Bug 1685612 - python34: Invent a workaround for when compat-openssl10 is gone
Summary: python34: Invent a workaround for when compat-openssl10 is gone
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: python34
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Victor Stinner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-05 16:20 UTC by Miro Hrončok
Modified: 2019-08-06 13:15 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-06 13:15:14 UTC
Type: Bug


Attachments (Terms of Use)
build.log of python34 with openssl-devel 1.1.1 (1.20 MB, text/plain)
2019-03-05 16:20 UTC, Miro Hrončok
no flags Details

Description Miro Hrončok 2019-03-05 16:20:18 UTC
Created attachment 1541032 [details]
build.log of python34 with openssl-devel 1.1.1

compat-openssl10 will likely get orphaned before Fedora 31.

Source: https://bugzilla.redhat.com/show_bug.cgi?id=1673419#c2

Since we don't want to deal with maintaining it ourselves, we need to invent a workaround.

python34 does not build with openssl 1.1.1:

Failed to build these modules:
_hashlib              _md5                  _sha1              
_sha256               _sha512               _ssl     


Those are quite impotatn, the test suite doesn't even run without them:

+ /builddir/build/BUILD/Python-3.4.10rc1/build/optimized/python -m test.regrtest --verbose --findleaks -x test_distutils -x test_venv
BUILDSTDERR: ERROR:root:code for hash md5 was not found.
BUILDSTDERR: Traceback (most recent call last):
BUILDSTDERR:   File "/builddir/build/BUILD/Python-3.4.10rc1/Lib/hashlib.py", line 240, in <module>
BUILDSTDERR:     func = __get_hash(__func_name)
BUILDSTDERR:   File "/builddir/build/BUILD/Python-3.4.10rc1/Lib/hashlib.py", line 118, in __get_builtin_constructor
BUILDSTDERR:     raise ValueError('unsupported hash type ' + name)
BUILDSTDERR: ValueError: unsupported hash type md5
BUILDSTDERR: ERROR:root:code for hash sha1 was not found.
...
BUILDSTDERR: ImportError: cannot import name 'sha512'


Possible workaround is to bundle openssl 1.1.0 or beg for a compat package.

Comment 1 Kevin Fenzi 2019-03-05 23:35:36 UTC
Can we just get moved to python36 by then and drop python34?

Comment 2 Charalampos Stratakis 2019-03-05 23:56:01 UTC
Maybe getting a list of where python 3.4 is used on the wild, would be beneficial to determine if we want to retire the package.

Comment 3 Miro Hrončok 2019-03-06 00:07:12 UTC
This is not EPEL, but Fedora. We have Python 3.4, 3.5, 3.6, 3.7 and 3.8. We don't "move" from 3.4 to 3.6, we offer all used versions for developers to test their software.

Python 3.4 will EOL upstream quite soon: 2019-03-16 [0], yet I don't feel confident removing it yet.

As long as 3.4 is used by developers, we'd like to keep it for them to test their SW on.

It is still used in:

 * EPEL6 - EOLs November 2020 (AFAIK)
 * EPEL7 - might be superseded by 3.6 but 3.4 is not going away, stays to at least 2024 (AFAIK) (we can theoretically work on retiring it there)
 * Ubuntu 14.04 LTS - EOLs soon (2019-04-30), but has 3 more years ESM [1][2]
 * Debian jessie (oldstable) - not sure how much developers care about oldstable


[0] https://devguide.python.org/#status-of-python-branches
[1] https://blog.ubuntu.com/2018/09/19/extended-security-maintenance-ubuntu-14-04-trusty-tahr
[2] April 2022

Comment 4 Miro Hrončok 2019-03-06 09:11:05 UTC
[2] https://wiki.ubuntu.com/Releases

Comment 5 Kevin Fenzi 2019-03-07 01:51:03 UTC
Ah right, misunderstood.

Comment 6 Miro Hrončok 2019-03-07 14:12:18 UTC
Victor will look at the changes between 3.4 and 3.5 in SSL and try to assess if backporting makes sense.

Comment 7 Victor Stinner 2019-03-07 15:09:52 UTC
I proposed a backport downstream of the 3.5 change which adds support for OpenSSL 1.1.0 (and 1.1.1):
https://github.com/python/cpython/pull/12211

Comment 8 Victor Stinner 2019-03-20 18:09:42 UTC
> I proposed a backport downstream of the 3.5 change which adds support for OpenSSL 1.1.0 (and 1.1.1):
> https://github.com/python/cpython/pull/12211

I had been rejected by Python 3.4 Release Manager (Larry Hastings) which was afraid of merging such non trivial change in the *last* Python 3.4.10 release.

I created a PR for python34 in Fedora Rawhide:
https://src.fedoraproject.org/rpms/python34/pull-request/32

Comment 9 Victor Stinner 2019-07-02 12:58:00 UTC
I updated my Python 3.4 PR based on the Python 3.5 downstream change.
https://src.fedoraproject.org/rpms/python34/pull-request/32


Note You need to log in before you can comment on or make changes to this bug.