William Stein wrote:
On Sat, Jan 30, 2010 at 10:16 PM, Dr. David Kirkby
<david.kir...@onetel.net> wrote:
Starting to build Sage, then finding the python builds, but finds to find
the hashlib module is a bit irritating. There is is a specific test for this
in spkg-install.
-------------------------
# Make sure sufficient crypto support is available in the built python.
# This is critical.
python -c "import hashlib"
if [ $? -eq 0 -a -f "$SAGE_LOCAL/bin/python" ]; then
echo "hashlib module imported"
exit 0
else
echo "hashlib module failed to import"
exit 1
fi
-----------------------------
Faillure to build the haslib module results from a failure to find the SSL
libraries. Would it not be more sensible to check for these in prereq, then
exit if they are not found. It would save someone getting half a build.
As a second point, would it seem sensible to add a slightly more informative
error message to python's spkg-install, to indicate the probably cause of
the problem (lack of OpenSSL library) and how one might remedy that?
If there is agreement on these, I'll create two trac tickets, and address
them individually.
If we require SSL, then perhaps we should:
(1) get rid of GNUtls, libcdk, libgcrypt, libgpgerror, and anything
other spkg related to that stack.
(2) should include openssl in Sage.
The reason is that the openssl license is GPL-incompatible. If Sage
requires it to run, then we have to think about the implications of
that.
Technically, I think none of the GPL-'d parts of the Sage binary link
with any of the crypto/ssl libraries. I think the only thing in all
of Sage that binary links directly with ssl is Python itself.
Which is of course a pretty important part of Sage!
Would the answer be to not require that Sage build python with SSL support?
Obviously it would disable cryptographic support in Sage. Would that make Sage
unusable - I somewhat doubt it?
I can't think of any application I personally have for Sage that would require
At the minute python builds, but spkg-install exists due to a failure to have
hashlib. That is a totally unacceptable situation in my honest opinion.
It's
a possibly subtle license question whether we can legally ship openSSL
or not. Personally, I believe it is technically legal. However, we
would certainly have to change the statement in the README.txt about
all components of SAGE being GPLv2+ compatible.
I was not actually suggesting shipping OpenSSL, as I knew there were license
implications.
But I think you would have to agree it is pretty annoying for someone to
download Sage, start a build, then the build fail due to lack of OpenSSL.
I do not believe this issue is unique to Solaris either. I very much doubt
Cygwin, or many small linux distos come with OpenSSL, but it would need to be
selected, then downloaded from a server. So one could not argue the operating
system comes with it.
Personally, I do not believe it is legal to ship OpenSSL and for Sage to remain
GPL, unless you could get the python developers agree to add an clause that
permits linking against OpenSSL.
http://www.openssl.org/support/faq.html#LEGAL2
says. "If you are using GPL software developed by others, you may want to ask
the copyright holder for permission to use their software with OpenSSL."
That might well be worth doing. I can't see it would harm python in any way,
especially given Python will often be linked against OpenSSL anyway.
Note that a few years ago, Sage did ship opensll and not ship the
gnutls stack. Then a student in my Sage class pointed out that
openssl is licensed in a GPL-incompatible way, and that's when we
switched to GNUtls.
I agree with him/her.
Overall, unfortunately it seems that the GNUtls
library and stack is unfortunately not a drop-in replacement for
openssl, and seems to be generally less popular and less well
supported. That things would turn out this way was much less clear
3-4 years ago.
-- William
I can appreciate that.
I feel there needs to be something done to stop the unfortunate situation of
someone starting to build Sage, the build failing some hours later, due to a
reason we could predict within 1 minute of them starting the build.
Dave
--
To post to this group, send an email to sage-devel@googlegroups.com
To unsubscribe from this group, send an email to
sage-devel+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
