Skip to content

python3Packages.cryptography: 3.4.2 -> 36.0.0#150320

Merged
veprbl merged 2 commits intoNixOS:stagingfrom
mweinelt:python/cryptography
Dec 25, 2021
Merged

python3Packages.cryptography: 3.4.2 -> 36.0.0#150320
veprbl merged 2 commits intoNixOS:stagingfrom
mweinelt:python/cryptography

Conversation

@mweinelt
Copy link
Member

@mweinelt mweinelt commented Dec 11, 2021

Motivation for this change

https://github.com/pyca/cryptography/blob/36.0.0/CHANGELOG.rst#3600---2021-11-21

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@github-actions github-actions bot added the 6.topic: python Python is a high-level, general-purpose programming language. label Dec 11, 2021
@ofborg ofborg bot requested a review from primeos December 11, 2021 22:53
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Dec 11, 2021
@primeos
Copy link
Member

primeos commented Dec 11, 2021

How well is this tested? Last time you noticed that this breaks a few packages and we had to revert it: #140024 (comment)

Hopefully the situation improved in the meantime but I wouldn't be surprised if there are some breakages left. My plan was to run a full nixpkgs-review on Python packages but unfortunately I didn't get around to it yet as it requires a lot of disk space (and time). Or someone monitors Hydra for regressions.

@mweinelt
Copy link
Member Author

mweinelt commented Dec 11, 2021
edited
Loading

I only tested building python3Packages.cryptography and updated python-miio, but didn't test that yet.

Currently in the process of updating home-assistant, so both my attention and compute are exhausted.

@risicle
Copy link
Contributor

risicle commented Dec 12, 2021

sslyze needs some requirements hacking:

ERROR: Could not find a version that satisfies the requirement cryptography<4.0,>=2.6 (from sslyze) (from versions: none)
ERROR: No matching distribution found for cryptography<4.0,>=2.6

@mweinelt
Copy link
Member Author

mweinelt commented Dec 12, 2021

@veehaitch Would you mind looking into bumping sslyze and nassl? The latter fails because of known vulnerabilities.

@risicle
Copy link
Contributor

risicle commented Dec 12, 2021
edited
Loading

Have built a lot of depending packages (cherry-picked back to master) on 3 platforms (macos 10.15, nixos x86_64 & aarch64) and that's the only issue I've been able to find. Think it's probably good enough for staging.

@veehaitch veehaitch mentioned this pull request Dec 13, 2021
Merged
13 tasks
@risicle
Copy link
Contributor

risicle commented Dec 13, 2021

Oh, including mitmproxy and fido2.

@veprbl veprbl merged commit d23d17d into NixOS:staging Dec 25, 2021
@mweinelt mweinelt deleted the python/cryptography branch December 26, 2021 01:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@risicle risicle risicle approved these changes

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@primeos primeos Awaiting requested review from primeos

Assignees

No one assigned

Labels

6.topic: python Python is a high-level, general-purpose programming language. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mweinelt @primeos @risicle @veprbl