On Fri, 27 Jan 2012 13:35:43 +0100, Peter Simons <sim...@cryp.to> wrote: > Hi guys, > > Russell O'Connor discovered a problem in the Python 2.7 expression. We have > factored support for OpenSSL out into a separately built module. The result is > that the Python base interpreter is configured believing that OpenSSL won't be > available. However, this has consequences beyond the 'ssl' module itself. The > 'hashlib' module lacks support for all digests that are imported from OpenSSL, > such as RIPEM160, and this omission cannot be remedied by importing > python.modules.ssl at run-time.
I see a similar problem with the socket library not being ssl aware. > How do we deal with this problem? The most obviously solution would be to have > Python depend unconditionally on OpenSSL so that full crypto support is always > available. I currently locally take this approach and it solves the problem with sockets. > Does anyone have another suggestion? With help from #python: We need the openssl headers available during build for socket and hmac to be openssl aware. We could then remove the ssl module / prevent it From being installed and have the separately packaged ssl module pull in openssl as a run-time dependency. Do we have the concept of build-time vs runtime dependency, i.e. that python has the openssl headers available during build, but when installing python from hydra, it won't fetch openssl? If we have that, what reason do we have not to include openssl in python's buildInputs? -- Florian Friesdorf <f...@chaoflow.net> GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083 Jabber/XMPP: f...@chaoflow.net IRC: chaoflow on freenode,ircnet,blafasel,OFTC
pgp58Khk9xllC.pgp
Description: PGP signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev