foolscap 0.6.1 has no such extra feature 'secure_connections'

[zooko]

Charles N Wyble posted this:

​http://tahoe-lafs.org/pipermail/tahoe-dev/2011-March/006239.html

harles at charles-laptop:~/projects/bluejacket/allmydata-tahoe-1.8.2$ 
python setup.py build
Traceback (most recent call last):
   File "setup.py", line 78, in <module>
     import setuptools; setuptools.bootstrap_install_from = egg
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/setuptools/__init__.py", 
line 2, in <module>
     from setuptools.extension import Extension, Library
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/setuptools/extension.py", 
line 2, in <module>
     from dist import _get_unpatched
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/setuptools/dist.py", 
line 6, in <module>
     from setuptools.command.sdist import sdist
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/setuptools/command/sdist.py", 
line 5, in <module>
     import os, re, sys, pkg_resources
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/pkg_resources.py", 
line 2628, in <module>
     working_set.require(__requires__)
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/pkg_resources.py", 
line 676, in require
     needed = self.resolve(parse_requirements(requirements))
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/pkg_resources.py", 
line 580, in resolve
     requirements.extend(dist.requires(req.extras)[::-1])
   File 
"/home/charles/projects/bluejacket/allmydata-tahoe-1.8.2/setuptools-0.6c16dev3.egg/pkg_resources.py", 
line 2181, in requires
     "%s has no such extra feature %r" % (self, ext)
pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 
'secure_connections'
charles at charles-laptop:~/projects/bluejacket/allmydata-tahoe-1.8.2$

I guess you have an installation of foolscap which doesn't declare that it has an extra feature named 'secure_connections'. Tahoe-LAFS specifies that it depends on foolscap with the 'secure_connections' feature.

[davidsarah]

(Removed commentary about possible fixes from Description; the Description should only describe the bug.)

zooko wrote:

Could you help us make sure this is what happened by telling us about your installation of foolscap? I haven't heard of this problem before, so perhaps you did something that most people don't do, such as installing foolscap yourself before installing Tahoe-LAFS, and doing so without having setuptools installed.

Charles replied on tahoe-dev that he believed the installation was by apt-get, on fully-patched Ubuntu 11.04 alpha3.

A quick workaround for you would be to delete whatever installation of foolscap you have there and rerun Tahoe-LAFS's python setup.py build. This will cause it to download foolscap source code and build a new package.

I'm not sure what a better long-term solution would be. I can think of a few things that would make sure this problem doesn't happen again to someone else:

1. The maintainer of foolscap (Brian Warner) could make setuptools a hard requirement to build foolscap packages so that people wouldn't get foolscap packages without the 'secure_connections' feature declared.

2. We could hack the fork of setuptools which is bundled into the Tahoe-LAFS source tree (sometimes called "zetuptoolz") so that it doesn't treat a missing extra as a fatal error. The theory being that if the package doesn't declare an extra then probably it actually has that extra but didn't declare it.

Well, if the installed package doesn't satisfy the dependency (for whatever reason), then setuptools should try to download a version that does. Even if the latter has the same version number, it might not have the same packaging error.

OTOH I'm pretty hacked off with the quantity and subtlety of setuptools bugs and misdesign; we've reached a point of diminishing returns in attempting to fix it.

3. The maintainer of foolscap could make pyOpenSSL a hard requirement of foolscap instead of an "extra". I think there used to be a user of foolscap who wanted to use it without secure connections, but perhaps they've stopped using it that way. In any case, it wouldn't harm them very much if it came with secure connections even if they didn't want to use them.

Hm... try as I might I can't think of any other solutions that I would support besides these three. One solution that I would not support is to add documentation to ​quickstart.html instructing the user to install pyOpenSSL manually, or to install setuptools manually before installing foolscap.

Oh, there is one more possibility:

4. Add a declaration to Tahoe-LAFS that it depends on pyOpenSSL and remove from foolscap the declaration that it depends on pyOpenSSL. This is technically incorrect (Tahoe-LAFS doesn't depend on pyOpenSSL directly), but Tahoe-LAFS's build scripts are guaranteed to be executed with setuptools present, so we can at least make it work for all users that way.

[charlesnw]

This was installed via apt-get:

ii python-foolscap 0.6.1-1 object-capability-based RPC system for Twisted Python

I'm doing an apt-get dist-upgrade now (on Ubuntu 11.04). Maybe that will fix it. Will report back once it's completed.

[zooko]

Need input from Brian to proceed.

[zooko]

Replying to davidsarah:

(Removed commentary about possible fixes from Description; the Description should only describe the bug.)

Okay, I'll try to confine the possible fixes to first comment instead of the Description. Also, next time you move my text could you please preserve it whole in its new location and then make a separate comment for your reply? I'm concerned that the interspersal of your reply with my proposed fixes in comment:1 may make it harder for Brian to appreciate the brilliance of my proposed fixes. ;-)

[zooko]

Replying to davidsarah:

2. We could hack the fork of setuptools which is bundled into the Tahoe-LAFS source tree (sometimes called "zetuptoolz") so that it doesn't treat a missing extra as a fatal error. The theory being that if the package doesn't declare an extra then probably it actually has that extra but didn't declare it.

Well, if the installed package doesn't satisfy the dependency (for whatever reason), then setuptools should try to download a version that does. Even if the latter has the same version number, it might not have the same packaging error.

I agree that would be better behavior for zetuptoolz than my proposed behavior for zetuptoolz, and I also agree that I really don't want to try to improve zetuptoolz's behavior. If we had a good way to unit-test zetuptoolz's behavior on our buildbot then maybe, but currently I think I would first have to improve the ways that our buildbot unit-tests zetuptoolz's behavior and then improve zetuptoolz's behavior, and that's a lot of work for this one issue. I no longer think of setuptools/zetuptoolz as a good long-term investment so I no longer think that all of that work would pay for itself again in more and more future issues.

That said, I don't see any other solution to this one issue than the ones we've listed here...

[zooko]

I remember that foolscap had a user or else a potential user who wanted to use it with insecure connections. I also remember that foolscap has only ever had two projects that depended on it: Tahoe-LAFS and ipython. I heard the unsubstantiated rumor and that ipython has subsequently stopped using foolscap and replaced it with ZeroMQ. (Although those are two different classes of tool, but whatever.)

So, if ipython was the one user who wanted insecure connections, then perhaps nobody would mind if foolscap gained a hard dependency on pyOpenSSL.

Hm, it looks like the current release of ipython depends on foolscap and also hard-depends on pyOpenSSL! ​http://ipython.scipy.org/doc/rel-0.10.1/html/install/install.html#dependencies-for-ipython-kernel-parallel-computing

Also note that gaining a hard dependency on pyOpenSSL doesn't preclude foolscap from offering its "insecure connections" feature and doesn't preclude people from using it.

So anyway, I would like it if Brian would make pyOpenSSL be a hard dependency of foolscap. This would simplify matters as far as dependency management goes, and doesn't seem to cause much harm. People who aren't using setuptools/easy_install/pip/virtualenv don't even notice whether or not foolscap declares pyOpenSSL to be a dependency.

[davidsarah]

+1 on making pyOpenSSL be a hard dependency of foolscap, if Brian agrees.

zooko: sorry about not preserving your comment, you're right that I should have replied separately.

[charlesnw]

Here are the steps to reproduce. This is from a clean install of Ubuntu 11.04:

1) Download the tahoe dist zip

2) Install deps first round. (sudo apt-get install build-essential libpython2.7-dev )

3) As root python setup.py build && python setup.py install

4) ( sudo apt-get install python-pycryptopp python-mock python-asn1 python-nevow python-foolscap )

That generates the error in the ticket description.

[zooko]

I opened ​http://foolscap.lothar.com/trac/ticket/174 to track this within the context of foolscap.

[zooko]

Replying to charlesnw:

Here are the steps to reproduce. This is from a clean install of Ubuntu 11.04:

1) Download the tahoe dist zip

2) Install deps first round. (sudo apt-get install build-essential libpython2.7-dev )

3) As root python setup.py build && python setup.py install

4) ( sudo apt-get install python-pycryptopp python-mock python-asn1 python-nevow python-foolscap )

That generates the error in the ticket description.

I don't understand what step 4 means here. Don't you stop after you run step 3 and get the error in the ticket description?

Also, please paste into this ticket the output from:

python -c 'import pkg_resources;print pkg_resources.require("Foolscap")'

and

python -c 'import foolscap;print foolscap;print foolscap.__version__'

Thanks!

[charlesnw]

python -c 'import pkg_resources;print pkg_resources.require("Foolscap")'

[foolscap 0.6.1 (/usr/local/lib/python2.7/dist-packages)]

python -c 'import foolscap;print foolscap;print foolscap.version'

<module 'foolscap' from '/usr/local/lib/python2.7/dist-packages/foolscap/init.pyc'> 0.6.1

[zooko]

Replying to charlesnw:

python -c 'import pkg_resources;print pkg_resources.require("Foolscap")'

[foolscap 0.6.1 (/usr/local/lib/python2.7/dist-packages)]

python -c 'import foolscap;print foolscap;print foolscap.version'

<module 'foolscap' from '/usr/local/lib/python2.7/dist-packages/foolscap/init.pyc'> 0.6.1

The word "local" in there makes me think this is something you installed yourself rather that Ubuntu's packaging. On Ubuntu 10.04 Lucid, at least, the locations are:

$ python -c 'import pkg_resources;print pkg_resources.require("Foolscap")'
[foolscap 0.5.1 (/usr/lib/pymodules/python2.6), Twisted 10.0.0 (/usr/lib/python2.6/dist-packages)]
$ python -c 'import foolscap;print foolscap;print foolscap.__version__'
<module 'foolscap' from '/usr/lib/pymodules/python2.6/foolscap/__init__.pyc'>
0.5.1

[zooko]

Here are three more useful tests. (The results shown here are on Ubuntu 10.04 Lucid.)

$ dpkg --listfiles python-foolscap  | grep __init__
/usr/share/pyshared/foolscap/__init__.py

and

$ dpkg --listfiles python-foolscap  | grep info 
/usr/share/pyshared/foolscap-0.5.1.egg-info
/usr/share/pyshared/foolscap-0.5.1.egg-info/dependency_links.txt
/usr/share/pyshared/foolscap-0.5.1.egg-info/top_level.txt
/usr/share/pyshared/foolscap-0.5.1.egg-info/SOURCES.txt
/usr/share/pyshared/foolscap-0.5.1.egg-info/requires.txt
/usr/share/pyshared/foolscap-0.5.1.egg-info/PKG-INFO

and

$ cat /usr/share/pyshared/foolscap-0.5.1.egg-info/requires.txt
twisted >= 2.4.0

[secure_connections]
pyOpenSSL

charles: could you please run a similar set of tests on your machine and paste the results in here? (You can wrap text in {{{ }}} so that trac will treat it as a preformatted.)

[charlesnw]

Hmmm...

root@kiab:~/pcapr.Local/pcaps#  dpkg --listfiles python-foolscap  | grep __init__
Package `python-foolscap' is not installed.
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
root@kiab:~/pcapr.Local/pcaps# apt-get install python-foolscap
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  python-foolscap
0 upgraded, 1 newly installed, 0 to remove and 59 not upgraded.
1 not fully installed or removed.
Need to get 398 kB of archives.
After this operation, 1,905 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ natty/universe python-foolscap all 0.6.1-1 [398 kB]
Fetched 398 kB in 4s (94.5 kB/s)
Selecting previously deselected package python-foolscap.
(Reading database ... 323779 files and directories currently installed.)
Unpacking python-foolscap (from .../python-foolscap_0.6.1-1_all.deb) ...
Processing triggers for man-db ...
Setting up python-foolscap (0.6.1-1) ...

root@kiab:~/pcapr.Local/pcaps# tahoe
Traceback (most recent call last):
  File "/usr/local/bin/tahoe", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2671, in <module>
    working_set.require(__requires__)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 654, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 557, in resolve
    requirements.extend(dist.requires(req.extras)[::-1])
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2180, in requires
    "%s has no such extra feature %r" % (self, ext)
pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'
root@kiab:~/pcapr.Local/pcaps#

[charlesnw]

Also

root@kiab:~/pcapr.Local/pcaps# cd /usr/local/lib
root@kiab:/usr/local/lib# cd python2.7/
root@kiab:/usr/local/lib/python2.7# cd dist-packages/
root@kiab:/usr/local/lib/python2.7/dist-packages# ls
allmydata  allmydata_tahoe-1.8.2-py2.7.egg-info  buildtest  easy-install.pth  foolscap  foolscap-0.6.1.egg-info  tweepy-1.7.1-py2.7.egg
root@kiab:/usr/local/lib/python2.7/dist-packages# rm -rf foolscap
root@kiab:/usr/local/lib/python2.7/dist-packages# tahoe
Traceback (most recent call last):
  File "/usr/local/bin/tahoe", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2671, in <module>
    working_set.require(__requires__)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 654, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 557, in resolve
    requirements.extend(dist.requires(req.extras)[::-1])
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2180, in requires
    "%s has no such extra feature %r" % (self, ext)
pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'
root@kiab:/usr/local/lib/python2.7/dist-packages#

[charlesnw]

root@kiab:/usr/local/lib/python2.7/dist-packages# dpkg --listfiles python-foolscap  | grep __init__
/usr/share/pyshared/foolscap/__init__.py
/usr/share/pyshared/foolscap/test/__init__.py
/usr/share/pyshared/foolscap/appserver/__init__.py
/usr/share/pyshared/foolscap/slicers/__init__.py
/usr/share/pyshared/foolscap/logging/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/slicers/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/logging/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/appserver/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/test/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/slicers/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/logging/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/appserver/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/test/__init__.py
root@kiab:/usr/local/lib/python2.7/dist-packages#  dpkg --listfiles python-foolscap  | grep info
/usr/share/pyshared/foolscap-0.6.1.egg-info
/usr/lib/python2.6/dist-packages/foolscap-0.6.1.egg-info
/usr/lib/python2.7/dist-packages/foolscap-0.6.1.egg-info
root@kiab:/usr/local/lib/python2.7/dist-packages# cat /usr/share/pyshared/foolscap-0.5.1.egg-info/requires.txt
cat: /usr/share/pyshared/foolscap-0.5.1.egg-info/requires.txt: No such file or directory
root@kiab:/usr/local/lib/python2.7/dist-packages#

[charlesnw]

Horrible formatting. Here we go:

root@kiab:/usr/local/lib/python2.7/dist-packages# dpkg --listfiles python-foolscap  | grep __init__
/usr/share/pyshared/foolscap/__init__.py
/usr/share/pyshared/foolscap/test/__init__.py
/usr/share/pyshared/foolscap/appserver/__init__.py
/usr/share/pyshared/foolscap/slicers/__init__.py
/usr/share/pyshared/foolscap/logging/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/slicers/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/logging/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/appserver/__init__.py
/usr/lib/python2.6/dist-packages/foolscap/test/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/slicers/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/logging/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/appserver/__init__.py
/usr/lib/python2.7/dist-packages/foolscap/test/__init__.py
root@kiab:/usr/local/lib/python2.7/dist-packages#  dpkg --listfiles python-foolscap  | grep info
/usr/share/pyshared/foolscap-0.6.1.egg-info
/usr/lib/python2.6/dist-packages/foolscap-0.6.1.egg-info
/usr/lib/python2.7/dist-packages/foolscap-0.6.1.egg-info
root@kiab:/usr/local/lib/python2.7/dist-packages# cat /usr/share/pyshared/foolscap-0.5.1.egg-info/requires.txt
cat: /usr/share/pyshared/foolscap-0.5.1.egg-info/requires.txt: No such file or directory
root@kiab:/usr/local/lib/python2.7/dist-packages#

[zooko]

Charles:

Thanks for your help.

Please use the following commands again to see which foolscap is being used now that you've installed python-foolscap from Ubuntu and attempted to delete your locally-installed version of foolscap:

python -c 'import pkg_resources;print pkg_resources.require("Foolscap")'

and

python -c 'import foolscap;print foolscap;print foolscap.__version__'

Next, it looks like you tried to examine "foolscap-0.5.1.egg-info" at the end there, but the file or directory was named "foolscap-0.6.1.egg-info". Could you please describe the contents of that file or directory?

[davidsarah]

Replying to charlesnw:

Also

root@kiab:~/pcapr.Local/pcaps# cd /usr/local/lib
root@kiab:/usr/local/lib# cd python2.7/
root@kiab:/usr/local/lib/python2.7# cd dist-packages/
root@kiab:/usr/local/lib/python2.7/dist-packages# ls
allmydata  allmydata_tahoe-1.8.2-py2.7.egg-info  buildtest  easy-install.pth  foolscap  foolscap-0.6.1.egg-info  tweepy-1.7.1-py2.7.egg
root@kiab:/usr/local/lib/python2.7/dist-packages# rm -rf foolscap

If you remove the foolscap directory, you should also remove foolscap-0.6.1.egg-info, otherwise setuptools will be confused (or remain confused, in this case).

[charlesnw]

Here you go:

wgw-whg@kiab:~$ python -c 'import pkg_resources;print pkg_resources.require("Foolscap")'
[foolscap 0.6.1 (/usr/lib/python2.7/dist-packages)]


wgw-whg@kiab:~$ python -c 'import foolscap;print foolscap;print foolscap.__version__'
<module 'foolscap' from '/usr/lib/python2.7/dist-packages/foolscap/__init__.pyc'>
0.6.1

Tahoe still fails with pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'

[zooko]

Interesting. Okay, so it *does* seem to be a problem with the packaging of foolscap in Ubuntu 11.04. Please confirm this by finding the metadata (you earlier found it in /usr/lib/python2.7/dist-packages/foolscap-0.6.1.egg-info) and attaching it to this ticket. It might be a file or it might be a directory -- in the latter case please archive the whole thing (it should only be a few KB) and attach it. Thanks!

I think the way forward is for Tahoe-LAFS to stop asking foolscap for secure_connections and for foolscap to start making secure connections available to clients even if they don't ask for them by name.

I've submitted a patch for foolscap that would do this: ​http://foolscap.lothar.com/trac/ticket/174 . Here is a patch to Tahoe-LAFS that you can try out, Charles:

--- old-ticket1385/src/allmydata/_auto_deps.py  2011-04-19 12:47:39.000000000 -0600
+++ new-ticket1385/src/allmydata/_auto_deps.py  2011-04-19 12:47:39.000000000 -0600
@@ -23,7 +23,7 @@
     # of size N.
     # foolscap < 0.6 is incompatible with Twisted 10.2.0.
     # foolscap 0.6.1 quiets a DeprecationWarning.
-    "foolscap[secure_connections] >= 0.6.1",
+    "foolscap >= 0.6.1",
 
     "Nevow >= 0.6.0",
 

[davidsarah]

Changing Tahoe's requirement to "foolscap >= 0.6.1" will only cause it to fail later if the installed foolscap doesn't have secure_connections. We'd have to change it to "foolscap >= 0.6.2", and release a 0.6.2 that always has secure connections.

[zooko]

David-Sarah: good point. If Charles tries that patch he may indeed experience the "it fails later" result.

[earney]

I've installed Ubuntu 11.04, and tried to reinstall tahoe 1.8.2 and I also get the same error. When I add the patch above, the code does build, but I then get the error when I run "tahoe start".

[earney]

I was able to get tahoe-lafs to work with ubuntu 11.04 by installing foolscap by hand, but then received an error about pycryptopp being less than 0.5.20 (the version installed was 0.5.17). I downloaded version 0.5.29, and installed it by hand. Then I rebuild tahoe-lafs and it worked.. I wonder if the real probably is pycryptopp?

[charlesnw]

That did the trick. Also had to install python-zfec

Thanks folks!

[davidsarah]

Replying to charlesnw:

Resolution set to fixed

Not so fast; the fact that you got it to work doesn't mean that this bug is fixed. It's only fixed when python setup.py build works automatically without having to reinstall foolscap by hand. Also python setup.py install should report the right error if there is a conflicting installed version of foolscap. (The pycryptopp issue is unrelated to this ticket.)

Fixing that will require ​foolscap ticket 174 to be fixed, a new version of foolscap to be released, and src/allmydata/_auto_deps.py to be changed to require that version.

[zooko]

Unfortunately the "tahoe-lafs" package that comes with Ubuntu Natty 11.04 suffers from this problem, and cannot be used since it always raises pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'. Here is the bug report for Ubuntu: ​https://bugs.launchpad.net/foolscap/+bug/782414

[davidsarah]

Replying to zooko:

Unfortunately the "tahoe-lafs" package that comes with Ubuntu Natty 11.04 suffers from this problem, and cannot be used since it always raises pkg_resources.UnknownExtra: foolscap 0.6.1 has no such extra feature 'secure_connections'. Here is the bug report for Ubuntu: ​https://bugs.launchpad.net/foolscap/+bug/782414

I wrote on that bug:

OK, the foolscap packaging error is fixed in the [Ubuntu] package for foolscap 0.6.1-2. But the [Ubuntu] Tahoe-LAFS package doesn't require foolscap 0.6.1-2, does it? So a user of Tahoe-LAFS can still hit the error if that package dependency isn't updated, IIUC.

[davidsarah]

I wrote on ​https://bugs.launchpad.net/foolscap/+bug/782414:

OK, the foolscap packaging error is fixed in the [Ubuntu] package for foolscap 0.6.1-2. But the [Ubuntu] Tahoe-LAFS package doesn't require foolscap 0.6.1-2, does it? So a user of Tahoe-LAFS can still hit the error if that package dependency isn't updated, IIUC.

Apparently any new installation or update of the Tahoe-LAFS package will get the 0.6.1-2 version. However, foolscap bugs 178 to 181 inclusive (affecting Windows) still probably justify releasing a 0.6.2.

[warner]

After discussing this on IRC, our plan is to make tahoe depend upon pyopenssl. It's not the cleanest solution: ideally Foolscap could change its internals to not depend upon pyopenssl some day (maybe using libgnutls instead), and then Tahoe would have a spurious dependency, but I don't plan to change Foolscap in this way any time soon.

The other options we discussed:

• change Foolscap to unconditionally require openssl: I still remember the ipython folks wanting to avoid this dependency
• change Foolscap to unconditionally require setuptools (which would have caused that ubuntu build to fail rather than producing a package that didn't have a [secure_connections] dependency upon openssl).

I think the immediate problem here was the incorrect ubuntu build (which didn't mark setuptools as a source dependency, thus the foolscap package was built in an environment without setuptools, thus foolscap's setup.py didn't include the secure_connections marker, thus tahoe was unsatisfied with the foolscap .deb that was already installed). And I think that problem has been fixed on the Ubuntu side.

[zooko@…]

In 89c11d63f194afa0:

setup: remove the dependency on foolscap's "secure_connections" extra, add a dependency on pyOpenSSL
fixes #1383

[davidsarah]

Commit reviewed, looks fine.