Pin cryptography to 3.3.2

[releng/global-jjb.git] / shell / python-tools-install.sh

diff --git a/shell/python-tools-install.sh b/shell/python-tools-install.sh
index 7988c31..5978305 100644 (file)
--- a/shell/python-tools-install.sh
+++ b/shell/python-tools-install.sh
@@ -15,7 +15,7 @@ set -eufo pipefail
 # This script will typically be called during pre-build & post-build.
 # Create the user venv during pre-build.
 if [[ ! -f /tmp/pre-build-complete ]]; then
-    requirements_file=$(mktemp /tmp/requirements-XXXX.txt)
+    requirements_file=$(mktemp /tmp/requirements-XXXXXX)
 
     # Note: To test lftools master branch change the lftools configuration below in
     #       the requirements file from "lftools[openstack]~=#.##.#" to
@@ -29,15 +29,36 @@ python-openstackclient
 python-magnumclient
 kubernetes
 niet~=1.4.2
-tox>=3.7.0 # Tox 3.7 or greater is necessary for parallel mode support
+cryptography<3.4
 yq
+
+# PINNED INDIRECT DEPENDENCIES
+# ============================
+# The libraries listed below should be considered workarounds and thus need
+# to have a link to a JIRA and any relevant pkg versions and support packages
+# necessary so that future maintainers of this file can make decisions to
+# remove the workarounds in the future.
+importlib-resources<2.0.0  # virtualenv 20.0.21 requires importlib-resources<2.0.0 (RELENG-2993)
 EOF
 
-    # Use `python -m pip` to ensure we are using pip from user venv
-    python3 -m venv ~/.local
-    python3 -m pip install --quiet --upgrade pip
-    python3 -m pip install --quiet --no-warn-script-location --upgrade setuptools
-    python3 -m pip install --quiet --no-warn-script-location --upgrade --upgrade-strategy eager -r "$requirements_file"
+    #Python 3.5 in Ubuntu 16.04 workaround
+    if [[ -f /etc/lsb-release ]]; then
+       # shellcheck disable=SC1091
+       source /etc/lsb-release
+       if [[ $DISTRIB_RELEASE == "16.04" ]]; then
+         echo "WARNING: Python projects should move to Ubuntu 18.04 to continue receiving support"
+         echo "zipp==1.1.0" >> "$requirements_file"
+       fi
+    fi
+
+    python3 -m pip install --user --quiet --upgrade pip
+    python3 -m pip install --user --quiet --no-warn-script-location --upgrade setuptools
+    python3 -m pip install --user --quiet --no-warn-script-location --upgrade --upgrade-strategy eager -r "$requirements_file"
+    # installs are silent, show version details in log
+    python3 --version
+    python3 -m pip --version
+    python3 -m pip freeze
+
     rm -rf "$requirements_file"
     touch /tmp/pre-build-complete
 fi