# Note: please minimize imports in this file. In particular, do not import # any module from Tahoe-LAFS or its dependencies, and do not import any # modules at all at global level. That includes setuptools and pkg_resources. # It is ok to import modules from the Python Standard Library if they are # always available, or the import is protected by try...except ImportError. # The semantics for requirement specs changed incompatibly in setuptools 8, # which now follows PEP 440. The requirements used in this file must be valid # under both the old and new semantics. That can be achieved by limiting # requirement specs to one of the following forms: # # * >= X, <= Y where X < Y # * >= X, != Y, != Z, ... where X < Y < Z... # # (In addition, check_requirement in allmydata/__init__.py only supports # >=, <= and != operators.) install_requires = [ # we don't need much out of setuptools, but the __init__.py stuff does # need pkg_resources . We use >=11.3 here because that's what # "cryptography" requires (which is a sub-dependency of TLS-using # packages), so there's no point in requiring less. "setuptools >= 28.8.0", "zfec >= 1.1.0", # zope.interface >= 3.6.0 is required for Twisted >= 12.1.0. # zope.interface 3.6.3 and 3.6.4 are incompatible with Nevow (#1435). "zope.interface >= 3.6.0, != 3.6.3, != 3.6.4", # * foolscap < 0.5.1 had a performance bug which spent O(N**2) CPU for # transferring large mutable files of size N. # * foolscap < 0.6 is incompatible with Twisted 10.2.0. # * foolscap 0.6.1 quiets a DeprecationWarning. # * foolscap < 0.6.3 is incompatible with Twisted 11.1.0 and newer. # * foolscap 0.8.0 generates 2048-bit RSA-with-SHA-256 signatures, # rather than 1024-bit RSA-with-MD5. This also allows us to work # with a FIPS build of OpenSSL. # * foolscap >= 0.12.3 provides tcp/tor/i2p connection handlers we need, # and allocate_tcp_port # * foolscap >= 0.12.5 has ConnectionInfo and ReconnectionInfo # * foolscap >= 0.12.6 has an i2p.sam_endpoint() that takes kwargs "foolscap >= 0.12.6", # cryptography>2.3 because of CVE-2018-10903 'cryptography >= 2.3', "service-identity", # this is needed to suppress complaints about being unable to verify certs "characteristic >= 14.0.0", # latest service-identity depends on this version "pyasn1 >= 0.1.8", # latest pyasn1-modules depends on this version "pyasn1-modules >= 0.0.5", # service-identity depends on this # * On Linux we need at least Twisted 10.1.0 for inotify support # used by the drop-upload frontend. # * We also need Twisted 10.1.0 for the FTP frontend in order for # Twisted's FTP server to support asynchronous close. # * The SFTP frontend depends on Twisted 11.0.0 to fix the SSH server # rekeying bug # * The FTP frontend depends on Twisted >= 11.1.0 for # filepath.Permissions # * Nevow 0.11.1 depends on Twisted >= 13.0.0. # * The SFTP frontend and manhole depend on the conch extra. However, we # can't explicitly declare that without an undesirable dependency on gmpy, # as explained in ticket #2740. # * Due to a setuptools bug, we need to declare a dependency on the tls # extra even though we only depend on it via foolscap. # * Twisted >= 15.1.0 is the first version that provided the [tls] extra. # * Twisted-16.1.0 fixes https://twistedmatrix.com/trac/ticket/8223, # which otherwise causes test_system to fail (DirtyReactorError, due to # leftover timers) # * Twisted-16.4.0 introduces `python -m twisted.trial` which is needed # for coverage testing # * Twisted 16.6.0 drops the undesirable gmpy dependency from the conch # extra, letting us use that extra instead of trying to duplicate its # dependencies here. Twisted[conch] >18.7 introduces a dependency on # bcrypt. It is nice to avoid that if the user ends up with an older # version of Twisted. That's hard to express except by using the extra. "Twisted[tls,conch] >= 16.6.0", # We need Nevow >= 0.11.1 which can be installed using pip. "Nevow >= 0.11.1", # * pyOpenSSL is required in order for foolscap to provide secure connections. # Since foolscap doesn't reliably declare this dependency in a machine-readable # way, we need to declare a dependency on pyOpenSSL ourselves. Tahoe-LAFS does # not *directly* depend on pyOpenSSL. # * pyOpenSSL >= 0.13 is needed in order to avoid # , and also to check the # version of OpenSSL that pyOpenSSL is using. # * pyOpenSSL >= 0.14 is needed in order to avoid # . "pyOpenSSL >= 0.14", "PyYAML >= 3.11", "six >= 1.10.0", # for 'tahoe invite' and 'tahoe join' "magic-wormhole >= 0.10.2", # Eliot is contemplating dropping Python 2 support. Stick to a version we # know works on Python 2.7. Because we don't have support for `==` # constraints, pin 1.7.x this way. I feel pretty safe betting that we # won't end up stuck on Eliot 1.7.100 with a critical fix only present in # 1.7.101. And if we do, I know how to deal with that situation. "eliot >= 1.7.0, <= 1.7.100", # A great way to define types of values. "attrs >= 18.2.0", # WebSocket library for twisted and asyncio "autobahn >= 19.5.2", ] # Includes some indirect dependencies, but does not include allmydata. # These are in the order they should be listed by --version, etc. package_imports = [ # package name module name ('foolscap', 'foolscap'), ('zfec', 'zfec'), ('Twisted', 'twisted'), ('Nevow', 'nevow'), ('zope.interface', 'zope.interface'), ('python', None), ('platform', None), ('pyOpenSSL', 'OpenSSL'), ('OpenSSL', None), ('pyasn1', 'pyasn1'), ('service-identity', 'service_identity'), ('characteristic', 'characteristic'), ('pyasn1-modules', 'pyasn1_modules'), ('cryptography', 'cryptography'), ('cffi', 'cffi'), ('six', 'six'), ('enum34', 'enum'), ('pycparser', 'pycparser'), ('PyYAML', 'yaml'), ('magic-wormhole', 'wormhole'), ('setuptools', 'setuptools'), ('eliot', 'eliot'), ('attrs', 'attr'), ] # Dependencies for which we don't know how to get a version number at run-time. not_import_versionable = [ 'zope.interface', ] # Dependencies reported by pkg_resources that we can safely ignore. ignorable = [ 'argparse', 'pyutil', 'zbase32', 'distribute', 'twisted-web', 'twisted-core', 'twisted-conch', ] setup_requires = [ 'setuptools >= 28.8.0', # for PEP-440 style versions ] # These are suppressed globally: global_deprecation_messages = [ "BaseException.message has been deprecated as of Python 2.6", "twisted.internet.interfaces.IFinishableConsumer was deprecated in Twisted 11.1.0: Please use IConsumer (and IConsumer.unregisterProducer) instead.", "twisted.internet.interfaces.IStreamClientEndpointStringParser was deprecated in Twisted 14.0.0: This interface has been superseded by IStreamClientEndpointStringParserWithReactor.", ] # These are suppressed while importing dependencies: deprecation_messages = [ "the sha module is deprecated; use the hashlib module instead", "object.__new__\(\) takes no parameters", "The popen2 module is deprecated. Use the subprocess module.", "the md5 module is deprecated; use hashlib instead", "twisted.web.error.NoResource is deprecated since Twisted 9.0. See twisted.web.resource.NoResource.", "the sets module is deprecated", ] runtime_warning_messages = [ "Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", ] warning_imports = [ 'nevow', 'twisted.persisted.sob', 'twisted.python.filepath', ]