Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-8062

Spike: can we use cmake via pip instead of rpm, or find a version of cmake without Python 3.9 dependency?

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 1.7.0
    • Build
    • 3
    • True
    • Hide

      Cannot use pip (compilation from source fails due to hermeto env), cannot use wheels (prod sec won't allow it)
      But there is a solution in RHEL 10, so this will be resolved once we move to UBI 10 based containers.

      Show
      Cannot use pip (compilation from source fails due to hermeto env), cannot use wheels (prod sec won't allow it) But there is a solution in RHEL 10, so this will be resolved once we move to UBI 10 based containers.
    • False
    • RHDH COPE 3277, RHDH COPE 3278, RHDH COPE 3279, RHDH COPE 3280, RHDH COPE 3281

      In RHIDP-6956 I tried to switch from the RPM-installed cmake (which requires python 3.9) to a pip-installed version which would only need python 3.11, reducing uneeded cruft in our container and eliminating the need to track CVEs on old versions of Python.

      However it seems that hermeto is preventing cmake from being compiled:

      https://konflux-ui.apps.stone-prod-p02.hjvn.p1.openshiftapps.com/ns/rhdh-tenant/applications/rhdh-1/pipelineruns/rhdh-hub-1-on-push-8ljkv/logs?task=build-container
        Building wheel for cmake (pyproject.toml): started
  Building wheel for cmake (pyproject.toml): finished with status 'error'
  error: subprocess-exited-with-error
  
  × Building wheel for cmake (pyproject.toml) did not run successfully.
  │ exit code: 1
  ╰─> [61 lines of output]
      Traceback (most recent call last):
        File "/usr/lib64/python3.11/urllib/request.py", line 1348, in do_open
          h.request(req.get_method(), req.selector, req.data, headers,
        File "/usr/lib64/python3.11/http/client.py", line 1303, in request
          self._send_request(method, url, body, headers, encode_chunked)
        File "/usr/lib64/python3.11/http/client.py", line 1349, in _send_request
          self.endheaders(body, encode_chunked=encode_chunked)
        File "/usr/lib64/python3.11/http/client.py", line 1298, in endheaders
          self._send_output(message_body, encode_chunked=encode_chunked)
        File "/usr/lib64/python3.11/http/client.py", line 1058, in _send_output
          self.send(msg)
        File "/usr/lib64/python3.11/http/client.py", line 996, in send
          self.connect()
        File "/usr/lib64/python3.11/http/client.py", line 1468, in connect
          super().connect()
        File "/usr/lib64/python3.11/http/client.py", line 962, in connect
          self.sock = self._create_connection(
                      ^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.11/socket.py", line 839, in create_connection
          for res in getaddrinfo(host, port, 0, SOCK_STREAM):
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.11/socket.py", line 974, in getaddrinfo
          for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      socket.gaierror: [Errno -2] Name or service not known
      
      During handling of the above exception, another exception occurred:
      
      Traceback (most recent call last):
        File "/usr/lib/python3.11/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 351, in <module>
          main()
        File "/usr/lib/python3.11/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 333, in main
          json_out['return_val'] = hook(**hook_input['kwargs'])
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib/python3.11/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 249, in build_wheel
          return _build_backend().build_wheel(wheel_directory, config_settings,
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/tmp/pip-install-7nz5bqd_/cmake_74722ef53f1644aabe05c28c5f5145c7/_build_backend/backend.py", line 156, in build_wheel
          cmake_path = _bootstrap_build(temp_path, config_settings)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/tmp/pip-install-7nz5bqd_/cmake_74722ef53f1644aabe05c28c5f5145c7/_build_backend/backend.py", line 103, in _bootstrap_build
          with urllib.request.urlopen(archive_url) as response:
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.11/urllib/request.py", line 216, in urlopen
          return opener.open(url, data, timeout)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.11/urllib/request.py", line 519, in open
          response = self._open(req, data)
                     ^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.11/urllib/request.py", line 536, in _open
          result = self._call_chain(self.handle_open, protocol, protocol +
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.11/urllib/request.py", line 496, in _call_chain
          result = func(*args)
                   ^^^^^^^^^^^
        File "/usr/lib64/python3.11/urllib/request.py", line 1391, in https_open
          return self.do_open(http.client.HTTPSConnection, req,
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.11/urllib/request.py", line 1351, in do_open
          raise URLError(err)
      urllib.error.URLError: <urlopen error [Errno -2] Name or service not known>
      [end of output]
  
  note: This error originates from a subprocess, and is likely not a problem with pip.
  ERROR: Failed building wheel for cmake

      So... will need to talk to the hermeto folks about how to work around this, and determine if it's even possible to turn off online-only tests in the cmake build process.

      Might be simpler to revert and continue to depend on python 3.9 rpms, even if that means more CVE churn.

      Asking for help in konflux-users

              nickboldt Nick Boldt
              nickboldt Nick Boldt
              RHIDP - Cope
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated: