24.3.0.tar.gz"
Copy link
Member

@cho-m cho-m Dec 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will get auto-reverted on next version bump due to dependency resolver (EDIT: next version should be fine) if brew update-python-resources is run, e.g. prior attempt (#182946) got accidentally reverted.

Also, this specific minor version doesn't look compatible with pydrive2 dependency:


Probably need to update to newer duplicity version (https://pypi.org/project/duplicity/#history) as 3.0.2 has a problematic pin https://gitlab.com/duplicity/duplicity/-/blob/rel.3.0.2/requirements.txt?ref_type=tags#L5

cryptography==3.4.8

This is why 21.0.0 is picked rather than 24.2.1

Copy link
Author

@halfbusy halfbusy Dec 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah. I see.
Starting from duplicity 3.0.3, cryptography is no longer a requirement.
https://gitlab.com/duplicity/duplicity/-/blob/rel.3.0.3/requirements.txt?ref_type=tags#L5

Latest version is 3.0.3.2. If my change is breaking pydrive2, make sense to close and go straight to release that version.

Copy link
Member

@cho-m cho-m Dec 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like autobump may not have triggered after 3.13 migration (#194416) as there is no release with https://gitlab.com/duplicity/duplicity/-/commit/98e7113bdb20f76b4d636a996a63afb3bda809cf so resolver skips recent versions.

/opt/homebrew/opt/python@3.13/libexec/bin/python -m pip install -q --disable-pip-version-check --dry-run --ignore-installed --report=/dev/stdout 'duplicity==3.0.3.2'
ERROR: Ignored the following yanked versions: 0.8.21.post1, 0.8.21.post2.dev4, 0.8.21.post2, 0.8.21.post6, 0.8.21.post7, 0.8.22.dev4, 1.2.0, 2.0.0, 2.2.3.dev18
ERROR: Ignored the following versions that require a different python version: 3.0.1 Requires-Python <3.13,>=3.8; 3.0.2 Requires-Python <3.13,>=3.8; 3.0.3 Requires-Python <3.13,>=3.8; 3.0.3.1 Requires-Python <3.13,>=3.8; 3.0.3.2 Requires-Python <3.13,>=3.8

On side note, based on pydrive2 issue, it looks like cryptography will need to be bundled as the formula is 44.0.0 so may have problems. May need to check if the upper bound is for breaking change or just pyopenssl being conservative and functionality is fine.

@daeho-ro
Copy link
Member

Can you guys check the linked PR fixes the problem?

@branchvincent
Copy link
Member

Indeed fixed by the above PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
python Python use is a significant feature of the PR or issue rust Rust use is a significant feature of the PR or issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants