1 # Note: please minimize imports in this file. In particular, do not import
2 # any module from Tahoe-LAFS or its dependencies, and do not import any
3 # modules at all at global level. That includes setuptools and pkg_resources.
4 # It is ok to import modules from the Python Standard Library if they are
5 # always available, or the import is protected by try...except ImportError.
7 # The semantics for requirement specs changed incompatibly in setuptools 8,
8 # which now follows PEP 440. The requirements used in this file must be valid
9 # under both the old and new semantics. That can be achieved by limiting
10 # requirement specs to one of the following forms:
12 # * >= X, <= Y where X < Y
13 # * >= X, != Y, != Z, ... where X < Y < Z...
15 # (In addition, check_requirement in allmydata/__init__.py only supports
16 # >=, <= and != operators.)
19 # We require newer versions of setuptools (actually
20 # zetuptoolz) to build, but can handle older versions to run.
21 "setuptools >= 0.6c6",
25 # Feisty has simplejson 1.4
28 # zope.interface >= 3.6.0 is required for Twisted >= 12.1.0.
29 # zope.interface 3.6.3 and 3.6.4 are incompatible with Nevow (#1435).
30 "zope.interface >= 3.6.0, != 3.6.3, != 3.6.4",
32 # * foolscap < 0.5.1 had a performance bug which spent O(N**2) CPU for
33 # transferring large mutable files of size N.
34 # * foolscap < 0.6 is incompatible with Twisted 10.2.0.
35 # * foolscap 0.6.1 quiets a DeprecationWarning.
36 # * foolscap < 0.6.3 is incompatible with Twisted 11.1.0 and newer.
37 # * foolscap 0.8.0 generates 2048-bit RSA-with-SHA-256 signatures,
38 # rather than 1024-bit RSA-with-MD5. This also allows us to work
39 # with a FIPS build of OpenSSL.
43 # pycrypto 2.2 doesn't work due to <https://bugs.launchpad.net/pycrypto/+bug/620253>
44 # pycrypto 2.4 doesn't work due to <https://bugs.launchpad.net/pycrypto/+bug/881130>
45 "pycrypto >= 2.1.0, != 2.2, != 2.4",
47 # <http://www.voidspace.org.uk/python/mock/>, 0.8.0 provides "call"
48 # mock 1.1.x seems to cause problems on several buildslaves.
49 "mock >= 0.8.0, <= 1.0.1",
51 # pycryptopp-0.6.0 includes ed25519
52 "pycryptopp >= 0.6.0",
54 "service-identity", # this is needed to suppress complaints about being unable to verify certs
55 "characteristic >= 14.0.0", # latest service-identity depends on this version
56 "pyasn1 >= 0.1.4", # latest pyasn1-modules depends on this version
57 "pyasn1-modules >= 0.0.5", # service-identity depends on this
60 # Includes some indirect dependencies, but does not include allmydata.
61 # These are in the order they should be listed by --version, etc.
63 # package name module name
64 ('foolscap', 'foolscap'),
65 ('pycryptopp', 'pycryptopp'),
67 ('Twisted', 'twisted'),
69 ('zope.interface', 'zope.interface'),
72 ('pyOpenSSL', 'OpenSSL'),
74 ('simplejson', 'simplejson'),
75 ('pycrypto', 'Crypto'),
78 ('service-identity', 'service_identity'),
79 ('characteristic', 'characteristic'),
80 ('pyasn1-modules', 'pyasn1_modules'),
83 # Dependencies for which we don't know how to get a version number at run-time.
84 not_import_versionable = [
88 # Dependencies reported by pkg_resources that we can safely ignore.
101 # Don't try to get the version number of setuptools in frozen builds, because
102 # that triggers 'site' processing that causes failures. Note that frozen
103 # builds still (unfortunately) import pkg_resources in .tac files, so the
104 # entry for setuptools in install_requires above isn't conditional.
105 if not hasattr(sys, 'frozen'):
106 package_imports.append(('setuptools', 'setuptools'))
109 # * On Linux we need at least Twisted 10.1.0 for inotify support
110 # used by the drop-upload frontend.
111 # * We also need Twisted 10.1.0 for the FTP frontend in order for
112 # Twisted's FTP server to support asynchronous close.
113 # * The SFTP frontend depends on Twisted 11.0.0 to fix the SSH server
114 # rekeying bug <https://twistedmatrix.com/trac/ticket/4395>
115 # * The FTP frontend depends on Twisted >= 11.1.0 for
116 # filepath.Permissions
118 # On Windows, Twisted >= 12.2.0 has a dependency on pywin32.
119 # Since pywin32 can only be installed manually, we fall back to
120 # requiring earlier versions of Twisted and Nevow if it is not
122 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2028>
124 # When the fallback is used we also need to work around the fact
125 # that Nevow imports itself when building, which causes Twisted
126 # and zope.interface to be imported; therefore, we need to set
127 # setup_requires to make sure that the versions of Twisted and
128 # zope.interface used at build time satisfy Nevow's requirements.
130 # In cases where this fallback isn't needed, we prefer Nevow >= 0.11.1
131 # which can be installed using pip, and Twisted >= 13.0.0 which
132 # Nevow 0.11.1 depends on. In this case we should *not* use the
133 # setup_requires hack, because if we do then the build will break
134 # when Twisted < 13.0.0 is already installed (even though it could
135 # have succeeded by building a later version under support/ ).
137 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2032>
138 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2249>
139 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2291>
140 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2286>
144 _use_old_Twisted_and_Nevow = False
145 if sys.platform == "win32":
150 _use_old_Twisted_and_Nevow = True
152 if _use_old_Twisted_and_Nevow:
153 install_requires += [
154 "Twisted >= 11.1.0, <= 12.1.0",
155 "Nevow >= 0.9.33, <= 0.10",
157 setup_requires += [req for req in install_requires if req.startswith('Twisted')
158 or req.startswith('zope.interface')]
160 install_requires += [
166 # * pyOpenSSL is required in order for foolscap to provide secure connections.
167 # Since foolscap doesn't reliably declare this dependency in a machine-readable
168 # way, we need to declare a dependency on pyOpenSSL ourselves. Tahoe-LAFS does
169 # not *directly* depend on pyOpenSSL.
171 # * pyOpenSSL >= 0.13 is needed in order to avoid
172 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2005>, and also to check the
173 # version of OpenSSL that pyOpenSSL is using.
175 # * pyOpenSSL >= 0.14 is built on the 'cryptography' package which depends
176 # on 'cffi' (and indirectly several other packages). Unfortunately cffi
177 # attempts to compile code dynamically, which causes problems on many systems.
178 # It also depends on the libffi OS package which may not be installed.
179 # <https://bitbucket.org/cffi/cffi/issue/109/enable-sane-packaging-for-cffi>
180 # <https://bitbucket.org/cffi/cffi/issue/70/cant-install-cffi-using-pip-on-windows>
182 # So, if pyOpenSSL 0.14 has *already* been installed and is importable, we
183 # want to accept it; otherwise we ask for pyOpenSSL 0.13 or 0.13.1.
184 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2193>
186 # We don't rely on pkg_resources to tell us the installed pyOpenSSL version
187 # number, because pkg_resources telling us that we have 0.14 is not sufficient
188 # evidence that 0.14 will be the imported version (or will work correctly).
189 # One possible reason why it might not be is explained in
190 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1246#comment:6> and
191 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1258>.
193 _can_use_pyOpenSSL_0_14 = False
196 pyOpenSSL_ver = OpenSSL.__version__.split('.')
197 if int(pyOpenSSL_ver[0]) > 0 or int(pyOpenSSL_ver[1]) >= 14:
198 _can_use_pyOpenSSL_0_14 = True
202 if _can_use_pyOpenSSL_0_14:
203 install_requires += [
204 # Although we checked for pyOpenSSL >= 0.14 above, we only actually
205 # need pyOpenSSL >= 0.13; requiring 0.14 here cannot help.
208 # ... and now all the new stuff that pyOpenSSL 0.14 transitively
209 # depends on. We specify these explicitly because setuptools is
210 # bad at correctly resolving indirect dependencies (e.g. see
211 # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2286>).
214 "cffi >= 0.8", # latest cryptography depends on this version
215 "six >= 1.4.1", # latest cryptography depends on this version
216 "enum34", # latest cryptography depends on this
217 "pycparser", # cffi depends on this
221 ('cryptography', 'cryptography'),
225 ('pycparser', 'pycparser'),
228 install_requires += [
229 "pyOpenSSL >= 0.13, <= 0.13.1",
233 # These are suppressed globally:
235 global_deprecation_messages = [
236 "BaseException.message has been deprecated as of Python 2.6",
237 "twisted.internet.interfaces.IFinishableConsumer was deprecated in Twisted 11.1.0: Please use IConsumer (and IConsumer.unregisterProducer) instead.",
238 "twisted.internet.interfaces.IStreamClientEndpointStringParser was deprecated in Twisted 14.0.0: This interface has been superseded by IStreamClientEndpointStringParserWithReactor.",
241 # These are suppressed while importing dependencies:
243 deprecation_messages = [
244 "the sha module is deprecated; use the hashlib module instead",
245 "object.__new__\(\) takes no parameters",
246 "The popen2 module is deprecated. Use the subprocess module.",
247 "the md5 module is deprecated; use hashlib instead",
248 "twisted.web.error.NoResource is deprecated since Twisted 9.0. See twisted.web.resource.NoResource.",
249 "the sets module is deprecated",
252 runtime_warning_messages = [
253 "Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.",
258 'twisted.persisted.sob',
259 'twisted.python.filepath',