Fwd: Re: Fwd: Build failure of devel:languages:python/python-Werkzeug in 15.6/x86_64
Hi, Originally from the python list, Lots of build failures suddenly. Any changes in the setup for 15.6? Schöne Grüße Axel -- Written from cell phone - excuses for typos -------- Ursprüngliche Nachricht -------- Von: "Matěj Cepl" <mcepl@cepl.eu> Gesendet: 14. August 2024 00:47:55 OESZ An: Axel Braun <Axel.braun@gmx.de>, python@lists.opensuse.org Betreff: Re: Fwd: Build failure of devel:languages:python/python-Werkzeug in 15.6/x86_64 On Tue Aug 13, 2024 at 1:11 PM CEST, Axel Braun wrote:
I'm getting suddenly Tons of build failures like the attached one. Any changes in the build System?
It looks to me like something’s wrong with OBS. Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@floss.social GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 When you’re happy that cut and paste actually works I think it’s a sign you’ve been using X-Windows for too long. -- from /. discussion on poor integration between KDE and GNOME
Am Mittwoch, 14. August 2024, 12:47:26 CEST schrieb Axel Braun:
Hi, Originally from the python list, Lots of build failures suddenly. Any changes in the setup for 15.6? Schöne Grüße Axel
I'm getting suddenly Tons of build failures like the attached one. Any changes in the build System?
It looks to me like something’s wrong with OBS.
It seems to me that a package has been updated and certificates are now missing. This line always seems to appear: ssl.SSLError: [X509: NO_CERTIFICATE_OR_CRL_FOUND] no certificate or crl found (_ssl.c:4166) In d:l:p alone, 1207 of 2310 packages have build failures That means 53% of the packages no longer build! But nobody seems to be interested. The person who updated the package which now causes these errors should please undo the update of the package. Or fix the error. Regards Eric
Am Mittwoch, 14. August 2024, 14:36:15 CEST schrieb Eric Schirra:
Am Mittwoch, 14. August 2024, 12:47:26 CEST schrieb Axel Braun:
Hi, Originally from the python list, Lots of build failures suddenly. Any changes in the setup for 15.6? Schöne Grüße
Axel
I'm getting suddenly Tons of build failures like the attached one. Any changes in the build System?
It looks to me like something’s wrong with OBS.
It seems to me that a package has been updated and certificates are now missing. This line always seems to appear: ssl.SSLError: [X509: NO_CERTIFICATE_OR_CRL_FOUND] no certificate or crl found (_ssl.c:4166)
In d:l:p alone, 1207 of 2310 packages have build failures That means 53% of the packages no longer build! But nobody seems to be interested.
The person who updated the package which now causes these errors should please undo the update of the package. Or fix the error.
I have now send an request for python-pip to d:l:p with: - To fix other package build errors, ca-certificates-mozilla must set from Recommends to Requires. Regards Eric
Am 14.08.24 um 15:14 schrieb Eric Schirra:
It seems to me that a package has been updated and certificates are now missing. This line always seems to appear: ssl.SSLError: [X509: NO_CERTIFICATE_OR_CRL_FOUND] no certificate or crl found (_ssl.c:4166)
In d:l:p alone, 1207 of 2310 packages have build failures That means 53% of the packages no longer build! But nobody seems to be interested.
The person who updated the package which now causes these errors should please undo the update of the package. Or fix the error. I have now send an request for python-pip to d:l:p with:
- To fix other package build errors, ca-certificates-mozilla must set from Recommends to Requires.
Not a good "fix": https://build.opensuse.org/request/show/1193880#comment-1973769It pollutes every installation of pip on every OS with ca-certificates-mozilla. The motivation to fix 15.6 obs builds does not legitimate requiring installing unneeded packages for Tumbleweed and Slowroll users. The question you have to ask when attempting to fix the builds: Why does pip want to validate an SSL certificate during build? The obs machines are offline. - Ben
Am Mittwoch, 14. August 2024, 15:23:09 CEST schrieb Ben Greiner:
Am 14.08.24 um 15:14 schrieb Eric Schirra:
It seems to me that a package has been updated and certificates are now missing. This line always seems to appear: ssl.SSLError: [X509: NO_CERTIFICATE_OR_CRL_FOUND] no certificate or crl found (_ssl.c:4166)
In d:l:p alone, 1207 of 2310 packages have build failures That means 53% of the packages no longer build! But nobody seems to be interested.
The person who updated the package which now causes these errors should please undo the update of the package. Or fix the error.
I have now send an request for python-pip to d:l:p with:
- To fix other package build errors, ca-certificates-mozilla must
set from Recommends to Requires.
Not a good "fix": https://build.opensuse.org/request/show/1193880#comment-1973769It pollutes every installation of pip on every OS with ca-certificates-mozilla. The motivation to fix 15.6 obs builds does not legitimate requiring installing unneeded packages for Tumbleweed and Slowroll users. The question you have to ask when attempting to fix the builds: Why does pip want to validate an SSL certificate during build? The obs machines are offline. - Ben
I don't really care whether this is a “good solution”. It is a solution! The packages are now all building again. Page days nothing happens. And the ca-certificates package is also required in spec. The few KB of ca-certificates-mozilla don't matter. But you are welcome to create a better solution. I have nothing against it. But then please create one. Regards Eric
On Wed Aug 14, 2024 at 2:36 PM CEST, Eric Schirra wrote:
In d:l:p alone, 1207 of 2310 packages have build failures That means 53% of the packages no longer build! But nobody seems to be interested.
Because you are not supposed to use packages from d:l:p, and if you do, then it is just your responsibility to hold all pieces together. If you have a problem with any package in a devel project, then suggest a fix. And it should be actually a fix based on the comprehension of the problem, not a random hack. (Sorry, for the tone of the reply, but as a Czech proverb says, a rough bag gets a rough patch). Best, Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@floss.social GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 This is a test of the emergency signature system. Were this an actual signature, you would see amusing mottos, disclaimers, a zillion net addresses, or edifying philosophical statements. this is only test.
Am 14. August 2024 16:05:35 MESZ schrieb "Matěj Cepl" <mcepl@cepl.eu>:
On Wed Aug 14, 2024 at 2:36 PM CEST, Eric Schirra wrote:
In d:l:p alone, 1207 of 2310 packages have build failures That means 53% of the packages no longer build! But nobody seems to be interested.
Because you are not supposed to use packages from d:l:p, and if you do, then it is just your responsibility to hold all pieces together. If you have a problem with any package in a devel project, then suggest a fix. And it should be actually a fix based on the comprehension of the problem, not a random hack.
I have created an enquiry. This has absolutely nothing to do with coincidence. And by the way, if I look it up quickly, all other distributions do not separate ca-certifikates and ca-certifikates-mozilla. This also seems to be suse-specific. Regards Eric
On Wed Aug 14, 2024 at 4:24 PM CEST, Eric Schirra wrote:
And by the way, if I look it up quickly, all other distributions do not separate ca-certifikates and ca-certifikates-mozilla. This also seems to be suse-specific.
1. I really do not understand the distinction and the whole business about it. Dirk apparently does and he is doing something about it. 2. What he said: if you want to use Tumbleweed packages on Leap, you are much better served by d:l:p:backports. It is still unsupported, but at least these packages went through QA, staging projects, etc. With d:l:p I literally do not care whether it builds or not unless I need a package to be working at a given moment. It is called a devel project for a reason. Best, Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@floss.social GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Responsibility reveals the man. -- Demosthenes, Exordia, Dem. Ex. 48.2 (quoting Sophocles, Soph. Ant. 175-190, and it seems it is a source of often misquoted statement often mistakenly attributed to Plato “The measure of a man is what he does with power.”)
Am 14.08.24 um 16:05 schrieb Matěj Cepl:
On Wed Aug 14, 2024 at 2:36 PM CEST, Eric Schirra wrote: And it should be actually a fix based on the comprehension of the problem, not a random hack.
Best,
Matěj
The real problem is that in the python-pip package we replace the bundled certifi with a hardcode to path /etc/ssl/ca-bundle.pem in pip-shipped-requests-cabundle.patch <https://build.opensuse.org/projects/devel:languages:python/packages/python-pip/files/pip-shipped-requests-cabundle.patch?expand=1> But this file is now essentially empty in build environments. Plus, the path is deprecated anyway. disable-ssl-context-in-buildenv.patch <https://build.opensuse.org/projects/devel:languages:python/packages/python-pip/files/disable-ssl-context-in-buildenv.patch?expand=1> introduced by Dirk two days ago (!) masks it, for Tumbleweed, but not for 15.6 https://build.opensuse.org/package/show/devel:languages:python/python-pip - Ben
participants (4)
-
Axel Braun -
Ben Greiner -
Eric Schirra -
Matěj Cepl