WindowsErrbot icon indicating copy to clipboard operation
WindowsErrbot copied to clipboard
verified publisher icon MattHodge

Installation fails due to conflicting cryptography version

Open NeolithEra opened this issue 6 years ago • 1 comments

Hi, users are unable to run WindowsErrbot due to dependency conflict with cryptography package.

As shown in the following full dependency graph of WindowsErrbot, it directly requires cryptography==1.6,while pyOpenSSL==19.0.0 requires cryptography>=2.3.

According to pip’s “first found wins” installation strategy, cryptography==1.6 is the actually installed version. However, cryptography==1.6 does not satisfy cryptography>=2.3.

Dependency tree

windowserrbot-master
| +-ansi(version range:==0.1.3)
| +-beautifulsoup4(version range:==4.5.1)
| +-bottle(version range:==0.12.16)
| +-cffi(version range:==1.9.1)
| +-colorlog(version range:==4.0.2)
| +-cryptography(version range:==1.6)
| | +-idna(version range:>=2.0)
| | +-pyasn1(version range:>=0.1.8)
| | +-setuptools(version range:>=11.3)
| | +-six(version range:>=1.4.1)
| +-daemonize(version range:==2.4.7)
| +-dnspython(version range:==1.15.0)
| +-dnspython3(version range:==1.15.0)
| +-errbot(version range:==4.3.5)
| | +-ansi(version range:*)
| | +-bottle(version range:*)
| | +-colorlog(version range:*)
| | +-dnspython3(version range:*)
| | +-jinja2(version range:*)
| | | +-markupsafe(version range:>=0.23)
| | +-markdown(version range:*)
| | +-pygments(version range:>=2.0.2)
| | | +-coverage(version range:*)
| | | +-nose(version range:*)
| | | +-pyflakes(version range:*)
| | | +-pylint(version range:*)
| | | +-tox(version range:*)
| | +-pygments-markdown-lexer(version range:>=0.1.0.dev39)
| | +-pyopenssl(version range:*)
| | | +-cryptography(version range:>=2.3)
| | | | +-idna(version range:>=2.0)
| | | | +-pyasn1(version range:>=0.1.8)
| | | | +-setuptools(version range:>=11.3)
| | | | +-six(version range:>=1.4.1)
| | | +-six(version range:>=1.5.2)
| | +-requests(version range:*)
| | | +-certifi(version range:>=2017.4.17)
| | | +-chardet(version range:<3.1.0,>=3.0.2)
| | | +-idna(version range:>=2.5,<2.9)
| | | +-urllib3(version range:<1.26,>=1.21.1)
| | +-rocket-errbot(version range:*)
| | +-setuptools(version range:*)
| | +-threadpool(version range:*)
| | +-webtest(version range:*)
| | | +-beautifulsoup4(version range:*)
| | | +-six(version range:*)
| | | +-waitress(version range:>=0.8.5)
| | | +-webob(version range:>=1.2)
| | +-yapsy(version range:>=1.11)
| +-idna(version range:==2.1)
| +-jinja2(version range:==2.10.1)
| | +-markupsafe(version range:>=0.23)
| +-keyring(version range:==19.0.2)
| +-markdown(version range:==2.6.7)
| +-markupsafe(version range:==1.1.1)
| +-ntlm-auth(version range:==1.0.2)
| | +-ordereddict(version range:*)
| | +-six(version range:*)
| +-ordereddict(version range:==1.1)
| +-pyasn1(version range:==0.4.5)
| +-pycparser(version range:==2.17)
| +-pygments(version range:==2.4.2)
| | +-coverage(version range:*)
| | +-nose(version range:*)
| | +-pyflakes(version range:*)
| | +-pylint(version range:*)
| | +-tox(version range:*)
| +-pygments-markdown-lexer(version range:==0.1.0.dev39)
| +-pyopenssl(version range:==19.0.0)
| | +-cryptography(version range:>=2.3)
| | | +-idna(version range:>=2.0)
| | | +-pyasn1(version range:>=0.1.8)
| | | +-setuptools(version range:>=11.3)
| | | +-six(version range:>=1.4.1)
| | +-six(version range:>=1.5.2)

Thanks for your help. Best, Neolith

NeolithEra avatar Aug 15 '19 17:08 NeolithEra

Solution

  1. Fix your direct dependency to be cryptography>=2.3. I have checked this revision will not affect your downstream projects now.
  2. Remove your direct dependency cryptography, and use cryptography transitively introduced by pyopenssl.

Which solution do you prefer, 1 or 2? @MattHodge Please let me know your choice. I can submit a PR to solve this issue.

NeolithEra avatar Aug 15 '19 17:08 NeolithEra