Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.python > #16545 > unrolled thread

Re: renewed python-sigstore packaging work

Back to article view | Back to linux.debian.maint.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: renewed python-sigstore packaging work Simon Josefsson <simon@josefsson.org> - 2024-12-06 17:00 +0100
    Re: renewed python-sigstore packaging work Louis-Philippe Véronneau <pollo@debian.org> - 2024-12-06 20:20 +0100
      Re: renewed python-sigstore packaging work Simon Josefsson <simon@josefsson.org> - 2024-12-10 18:40 +0100
        Re: renewed python-sigstore packaging work Simon Josefsson <simon@josefsson.org> - 2024-12-21 02:10 +0100
          Re: renewed python-sigstore packaging work Colin Watson <cjwatson@debian.org> - 2024-12-21 23:10 +0100
            Re: renewed python-sigstore packaging work Simon Josefsson <simon@josefsson.org> - 2024-12-22 18:50 +0100

#16545 — Re: renewed python-sigstore packaging work

[Multipart message — attachments visible in raw view] — view raw

stefanor@debian.org writes:

> Hi Simon (2024.12.05_22:48:05_+0000)
>> I'd appreciate help and collaborators on this!
>
> Feel free to add me as an uploader.

Thank you!  Added.

> I think the Python Team would make sense for it. If you're not a member,
> https://salsa.debian.org/python-team/tools/python-modules/blob/master/policy.rst#joining-the-team

I have read that file now and accept it.  My salsa username is 'jas'.

I'm happy to move python-sigstore and python-tuf to the python-modules
namespace, to make it easier for all team members to help.

/Simon

[toc] | [next] | [standalone]

#16548

On 2024-12-06 10 h 57 a.m., Simon Josefsson wrote:
> stefanor@debian.org writes:
> 
>> Hi Simon (2024.12.05_22:48:05_+0000)
>>> I'd appreciate help and collaborators on this!
>>
>> Feel free to add me as an uploader.
> 
> Thank you!  Added.
> 
>> I think the Python Team would make sense for it. If you're not a member,
>> https://salsa.debian.org/python-team/tools/python-modules/blob/master/policy.rst#joining-the-team
> 
> I have read that file now and accept it.  My salsa username is 'jas'.
> 
> I'm happy to move python-sigstore and python-tuf to the python-modules
> namespace, to make it easier for all team members to help.
> 
> /Simon

Welcome to the team!

-- 
   ⢀⣴⠾⠻⢶⣦⠀
   ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
   ⢿⡄⠘⠷⠚⠋   pollo@debian.org / veronneau.org
   ⠈⠳⣄

[toc] | [prev] | [next] | [standalone]

#16566

[Multipart message — attachments visible in raw view] — view raw

Louis-Philippe Véronneau <pollo@debian.org> writes:

> On 2024-12-06 10 h 57 a.m., Simon Josefsson wrote:
>> stefanor@debian.org writes:
>> 
>>> Hi Simon (2024.12.05_22:48:05_+0000)
>>>> I'd appreciate help and collaborators on this!
>>>
>>> Feel free to add me as an uploader.
>> Thank you!  Added.
>> 
>>> I think the Python Team would make sense for it. If you're not a member,
>>> https://salsa.debian.org/python-team/tools/python-modules/blob/master/policy.rst#joining-the-team
>> I have read that file now and accept it.  My salsa username is
>> 'jas'.
>> I'm happy to move python-sigstore and python-tuf to the
>> python-modules
>> namespace, to make it easier for all team members to help.
>> /Simon
>
> Welcome to the team!

Thank you!

There is now:

https://salsa.debian.org/python-team/packages/python-tuf
https://salsa.debian.org/python-team/packages/sigstore-python

The first is stuck waiting for a new version of python-securesystemslib:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089125

The second is pending other unpackaged dependencies, I'll try to work on
them one by one...

Feel free to help and join by adding yourself to Uploaders and make
commits to these repositories.  So far I've force-pushed updates to the
first commit contains everything, but that's a bad idea going forward so
I'll stop.

/Simon

[toc] | [prev] | [next] | [standalone]

#16606

[Multipart message — attachments visible in raw view] — view raw

Simon Josefsson <simon@josefsson.org> writes:

> https://salsa.debian.org/python-team/packages/python-tuf

I have uploaded 5.1.0-2 to unstable, however I would appreciate review
of python-tuf since I'm new to python packaging.  My main concern is
about debian/tests/ and if there are better approaches?

> https://salsa.debian.org/python-team/packages/sigstore-python

I'm happy to report that this now builds!  Please review packaging.

However it does not yet run, there is a failure that shows up during
build too:

https://salsa.debian.org/python-team/packages/sigstore-python/-/jobs/6793076#L1421

For the ones who want to try out bleeding edge and perhaps debug things
further, please try something like this (keep in mind that this
downloads untrusted stuff...):

podman run -it --rm debian:unstable
echo "deb [trusted=yes] https://salsa.debian.org/python-team/packages/python-grpclib/-/jobs/6792419/artifacts/raw/aptly unstable main" | tee --append /etc/apt/sources.list.d/add.list
echo "deb [trusted=yes] https://salsa.debian.org/python-team/packages/python-betterproto/-/jobs/6792726/artifacts/raw/aptly unstable main" | tee --append /etc/apt/sources.list.d/add.list
echo "deb [trusted=yes] https://salsa.debian.org/python-team/packages/python-sigstore-rekor-types/-/jobs/6792765/artifacts/raw/aptly unstable main" | tee --append /etc/apt/sources.list.d/add.list
echo "deb [trusted=yes] https://salsa.debian.org/python-team/packages/python-sigstore-protobuf-specs/-/jobs/6792898/artifacts/raw/aptly unstable main" | tee --append /etc/apt/sources.list.d/add.list
echo "deb [trusted=yes] https://salsa.debian.org/python-team/packages/rfc8785/-/jobs/6792999/artifacts/raw/aptly unstable main" | tee --append /etc/apt/sources.list.d/add.list
echo "deb [trusted=yes] https://salsa.debian.org/python-team/packages/sigstore-python/-/jobs/6793079/artifacts/raw/aptly unstable main" | tee --append /etc/apt/sources.list.d/add.list
echo >>/etc/apt/apt.conf.d/99verify-peer.conf "Acquire { https::Verify-Peer false }"
apt update
apt install -y sigstore

The error message is below, does anyone have ideas?  I wonder if
pydantic in Debian is too old, or something.

/Simon

root@ab7dd93df2f1:/# sigstore
Traceback (most recent call last):
  File "/usr/bin/sigstore", line 5, in <module>
    from sigstore._cli import main
  File "/usr/lib/python3/dist-packages/sigstore/_cli.py", line 38, in <module>
    from sigstore import __version__, dsse
  File "/usr/lib/python3/dist-packages/sigstore/dsse/__init__.py", line 33, in <module>
    from sigstore.hashes import Hashed
  File "/usr/lib/python3/dist-packages/sigstore/hashes.py", line 28, in <module>
    class Hashed(BaseModel, frozen=True):
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_model_construction.py", line 226, in __new__
    complete_model_class(
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_model_construction.py", line 658, in complete_model_class
    schema = cls.__get_pydantic_core_schema__(cls, handler)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/main.py", line 702, in __get_pydantic_core_schema__
    return handler(source)
           ^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_schema_generation_shared.py", line 84, in __call__
    schema = self._handler(source_type)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 610, in generate_schema
    schema = self._generate_schema_inner(obj)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 879, in _generate_schema_inner
    return self._model_schema(obj)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 691, in _model_schema
    {k: self._generate_md_field_schema(k, v, decorators) for k, v in fields.items()},
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 1071, in _generate_md_field_schema
    common_field = self._common_field_schema(name, field_info, decorators)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 1263, in _common_field_schema
    schema = self._apply_annotations(
             ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 2056, in _apply_annotations
    schema = get_inner_schema(source_type)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_schema_generation_shared.py", line 84, in __call__
    schema = self._handler(source_type)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 2037, in inner_handler
    schema = self._generate_schema_inner(obj)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 884, in _generate_schema_inner
    return self.match_type(obj)
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 995, in match_type
    return self._unknown_type_schema(obj)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/_internal/_generate_schema.py", line 513, in _unknown_type_schema
    raise PydanticSchemaGenerationError(
pydantic.errors.PydanticSchemaGenerationError: Unable to generate pydantic-core schema for <enum 'HashAlgorithm'>. Set `arbitrary_types_allowed=True` in the model_config to ignore this error or implement `__get_pydantic_core_schema__` on your type to fully support it.

If you got this error by calling handler(<some type>) within `__get_pydantic_core_schema__` then you likely need to call `handler.generate_schema(<some type>)` since we do not call `__get_pydantic_core_schema__` on `<some type>` otherwise to avoid infinite recursion.

For further information visit https://errors.pydantic.dev/2.10/u/schema-for-unknown-type
root@ab7dd93df2f1:/# 

[toc] | [prev] | [next] | [standalone]

#16609

On Sat, Dec 21, 2024 at 02:01:27AM +0100, Simon Josefsson wrote:
> Simon Josefsson <simon@josefsson.org> writes:
> > https://salsa.debian.org/python-team/packages/python-tuf
> 
> I have uploaded 5.1.0-2 to unstable, however I would appreciate review
> of python-tuf since I'm new to python packaging.  My main concern is
> about debian/tests/ and if there are better approaches?

I haven't done a full review, but a quick note on the point you brought
up: it looks to me as though you could replace the whole of
debian/tests/ with the field "Testsuite: autopkgtest-pkg-pybuild" in the
source stanza of debian/control.  See pybuild-autopkgtest(1).

> The error message is below, does anyone have ideas?  I wonder if
> pydantic in Debian is too old, or something.

pydantic in Debian is current (assuming this is unstable, anyway - I did
a small upstream version bump quite recently).  Does upstream test with
the latest version?

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

[toc] | [prev] | [next] | [standalone]

#16612

[Multipart message — attachments visible in raw view] — view raw

Colin Watson <cjwatson@debian.org> writes:

> On Sat, Dec 21, 2024 at 02:01:27AM +0100, Simon Josefsson wrote:
>> Simon Josefsson <simon@josefsson.org> writes:
>> > https://salsa.debian.org/python-team/packages/python-tuf
>> 
>> I have uploaded 5.1.0-2 to unstable, however I would appreciate review
>> of python-tuf since I'm new to python packaging.  My main concern is
>> about debian/tests/ and if there are better approaches?
>
> I haven't done a full review, but a quick note on the point you brought
> up: it looks to me as though you could replace the whole of
> debian/tests/ with the field "Testsuite: autopkgtest-pkg-pybuild" in the
> source stanza of debian/control.  See pybuild-autopkgtest(1).

Thanks -- I had some trouble with autopkgtest-pkg-pybuild when I started
packaging, and removed it to simplify things, but later forgot to add it
back in.  It work fine for python-tuf:

https://salsa.debian.org/python-team/packages/python-tuf/-/jobs/6802287

I'll try to adapt this for all the new packages too.

>> The error message is below, does anyone have ideas?  I wonder if
>> pydantic in Debian is too old, or something.
>
> pydantic in Debian is current (assuming this is unstable, anyway - I did
> a small upstream version bump quite recently).  Does upstream test with
> the latest version?

Ah -- I will debug more and will consider that Debian's pydantic may
actually be too new instead.

/Simon

[toc] | [prev] | [standalone]

Back to top | Article view | linux.debian.maint.python

csiph-web