#pypy on 2022-01-19 — irc logs at libera.irclog.whitequark.org

2021-09-24 06:13 cfbolz changed the topic of #pypy to: #pypy PyPy, the flexible snake https://pypy.org | IRC logs: https://quodlibet.duckdns.org/irc/pypy/latest.log.html#irc-end and https://libera.irclog.whitequark.org/pypy | hacking on TLS is fun, way more fun than arguing over petty shit, turns out

06:51 slav0nic has joined #pypy

06:52 Guest96 has joined #pypy

07:25 Guest96 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

08:17 Guest96 has joined #pypy

11:34 Guest96 has quit [Ping timeout: 240 seconds]

12:16 otisolsen70 has joined #pypy

12:46 _whitelogger has joined #pypy

12:46 [Arfrever] has joined #pypy

12:50 nanonyme has quit [Ping timeout: 256 seconds]

13:02 otisolsen70 has joined #pypy

13:03 nanonyme has joined #pypy

14:31 lritter has joined #pypy

16:58 greedom has joined #pypy

17:03 greedom has quit [Remote host closed the connection]

17:04 greedom has joined #pypy

19:49 * tumbleweed contemplates what to do about OpenSSL 3

19:50 <tumbleweed> mattip: I see you didn't even try to support it in pypy 2.7

19:50 <tumbleweed> was there technical reasons for that?

19:51 <tumbleweed> at the moment in Debian we're keeping cpython 2.7 alive to build pypy 2.7, which we're keeping alive to build pypy 3

19:51 greedom has quit [Remote host closed the connection]

19:51 <tumbleweed> porting cpython 2.7 to openssl 3 is easy enough, pypy looks trickier

19:53 <tumbleweed> don't really want to ship a pypy 2.7 in a stable release, that's using an old openssl. And I'm sure our security team would be strongly against that

19:54 <tumbleweed> wondering if we should persue a minimal ssl module that has the hash functions and no more

21:33 <mattip> tumbleweed: CPython is not very happy with its OpenSSL3 support, what is wrong with 1.1.1m?

21:36 <mattip> debian would drop cpython2.7 if pypy did not need it?

21:45 <tumbleweed> Debian & Ubuntu try very hard to have only one version of each thing

21:45 <[Arfrever]> Or just disable ssl module in CPython 2.7 and PyPy 2.7?

21:45 <tumbleweed> Ubuntu is pushing for OpenSSL 3 in the next release: https://discourse.ubuntu.com/t/openssl-3-0-transition-plans/24453

21:46 <tumbleweed> mattip: yes, pypy is the main thing keeping cpython2.7 around at the moment

21:47 <tumbleweed> we could always build with pypy2, but it's useful to be able to bootstrap pypy with cpython. And faster on the non-jit archs

21:49 <mattip> hmm. It seems like a lot of added burden to hang on to both pypy2 and cpython2 just in order to build pypy3

21:49 <tumbleweed> well, we all look forward to rpython3 :P

21:49 <mattip> haha

21:50 <tumbleweed> [Arfrever]: that's something I've discussed with doko

21:50 <tumbleweed> obviously that breaks hashlib too, I haven't tested to see if that matters for pypy translation

21:50 <mattip> so I guess I could try to backport the OpenSSL3 changes to pypy2.7, I didn't realize anyone would care

21:51 <mattip> thanks for pointing it out

21:51 <tumbleweed> I can try the same thing

21:52 <tumbleweed> I was wondering why you jumped to doing it for 3.7

21:52 <tumbleweed> I guess because that's what cryptography targets?

21:56 <mattip> the stdlib ssl module has diverged between 2.7 and 3.7, and I was worried 2.7's version would need some changes

21:57 <tumbleweed> I have a fairly minimal patchset for cpython, that I'm just finishing up

21:58 <tumbleweed> there were changes to the ssl module for 3.x that definitely made sense for openssl 3

21:58 <tumbleweed> but they aren't necessary for backwards compatibility

21:59 <tumbleweed> (at least with the current state of openssl 3. As they remove the deprecated functions, it'll presumably get a lot harder)

22:00 <mattip> cool, I could try to merge patches into pypy proper if it would help

22:09 <mattip> for testing, maybe we could add an option to the lib_pypy/pypy_tools/build_cffi_imports.py script

22:09 <mattip> to use either OpenSSL 1.1.1m or 3.0.1, dependent on a command line option

22:11 <mattip> I recently moved back to OpenSSL 1.1.1m on pypy3.7, 3.8, 3.9 because of this thread on python-dev

22:11 <mattip> https://mail.python.org/archives/list/python-dev@python.org/thread/ATO4DM6QYZGLSGGDZ3TRN5X3QDD5OHOE/

22:12 <tumbleweed> thanks, I'll pass that along

22:13 <tumbleweed> none of that is a blocker for using cpython/pypy to build pypy, of course

22:14 lritter has quit [Ping timeout: 240 seconds]

22:16 <mattip> right, for that indeed disabling the cffi-based _ssl may make sense

22:16 <mattip> the RPython hashlib is still sufficient for translation

22:26 <mattip> ahh, no, I removed the rpython _hashlib in 85525c43dc44, so we are left with the pure-python one.

22:37 otisolsen70 has quit [Quit: Leaving]

22:38 <mattip> maybe we should restore _hashlib as an optional alternative module

22:45 <tumbleweed> mattip: my cpython2.7 patch set: https://salsa.debian.org/cpython-team/python2/-/merge_requests/5/diffs

23:09 slav0nic has quit [Ping timeout: 268 seconds]