1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.PYTHON

  • Re: python-trezor: assistance with disabling or modifying a build test

    From Andrey Rakhmatullin@21:1/5 to Soren Stoutner on Thu Sep 26 22:40:01 2024
    On Thu, Sep 26, 2024 at 01:02:14PM -0700, Soren Stoutner wrote:
    I am in the process of adopting and updating python-trezor. Upstream now contains a test that involves downloading a binary firmware package from the internet [1].

    This test causes the build to fail with the following error message, both on my local sbuild and on Salsa [2]:

    requests.exceptions.ProxyError: HTTPSConnectionPool(host='data.trezor.io', port=443): Max retries exceeded with url: /firmware/2/trezor-2.4.2.bin (Caused
    by ProxyError('Unable to connect to proxy', NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f6d1440d040>: Failed to establish a new connection: [Errno 111] Connection
    refused’)))

    Loading the URL [3] in a browser allows downloading of the file. I do not know
    why the test fails in my local sbuild as I don’t believe it prohibits network
    access. But it should fail on the buildds, so it needs to be addressed.

    pybuild prohibits network access to all programs that honor http(s)_proxy envvars. That's why the error mentions a proxy.

    I would appreciate some guidance from more experienced Python packagers on the
    best way to proceed.

    1. What is the best (idomatic) way to disable this test during build?

    In this case - just skip the whole file via appropriate PYBUILD_TEST_ARGS.

    --
    WBR, wRAR

    -----BEGIN PGP SIGNATURE-----

    iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmb1xVotFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh CuIP/AoyzhPzqntAp6lsaMLLvlu4R09n5lYsRBaVy+6mijbvyGfQ8dRY4PWID/Zi 0+KiHXdZ02sUkBkWkAp0PiT3chCWVWezpAc6aH3vIgEownh3okUae8oNhA4/3hfK h8zNQauOgLVguO2EMddlhhVqnGeA1bwlulpI6AwE/BJAXU8tLesDU17q8sZYYyuk gc0MMDor8vkjOHQuLRVjNo4WCzqMccIwh5GXj0Df+Uz+pbK44EOxsalgihNl7hdo xkkPwRABY/iNozpFtCxz0ojhrGM7fQ7YuiGyZ3VRJQ/VJ6EtbxOJoDJ+q1rxn9xU vNp8swa1LfJQ6K5NPKV+8nDinuQjfPjE7yHWyez923VFsG2uAeZ494b9cE8krkPT Wtp/0M1DL+1udm+lROUXM7gFjxapbjOHjIIWnFtM6yveuylU/QOXfi4dW07i81lK /7L/DS50SNinJL8TW8/5K1ca5idoiKc2t/I1XObpdlhBLz619MCbKXfW6hNm6kMJ T18idC0XA3zZhQxxQR7/k6pa86RXsSRAfM2DpOCQNLmNGRMV2VojO2gfEojD3Ulx j9HqesqQE7zQxTwuEh2K8yOnj9HlG3ZyS+66hSLtXdM0QnNTJbOl12SgZ1wVbiZ6 gSd3NQ5/8rgZVnbEvwx6cT17WcUdD4kv0KZyOWXDFBNks8YT
    =4tJ5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Soren Stoutner@21:1/5 to All on Thu Sep 26 14:48:52 2024
    On Thursday, September 26, 2024 1:34:34 PM MST Andrey Rakhmatullin wrote:
    1. What is the best (idomatic) way to disable this test during build?

    In this case - just skip the whole file via appropriate PYBUILD_TEST_ARGS.

    Thanks for the pointer.

    --
    Soren Stoutner
    [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmb11sQACgkQwufLJ66w tgPEQRAApzYdfqQxOh0KTWs4C+/OejRYh6QSdM6yGEbCeOvutIM0SjYZcCglXNPP UUK8bLmZZCkfMlnvTtmzDZj0plKeubE54qPvVhrOctFbN1Ns88jE5JSl3bxCp7sm NkjTI+NG9Qd+NH3zjjkh1Le2FVv7WiArFJPvF3/HPisEfRTPjSFZSsktTetuWeFN 2EPQYw9iBykUgT2J8YwlnbeGT08yYDSA5FqM6xXwYFRa+Lena6Uh2NVBo022zEV3 FMLicMo6Xzfaz1X6yQ0HOVngqsZ+eLRalQAK3aK2vK1m5E1fsKPfXDL7qI/Ln1J2 ySYr1U2rH/k8pVUFhc4kOH7ohYGP+ZAE6u6SVrHbhyxQS8zQNU87VBSCt4CBHdff w7qb7WwazfWUt/S+Ufe4+rkAyH0YSzJTNiPrvp5P8TV3Fm+RdQVvyetb77AUI6Rk /J23iyK8wvFmEy+5x7Ws31LYGInsgLnT6D9npYBxY1EPjPX8vgw97HSzLZSHcP7c wZkS48m4VpDHXMTwBwQGlSK+rCvbcfMfzq6Qv1/6M/lO0xD/qVNnywUDm5I9e9x5 y89beBwnAzlkbYVJBCDPwcfVtdx0MOd9VvNH5+OlPS5k9N/wMuY87QOKgFcV3MHz Eg+qc0l+8sAHN9H3M7ftChVuuSXdP6ge9WUPG2jPm9/yXN77WCk=
    =sTqE
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Soren Stoutner@21:1/5 to All on Mon Sep 30 08:50:27 2024
    On Friday, September 27, 2024 4:48:58 PM MST Soren Stoutner wrote:
    1. Just exclude this test from autopkgtests and go on with my life (I
    assume
    autopkgtest-pkg-pybuild has an easy way to do this). There are 111 other tests that run successfully, this is a test that upstream should run with every release, and it is testing the type of thing that is unlikely to work for upstream but end up broken in Debian.

    Is there an easy way to exclude one test using autopkgtest-pkg-pybuild?

    --
    Soren Stoutner
    [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmb6yMMACgkQwufLJ66w tgPjMA/+I7dCqdw9CUy4x5Oy1pa94Bue6uy/2YCchVpDnZ03ORM4mZswqM7ODKpv DUusoYbyYiz1c8B1PfWhm+3XHdctAGAHdgqA/iGffi1aFIEV+Eqfv9T47B3LODmA Aym6nQshvdeNbaSccM72a8ZuCBxm/TsfOjSBno0+YFSNWPfFIrcLSNK7tCR4n4DC F79TtAgv+9MwG2TSxXWRsNpah1O2zdro8MEqI2mRt3pJZ1eu7PjA9zhS4BCV2qd+ j4wQ7xQ6/fEbSjEsEpYg2rneanKcQiAj2+j5Ts24PdKvtJzWqg20qT27hj8gzX62 kwFM6La+xjUGZg36qDrp4xpqs78jLhxhtH0saaTWHh7jBineyWqvKuCf8gEe+H3M BP8vlEG1siHw/WS2E3qUtxqEppRV0+gmWbPLuuV2/4V9oMXKXjDCqyBnullWVU7W ayq/cYYSpfQ3dJj981u+OzjA4K3hxnqqHIMDXJGQaY3y7u9INDZkoAYQrVVgj9QU ysn992WkeJlN+7GQk95Z6Yk5AbYo3gimRA3RhUKPV+c/D4q2ywqu8XA2QAkPR5eH FfcV1GXmO8MiCyFzbHp9qp1QY1mME3hdaC/WnvIWXdTO6MMJVKoCuxIyAXPnh7eT TcIZxYAGS6uwtpCrUe7L5WibCjYZEfyVNXo+DFsWr2JZfrQqYsA=
    =k85R
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrey Rakhmatullin@21:1/5 to Soren Stoutner on Mon Sep 30 18:00:01 2024
    On Mon, Sep 30, 2024 at 08:50:27AM -0700, Soren Stoutner wrote:
    On Friday, September 27, 2024 4:48:58 PM MST Soren Stoutner wrote:
    1. Just exclude this test from autopkgtests and go on with my life (I
    assume
    autopkgtest-pkg-pybuild has an easy way to do this). There are 111 other tests that run successfully, this is a test that upstream should run with every release, and it is testing the type of thing that is unlikely to work for upstream but end up broken in Debian.

    Is there an easy way to exclude one test using autopkgtest-pkg-pybuild?

    Yes, exclude it from the build-time tests.
    Why does it succeed there?


    --
    WBR, wRAR

    -----BEGIN PGP SIGNATURE-----

    iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmb6yfotFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh nbsP/0lJPK8GsSLF0YB8oedzJ0dpE8797DOdRTDhJqLdAuhdvofuFmpFjzPZPCyY QOroP7l4qKtHG6zSBNRkHyspf1rKDayYE7HwqwsJjWibylSf/J2q/oHlsnM4gNER D3G6PWQ81YstiDpQixNVE6HkOhjsyz0tCS/hpNt5ASy+VovLMGNBzdoBqYGqSmID uItP8Z8Tx3qz2X1pjZT4S5A4wuLhizVhkcHErR4Ham8MISOd6pIGjFq2EO+g49ZI 4VHDh5vTdRUrtmInkTL8qvjNs8qjDJBWXRDJNFgd9vhIfCFSLjkgViyNnaS0+f8i 3VYqlJT+EoJXUj18fIfnkm4Q5q56e7k7XsslIZJ+21HigTY4hCQ3+4YCFMEJBtRQ SrL/XFW+QSQYCMuSX2flvZmMgnIB/+z8VUDcBkGyPMM4AHvmHuViyRArMI2+vvB8 x+AZVsDQom4vx6tzrGoplJOA02G7nEEdwrICf3ZssijcZ4nBgYi9KE9g5OHhEK5K l+bpkoDUvYqCtXW1ixdkR+jcPkze0ALT/oykeZZ4QvkZ+On5OGAHLm73cwzaEFCk Pxe6ZBmZdFWBxiQYbiBTURmaarx+UIeBY//KcPkyM256idp24kWLFmVR323C+xuY X/8P5wGpRSGlOkBZYD92V0ro3xFWCkTB/elqGH25NiLcAcux
    =tVoy
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Soren Stoutner@21:1/5 to All on Mon Sep 30 10:43:57 2024
    On Monday, September 30, 2024 8:55:38 AM MST Andrey Rakhmatullin wrote:
    On Mon, Sep 30, 2024 at 08:50:27AM -0700, Soren Stoutner wrote:
    On Friday, September 27, 2024 4:48:58 PM MST Soren Stoutner wrote:
    1. Just exclude this test from autopkgtests and go on with my life (I

    assume

    autopkgtest-pkg-pybuild has an easy way to do this). There are 111
    other
    tests that run successfully, this is a test that upstream should run
    with
    every release, and it is testing the type of thing that is unlikely to work
    for upstream but end up broken in Debian.

    Is there an easy way to exclude one test using autopkgtest-pkg-pybuild?

    Yes, exclude it from the build-time tests.
    Why does it succeed there?

    It turns out I had some misconfiguration that caused the testing behavior to act different than what I thought I had told it to do. It is now fixed. Thank you for prompting me to look again more closely.

    --
    Soren Stoutner
    [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmb6410ACgkQwufLJ66w tgOnpw/+O5epd8K1vizWYUpPkTV75n4/gmzdaomOyPgrqQgUTw0b2lRBAe15xUgw L41dnv6SugIOwSkTUfOoud/9LfjOKeWk2lvnhjAZppmsBvplpxNEt778eTgCC56o p8icASnJZAFfB5YvB2YvJVFN7JnCJDhT05BjHoWjfKq3tkiuGA/Tchqb2aS0xORw JYJsso/vRBYQEuTqZ3ZRSo3e1aBb9211NrLMPIKb3BMG90B3DRFo8no1mfNZmHoy /FGeCwHz3S52KEG9x0eS0jmh9ugkCx1JdRo994EmIOX6HafESG6EnK52rkTrktaR Pm9L34rMTaIZ8BQjg2B9/O0VgkejIqkgWuuYudFKTagpIGGc6r2N637nk0LcKJlH SLJftmElgC7lzdDlCEsODAGZs7Y5R2uG6W2CXG3ZCqU4gFdPSWstccmcl5LZ12Zt KFihwo2CPqelQtZtKasUObCJQieAmAuJs8/HBt4PhAXwMrhu2GvyGAMcdtsSEM3z vYfSnLDLzeDHZgOO3FAiqiCv1PZ0rSVRS1M6H2yLNOmxQjVwmtf2lkHs40mn0a3s PXYSz2FUCqWyWsafztjrcXwVyWYjDWh46g7ePwrbIdWAtb+c7+5ueTxtA6IC6ymu SuV57j5A+0j/aUJ1HiWC0OLlePTixhNtxU1xpNYQg91/vfEStnc=
    =AhG/
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Soren Stoutner@21:1/5 to All on Fri Sep 27 16:48:58 2024
    I have a further question about this test. When it runs in autopkgtests, it looks for a file that exists in the larger upstream repository, but isn’t in the python module tarball.

    The test fails [1] with this error:

    E FileNotFoundError: [Errno 2] No such file or directory: '/tmp/ autopkgtest-lxc.8j5j6b6j/downtmp/build.nmg/core/embed/vendorheader/T2T1/ vendorheader_satoshilabs_signed_prod.bin'


    The file it is looking for appears to be this one [2], locating in the main upstream project (with a slightly different path, but maybe it somehow resolves
    it if present). As far as I can tell, this is a dummy binary firmware file used
    to make sure trezor can read the headers correctly.

    The main upstream repository is quite large. It has a subdirectory named python [3] which is packaged on PyPI [4] and which uscan pulls from pypi.debian.net.

    My question is, what is the best way to handle this test? I can think of several possibilities, and there are probably others I haven’t thought of.

    1. Just exclude this test from autopkgtests and go on with my life (I assume autopkgtest-pkg-pybuild has an easy way to do this). There are 111 other tests that run successfully, this is a test that upstream should run with every release, and it is testing the type of thing that is unlikely to work for upstream but end up broken in Debian.

    3. Include this file in the Debian directory somewhere like missing-sources and run the test against that. Something about this just feels wrong, especially because it is a signed binary file, not really a source file.

    2. Modify the test to download this file from github. Python is not my primary language, and I don’t know how difficult it would be to implement or maintain, but I assume this would be possible.

    3. Replace the source package with the entire trezor-firmware repository. This seems like an overreach because it would introduce massive numbers of files into the Debian source package that have nothing to do with the python binary packages.

    If nobody has any previous experience or strong opinions about situations like these, I am inclined to just go with option 1.


    [1] https://salsa.debian.org/python-team/packages/python-trezor/-/jobs/ 6345561#L248

    [2] https://github.com/trezor/trezor-firmware/blob/main/core/embed/models/ T2T1/vendorheader/vendorheader_satoshilabs_signed_prod.bin

    [3] https://github.com/trezor/trezor-firmware/tree/main/python

    [4] https://pypi.org/project/trezor/

    On Thursday, September 26, 2024 1:34:34 PM MST Andrey Rakhmatullin wrote:
    On Thu, Sep 26, 2024 at 01:02:14PM -0700, Soren Stoutner wrote:
    I am in the process of adopting and updating python-trezor. Upstream now contains a test that involves downloading a binary firmware package from
    the
    internet [1].

    This test causes the build to fail with the following error message, both
    on
    my local sbuild and on Salsa [2]:

    requests.exceptions.ProxyError: HTTPSConnectionPool(host='data.trezor.io', port=443): Max retries exceeded with url: /firmware/2/trezor-2.4.2.bin (Caused by ProxyError('Unable to connect to proxy', NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f6d1440d040>: Failed to establish a new connection: [Errno 111] Connection
    refused’)))

    Loading the URL [3] in a browser allows downloading of the file. I do not know why the test fails in my local sbuild as I don’t believe it prohibits
    network access. But it should fail on the buildds, so it needs to be addressed.
    pybuild prohibits network access to all programs that honor http(s)_proxy envvars. That's why the error mentions a proxy.

    I would appreciate some guidance from more experienced Python packagers on the best way to proceed.

    1. What is the best (idomatic) way to disable this test during build?

    In this case - just skip the whole file via appropriate PYBUILD_TEST_ARGS.


    --
    Soren Stoutner
    [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmb3RGoACgkQwufLJ66w tgNWPBAApSaj/75ZAwC4JzAYnssmQswcyW25+ZdhzaUCikFeFy3seQfjkfpaVQLI TdIHLCpw4V5DJfBxsF2h6YzWVqve6T/w6qvpo7iqWgIUUw74DBzOrcPSAbGLUhln inrgOJJeHGsmq+xcdNZkd+yTckWEY2dJ7mUvSh+91vQvyMx1ZNbVPA4ZAyMabsDn Bb2/ImOvpKwgFtLeaFjoFGS66LhW299ZQO7xG2qGuNUTqEHv5M8TDJ19k+BPMw43 Z8dRYmkm5NMzUD14XPHqLL1mAx4w5BeqrHZYuyce6tt8oJmVfBjMHAfk5ENXL1qq eikNNCCE7Wknycdcb72T0C9xpNs7mJaGzzcxu8J8IDkvQiuA4fGIZaVatc94N5O9 IcRMiab25WKnjFctnPuxY1jxHiGuYQNiryoGeYyyGzdx1PRB88N5MHwbUNsE0RvQ vNEfxQOFB6Pdimjac9SXxeVPBKy3RpU7rRtOBGuMk2xPZ+zMOrbAurM1GOXUGDfi WrPnTG5BSpAxtC+Y/vWdIw4pLIpLmJYW81Xq4UKqNfmycPZZIilPfnQfYc3MkpwS D9nczisDa7kKGKg/hdYWUyRxZm3hRbFzBIqSfiE7u8FCDnLfxLyJwo9kC8gdnsLe 9eDxBsJQaJMEK2jiOQZmVA70xXWcpxW1WFqa0wUylsBR8XqJt3A=
    =2ZTx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)