[Buildroot] Bug 8856 analysis
Yegor Yefremov
yegorslists at googlemail.com
Wed May 25 08:38:11 UTC 2016
Hi Thomas,
bug URL: https://bugs.busybox.net/show_bug.cgi?id=8856
as soon as I've seen this bug, I've asked Charles, under what
circumstances he discovered this issue. It turned out, that Charles
was trying to add python-circus package to BR. Circus is a process
manager and has a web management GUI, that uses tornado as web server.
And Python 2 has been chosen as an interpreter.
I've installed circus myself and saw the problem. circusd
uses following code:
#!/usr/bin/python
# EASY-INSTALL-ENTRY-SCRIPT: 'circus==0.13.0','console_scripts','circusd'
__requires__ = 'circus==0.13.0'
import sys
from pkg_resources import load_entry_point
if __name__ == '__main__':
sys.exit(
load_entry_point('circus==0.13.0', 'console_scripts', 'circusd')()
)
This code checks package requirements of all needed Python packages at
run-time. Tornado itself is working without backports.ssl-* package.
In Python 3.4 there
are no problems, as backports.ssl-* is required only for Python < 3.2
(tornado's setup.py). This behavior is now fixed in [1].
This is tornados code for handling certifi and match-hostname stuff:
try:
import ssl
except ImportError:
# ssl is not available on Google App Engine
ssl = None
try:
import certifi
except ImportError:
# certifi is optional as long as we have ssl.create_default_context.
if ssl is None or hasattr(ssl, 'create_default_context'):
certifi = None
else:
raise
if PY3:
xrange = range
if hasattr(ssl, 'match_hostname') and hasattr(ssl,
'CertificateError'): # python 3.2+
ssl_match_hostname = ssl.match_hostname
SSLCertificateError = ssl.CertificateError
elif ssl is None:
ssl_match_hostname = SSLCertificateError = None # type: ignore
else:
import backports.ssl_match_hostname
ssl_match_hostname = backports.ssl_match_hostname.match_hostname
SSLCertificateError =
backports.ssl_match_hostname.CertificateError # type: ignore
As you can see, it is all optional. python-certifi is still in
required section though with following comment:
if sys.version_info < (3, 4):
install_requires.append('singledispatch')
# Certifi is also optional on 2.7.9+, although making our dependencies
# conditional on micro version numbers seems like a bad idea
# until we have more declarative metadata.
install_requires.append('certifi')
So I suggest following fix:
1. add [1] to BR. This would eleiminate the need for ssl-hostname
backport package, as this functionality is already implemented in both
Python versions and it is not even used in python-circus
2. select python-certifi for both Python 2 and 3. It is rather small
and it is already in BR
3. now python-circus can be used in both environments
[1] https://github.com/tornadoweb/tornado/commit/24e7d3d1526ad915887062a8463dbd200ef97958
Yegor
More information about the buildroot
mailing list