Can't pip install --no-binary :all: for rsa 4.1 #148

dyeager-recurve · 2020-06-11T13:08:23Z

Get the following error attempting to pip install --no-binary :all: for rsa 4.1:

  ERROR: Command errored out with exit status 1:
   command: /usr/local/bin/python /usr/local/lib/python3.7/site-packages/pip install --ignore-installed --no-user --prefix /tmp/pip-build-env-t_dd66v5/overlay --no-warn-script-location --no-binary :all: --only-binary :none: -i https://pypi.org/simple -- 'poetry>=0.12'
       cwd: None
  Complete output (49 lines):
  Looking in indexes: https://pypi.org/simple
  Collecting poetry>=0.12
    Downloading poetry-1.0.9.tar.gz (167 kB)
    Installing build dependencies: started
    Installing build dependencies: finished with status 'done'
    Getting requirements to build wheel: started
    Getting requirements to build wheel: finished with status 'error'
    ERROR: Command errored out with exit status 1:
     command: /usr/local/bin/python /usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py get_requires_for_build_wheel /tmp/tmpj1ktbbkf
         cwd: /tmp/pip-install-ap8po1db/poetry
    Complete output (36 lines):
    Traceback (most recent call last):
      File "/usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 280, in <module>
        main()
      File "/usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 263, in main
        json_out['return_val'] = hook(**hook_input['kwargs'])
      File "/usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 114, in get_requires_for_build_wheel
        return hook(config_settings)
      File "/tmp/pip-build-env-np3nbcwo/overlay/lib/python3.7/site-packages/intreehooks.py", line 53, in get_requires_for_build_wheel
        return self._backend.get_requires_for_build_sdist(config_settings)
      File "/tmp/pip-build-env-np3nbcwo/overlay/lib/python3.7/site-packages/intreehooks.py", line 38, in _backend
        obj = self._module_from_dir(modname)
      File "/tmp/pip-build-env-np3nbcwo/overlay/lib/python3.7/site-packages/intreehooks.py", line 25, in _module_from_dir
        mod = importlib.import_module(modname)
      File "/usr/local/lib/python3.7/importlib/__init__.py", line 127, in import_module
        return _bootstrap._gcd_import(name[level:], package, level)
      File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
      File "<frozen importlib._bootstrap>", line 983, in _find_and_load
      File "<frozen importlib._bootstrap>", line 953, in _find_and_load_unlocked
      File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
      File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
      File "<frozen importlib._bootstrap>", line 983, in _find_and_load
      File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
      File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
      File "<frozen importlib._bootstrap_external>", line 728, in exec_module
      File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
      File "/tmp/pip-install-ap8po1db/poetry/poetry/masonry/__init__.py", line 10, in <module>
        from .builder import Builder
      File "/tmp/pip-install-ap8po1db/poetry/poetry/masonry/builder.py", line 1, in <module>
        from .builders.complete import CompleteBuilder
      File "/tmp/pip-install-ap8po1db/poetry/poetry/masonry/builders/__init__.py", line 1, in <module>
        from .complete import CompleteBuilder
      File "/tmp/pip-install-ap8po1db/poetry/poetry/masonry/builders/complete.py", line 6, in <module>
        from poetry.factory import Factory
      File "/tmp/pip-install-ap8po1db/poetry/poetry/factory.py", line 10, in <module>
        from clikit.api.io.io import IO
    ModuleNotFoundError: No module named 'clikit'

The text was updated successfully, but these errors were encountered:

lhoestq · 2020-06-11T13:37:21Z

Same issue here

sybrenstuvel · 2020-06-11T16:27:45Z

I can reproduce the issue. The nasty thing is that even pip install --no-binary :all: clikit fails on ModuleNotFoundError: No module named 'clikit'. Apparently this is a known issue with Poetry: python-poetry/poetry#1975

Python-RSA should always be installable in a source/Python-only environment. If there is no workaround, I'm afraid we'll have to go back to using Pipenv :/

Poetry breaks no-binary installations of the RSA library, which defeats the purpose of this library. See #148

eddie-scio · 2020-06-11T17:46:04Z

Just wanted to say thanks Sybren for the quick fix and publishing 4.1.1. to pypi!

Poetry breaks no-binary installations of the RSA library, which defeats the purpose of this library. See #148 Among other changes, this reverts commit fcf5b74. I also added a workaround for an `ImportError` importing `zipp` on Python 3.5.

sybrenstuvel · 2020-06-11T18:31:35Z

I just released 4.2 that fixes this and hopefully also #147 :)

- Update from 4.0 to 4.8 - Update of rootfile - Changelog - Switch to [Poetry](https://python-poetry.org/) for dependency and release management. - Compatibility with Python 3.10. - Chain exceptions using `raise new_exception from old_exception` ([#157](sybrenstuvel/python-rsa#157)) - Added marker file for PEP 561. This will allow type checking tools in dependent projects to use type annotations from Python-RSA ([#136](sybrenstuvel/python-rsa#136)). - Use the Chinese Remainder Theorem when decrypting with a private key. This makes decryption 2-4x faster ([#163](sybrenstuvel/python-rsa#163)). - Fix picking/unpickling issue introduced in 4.7 ([#173](sybrenstuvel/python-rsa#173)) - Fix threading issue introduced in 4.7 ([#173](sybrenstuvel/python-rsa#173)) - Fix [#165](sybrenstuvel/python-rsa#165): CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code - Add padding length check as described by PKCS#1 v1.5 (Fixes [#164](sybrenstuvel/python-rsa#164)) - Reuse of blinding factors to speed up blinding operations. Fixes [#162](sybrenstuvel/python-rsa#162). - Declare & test support for Python 3.9 Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires Python 3.5+. To avoid older Python installations from trying to upgrade to RSA 4.4, this is now made explicit in the `python_requires` argument in `setup.py`. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.4 as 4.6 as well. No functional changes compared to version 4.2. Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the last to support Python 2.7. This is now made explicit in the `python_requires` argument in `setup.py`. Python 3.4 is not supported by this release. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 as 4.5 as well. Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes. - Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. - Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out. - Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes [#148](sybrenstuvel/python-rsa#148) - Limited SHA3 support to those Python versions (3.6+) that support it natively. The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix [#147](sybrenstuvel/python-rsa#147). - Added support for Python 3.8. - Dropped support for Python 2 and 3.4. - Added type annotations to the source code. This will make Python-RSA easier to use in your IDE, and allows better type checking. - Added static type checking via [MyPy](http://mypy-lang.org/). - Fix [#129](sybrenstuvel/python-rsa#129) Installing from source gives UnicodeDecodeError. - Switched to using [Poetry](https://poetry.eustace.io/) for package management. - Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This is natively supported by Python 3.6+ and supported via a third-party library on Python 3.5. - Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. - Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Adelapie for pointing this out. Signed-off-by: Adolf Belka <[email protected]> Reviewed-by: Peter Müller <[email protected]>

sybrenstuvel self-assigned this Jun 11, 2020

sybrenstuvel added the critical label Jun 11, 2020

sybrenstuvel added a commit that referenced this issue Jun 11, 2020

Moving back to Pipenv to manage dependencies

6f90ad3

Poetry breaks no-binary installations of the RSA library, which defeats the purpose of this library. See #148

sybrenstuvel closed this as completed Jun 11, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Can't pip install --no-binary :all: for rsa 4.1 #148

Can't pip install --no-binary :all: for rsa 4.1 #148

dyeager-recurve commented Jun 11, 2020 •

edited

Loading

lhoestq commented Jun 11, 2020

sybrenstuvel commented Jun 11, 2020 •

edited

Loading

eddie-scio commented Jun 11, 2020

sybrenstuvel commented Jun 11, 2020

Can't pip install --no-binary :all: for rsa 4.1 #148

Can't pip install --no-binary :all: for rsa 4.1 #148

Comments

dyeager-recurve commented Jun 11, 2020 • edited Loading

lhoestq commented Jun 11, 2020

sybrenstuvel commented Jun 11, 2020 • edited Loading

eddie-scio commented Jun 11, 2020

sybrenstuvel commented Jun 11, 2020

dyeager-recurve commented Jun 11, 2020 •

edited

Loading

sybrenstuvel commented Jun 11, 2020 •

edited

Loading