We have a somewhat large piece of SW that needs to run as a snap. We’ve done it originally and the base has been core. We now need to update it, as Python 3.5 is EOL and one piece of the SW is actually a Python-based tool. It uses the cryptography module, which has a CVE in the earlier versions and cryptography version 39.x only supports Python 3.6 or newer.
So, two choices (as far as I see it).
- update Python itself or
- update Core image to a newer one (core20 or core22)
However, both are now failing.
Update python
I found instructions how to update the Python and it actually builds Python 3.9 and so fort, but when snapcraft tries to install the requirements.txt, it will still complain about Python 3.5 and clearly it is using that as the requirements cannot be met.
How do I ensure the Python 3.9 built is actually really getting used as well?
edge-core-tool:
after:
- python39
- edge-core-src
plugin: python
source: "${SNAPCRAFT_STAGE}/edge-core-src.tgz"
source-subdir: edge-tool
build-environment:
- SNAPCRAFT_PYTHON_INTERPRETER: "${SNAPCRAFT_STAGE}/bin/python3.9"
requirements: [ "${SNAPCRAFT_PART_SRC}/edge-tool/requirements.txt" ]
Example of failure:
Pulling edge-core-tool
+ snapcraftctl pull
DEPRECATION: Python 3.5 reached the end of its life on September 13th, 2020. Please upgrade your Python as Python 3.5 is no longer maintained. pip 21.0 will drop support for Python 3.5 in January 2021. pip 21.0 will remove support for this functionality.
DEPRECATION: Python 3.5 reached the end of its life on September 13th, 2020. Please upgrade your Python as Python 3.5 is no longer maintained. pip 21.0 will drop support for Python 3.5 in January 2021. pip 21.0 will remove support for this functionality.
DEPRECATION: Python 3.5 reached the end of its life on September 13th, 2020. Please upgrade your Python as Python 3.5 is no longer maintained. pip 21.0 will drop support for Python 3.5 in January 2021. pip 21.0 will remove support for this functionality.
Collecting docopt==0.6.2
Downloading docopt-0.6.2.tar.gz (25 kB)
ERROR: Could not find a version that satisfies the requirement cbor2==5.4.6
ERROR: No matching distribution found for cbor2==5.4.6
Failed to run '/build/parts/edge-core-tool/install/usr/bin/python3 -m pip download --disable-pip-version-check --dest /build/parts/edge-core-tool/python-packages --requirement /build/parts/edge-core-tool/src/edge-tool/requirements.txt': Exited with code 1.
Life would be a lot easier, if you could just give the python plugin the version of python you want to use…
Code is available at: https://github.com/PelionIoT/snap-pelion-edge/tree/core18
You need to 1st build the docker image used for building it:
docker build --no-cache -f Dockerfile.snapcore --label snapcore/snapcraft --tag ${USER}/snapcraft:latest .
and then the actual snapcraft build:
docker run --rm -v "$PWD":/build -w /build ${USER}/snapcraft:latest bash -c "sudo apt-get update && snapcraft --debug"
In case you want to reproduce this issue.
If i update the base image to core20/core22 - the cmake fails, as it can’t compile the test programs. It does not find gmake for some reason (but that’s another post).