From owner-freebsd-python@freebsd.org Tue Jul 28 03:11:42 2020 Return-Path: Delivered-To: freebsd-python@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3BA1B3798AD for ; Tue, 28 Jul 2020 03:11:42 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BG1t52V3tz3V22 for ; Tue, 28 Jul 2020 03:11:41 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: by mail-pj1-x1041.google.com with SMTP id ha11so3384588pjb.1 for ; Mon, 27 Jul 2020 20:11:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:reply-to:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=kUzhViqxDxkYX/QdfuRu6eFwrAm4147PSgcYHAI5gvI=; b=NGIHCEwkRJ0tArMo8Ke8HXZ8iixfJ23bdvSx1z7S1iyuEy/0WkmUg0DATbpRLWmBC4 xGYELVYjXkn10yILgcZQUUUsktoc6imRY5O5fOSgB/OAbDjMSGwjMI6y9Dm0uBzE3ZUj iD2JFHKIkRaIDzezk8zQHnwSkWvrqNFNEeYTvsi0ox2qbxiaPVXi1tdlhMJXUH+ge1v2 Ef1ERiHnOwp6tLB05+WilkPEFMBhTk1GEeozyw+Dw704A0zdNAaA0vwmU6iJCx9Q34G6 GXld+K9tFv9+AA3wKtwEQAW7gMdCzjYU8H27/IkDmV/8xy8wfvRONdIFn/00Y9jQbEdb PUVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:reply-to:subject:to:references:from :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=kUzhViqxDxkYX/QdfuRu6eFwrAm4147PSgcYHAI5gvI=; b=d9fQqQqOwGHMfdwlE5SEull/gsgyspIuaX8f4EJfFaF6dktP6kYkVdxCsjyRR2aIhk ngAAGywYuP1M53OyFV7+TLeTGSuYXOmmYnXKao50ok/N8253lOqXAlTG7EqvJuXW43+i g8CtZr7W0Fqt9i+sD6BJY1MmG6ea9hk+jw9txiL5tp9MAXKbU9HV1oycsoVmSz0tBgfa 5TSNWZrz2fCz04NaX6gBfsUQpLgLVSVhYkVH8RCm3vceL3ElsEoB7GQRP1LZ7TW9PqYS dBb4Sgzf9xeO3Puo4zt4dA7DRAIhSIWDe6CIpoS4tLiOzTzdPNf+v77nkFIcpKf2ell6 kfMQ== X-Gm-Message-State: AOAM533xNbMUBx4MNHWl1KZRMk6bjWA93ueyQRWB8Qwv89gsyyMC5JXE 4Y350DETEP1ag1/Qhx5HEWAIZ4gS X-Google-Smtp-Source: ABdhPJyK4bXIxEVdDkmivPBW7PQSYJZLekfyldl1S9denlZd2DC3siJ0sdR4cN8o0Kk2jAcV14cD7w== X-Received: by 2002:a17:902:6544:: with SMTP id d4mr21625693pln.138.1595905899680; Mon, 27 Jul 2020 20:11:39 -0700 (PDT) Received: from ?IPv6:2403:5800:7100:5d01:2015:1844:3be6:7181? (2403-5800-7100-5d01-2015-1844-3be6-7181.ip6.aussiebb.net. [2403:5800:7100:5d01:2015:1844:3be6:7181]) by smtp.gmail.com with ESMTPSA id u40sm1050425pjb.39.2020.07.27.20.11.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Jul 2020 20:11:39 -0700 (PDT) Sender: Kubilay Kocak Reply-To: koobs@FreeBSD.org Subject: Re: security/py-pycryptodome: Soft dependency on devel/py-cffi To: "John W. O'Brien" , FreeBSD Python References: <779685b4-2036-b128-da77-31a131d19951@saltant.com> <852935a9-0abb-5284-f06a-f561f80fd0f5@FreeBSD.org> <35334c7b-ad95-6e68-07c8-8c29711940ed@saltant.com> From: Kubilay Kocak Message-ID: <5d4a1521-0739-2e24-1f7f-1dc7a96ea648@FreeBSD.org> Date: Tue, 28 Jul 2020 13:11:35 +1000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Thunderbird/79.0 MIME-Version: 1.0 In-Reply-To: <35334c7b-ad95-6e68-07c8-8c29711940ed@saltant.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4BG1t52V3tz3V22 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=NGIHCEwk; dmarc=none; spf=pass (mx1.freebsd.org: domain of koobsfreebsd@gmail.com designates 2607:f8b0:4864:20::1041 as permitted sender) smtp.mailfrom=koobsfreebsd@gmail.com X-Spamd-Result: default: False [-2.43 / 15.00]; HAS_REPLYTO(0.00)[koobs@FreeBSD.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.20)[-0.199]; FORGED_SENDER(0.30)[koobs@FreeBSD.org,koobsfreebsd@gmail.com]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[]; FROM_NEQ_ENVFROM(0.00)[koobs@FreeBSD.org,koobsfreebsd@gmail.com]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-1.03)[-1.032]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-python@freebsd.org]; DMARC_NA(0.00)[FreeBSD.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::1041:from]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2020 03:11:42 -0000 On 28/07/2020 12:29 pm, John W. O'Brien wrote: > On 2020/07/27 22:08, Kubilay Kocak wrote: >> On 28/07/2020 5:43 am, John W. O'Brien wrote: >>> Greetings FreeBSD Python, >>> >>> I have been mulling over a thing and would like the list's perspective >>> before I decide whether to take action or not. >>> >>> security/py-pycryptodome will use devel/py-cffi if it is available [0] >>> or ctypes otherwise [1]. This makes me just a little bit uneasy since it >>> leaves the door open to certain Heisenbugs and red herrings. My question >>> is whether it warrants adding devel/py-cffi to RUN_DEPENDS to ensure >>> consistency behavior? If not, what about as an OPTION for those who care >>> about that sort of thing? >>> >>> [0] >>> https://github.com/Legrandin/pycryptodome/blob/v3.9.8/lib/Crypto/Util/_raw_api.py#L71-L161 >>> >>> [1] >>> https://github.com/Legrandin/pycryptodome/blob/v3.9.8/lib/Crypto/Util/_raw_api.py#L163-L263 >>> >>> [2] https://en.wikipedia.org/wiki/Heisenbug >>> >> >> The Python Policy section on optional dependencies should cover this: >> >> https://wiki.freebsd.org/Python/PortsPolicy#Optional_Dependencies >> >> tldr; >> >> For either at build or run-time optional dependencies (where the pattern >> is, check if dep exists, use some code path if true, else use another >> code path), add OPTIONS for them. > > OK, so something like this? > > OPTIONS_DEFINE=CFFI > OPTIONS_DEFAULT=CFFI > > CFFI_DESC=Use devel/py-cffi for low-level API instead of ctypes > CFFI_RUN_DEPENDS=${PYTHON_PKGNAMEPREFIX}cffi>=0:devel/py-cffi@${PY_FLAVOR} That's fine. If the option is related to performance, id clarify that in the description. >> Re heisenbugs/etc, this is where support for running test suites in the >> port are critical, let us know in #freebsd-python on freenode IRC if you >> need help getting these hooked up > > I've been looking forward to the day when [3] lands. Is there some other > way to run the test target in a poudriere build? Yes, that would be nice. The other way is to testport -i to enter the jail, at which point you can run `make test` from the port dir > Of course, running test suites in the build environment wouldn't uncover > bugs that are triggered by something that just happens to show up in the > runtime environment. Enabling the OPTIONal things by default would > clearly help. The same as ports defaulting OPTIONS to enabled to benefit package users, python's optional dependency policy is to do the same, such that the default port options are the ones that are tested. Maintainers can and should do more comprehensive testing by testing various combinations of PTIONS > > [3] https://github.com/freebsd/poudriere/pull/355 >