fix: narrow acceptable RSA versions to maintain Python 2 compatability #528
Conversation
googlebot
added
the
cla: yes
crwilcox
changed the title
|
Also, related to https://issues.apache.org/jira/browse/BEAM-10244 |
Co-authored-by: Kamil Breguła <mik-laj@users.noreply.github.com>
crwilcox
added
the
automerge
crwilcox
removed
the
automerge
Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com>
busunkim96
added
the
automerge
setup.py
Outdated
| @@ -22,8 +22,8 @@ | |||
| "cachetools>=2.0.0,<5.0", | |||
| "pyasn1-modules>=0.2.1", | |||
| # rsa 4.1, 4.1.1, 4.2 are broken on Py2: https://github.com/sybrenstuvel/python-rsa/issues/152 | |||
| 'rsa>=3.1.4,!=4.1,!=4.1.1,!=4.2,<5; python_version < 3', | |||
| 'rsa>=3.1.4,<5; python_version >= 3' | |||
| "rsa>=3.1.4,!=4.1,!=4.1.1,!=4.2,<5; python_version < 3", | |||
There was a problem hiding this comment.
I think "3" may need to be in quotes as in:
'rsa>=3.1.4,!=4.1,!=4.1.1,!=4.2,<5; python_version<"3"'
'rsa>=3.1.4,<5; python_version>="3"'
There was a problem hiding this comment.
Currently fixing and testing locally
There was a problem hiding this comment.
My motivation for rsa>=3.1.4,!=4.1,!=4.1.1,!=4.2 was that there maybe another Py2 release (which we had) with additional fixes (there were security backports), and the range would be able to pick it up.
I also was hoping that new releases won't be broken on Py2, however, looks like 4.4 is installable and broken on Py2, so we'd have to exclude it.
There was a problem hiding this comment.
Narrowed in in #532
google-auth-library-python/setup.py
Lines 25 to 26 in b74168b
There was a problem hiding this comment.
Released 1.17.2 with the pin above
🤖 I have created a release \*beep\* \*boop\* --- ### [1.17.1](https://github.com/googleapis/google-auth-library-python/compare/v1.17.0...v1.17.1) (2020-06-11) ### Bug Fixes * narrow acceptable RSA versions to maintain Python 2 compatability ([#528](https://github.com/googleapis/google-auth-library-python/issues/528)) ([9434868](https://github.com/googleapis/google-auth-library-python/commit/9434868a6789464549af1d4562f62d8a899b6809)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please).
|
I fixed it in the Python-RSA package so that package managers now know which version they can use. Python-RSA 4.3 is now the last one to support Python 2.7, version 4.4 explicitly requires Python 3.5+. Hope this is now resolved for you, if there are still issues let me know. |
Actually, 4.4 is still installable on Py2. Perhaps intended? We can continue this on sybrenstuvel/python-rsa#152. |
Related to #528. RSA seems to have released another version without `python_requires` being enforced. This will guard against that for our package.
Version 4.0 was the last version to support Python 2 and 3.4. Version 4.1 is compatible with Python 3.5+ only.