Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pin cryptography to avoid warning from parsl import #1621

Closed
wants to merge 1 commit into from
Closed

pin cryptography to avoid warning from parsl import #1621

wants to merge 1 commit into from

Conversation

LeiGlobus
Copy link
Contributor

@LeiGlobus LeiGlobus commented Aug 9, 2024
edited
Loading

The latest globus-compute-endpoint, which upgraded to a more recent version of parsl, started generating this error message on endpoint CLI commands:

/opt/globus-compute-agent/venv-py39/lib/python3.9/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES a
nd will be removed from this module in 48.0.0.                                                                                                                                                               
  "cipher": algorithms.TripleDES,                                                                                                                                                                            
/opt/globus-compute-agent/venv-py39/lib/python3.9/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.Triple
DES and will be removed from this module in 48.0.0.                                                                                                                                                          
  "class": algorithms.TripleDES,                                                                                                                                                                             
Created multi-user profile for endpoint named <some-endpoint-name>

This was observed with 3.9, 3.12, and some environments of 3.10.

See slack thread with more context: https://funcx.slack.com/archives/C016JMYST9C/p1723232785192439

The temporary solution is to pin cryptography to a lower version until the parsl issue with PR parsl #3569 is deployed and Compute updates our parsl version to it.

Update
42.0.0 triggered a pip-audit security warning, so maybe better to wait for parsl to deploy the fix above and bump parsl version in Compute instead.

@LeiGlobus LeiGlobus added no-news-is-good-news This change does not require a news file quick-review Review of this should be quick and easy labels Aug 9, 2024
khk-globus
khk-globus reviewed Aug 12, 2024
View reviewed changes
compute_endpoint/setup.py
Comment on lines +47 to +49
# Pin to 42.0.0 to avoid CryptographyDeprecationWarning, to be fixed in parsl
# See https://funcx.slack.com/archives/C016JMYST9C/p1723232785192439
"cryptography==42.0.0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if the reference to the slack conversation is so relevant/interesting here. What might be better is to link to the related Parsl PR instead.

rjmello
rjmello reviewed Aug 12, 2024
View reviewed changes
Copy link
Member

@rjmello rjmello left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add this to the current release branch, v2.26.0, and bump the alpha version.

@LeiGlobus
Copy link
Contributor Author

Parsl auto releases at 22:42 UTC (5:42 CT) on Monday. As I wrote on the thread, I'll wait for the release tonight, pin the new version, and see if the warning goes away. If it does, I'll redo this PR and add it to 2.26.0a1 (new alpha). If it doesn't, we can discuss further tomorrow.

@LeiGlobus
Copy link
Contributor Author

Closing this PR in favor of #1623

@LeiGlobus LeiGlobus closed this Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khk-globus khk-globus khk-globus approved these changes

@rjmello rjmello rjmello left review comments

@ryanchard ryanchard Awaiting requested review from ryanchard

@chris-janidlo chris-janidlo Awaiting requested review from chris-janidlo

@joshbryan-globus joshbryan-globus Awaiting requested review from joshbryan-globus

Assignees
No one assigned
Labels
no-news-is-good-news This change does not require a news file quick-review Review of this should be quick and easy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LeiGlobus @rjmello @khk-globus