Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Old Package Versions Causing Build Failures on NixOS #2458

Closed
CountingBeeps opened this issue Nov 23, 2024 · 4 comments
Closed

Old Package Versions Causing Build Failures on NixOS #2458

CountingBeeps opened this issue Nov 23, 2024 · 4 comments

Comments

@CountingBeeps
Copy link

ENVIRONMENT

OS and Version: NixOS 24.11
Python Version: Python 3.12
MobSF Version: 4.1.3

EXPLANATION OF THE ISSUE

First, apologies if this does not quite qualify as a bug, it is an edge case in my view. I was trying to package this for NixOS, as the docker is not ideal for the way nix is setup. In the pyproject.toml while most of the packages are set to a range, a few of the packages are pinned to specific versions that are causing issues.

Specifically:

openstep-parser = "1.5.4"
packaging = ">=21.3,<22.0"

and to a much lesser extent

bcrypt = "4.0.1"

For openstep-parser, this is a really old version of this package, and there does no appear to be any api changes, so I can't tell if there is a real reason it is pinned to this. It is old enough that it uses some dependencies that are past the depreciation period, and therefore will no longer build at all on nix.

And for a reason I can't determine, packaging version 21.3 will not build either.

If there is a reason bcrypt is pinned, unlike the other two I can work around it, so it is not a major issue. More of a minor inconvenience than anything else.

I was wondering if these could be updated to a newer version (every version after those builds still), or have their version ranges opened up by >= to allow for the packaging build issues to be resolved.
@github-actions GitHub Actions
Copy link

👋 @CountingBeeps
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

ajinabraham added a commit that referenced this issue Nov 23, 2024
@ajinabraham
Address #2458
555b663
@ajinabraham
Copy link
Member

Thanks for reporting, Looks like a couple of them were unnecessarily pinned. Updated that in 555b663

bcrypt is a special case, We do not need it directly, but used by mitmproxy and it throws an error on newer versions.

(trapped) error reading bcrypt version
Traceback (most recent call last):
  File "/Users/ajin.abraham/Library/Caches/pypoetry/virtualenvs/mobsf-MoN8PS87-py3.12/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin
    version = _bcrypt.__about__.__version__
              ^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'

Also as a heads up, there are few other dependencies that needs to be available in the host OS if you are not using the docker container.
https://mobsf.github.io/docs/#/develop

@ajinabraham ajinabraham reopened this Nov 23, 2024
@CountingBeeps
Copy link
Author

Thanks for the quick response. That change should address all of the issues I was facing. Good to know about bcrypt, and thanks for the heads up.

ajinabraham added a commit that referenced this issue Nov 23, 2024
@ajinabraham
4.2.5 (#2457)
b4cf9b7 
* Unified async scan timeout
* Allow incomplete scan delete after async scan timeout duration
* Added support for Android SBOM analysis
* Make dependencies unpinned (Address #2458)
@ajinabraham
Copy link
Member

Fixed in v4.2.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajinabraham @CountingBeeps