-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libcrypt.so.1 being phased out? #305
Comments
In case anyone else is thrown by the name: this isn't Practically speaking, if some systems have @zackw might be able to advise us further. |
It seems Fedora has gone further with this transition than I thought any Linux distribution would seriously consider doing, in the relatively short time it's been since the new "libxcrypt" became a thing. There are actually three versions of the library in play: A. B. C. I expected Linux distributions to converge on B, not C, but I guess "any program using these functions is necessarily using a block cipher with an unacceptably short key" was enough of a reason for Fedora to break them. I agree with @njsmith that, as a practical matter, it's no longer appropriate for What I'd recommend, therefore, is that the manylinux1 and manylinux2010 base images be modified to supply option C ( If there's a problem building libxcrypt in a CentOS 5 environment, please file a bug report on besser82/libxcrypt and I'll see it gets fixed. |
So if I'm understanding this correctly, the steps to be taken are:
|
Shouldn't we update the PEPs as well? |
Yup, updating the PEPs is done now: python/peps#1124. |
@takluyver When adding
will accomplish this, but it still needs testing. |
To check that, I assume one can run It would also be good if someone could provide a sample extension module which calls Finally: anyone reading this, please feel free to work on the manylinux images. I'm about to be offline for a week, and even when I am here, I'm not that hot on anything that involves writing or compiling C code. I wrote the checklist above as what needs doing, not saying that I'm going to do it. 🙂 |
I learned about this issue in EuroPython. After some discussion, we're updating Fedora's pip to Recommend When testing on Fedora, please make sure you don't have |
(While I'm not doing systematic testing, I did note somewhere that I haven't come across any wheels which fail to load. So just to confirm: I don't have |
I submitted PRs for the manylinux images. GCC 8.2 failed to build |
I'm writing a trivial extension module to test this change with. Would it be it useful for me to put a sdist of this module on PyPI, or will it be enough to have a public git repo? I don't know Fedora well enough to do the actual testing myself. |
Thanks @lkollar . I've updated the checklist above to point to those PRs. @zackw - we can probably work with it any form, but if it's easy to put an sdist on PyPI, please do. It may be useful to have a tarball with a stable hash - I'm told that the automatic tarballs from Github tags can change slightly. |
@takluyver OK, it's uploaded: https://pypi.org/project/pyphash/ and/or https://github.com/zackw/pyphash |
After all of the steps listed above are taken, we should look through PyPI for binary wheels that use |
Something similar was suggested on pypi/warehouse#5420. The Warehouse maintainers might be able to say if it's practical to do something like that, and how to find all packages where the latest release has a manylinux wheel. |
I am about to release a new psycopg version. I assume the issue is not fixed, right? |
I see that all PRs linked from the "steps to be taken" comment are merged. If I understand this correctly, it means new wheels should bundle Since this happened before the Python 3.8 release, it seems to me that no real-world wheels for Python 3.8 will need |
As far as I can see, packages created yesterday with the latest version of manylinux don't include
Packages were created using the quay.io/pypa/manylinux1_x86_64 docker image. Has the procedure to build packages changed? |
@zackw @njsmith Do you think is it possible, given that we're building libcrypt.so.2 (from libxcrypt) for the manylinux* containers, that we build libcrypt.so.1 (compat version again from libxcrypt) and use that specifically for bundling (hiding it otherwise because of the struct size differences) when the system libcrypt.so.1 is required? (@fweimer and I just chatted about this on IRC) The libxcrypt version of libcrypt.so.1 has no GLIBC_PRIVATE dependencies and is a drop-in replacement for the system libcrypt.so.1. This would allow developers to continue to use parts of OS that require libcrypt.so.1. That would solve some problems I've seen @dralley having (just talked with him today about this impact). |
@codonell Yes, I think that is a sane configuration. You'd have libcrypt.a and libcrypt.so matching libcrypt.so.2, but include libcrypt.so.1 on the file system for anything that might expect that via DT_NEEDED, and it shouldn't cause problems if auditwheel decides to bundle it. As libxcrypt upstream I'm actually working on a restructure where we always build both, with all the real code in libcrypt.so.2 and libcrypt.so.1 being a thin wrapper with the compatibility symbols. |
I was looking into including I came up with some ugly patching of Hugly patch:
|
The newly merged PR should allow to graft |
Patch out use of python-dbg, which is not available for other Python versions. This should be sufficient that Drake can build. However, due to some nasty business with libcrypt, which for some reason is not used by Python 3.6, but is required by Python 3.7, we are not yet able to produce a PyPI-usable wheel. See also pypa/manylinux#305 for an explanation of why this is broken.
Patch out use of python-dbg, which is not available for other Python versions. This should be sufficient that Drake can build. However, due to some nasty business with libcrypt, which for some reason is not used by Python 3.6, but is required by Python 3.7, we are not yet able to produce a PyPI-usable wheel. See also pypa/manylinux#305 for an explanation of why this is broken.
Replace both the standard and debugging Python interpreters with the standard interpreter from our virtualenv. This is correct for the former, and for the latter, should suffice to make the build system happy, while not ever actually being used during a wheel build (so it won't matter that it isn't a debug interpreter). This should be sufficient that Drake can build. However, due to some nasty business with libcrypt, which for some reason is not used by Python 3.6, but is required by Python 3.7, we are not yet able to produce a PyPI-usable wheel. See also pypa/manylinux#305 for an explanation of why this is broken. fixup
Replace both the standard and debugging Python interpreters with the standard interpreter from our virtualenv. This is correct for the former, and for the latter, should suffice to make the build system happy, while not ever actually being used during a wheel build (so it won't matter that it isn't a debug interpreter). This should be sufficient that Drake can build. However, due to some nasty business with libcrypt, which for some reason is not used by Python 3.6, but is required by Python 3.7, we are not yet able to produce a PyPI-usable wheel. See also pypa/manylinux#305 for an explanation of why this is broken. fixup
Hello,
Just received psycopg/psycopg2#912, according to which libcrypt.so.1 was deprecated on Fedora 30. This sounds like manylinux wheel packages (both 1 and 2010) are incompatible with the platform.
Is there anything I can, or should, do? Would including libcrypt (maybe 2) in the wheel package be a good idea?
The text was updated successfully, but these errors were encountered: