-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python310Packages.urllib3: remove pyopenssl as it is no longer recommended #179159
Conversation
67bbc72
to
cadc372
Compare
Pyopenssl is marked broken on aarch64-darwin (#175875), |
Wrong target branch. This should target master or staging. |
We shouldn't make such dependency packages platform depended if upstream has no explicit support for it. It will only cause extra maintenance for all other packages. |
How about removing pyopenssl from urllib3 for all platforms? From https://github.com/urllib3/urllib3/blob/main/src/urllib3/contrib/pyopenssl.py:
The pyopenssl urllib3 backend was mainly written for python 2.7, python3-urllib3 does NOT need pyopenssl. |
Yes, we should do that but it will cause a mass rebuild and I can't assess how big the breakage will be. |
cadc372
to
4e26e54
Compare
Thanks for the review, I updated my PR to:
After reading the comments I wasn't sure if we still wanted to make the optional dependencies opt-in, happy to make the changes if you also want to do that. |
(Just a note to say a ton of things have broken on my mac that I expect this to fix, so watching anxiously for this to make it through.) |
This will just fix packages that require urllib3 which are not that many. pyopenssl has still many other usages and this PR will probably not fix most of your issues. |
I think we should also remove I'm not sure about |
5170c8d
to
cf69b22
Compare
cf69b22
to
fb76309
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM code-wise.
for those of you at home on aarch64-darwin eagerly awaiting this getting into
well, there's yt-dlp for starters then, a cursory review of transitive build dependencies on urllib3 via sphinx on my machine alone:
i offer as friendly advice that dismissive handwaving in the comments of a PR that addresses breakage you introduced is a monumentally bad look, especially for a member of @NixOS |
Workaround for GHC has been merged #179181 |
This just reflects upstreams support status and the issue that is open for 2.5 years. This already used many maintainer hours in some downstream packages where tests mysteriously broke because of this. Still I just used yet another hour for a proprietary OS that I don't even use.
Can't do that yet because master wasn't merged into staging, yet. Also would love to know if that even builds on darwin but currently cmake boot is broken. Lets see later if it actually works. |
The rebuild amount is only so low because of #178700 which means we couldn't have merged this into master. |
Thanks for merging and for the thankless job that it is being an OSS maintainer, specially a project as massive and complex as nixpkgs. Quick question, do you know when this will hit unstable approximately? I know it has to go through a few steps but I am not familiar with typical timeframes. |
❤️
Since staging-next just merged (#178690) and I don't think there is a new PR yet, we could be lucky and based on the duration of the last staging-next run it could already be in 7 to 10 days but if problems happen it could also be 14 days. |
+1 on the thank you for the otherwise thankless job here. I was one of the ones anxious to see this hit and I know working on other people's platforms is a pain. Thanks for getting it done. |
This PR is broken:
That obviously needs to be removed aswell. @SuperSandro2000 is it intended that the |
Ah, sorry. Fixed in f8d1cad |
that PR took all the mass rebuilds and it is reason why this still must go to staging. |
Yes of course. Though I think I would've preferred if an aarch64-darwin-only |
Then we would at least already have one merge conflict someone would need to fix again.
pyopenssl is marked broken for aarch64-darwin since 11. May which is almost 6 weeks ago. Likely it will be fixed in a few days with #179844 already. I think we have that time now. |
I meant to implement the darwin handling into master and then make a PR against staging where the optional darwin handling is replaced with the unconditional one/removal. Now it's too late to do this without a merge conflict of course; I just would prefer to do it this way next time to reduce breakage time. Workaround to master first, rebuild-heavy change that does it properly to staging.
Only in staging. It's only been broken on master (where everyone would notice) since the last staging-next. |
The PR that marked pyopenssl as broken went straight to master #172397 . If the recent staging-next merge broke this due to dependency changes then this reflects aarch64-darwin in the support tier (https://github.com/NixOS/rfcs/blob/master/rfcs/0046-platform-support-tiers.md#tier-7-1) where it is the lowest possible. With support tier 7 I don't think that extra work is justified in any way but arguable aarch64-darwin should really be tier 4 or 3 rather than 7. I still wouldn't really like to go that extra round for such a low tier support platform. I don't think it would be fair or justified to push it into support tier 2 and if my wishes would be heard we would also move x86_64-darwin to support tier 3 mostly because fixing i686 is miles easier than darwin. |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/how-to-know-which-package-in-my-hm-config-depends-on-another/20163/9 |
Description of changes
Fixes #178954
Commit 2922699 introduced a bunch of optional dependencies as mandatory. This had the side effect of breaking urllib3 on darwin-aarch64 as pyopenssl isn't supported on that platform (#175875)
This PR introduces a couple of arguments to allow toggling optional dependencies on and off defaulting them to
true
with the exception ofdarwin-aarch64
which disables by default the broken optional dependencies.Note: I am unsure if this is the right branch, I just tried to replicate what was done on the PR that introduced the change I linked above.
Note2: I think ideally we'd have as root packages:
but didn't want to introduce "big" changes, just fix urllib3 on
darwin-aarch64
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes