Skip to content

Pin version of RSA package to avoid bad releases#23197

Merged
lidizheng merged 5 commits intogrpc:masterfrom
lidizheng:fix-rsa
Jun 12, 2020
Merged

Pin version of RSA package to avoid bad releases#23197
lidizheng merged 5 commits intogrpc:masterfrom
lidizheng:fix-rsa

Conversation

@lidizheng
Copy link
Copy Markdown
Contributor

@lidizheng lidizheng commented Jun 12, 2020
edited
Loading

Fix #23190 #23188

The cause: sybrenstuvel/python-rsa#152

The rsa release 4.1.1 and 4.2 dropped Python 2 support, which is a legit move. However, they didn't update the corresponding classifier in their setup.py. So, the PyPI offers py2-incompatible packages to Python 2 users and caused the breakage.

We don't directly depend on rsa. The google-auth library incurs dependency on rsa, which unfortunately was needed for our tests.

@lidizheng lidizheng added lang/Python release notes: no Indicates if PR should not be in release notes labels Jun 12, 2020
@lidizheng lidizheng marked this pull request as ready for review June 12, 2020 17:27
@lidizheng lidizheng requested a review from stanley-cheung June 12, 2020 17:27
@lidizheng lidizheng requested a review from gnossen June 12, 2020 17:27
gnossen
gnossen approved these changes Jun 12, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@gnossen gnossen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking care of this!

This will resolve #23188.

stanley-cheung
stanley-cheung approved these changes Jun 12, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@stanley-cheung stanley-cheung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@veblush
Copy link
Copy Markdown
Contributor

veblush commented Jun 12, 2020
edited
Loading

It seems that they've just released rsa package 4.3 supporting Python 2.7 and 4.4 dropping Python 2.7 to fix the problem. How about waiting for their fix if this is not urgent?

@sybrenstuvel
Copy link
Copy Markdown

sybrenstuvel commented Jun 12, 2020

I hope it's fixed now! If there are still issues, please let me know.

@lidizheng
Copy link
Copy Markdown
Contributor Author

lidizheng commented Jun 12, 2020
edited
Loading

@sybrenstuvel Thanks for the quick update. From my local experiments, python2 -m pip install -U rsa installs rsa==4.4, which is still Python 2 incompatible. I think there might be another classifier issue in version 4.4, you might want to "yank" that version, or release a newer Python 2 compatible version.

(Now, the google-auth library breaks again... because rsa==4.4 fits in their narrowed range rsa!=4.1,!=4.1.1,!=4.2,<5,>=3.1.4; python_version < "3".)

@zcube zcube mentioned this pull request Jun 12, 2020
Closed
@lidizheng lidizheng mentioned this pull request Jun 12, 2020
Closed
@lidizheng lidizheng merged commit 4600e63 into grpc:master Jun 12, 2020
@busunkim96
Copy link
Copy Markdown

busunkim96 commented Jun 12, 2020

FYI, we just released google-auth 1.17.2 with a more restricted pin https://github.com/googleapis/google-auth-library-python/blob/b74168b710da38c0cf06cdf8685c49af4748e3a0/setup.py#L25-L26

@lidizheng lidizheng mentioned this pull request Jun 12, 2020
Merged
@stanley-cheung
Copy link
Copy Markdown
Contributor

stanley-cheung commented Jun 12, 2020

@lidizheng I wonder whether we need to backport this fix to the 1.30.x branch? Right now there's not a lot of traffic on the 1.30.x branch, but when we do, I suppose PR would fail these tests in the same way?

@lidizheng
Copy link
Copy Markdown
Contributor Author

lidizheng commented Jun 12, 2020

@stanley-cheung We won't need to backport this. The breakage is only impacting our test infrastructure. The bad release comes from rsa which is dependency of google-auth which only affect our unit tests.

This PR is a more or less a bandage, long term solution is #23200.

@gnossen gnossen mentioned this pull request Jun 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gnossen gnossen gnossen approved these changes

@stanley-cheung stanley-cheung stanley-cheung approved these changes

Assignees

@gnossen gnossen

@stanley-cheung stanley-cheung

Labels

lang/Python release notes: no Indicates if PR should not be in release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SyntaxError: Non-ASCII character '\xc3' in file /var/local/git/grpc/py27_gevent/local/lib/python2.7/site-packages/rsa/key.py

6 participants

@lidizheng @veblush @sybrenstuvel @busunkim96 @stanley-cheung @gnossen