Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#40] Stop including cryptography. #54

Merged
merged 16 commits into from
Dec 11, 2023
Merged

Conversation

dumol
Copy link
Contributor

@dumol dumol commented Dec 8, 2023

Scope

Fixes #40

Changes

Stop including the upstream cryptography wheels.

Building our own OpenSSL libs is still needed for Python's ssl module. (Except on Windows, where the upstream package comes with its own OpenSSL libs.)

Drive-by changes:

  • updated Python to latest 3.11.x version
  • updated OpenSSL for Python's ssl to latest 3.1.x version on non-Windows platforms
  • minor lib updates to latest versions for XZ and SQLite
  • some other minor Python module updates, including a security fix for pip
  • minor workflow improvements from server repo.

Testing

Check changes and automated tests.

Try the testing packages from bin.chevah.com, e.g. https://bin.chevah.com:20443/testing/3.11.7.3785e41/

@dumol dumol self-assigned this Dec 8, 2023
Copy link
Member

@adiroiban adiroiban left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. This is a good start.

PyNacl can be also removed... without problems.

With the removal of cryptography , things are getting ugly and complicated for generating the install version of chevah/server for Windows and MacOS or ... Linux ARM64

We are building the distributables only on Linux X64...
so it's complicated to install a Windows or MarcOS package on Linux.

But I think that for pythia we should keep things simple, and focus on Python

I have created a sepate ticket to deal with the chevah/server https://github.com/chevah/server/issues/6480

Thanks

build.conf Outdated

# Python modules versions to be used everywhere possible.
# Latest cryptography/bcrypt require Rust, use only wheels for them.
CFFI_VERSION="1.16.0"
# When updating cryptography, also update "expecting_openssl_version" in
# the file src/chevah-python-tests/test_python_binary_dist.py to pass tests.
CRYPTOGRAPHY_VERSION="41.0.4"
PYNACL_VERSION="1.5.0"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that pynacl can also be removed.

It is only used for our testing.

We only need to make sure that we have these files on our pypi server
https://pypi.org/project/PyNaCl/#files

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem, done trough 844422b.

src/Python/chevahbs Show resolved Hide resolved
@adiroiban
Copy link
Member

Also, happy to see Laja at work. I am quite happy with macmini M1 for macOS

GitHub now has mac M1 runners... but they cost $0.16 per minute... so with our 10 minutes job it would take more than $1.5 for each run

@dumol dumol merged commit 4666189 into master Dec 11, 2023
5 checks passed
@dumol dumol deleted the 40-cryptography-included-no-more branch December 11, 2023 12:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Don't include cryptography.
3 participants