[MediaWiki-commits] [Gerrit] [IMPROV] Don't limit cryptography module on 2.6 - change (pywikibot/core)

jenkins-bot (Code Review) Fri, 25 Sep 2015 16:57:49 -0700

jenkins-bot has submitted this change and it was merged.

Change subject: [IMPROV] Don't limit cryptography module on 2.6
......................................................................



[IMPROV] Don't limit cryptography module on 2.6

The cryptography module does complain on Python 2.6 that it's outdated. So it's
using the newest version which doesn't issue that warning. But that could
compromise the security as it won't include security patches.

This is now not limiting that version anymore and installing the newest version
on Python 2.6 as well. By default the deprecation warning is hidden but if the
user still wishes to suppress this warning they can install version 0.8.2 or
before.

Bug: T108061
Change-Id: If5270a0b2214c2f3b124d50180a122bfeeadc3cb
---
M requests-requirements.txt
M requirements.txt
M setup.py
M tests/utils.py
4 files changed, 16 insertions(+), 13 deletions(-)

Approvals:
  John Vandenberg: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/requests-requirements.txt b/requests-requirements.txt
index 2923433..778c9f6 100644
--- a/requests-requirements.txt
+++ b/requests-requirements.txt
@@ -1,9 +1,5 @@
 requests
 
-# Dependency of pyOpenSSL. Use specific version to avoid expected
-# DeprecationWarning
-cryptography<=0.8.2 ; python_version < '2.7'
-
 # requests security extra
 # Bug T105767 on Python 2.7 release 9+
 pyOpenSSL ; python_full_version < '2.7.9' or python_version >= '3'
diff --git a/requirements.txt b/requirements.txt
index c7db758..cad79bf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -21,10 +21,6 @@
 # mandatory; see README.conversion.txt
 requests
 
-# Dependency of pyOpenSSL. Use specific version to avoid expected
-# DeprecationWarning
-cryptography<=0.8.2 ; python_version < '2.7'
-
 # requests security extra
 pyOpenSSL ; python_full_version < '2.7.9'
 ndg-httpsclient ; python_full_version < '2.7.9'
diff --git a/setup.py b/setup.py
index 2a2d63f..6a120b1 100644
--- a/setup.py
+++ b/setup.py
@@ -107,11 +107,6 @@
 
 if sys.version_info[0] == 2:
     if PY26:
-        # requests security extra includes pyOpenSSL. cryptography is the
-        # dependency of pyOpenSSL. 0.8.2 is the newest and compatible version
-        # for Python 2.6, which won't raise unexpected DeprecationWarning.
-        extra_deps['security'].append('cryptography<=0.8.2')
-
         script_deps['replicate_wiki.py'] = ['argparse']
         dependencies.append('future>=0.15.0')  # provides collections backports
 
diff --git a/tests/utils.py b/tests/utils.py
index 654b91b..69f2fae 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -44,6 +44,9 @@
 
 OSWIN32 = (sys.platform == 'win32')
 
+PYTHON_26_CRYPTO_WARN = ('Python 2.6 is no longer supported by the Python core 
'
+                         'team, please upgrade your Python.')
+
 
 class DrySiteNote(RuntimeWarning):
 
@@ -231,6 +234,12 @@
             if PYTHON_VERSION >= (3, 5, 0):
                 if str(entry.message) == ('inspect.getargspec() is deprecated, 
'
                                           'use inspect.signature() instead'):
+                    return
+            # Avoid failures because cryptography is mentioning Python 2.6
+            # is outdated
+            if PYTHON_VERSION < (2, 7):
+                if (isinstance(entry, DeprecationWarning) and
+                        str(entry.message) == PYTHON_26_CRYPTO_WARN):
                     return
 
             log.append(entry)
@@ -557,9 +566,16 @@
     """
     Execute a command and capture outputs.
 
+    On Python 2.6 it adds an option to ignore the deprecation warning from
+    the cryptography package after the first entry of the command parameter.
+
     @param command: executable to run and arguments to use
     @type command: list of unicode
     """
+    if PYTHON_VERSION < (2, 7):
+        command.insert(
+            1, '-W 
ignore:{0}:DeprecationWarning'.format(PYTHON_26_CRYPTO_WARN))
+
     # Any environment variables added on Windows must be of type
     # str() on Python 2.
     env = os.environ.copy()

-- 
To view, visit https://gerrit.wikimedia.org/r/241251
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If5270a0b2214c2f3b124d50180a122bfeeadc3cb
Gerrit-PatchSet: 2
Gerrit-Project: pywikibot/core
Gerrit-Branch: master
Gerrit-Owner: XZise <commodorefabia...@gmx.de>
Gerrit-Reviewer: John Vandenberg <jay...@gmail.com>
Gerrit-Reviewer: Ladsgroup <ladsgr...@gmail.com>
Gerrit-Reviewer: XZise <commodorefabia...@gmx.de>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] [IMPROV] Don't limit cryptography module on 2.6 - change (pywikibot/core)

Reply via email to