#2217 closed defect (somebody else's problem)

SandboxViolation: mkdir('/usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/__pycache__', 511) {}

Reported by: aredridel Owned by: daira
Priority: normal Milestone: undecided
Component: packaging Version: 1.10.0
Keywords: setuptools distribute build cffi cryptography Cc:
Launchpad Bug:

Description

Searching for Nevow>=0.6.0
Reading http://pypi.python.org/simple/Nevow/
Best match: Nevow 0.10.0
Processing Nevow-0.10.0.tar.gz
Running Nevow-0.10.0/setup.py -q bdist_egg --dist-dir /home/users/aredridel/tmp/easy_install-5DXjsN/Nevow-0.10.0/egg-dist-tmp-_Y38Ne
/usr/lib/python2.7/site-packages/zope/interface/interface.py:548: UserWarning: Hashing uninitialized InterfaceClass instance
error: SandboxViolation: mkdir('/usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/__pycache__', 511) {}

The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.

This package cannot be safely installed by EasyInstall, and may not
support alternate installation locations even if you run its setup
script by hand.  Please inform the package's author and the EasyInstall
maintainers to find out if a fix or workaround is available.

Change History (32)

comment:1 Changed at 2014-04-11T22:06:28Z by zooko

  • Owner set to aredridel
  • Summary changed from Build error with Nevow to SandboxViolation: mkdir('/usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/__pycache__', 511) {}

Oookay. Let's see… possibly related to http://bugs.python.org/setuptools/issue23 which was ported into Distribute in https://bitbucket.org/tarek/distribute/issue/13 . Your "show-tool-versions" output from a previous bug report (https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2216#comment:3) indicates that you have "setuptools: [distribute 0.6.36 (/usr/share/python2.7/site-packages)]". So, I wonder if distribute 0.6.36 has the patch from https://bitbucket.org/tarek/distribute/issue/13 ?

comment:2 Changed at 2014-04-11T22:07:45Z by zooko

Hm, yeah, according to https://bitbucket.org/tarek/distribute/src/3bf82d0cbc6e0a6d383f177c4def1222f3c3ba46/CHANGES.txt?at=default that should have been fixed as far back as Distribute 0.6. So I guess it isn't *exactly* that. Maybe we could open a new ticket on Distribute?

comment:3 follow-up: Changed at 2014-04-11T22:33:59Z by zooko

Hm, you know, that error message actually seems kind of legit:

"The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted."

Did you authorize some process to write into your system directories (e.g. /usr/lib/python2.7/site-packages/) when you ran the command that resulted in the above error message? What *was* that command? Could you please paste in the command and the entire output from it?

Last edited at 2014-04-11T22:34:17Z by zooko (previous) (diff)

comment:4 Changed at 2014-04-11T23:47:56Z by daira

Despite appearances, I think this has nothing to do with Nevow; it's just that there isn't a clear boundary in the output between building Nevow, and building cryptography.

comment:5 Changed at 2014-04-11T23:51:40Z by daira

  • Keywords setuptools distribute build added

comment:6 Changed at 2014-04-11T23:59:33Z by daira

Ah, possibly the reason why this appears in the Nevow build section is that cryptography is a dependency of pyOpenSSL (>= 0.14), which is a dependency of Twisted, which is a dependency of Nevow.

comment:7 Changed at 2014-04-12T00:11:59Z by daira

<zooko> daira: I really feel like we should require pyOpenSSL <= 0.13 until this whole CFFI thing has been more worked out.

<daira> okay, in that case we need exactly pyOpenSSL==0.13

<daira> because the API to get the OpenSSL version [in order to fix #2215] was only added in 0.13

[...]

<daira> note that this line will need to be changed to include pyOpenSSL:

<daira> https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/setup.py#L134

<daira> it should be:

<daira> setup_requires += [req for req in install_requires if req.startswith('Twisted') or req.startswith('pyOpenSSL') or req.startswith('zope.interface')]

<daira> otherwise setuptools/distribute might attempt to satisfy the install-time dependency of Nevow->Twisted->pyOpenSSL using pyOpenSSL >= 0.14

Version 1, edited at 2014-04-12T00:13:42Z by daira (previous) (next) (diff)

comment:8 follow-up: Changed at 2014-04-12T02:10:02Z by zooko

Judging from https://twistedmatrix.com/trac/browser/trunk/setup.py, Twisted doesn't currently depend on pyOpenSSL.

comment:9 in reply to: ↑ 8 Changed at 2014-04-12T10:12:10Z by daira

Replying to zooko:

Judging from https://twistedmatrix.com/trac/browser/trunk/setup.py, Twisted doesn't currently depend on pyOpenSSL

So it doesn't. Then I'm confused: why wasn't there any output between the building of Nevow and the error due to attempting to build cryptography?

comment:10 Changed at 2014-04-14T21:12:13Z by daira

  • Keywords cffi cryptography added

Oh! I bet the thing that is failing is the generation of cffi bindings. But then how does installing (as opposed to building) a package with cffi bindings using setuptools ever work?

comment:11 in reply to: ↑ 3 Changed at 2014-04-14T21:14:14Z by daira

Replying to zooko:

Did you authorize some process to write into your system directories (e.g. /usr/lib/python2.7/site-packages/) when you ran the command that resulted in the above error message? What *was* that command? Could you please paste in the command and the entire output from it?

aredridel, we really need this information in order to progress further with this bug.

comment:12 Changed at 2014-04-14T21:15:26Z by aredridel

Complete output including command:

:; python setup.py build
running update_version
no version-control data found, leaving _version.py alone
running develop
Not found: tahoe-deps
Not found: ../tahoe-deps
running egg_info
writing requirements to src/allmydata_tahoe.egg-info/requires.txt
writing src/allmydata_tahoe.egg-info/PKG-INFO
writing top-level names to src/allmydata_tahoe.egg-info/top_level.txt
writing dependency_links to src/allmydata_tahoe.egg-info/dependency_links.txt
writing entry points to src/allmydata_tahoe.egg-info/entry_points.txt
writing requirements to src/allmydata_tahoe.egg-info/requires.txt
writing src/allmydata_tahoe.egg-info/PKG-INFO
writing top-level names to src/allmydata_tahoe.egg-info/top_level.txt
writing dependency_links to src/allmydata_tahoe.egg-info/dependency_links.txt
writing entry points to src/allmydata_tahoe.egg-info/entry_points.txt
package init file 'src/allmydata/web/static/__init__.py' not found (or not a regular file)
package init file 'src/allmydata/web/static/css/__init__.py' not found (or not a regular file)
reading manifest file 'src/allmydata_tahoe.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '*~' found anywhere in distribution
writing manifest file 'src/allmydata_tahoe.egg-info/SOURCES.txt'
running build_ext
Processing setuptools-0.6c16dev4.egg
removing '/home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/setuptools-0.6c16dev4.egg' (and everything under it)
Copying setuptools-0.6c16dev4.egg to /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages
setuptools 0.6c16dev4 is already the active version in easy-install.pth
Installing easy_install_z-2.6 script to support/bin
Installing easy_install_z script to support/bin

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/setuptools-0.6c16dev4.egg
Creating /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/allmydata-tahoe.egg-link (link to src)
allmydata-tahoe 1.10.0 is already the active version in easy-install.pth
Installing tahoe script to support/bin

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/src
Processing dependencies for allmydata-tahoe==1.10.0
Searching for Nevow>=0.6.0
Reading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-sdists/
Reading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/
Best match: Nevow 0.10.0
Downloading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/Nevow-0.10.0.tar.bz2
Processing Nevow-0.10.0.tar.bz2
Running Nevow-0.10.0/setup.py -q bdist_egg --dist-dir /home/users/aredridel/tmp/easy_install-XS2kO7/Nevow-0.10.0/egg-dist-tmp-wGVHsQ
/usr/lib/python2.7/site-packages/zope/interface/interface.py:548: UserWarning: Hashing uninitialized InterfaceClass instance
error: SandboxViolation: mkdir('/usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/__pycache__', 511) {}

The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.

This package cannot be safely installed by EasyInstall, and may not
support alternate installation locations even if you run its setup
script by hand.  Please inform the package's author and the EasyInstall
maintainers to find out if a fix or workaround is available.

comment:13 follow-up: Changed at 2014-04-14T21:15:49Z by aredridel

This is as an unprivileged user, without write access to the system install locations.

comment:14 Changed at 2014-04-14T21:21:49Z by daira

  • Owner changed from aredridel to daira
  • Status changed from new to assigned

Thanks.

comment:15 Changed at 2014-04-14T21:36:48Z by daira

It's possible that using a more recent version of setuptools at build time would help (#2044).

comment:16 Changed at 2014-04-14T21:43:40Z by zooko

It has to do with cffi, so a sufficient work-around for this, and probably many other issues, is to limit our dependency on pyOpenSSL to be ≤ 0.13. (Because pyOpenSSL v0.13 didn't use cffi and the cryptography.io library and many other things.)

aredridel: would you be so kind as to try this for us? You'd need to patch your Tahoe-LAFS source distribution by editing src/allmydata/_auto_deps.py and change "pyOpenSSL" to "pyOpenSSL <= 0.13".

comment:17 Changed at 2014-04-14T23:59:12Z by aredridel

Hm. No dice. I started from a clean unpack of allmydata-tahoe-1.10.0, changed "pyOpenSSL" to "pyOpenSSL <= 0.13" and got this:

:; python setup.py build
Not found: tahoe-deps
Not found: ../tahoe-deps

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/Twisted-12.2.0-py2.7-linux-i686.egg
running update_version
no version-control data found, leaving _version.py alone
running develop
Not found: tahoe-deps
Not found: ../tahoe-deps
running egg_info
writing requirements to src/allmydata_tahoe.egg-info/requires.txt
writing src/allmydata_tahoe.egg-info/PKG-INFO
writing top-level names to src/allmydata_tahoe.egg-info/top_level.txt
writing dependency_links to src/allmydata_tahoe.egg-info/dependency_links.txt
writing entry points to src/allmydata_tahoe.egg-info/entry_points.txt
writing requirements to src/allmydata_tahoe.egg-info/requires.txt
writing src/allmydata_tahoe.egg-info/PKG-INFO
writing top-level names to src/allmydata_tahoe.egg-info/top_level.txt
writing dependency_links to src/allmydata_tahoe.egg-info/dependency_links.txt
writing entry points to src/allmydata_tahoe.egg-info/entry_points.txt
package init file 'src/allmydata/web/static/__init__.py' not found (or not a regular file)
package init file 'src/allmydata/web/static/css/__init__.py' not found (or not a regular file)
reading manifest file 'src/allmydata_tahoe.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '*~' found anywhere in distribution
writing manifest file 'src/allmydata_tahoe.egg-info/SOURCES.txt'
running build_ext
Creating /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/site.py
Processing setuptools-0.6c16dev4.egg
Copying setuptools-0.6c16dev4.egg to /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages
Adding setuptools 0.6c16dev4 to easy-install.pth file
Installing easy_install_z-2.6 script to support/bin
Installing easy_install_z script to support/bin

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/setuptools-0.6c16dev4.egg
Creating /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/allmydata-tahoe.egg-link (link to src)
Adding allmydata-tahoe 1.10.0 to easy-install.pth file
Installing tahoe script to support/bin

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/src
Processing dependencies for allmydata-tahoe==1.10.0
Searching for pycryptopp>=0.6.0
Reading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-sdists/
Reading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/
Best match: pycryptopp 0.6.0.1206569328141510525648634803928199668821045408958
Downloading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/pycryptopp-0.6.0.1206569328141510525648634803928199668821045408958-py2.7-linux-i686.egg
Processing pycryptopp-0.6.0.1206569328141510525648634803928199668821045408958-py2.7-linux-i686.egg
creating /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/pycryptopp-0.6.0.1206569328141510525648634803928199668821045408958-py2.7-linux-i686.egg
Extracting pycryptopp-0.6.0.1206569328141510525648634803928199668821045408958-py2.7-linux-i686.egg to /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages
Adding pycryptopp 0.6.0.1206569328141510525648634803928199668821045408958 to easy-install.pth file

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/pycryptopp-0.6.0.1206569328141510525648634803928199668821045408958-py2.7-linux-i686.egg
Searching for mock>=0.8.0
Reading http://pypi.python.org/simple/mock/
Best match: mock 1.0.1
Downloading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-sdists/mock-1.0.1.tar.gz
Processing mock-1.0.1.tar.gz
Running mock-1.0.1/setup.py -q bdist_egg --dist-dir /home/users/aredridel/tmp/easy_install-UxieV4/mock-1.0.1/egg-dist-tmp-rmnR94
warning: no files found matching '*.png' under directory 'docs'
warning: no files found matching '*.css' under directory 'docs'
warning: no files found matching '*.html' under directory 'docs'
warning: no files found matching '*.js' under directory 'docs'
zip_safe flag not set; analyzing archive contents...
Adding mock 1.0.1 to easy-install.pth file

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/mock-1.0.1-py2.7.egg
Searching for pyasn1>=0.0.8a
Reading http://pypi.python.org/simple/pyasn1/
Best match: pyasn1 0.1.7
Downloading https://pypi.python.org/packages/2.7/p/pyasn1/pyasn1-0.1.7-py2.7.egg#md5=15f079cabee01402bf86ca8b83356469
Processing pyasn1-0.1.7-py2.7.egg
creating /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/pyasn1-0.1.7-py2.7.egg
Extracting pyasn1-0.1.7-py2.7.egg to /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages
Adding pyasn1 0.1.7 to easy-install.pth file

Installed /home/users/aredridel/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/pyasn1-0.1.7-py2.7.egg
Searching for Nevow>=0.6.0
Reading http://pypi.python.org/simple/Nevow/
Best match: Nevow 0.10.0
Downloading https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/Nevow-0.10.0.tar.bz2
Processing Nevow-0.10.0.tar.bz2
Running Nevow-0.10.0/setup.py -q bdist_egg --dist-dir /home/users/aredridel/tmp/easy_install-S4fHff/Nevow-0.10.0/egg-dist-tmp-nPwwPz
/usr/lib/python2.7/site-packages/zope/interface/interface.py:548: UserWarning: Hashing uninitialized InterfaceClass instance
error: SandboxViolation: mkdir('/usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/__pycache__', 511) {}

The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.

This package cannot be safely installed by EasyInstall, and may not
support alternate installation locations even if you run its setup
script by hand.  Please inform the package's author and the EasyInstall
maintainers to find out if a fix or workaround is available.

comment:18 in reply to: ↑ 13 Changed at 2014-04-15T01:17:45Z by daira

Replying to aredridel:

This is as an unprivileged user, without write access to the system install locations.

Hmm. It's not clear what would have happened had the setuptools sandbox not prevented the access; i.e. whether it would have failed anyway due to lack of OS-level file permissions, or whether cffi would have fallen back to just not using the cache.

comment:19 Changed at 2014-04-15T01:19:55Z by daira

The fact that this still happens with pyOpenSSL <= 0.13 as the requirement is really confusing. I don't know what else could be depending on cryptography.

comment:20 Changed at 2014-04-15T12:07:07Z by zooko

Yeah, I wonder if aredridel accidentally built a copy that *didn't* have the pyOpenSSL dependency fixed to <= 0.13? Because other than pyOpenSSL 0.14, I don't think anything else depends on the cryptography.io library.

comment:21 Changed at 2014-04-15T12:13:56Z by zooko

Here is a way to find out what package(s) depend on the cryptography library:

python -c 'import pkg_resources;print pkg_resources.require("pyOpenSSL <= 0.13")'

That should print out all the packages that "pyOpenSSL <= 0.13" depends on. You can also do the same thing for the other packages from src/allmydata/_auto_deps.py, like this:

python -c 'import pkg_resources;print pkg_resources.require("Twisted >= 11.0.0")'

and

python -c 'import pkg_resources;print pkg_resources.require("foolscap >= 0.6.3")'

I'd guess that Twisted and foolscap are two other libraries that *might* somehow depend on the "cryptography.io" library.

comment:22 follow-up: Changed at 2014-04-15T13:29:13Z by aredridel

:;  python -c 'import pkg_resources;print pkg_resources.require("pyOpenSSL <= 0.13")'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/share/python2.7/site-packages/pkg_resources.py", line 696, in require
  File "/usr/share/python2.7/site-packages/pkg_resources.py", line 598, in resolve
pkg_resources.VersionConflict: (pyOpenSSL 0.14 (/usr/share/python2.7/site-packages), Requirement.parse('pyOpenSSL<=0.13'))

:;  python -c 'import pkg_resources;print pkg_resources.require("Twisted >= 11.0.0")'
[Twisted 12.2.0 (/home/users/aredridel/allmydata-tahoe-1.10.0/Twisted-12.2.0-py2.7-linux-i686.egg), zope.interface 4.0.3 (/usr/lib/python2.7/site-packages), distribute 0.6.36 (/usr/share/python2.7/site-packages)]

aredridel@mizar:allmydata-tahoe-1.10.0
:;  python -c 'import pkg_resources;print pkg_resources.require("foolscap >= 0.6.3")'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/share/python2.7/site-packages/pkg_resources.py", line 696, in require
  File "/usr/share/python2.7/site-packages/pkg_resources.py", line 594, in resolve
pkg_resources.DistributionNotFound: foolscap>=0.6.3

comment:23 in reply to: ↑ 22 ; follow-up: Changed at 2014-04-15T15:15:00Z by zooko

Replying to aredridel:

pkg_resources.VersionConflict: (pyOpenSSL 0.14 (/usr/share/python2.7/site-packages), Requirement.parse('pyOpenSSL<=0.13'))

Urrrrgh. Okay, this explains it. I think. Actually only partially. The thing is, this appears to be saying that you already have pyOpenSSL 0.14 installed in your system. Okay, fine, that explains why builds of the cryptography.io library/hazmat library are triggered when you build Tahoe-LAFS. Except, actually it totally doesn't because:

  1. Why is it trying to write a cache file into your read-only system-wide filesystem if it is already installed?
  1. Why is it doing anything with pyOpenSSL 0.14 when we've already specified that pyOpenSSL 0.14 is unacceptable for our version requirements?

Sigh, okay, so this suggests a workaround that you can do: remove pyOpenSSL (0.14) from your system and see if that gets past your problem. However, I will feel guilty if we do not report these issues to someone who can do something about them, to help the next user who comes after you. I'm not 100% sure who that would be, though. Who can do something about Python packaging madness? ☹

comment:24 in reply to: ↑ 23 ; follow-ups: Changed at 2014-04-15T16:27:10Z by zooko

Okay I asked dstufft and others on IRC and I think I understand answers to these:

Replying to zooko:

  1. Why is it trying to write a cache file into your read-only system-wide filesystem if it is already installed?

I suspect that this is because cffi tries to build hazmat as a side-effect of someone trying to import pyOpenSSL.

  1. Why is it doing anything with pyOpenSSL 0.14 when we've already specified that pyOpenSSL 0.14 is unacceptable for our version requirements?

I suspect that this is because pkg_resources tries to import "OpenSSL" as a side-effect of trying to check what version(s) of pyOpenSSL are available.

aridredel: please go ahead and remove pyOpenSSL 0.14 from your system, and test the patch with "pyOpenSSL <= 0.13". Thank you very much for your help!

comment:25 in reply to: ↑ 24 ; follow-up: Changed at 2014-04-15T16:36:08Z by zooko

Replying to zooko:

Okay I asked dstufft and others on IRC and I think I understand answers to these:

Replying to zooko:

  1. Why is it trying to write a cache file into your read-only system-wide filesystem if it is already installed?

I suspect that this is because cffi tries to build hazmat as a side-effect of someone trying to import pyOpenSSL.

They intend to change cffi for the upcoming cffi v1.0 to stop doing this -- doing "build" stuff automatically at import-time: https://groups.google.com/d/msg/python-cffi/L9ngHcpRJMU/7Y3CrZg-tn0J

comment:26 Changed at 2014-04-15T17:19:22Z by aredridel

:; sudo rpm -e python-pyOpenSSL-0.14-1.i686 python-TwistedCore-ssl-13.0.0-1.i686

coming up!

comment:27 Changed at 2014-04-15T17:19:59Z by aredridel

And Huzzah! Success!

:; make
.
.
.
.
touch .built

comment:28 follow-up: Changed at 2014-04-15T17:20:47Z by aredridel

:; bin/tahoe --version
allmydata-tahoe: 1.10.0
foolscap: 0.6.4
pycryptopp: 0.6.0.1206569328141510525648634803928199668821045408958
zfec: 1.4.24
Twisted: 12.2.0
Nevow: 0.10.0
zope.interface: unknown
python: 2.7.6
platform: Linux-PLD_3.0-i686-32bit_ELF
pyOpenSSL: 0.13
simplejson: 3.0.8
pycrypto: 2.6.1
pyasn1: 0.1.7
mock: 1.0.1
setuptools: 0.6c16dev4

comment:29 in reply to: ↑ 25 Changed at 2014-04-15T17:23:35Z by zooko

Replying to zooko:

They intend to change cffi for the upcoming cffi v1.0 to stop doing this -- doing "build" stuff automatically at import-time: https://groups.google.com/d/msg/python-cffi/L9ngHcpRJMU/7Y3CrZg-tn0J

Here's a ticket to track the progress of that change to cffi: https://bitbucket.org/cffi/cffi/issue/109/enable-sane-packaging-for-cffi

comment:30 in reply to: ↑ 28 Changed at 2014-04-15T17:24:14Z by zooko

Yay! Thank you for your help.

comment:31 Changed at 2014-04-15T17:37:48Z by zooko

  • Resolution set to somebody else's problem
  • Status changed from assigned to closed

comment:32 in reply to: ↑ 24 Changed at 2014-04-16T13:44:23Z by daira

Replying to zooko:

Replying to zooko:

  1. Why is it trying to write a cache file into your read-only system-wide filesystem if it is already installed?

I suspect that this is because cffi tries to build hazmat as a side-effect of someone trying to import pyOpenSSL.

No, the OpenSSL module is not imported at build time. (It would be easy to verify this.) The OpenSSL package is certainly imported by Tahoe-LAFS code at run-time (quite early, in order to check the version). I suspect it's because cffi installs some hook that is invoked when a package depending on it is built. But if that hook attempts to write to system areas of the filesystem, it is just completely broken and cannot work for builds done as an unprivileged user.

Note: See TracTickets for help on using tickets.