Skip to content

pysaml2: 7.5.0 -> 7.5.2#381222

Merged
GaetanLepage merged 1 commit intoNixOS:masterfrom
melvyn2:fix-pysaml2
Apr 5, 2025
Merged

pysaml2: 7.5.0 -> 7.5.2#381222
GaetanLepage merged 1 commit intoNixOS:masterfrom
melvyn2:fix-pysaml2

Conversation

@melvyn2
Copy link
Copy Markdown
Contributor

@melvyn2 melvyn2 commented Feb 11, 2025
edited
Loading

This update adds a limit on the allowed version of pyopenssl, so an override for the correct version of the package was added (pyopenssl_24_2_1).

There is one new failing test:

FAILED tests/test_schema_validator.py::test_namespace_processing - saml2.xml.schema.XMLSchemaError: {'doc': '<saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">\n            <saml2:Attribute Name="urn:mace:dir:attribute-def:uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">\n                <saml2:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">alum11</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:mace:terena.org:attribute-def:schacHomeOrganization" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">\n                <saml2:AttributeValue xsi:nil="true" xsi:type="xs:string" /></saml2:Attribute></saml2:AttributeStatement>', 'error': '"global xs:simpleType/xs:complexType \'xs:string\' not found"'}

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added the 6.topic: python Python is a high-level, general-purpose programming language. label Feb 11, 2025
@nix-owners nix-owners bot requested a review from natsukium February 11, 2025 16:56
@github-actions github-actions bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. labels Feb 11, 2025
@melvyn2
Copy link
Copy Markdown
Contributor Author

melvyn2 commented Feb 11, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 381222

aarch64-linux

❌ 1 package failed to build:
  • seahub
✅ 27 packages built:
  • matrix-synapse
  • matrix-synapse-plugins.matrix-synapse-ldap3
  • matrix-synapse-plugins.matrix-synapse-ldap3.dist
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam.dist
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider.dist
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth.dist
  • matrix-synapse-unwrapped
  • matrix-synapse-unwrapped.dist
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pyopenssl_24_2_1
  • python312Packages.pyopenssl_24_2_1.dev
  • python312Packages.pyopenssl_24_2_1.dist
  • python312Packages.pyopenssl_24_2_1.doc
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pyopenssl_24_2_1
  • python313Packages.pyopenssl_24_2_1.dev
  • python313Packages.pyopenssl_24_2_1.dist
  • python313Packages.pyopenssl_24_2_1.doc
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist

@melvyn2
Copy link
Copy Markdown
Contributor Author

melvyn2 commented Feb 11, 2025

Seahub will be fixed in #369550, just needs its pyopenssl version to be downgraded to match. It was already broken anyways so it shouldn't be an issue.

GaetanLepage
GaetanLepage reviewed Feb 11, 2025
View reviewed changes
pkgs/top-level/python-packages.nix Outdated
Comment on lines 12422 to 12431
Copy link
Copy Markdown
Contributor

@GaetanLepage GaetanLepage Feb 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that in this case, the override should be declared in the pysaml2 derivation, not as a new package.

Any thoughts @mweinelt ?

Copy link
Copy Markdown
Contributor Author

@melvyn2 melvyn2 Feb 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some dependents of pysaml2 (i.e. seahub) also depend directly on pyopenssl, and so they have to also somehow use the same version. pysaml2 could maybe expose it but that seems more complicated.

Copy link
Copy Markdown
Contributor

@GaetanLepage GaetanLepage Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If they are downstream dependencies, don't they get pyopenssl as a transitive dependency?

Copy link
Copy Markdown
Contributor Author

@melvyn2 melvyn2 Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but in that case they would have to remove pyopenssl from their list of direct dependencies. It's only a stylistic choice at this point, but IMO it would be better for the derivations to keep their direct dependencies explicit if possible.

Copy link
Copy Markdown
Contributor

@GaetanLepage GaetanLepage Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not fond of this duplication.
There is an initiative to switch to cryptography upstream: IdentityPython/pysaml2#977

Maybe, we could wait a bit to see how this turns out.

Copy link
Copy Markdown
Contributor Author

@melvyn2 melvyn2 Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that a solution is actually in sight, it does seem much better to wait.

@melvyn2 melvyn2 marked this pull request as draft February 13, 2025 15:56
@melvyn2
Copy link
Copy Markdown
Contributor Author

melvyn2 commented Mar 17, 2025

Seeing that the upstream PR has been stalled, maybe a temporary fix is still worth it?

@GaetanLepage
Copy link
Copy Markdown
Contributor

GaetanLepage commented Mar 18, 2025

Seeing that the upstream PR has been stalled, maybe a temporary fix is still worth it?

Ok why not, but I would move the override in the pysaml2 derivation.

@jcaesar jcaesar mentioned this pull request Mar 21, 2025
Merged
13 tasks
@melvyn2
Copy link
Copy Markdown
Contributor Author

melvyn2 commented Apr 3, 2025

Very late but I did get around to fixing this.

@melvyn2 melvyn2 marked this pull request as ready for review April 3, 2025 20:58
@melvyn2
Copy link
Copy Markdown
Contributor Author

melvyn2 commented Apr 3, 2025

Oops hadn't tested on master, something's still broken

@melvyn2
Copy link
Copy Markdown
Contributor Author

melvyn2 commented Apr 4, 2025

The only clean solution with recent openssl/pycryptography versions seems to be to patch in the PR, but I'm not sure how acceptable this is.

@GaetanLepage
Copy link
Copy Markdown
Contributor

GaetanLepage commented Apr 4, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 381222

x86_64-linux

✅ 20 packages built:
  • matrix-synapse
  • matrix-synapse-plugins.matrix-synapse-ldap3
  • matrix-synapse-plugins.matrix-synapse-ldap3.dist
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam.dist
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider.dist
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth.dist
  • matrix-synapse-unwrapped
  • matrix-synapse-unwrapped.dist
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist
  • seahub

aarch64-linux

✅ 20 packages built:
  • matrix-synapse
  • matrix-synapse-plugins.matrix-synapse-ldap3
  • matrix-synapse-plugins.matrix-synapse-ldap3.dist
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam.dist
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider.dist
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth.dist
  • matrix-synapse-unwrapped
  • matrix-synapse-unwrapped.dist
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist
  • seahub

x86_64-darwin

✅ 8 packages built:
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist

aarch64-darwin

✅ 8 packages built:
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist

GaetanLepage
GaetanLepage reviewed Apr 4, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@GaetanLepage GaetanLepage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like everything is building now!
A little bit cleaning and it should be ready.

@GaetanLepage
Copy link
Copy Markdown
Contributor

GaetanLepage commented Apr 5, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 381222

x86_64-linux

✅ 20 packages built:
  • matrix-synapse
  • matrix-synapse-plugins.matrix-synapse-ldap3
  • matrix-synapse-plugins.matrix-synapse-ldap3.dist
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam.dist
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider.dist
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth.dist
  • matrix-synapse-unwrapped
  • matrix-synapse-unwrapped.dist
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist
  • seahub

aarch64-linux

✅ 20 packages built:
  • matrix-synapse
  • matrix-synapse-plugins.matrix-synapse-ldap3
  • matrix-synapse-plugins.matrix-synapse-ldap3.dist
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam
  • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam.dist
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider
  • matrix-synapse-plugins.matrix-synapse-s3-storage-provider.dist
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth
  • matrix-synapse-plugins.matrix-synapse-shared-secret-auth.dist
  • matrix-synapse-unwrapped
  • matrix-synapse-unwrapped.dist
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist
  • seahub

x86_64-darwin

✅ 8 packages built:
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist

aarch64-darwin

✅ 8 packages built:
  • python312Packages.djangosaml2
  • python312Packages.djangosaml2.dist
  • python312Packages.pysaml2
  • python312Packages.pysaml2.dist
  • python313Packages.djangosaml2
  • python313Packages.djangosaml2.dist
  • python313Packages.pysaml2
  • python313Packages.pysaml2.dist

GaetanLepage
GaetanLepage reviewed Apr 5, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@GaetanLepage GaetanLepage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@GaetanLepage GaetanLepage merged commit fd60f37 into NixOS:master Apr 5, 2025
25 of 27 checks passed
@melvyn2 melvyn2 deleted the fix-pysaml2 branch August 19, 2025 16:52
@dotlambda dotlambda mentioned this pull request Nov 9, 2025
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GaetanLepage GaetanLepage GaetanLepage left review comments

@natsukium natsukium Awaiting requested review from natsukium

Assignees

No one assigned

Labels

6.topic: python Python is a high-level, general-purpose programming language. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@melvyn2 @GaetanLepage