[Nix-dev] Python's hashlib lacks support for RIPEM160 because it's configured w/o openssl
Florian Friesdorf
flo at chaoflow.net
Mon Feb 20 05:36:05 CET 2012
On Fri, 27 Jan 2012 13:35:43 +0100, Peter Simons <simons at cryp.to> wrote:
> Hi guys,
>
> Russell O'Connor discovered a problem in the Python 2.7 expression. We have
> factored support for OpenSSL out into a separately built module. The result is
> that the Python base interpreter is configured believing that OpenSSL won't be
> available. However, this has consequences beyond the 'ssl' module itself. The
> 'hashlib' module lacks support for all digests that are imported from OpenSSL,
> such as RIPEM160, and this omission cannot be remedied by importing
> python.modules.ssl at run-time.
I see a similar problem with the socket library not being ssl aware.
> How do we deal with this problem? The most obviously solution would be to have
> Python depend unconditionally on OpenSSL so that full crypto support is always
> available.
I currently locally take this approach and it solves the problem with
sockets.
> Does anyone have another suggestion?
With help from #python:
We need the openssl headers available during build for socket and hmac
to be openssl aware. We could then remove the ssl module / prevent it
From being installed and have the separately packaged ssl module pull in
openssl as a run-time dependency.
Do we have the concept of build-time vs runtime dependency, i.e. that
python has the openssl headers available during build, but when
installing python from hydra, it won't fetch openssl?
If we have that, what reason do we have not to include openssl in
python's buildInputs?
--
Florian Friesdorf <flo at chaoflow.net>
GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083
Jabber/XMPP: flo at chaoflow.net
IRC: chaoflow on freenode,ircnet,blafasel,OFTC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20120220/01301245/attachment.bin
More information about the nix-dev
mailing list