st2 icon indicating copy to clipboard operation
st2 copied to clipboard
verified publisher icon StackStorm

pin python-ldap

Open guzzijones opened this issue 4 months ago • 5 comments

SUMMARY

Pin python-ldap. they just relased a new version that does not work with python3,8

guzzijones avatar Oct 25 '25 13:10 guzzijones

need to pin python-ldap. they just released a new version and it does not work with 3.8

[wheelhouse: st2] [19:03:31]      Processing /tmp/wheelhouse/idna-3.11-py3-none-any.whl
[wheelhouse: st2] [19:03:31]        File was already downloaded /tmp/wheelhouse/idna-3.11-py3-none-any.whl
[wheelhouse: st2] [19:03:31]      Collecting repoze.lru>=0.3
[wheelhouse: st2] [19:03:31]        Using cached repoze.lru-0.7-py3-none-any.whl (10 kB)
[wheelhouse: st2] [19:03:31]      Collecting python-ldap<3.5.0,>=3.4.0
[wheelhouse: st2] [19:03:31]        Using cached python_ldap-3.4.5.tar.gz (388 kB)
[wheelhouse: st2] [19:03:31]        Installing build dependencies: started
[wheelhouse: st2] [19:03:35]        Installing build dependencies: finished with status 'done'
[wheelhouse: st2] [19:03:35]        Getting requirements to build wheel: started
[wheelhouse: st2] [19:03:35]        Getting requirements to build wheel: finished with status 'done'
[wheelhouse: st2] [19:03:35]        Installing backend dependencies: started
[wheelhouse: st2] [19:03:36]        Installing backend dependencies: finished with status 'done'
[wheelhouse: st2] [19:03:36]          Preparing wheel metadata: started
[wheelhouse: st2] [19:03:36]          Preparing wheel metadata: finished with status 'done'
[wheelhouse: st2] [19:03:36]        WARNING: Generating metadata for package python-ldap produced metadata for project name unknown. Fix your #egg=python-ldap fragments.
[wheelhouse: st2] [19:03:36]      ERROR: Exception:
[wheelhouse: st2] [19:03:36]      Traceback (most recent call last):
[wheelhouse: st2] [19:03:36]        File "/usr/local/lib/python3.8/dist-packages/pip/_internal/cli/base_command.py", line 224, in _main
[wheelhouse: st2] [19:03:36]          status = self.run(options, args)
[wheelhouse: st2] [19:03:36]        File "/usr/local/lib/python3.8/dist-packages/pip/_internal/cli/req_command.py", line 180, in wrapper
[wheelhouse: st2] [19:03:36]          return func(self, options, args)
[wheelhouse: st2] [19:03:36]        File "/usr/local/lib/python3.8/dist-packages/pip/_internal/commands/wheel.py", line 154, in run
[wheelhouse: st2] [19:03:36]          requirement_set = resolver.resolve(
[wheelhouse: st2] [19:03:36]        File "/usr/local/lib/python3.8/dist-packages/pip/_internal/resolution/legacy/resolver.py", line 180, in resolve
[wheelhouse: st2] [19:03:36]          discovered_reqs.extend(self._resolve_one(requirement_set, req))
[wheelhouse: st2] [19:03:36]        File "/usr/local/lib/python3.8/dist-packages/pip/_internal/resolution/legacy/resolver.py", line 419, in _resolve_one
[wheelhouse: st2] [19:03:36]          assert req_to_install.user_supplied

guzzijones avatar Oct 25 '25 13:10 guzzijones

Good catch. Digging into the python-ldap history a bit:

3.4.5 includes some CVE fixes and makes reconnect handling more reliable, so if we can make it work, that would be good. https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5

During release (from the 3.4 branch), it looks like they disabled CI for python 3.6 and 3.7 even though the package metadata still claims compatibility. https://github.com/python-ldap/python-ldap/commit/bf666e918615b00dbcd1bbe71542522eedfdffc1

But, the python 3.8 CI passed for them: https://github.com/python-ldap/python-ldap/actions/runs/18417030679/job/52483057490 https://github.com/python-ldap/python-ldap/actions/runs/18417030652/job/52483057627

Version 4.0 (on branch main), which hasn't been released yet, "deprecates" support for python 3.6-3.8, removing CI for those python versions. https://github.com/python-ldap/python-ldap/pull/583

The lockfile has python-ldap 3.4.4, so pinning the dep is also a good fix.

Next up, figure out why 3.4.5 compile is failing. https://github.com/python-ldap/python-ldap/compare/python-ldap-3.4.4...python-ldap-3.4.5

Looks like they switched from setup.py to pyproject.toml which requires "newer" setuptools. So, what version of setuptools is CircleCI using? https://github.com/python-ldap/python-ldap/pull/589

cognifloyd avatar Oct 25 '25 15:10 cognifloyd

The makefile has pip 25.0.1, so why is the failed CircleCI build using pip 20.3.3?! That could mess it up.

[wheelhouse : st2] [19:03:36] WARNING: You are using pip v ersion 20.3.3; however, version 25.0.1 is available .

https://github.com/StackStorm/st2-packages/blob/ef64ba1ac2ca81fb38b24fcfcc2f7fbabccf53be/packages/st2/debian/rules#L14

PIP_VERSION = 20.3.3

Which should be updated by: https://github.com/StackStorm/st2/blob/240315e6c357147999a5374f8a27bf3ada988ff9/.circleci/config.yml#L161

So why isn't that change propagating to the later steps?

cognifloyd avatar Oct 25 '25 16:10 cognifloyd

I wasted far too much time trying to follow the path through layers of circleci config, makefiles, docker-compose, docker entry points, ruby weirdness.

@guzzijones would you be willing to create a PR in st2-packages that updates PIP_VERSION? Hopefully that fixes the current breakage where pip can't find the package name because it is in pyprojects.toml instead of setup.py.

cognifloyd avatar Oct 25 '25 17:10 cognifloyd

i will work on it Monday.

guzzijones avatar Oct 26 '25 22:10 guzzijones