Bug 1685612

Summary: python34: Invent a workaround for when compat-openssl10 is gone
Product: [Fedora] Fedora Reporter: Miro Hrončok <mhroncok>
Component: python34Assignee: Victor Stinner <vstinner>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: cstratak, kevin, mhroncok, pviktori, python-sig, TicoTimo, tmraz, torsava
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 13:15:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
build.log of python34 with openssl-devel 1.1.1 none

Description Miro Hrončok 2019-03-05 16:20:18 UTC 
Created attachment 1541032 [details]
build.log of python34 with openssl-devel 1.1.1

compat-openssl10 will likely get orphaned before Fedora 31.

Source: https://bugzilla.redhat.com/show_bug.cgi?id=1673419#c2

Since we don't want to deal with maintaining it ourselves, we need to invent a workaround.

python34 does not build with openssl 1.1.1:

Failed to build these modules:
_hashlib              _md5                  _sha1              
_sha256               _sha512               _ssl     


Those are quite impotatn, the test suite doesn't even run without them:

+ /builddir/build/BUILD/Python-3.4.10rc1/build/optimized/python -m test.regrtest --verbose --findleaks -x test_distutils -x test_venv
BUILDSTDERR: ERROR:root:code for hash md5 was not found.
BUILDSTDERR: Traceback (most recent call last):
BUILDSTDERR:   File "/builddir/build/BUILD/Python-3.4.10rc1/Lib/hashlib.py", line 240, in <module>
BUILDSTDERR:     func = __get_hash(__func_name)
BUILDSTDERR:   File "/builddir/build/BUILD/Python-3.4.10rc1/Lib/hashlib.py", line 118, in __get_builtin_constructor
BUILDSTDERR:     raise ValueError('unsupported hash type ' + name)
BUILDSTDERR: ValueError: unsupported hash type md5
BUILDSTDERR: ERROR:root:code for hash sha1 was not found.
...
BUILDSTDERR: ImportError: cannot import name 'sha512'


Possible workaround is to bundle openssl 1.1.0 or beg for a compat package.
Comment 1 Kevin Fenzi 2019-03-05 23:35:36 UTC 
Can we just get moved to python36 by then and drop python34?
Comment 2 Charalampos Stratakis 2019-03-05 23:56:01 UTC 
Maybe getting a list of where python 3.4 is used on the wild, would be beneficial to determine if we want to retire the package.
Comment 3 Miro Hrončok 2019-03-06 00:07:12 UTC 
This is not EPEL, but Fedora. We have Python 3.4, 3.5, 3.6, 3.7 and 3.8. We don't "move" from 3.4 to 3.6, we offer all used versions for developers to test their software.

Python 3.4 will EOL upstream quite soon: 2019-03-16 [0], yet I don't feel confident removing it yet.

As long as 3.4 is used by developers, we'd like to keep it for them to test their SW on.

It is still used in:

 * EPEL6 - EOLs November 2020 (AFAIK)
 * EPEL7 - might be superseded by 3.6 but 3.4 is not going away, stays to at least 2024 (AFAIK) (we can theoretically work on retiring it there)
 * Ubuntu 14.04 LTS - EOLs soon (2019-04-30), but has 3 more years ESM [1][2]
 * Debian jessie (oldstable) - not sure how much developers care about oldstable


[0] https://devguide.python.org/#status-of-python-branches
[1] https://blog.ubuntu.com/2018/09/19/extended-security-maintenance-ubuntu-14-04-trusty-tahr
[2] April 2022
Comment 4 Miro Hrončok 2019-03-06 09:11:05 UTC 
[2] https://wiki.ubuntu.com/Releases
Comment 5 Kevin Fenzi 2019-03-07 01:51:03 UTC 
Ah right, misunderstood.
Comment 6 Miro Hrončok 2019-03-07 14:12:18 UTC 
Victor will look at the changes between 3.4 and 3.5 in SSL and try to assess if backporting makes sense.
Comment 7 Victor Stinner 2019-03-07 15:09:52 UTC 
I proposed a backport downstream of the 3.5 change which adds support for OpenSSL 1.1.0 (and 1.1.1):
https://github.com/python/cpython/pull/12211
Comment 8 Victor Stinner 2019-03-20 18:09:42 UTC 
> I proposed a backport downstream of the 3.5 change which adds support for OpenSSL 1.1.0 (and 1.1.1):
> https://github.com/python/cpython/pull/12211

I had been rejected by Python 3.4 Release Manager (Larry Hastings) which was afraid of merging such non trivial change in the *last* Python 3.4.10 release.

I created a PR for python34 in Fedora Rawhide:
https://src.fedoraproject.org/rpms/python34/pull-request/32
Comment 9 Victor Stinner 2019-07-02 12:58:00 UTC 
I updated my Python 3.4 PR based on the Python 3.5 downstream change.
https://src.fedoraproject.org/rpms/python34/pull-request/32