Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-2574

Using Zope-5.1 and pymongocrypt in the same application is not possible due to a dependency conflict on module cryptography

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: pymongocrypt
    • None
    • Environment:
      Linux Ubuntu-18.0.4
      Python-3.7.5

      I'm trying to use pymongocrypt in an application using Zope-5.1 as the application server.
      Installing it fails:

      $ python3.7 -m venv --without-pip venv
      $ python3.7 -c "from urllib.request import urlretrieve; urlretrieve('https://bootstrap.pypa.io/get-pip.py', 'get-pip.py')"
      $ venv/bin/python get-pip.py
      Looking in indexes: ...
      Looking in links: ...
      Collecting pip
      ...
      Collecting setuptools
      ...
      Collecting wheel
      ...
      Installing collected packages: wheel, setuptools, pip
      Successfully installed pip-21.0.1 setuptools-53.0.0 wheel-0.36.2
      $ . venv/bin/activate
      (venv) $ cat > constraints
      -c https://zopefoundation.github.io/Zope/releases/5.1/constraints.txt
      Zope == 5.1
      (venv) $ pip install pymongocrypt -c constraints
      Looking in indexes: ... 
      Looking in links: ...
      Collecting pymongocrypt
      ...
      ERROR: Cannot install pymongocrypt==1.0.0 and pymongocrypt==1.0.1 because these package versions have conflicting dependencies.
      
      The conflict is caused by:
          pymongocrypt 1.0.1 depends on cryptography<3 and >=2.0
          pymongocrypt 1.0.0 depends on cryptography<3 and >=2.0
      
      To fix this you could try to:
      1. loosen the range of package versions you've specified
      2. remove package versions to allow pip attempt to solve the dependency conflict
      
      ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/user_guide/#fixing-conflicting-dependencies
      (venv) $
      

      I saw that the compatibility with cryptography 3 has already been tested and confirmed on the master branch, thus I would like to ask if it is possible to just make a new release in order to fix that problem.

      I already asked at the Zope project to relax their version constraints but they refused with the argument that the latest release of cryptography is 3.4.3 and that their constraints are not even strict enough as version 3.3.2 fixes a security issue (Zope tracker).
      (I tend to agree ...)

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            gottfried.ganssauge@haufe-lexware.com Gottfried Ganßauge
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: