Transitive dependency - cryptography is no longer optional
#4493
Comments
|
thanks for the report. |
|
for context: we don't reeeeeally care about ppc64le or s390x, those are kind of unlikely to be users of Trezor devices. (i'm sniffing traces of something like Open Build Service here? where those archs are targets?) |
|
Correct, in python-slip10 the cryptography module is used for the conversion of private keys to public keys in ed25519 and x25519. We use SLIP10 in trezorlib for the new entropy check workflow. However, we do not necessarily have to support the ed25519, x25519 and NIST P-256 curves in trezorlib's entropy check workflow. So technically we could replace the SLIP10 module with some BIP32 module, which doesn't need these curves. Or perhaps we could make the ed25519 and x25519 curves somehow optional in python-slip10, in which case the cryptography module would become optional as well. |
|
I would not overcomplicate stuff, though. There are multiple thousands of Python packages that require |
|
This is not something I'd insist on fixing. We were just using this project for some testing in a containerized environment where we cannot build cryptography from sources, so it started to fail, and I thought it was a good idea to report it because of the cryptography listed in the optional deps. Feel free to close this. Just make sure to remove the cryptography from the optional dependencies and move it to the required ones. |
I see that cryptography is listed as an optional dependency here:
trezor-firmware/python/requirements-optional.txt
Line 5 in c9b50f3
However, since this change: 5d2fa78
cryptographyis no longer optional becauseslip10has it as a runtime dependency so it got installed anyway.Was that intentional or expected?
This might cause issues installing on some platforms because cryptography has no wheels for s390x and ppc64le, so users have to compile them there, which requires additional dependencies and tools.
The text was updated successfully, but these errors were encountered: