From e7886261bd80367d636b1274a2cf57fc207017c1 Mon Sep 17 00:00:00 2001
From: Anna Sirota <dev.local@gmail.com>
Date: Thu, 18 Mar 2021 18:42:10 +0100
Subject: [PATCH] Work around cryptography requiring Rust compiler

Pins all the build dependencies required by poetry, otherwise
poetry installs arbitrary versions of them, which leads to a wrong
version of cryptography being installed and the build failing.
Note that Cloud dependencies (pillar and the like) has to have their
build dependencies pinned in the same exact manner, for the same reason.

Pins all the runtime dependencies as well, because Cloud can only use
poetry==1.0 due to its source dependencies, so there's no
"poetry lock --no-update" and each "poetry lock" updates arbitrary packages.
---
 deploy/README.md              |  2 +-
 docker/3_buildwheels/build.sh |  7 ++++-
 poetry.lock                   | 43 ++++++++++++++++++++++++----
 pyproject.toml                | 54 +++++++++++++++++++++++++++++++++--
 4 files changed, 97 insertions(+), 9 deletions(-)

diff --git a/deploy/README.md b/deploy/README.md
index 23ec6c9..3922dce 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -35,5 +35,5 @@ For `xxx` there are:
 
 ## Hacking Stuff
 
-To deploy another branch than `production`, do `export DEPLOY_BRANCH=otherbranch` before starting
+To deploy another branch than `production`, do `export STAGING_BRANCH=otherbranch` before starting
 the above commands.
diff --git a/docker/3_buildwheels/build.sh b/docker/3_buildwheels/build.sh
index 21ab783..5a9d049 100755
--- a/docker/3_buildwheels/build.sh
+++ b/docker/3_buildwheels/build.sh
@@ -33,10 +33,15 @@ docker run --rm -i \
     -v "$TOPDEVDIR:/data/topdev" \
     $DOCKER_IMAGE_NAME <<EOT
 set -e
+set -x
+
+# Globally upgrade Pip, so that we can get a compatible version of the cryptography package.
+# See https://github.com/pyca/cryptography/issues/5771
+pip3 install --upgrade pip setuptools wheel
 
 # Pin poetry to 1.0, as more recent version to not support nested filesystem package
 # dependencies.
-pip3 install wheel poetry==1.0
+pip3 install wheel poetry==1.0 cryptography==2.7
 
 # Build wheels for all dependencies.
 cd /data/topdev/blender-cloud
diff --git a/poetry.lock b/poetry.lock
index 1cf6056..751e5cb 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -46,6 +46,7 @@ python-versions = "~3.6"
 version = "1.1dev0"
 
 [package.dependencies]
+cryptography = "2.7"
 pillar = "*"
 svn = "~0.3"
 
@@ -215,7 +216,6 @@ version = "7.0"
 [[package]]
 category = "dev"
 description = "Cross-platform colored terminal text."
-marker = "sys_platform == \"win32\""
 name = "colorama"
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
@@ -345,6 +345,7 @@ python-versions = "~3.6"
 version = "2.3dev0"
 
 [package.dependencies]
+cryptography = "2.7"
 pillar = "*"
 pyjwt = "1.7.1"
 
@@ -702,7 +703,6 @@ version = "1.5"
 [[package]]
 category = "dev"
 description = "More routines for operating on iterables, beyond itertools"
-marker = "python_version > \"2.7\""
 name = "more-itertools"
 optional = false
 python-versions = ">=3.4"
@@ -780,8 +780,8 @@ attrs = "~19"
 bcrypt = "~3"
 bleach = "~3.1"
 blinker = "~1.4"
-celery = "~4.3"
 commonmark = "~0.9"
+cryptography = "2.7"
 elasticsearch = "~6.1"
 elasticsearch-dsl = "~6.1"
 gcloud = "~0.18"
@@ -791,11 +791,18 @@ ndg-httpsclient = "~0.5"
 pillarsdk = "*"
 python-dateutil = "~2.8"
 rauth = "~0.7"
-raven = "~6.10"
 redis = "~3.2"
 shortcodes = "~2.5"
 zencoder = "~0.6"
 
+[package.dependencies.celery]
+extras = ["redis"]
+version = "~4.3"
+
+[package.dependencies.raven]
+extras = ["flask"]
+version = "~6.10"
+
 [package.source]
 reference = ""
 type = "directory"
@@ -831,6 +838,7 @@ python-versions = "^3.5"
 version = "1.10"
 
 [package.dependencies]
+cryptography = "2.7"
 pyOpenSSL = "~19"
 requests = "~2"
 
@@ -1036,6 +1044,15 @@ optional = false
 python-versions = "*"
 version = "6.10.0"
 
+[package.dependencies]
+[package.dependencies.Flask]
+optional = true
+version = ">=0.8"
+
+[package.dependencies.blinker]
+optional = true
+version = ">=1.1"
+
 [package.extras]
 flask = ["Flask (>=0.8)", "blinker (>=1.1)"]
 tests = ["bottle", "celery (>=2.5)", "coverage (<4)", "exam (>=0.5.2)", "flake8 (3.5.0)", "logbook", "mock", "nose", "pytz", "pytest (>=3.2.0,<3.3.0)", "pytest-timeout (1.2.1)", "pytest-xdist (1.18.2)", "pytest-pythonpath (0.7.2)", "pytest-cov (2.5.1)", "pytest-flake8 (1.0.0)", "requests", "tornado (>=4.1,<5.0)", "tox", "webob", "webtest", "wheel", "anyjson", "zconfig", "Flask (>=0.8)", "blinker (>=1.1)", "Flask-Login (>=0.2.0)", "blinker (>=1.1)", "sanic (>=0.7.0)", "aiohttp"]
@@ -1141,6 +1158,7 @@ python-versions = "~3.6"
 version = "1.1dev0"
 
 [package.dependencies]
+cryptography = "2.7"
 pillar = "*"
 
 [package.source]
@@ -1197,6 +1215,17 @@ dev = ["pytest", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinx-i
 termcolor = ["termcolor"]
 watchdog = ["watchdog"]
 
+[[package]]
+category = "main"
+description = "A built-package format for Python"
+name = "wheel"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7"
+version = "0.35.1"
+
+[package.extras]
+test = ["pytest (>=3.0.0)", "pytest-cov"]
+
 [[package]]
 category = "main"
 description = "A flexible forms validation and rendering library for Python web development."
@@ -1232,7 +1261,7 @@ docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
 testing = ["pathlib2", "contextlib2", "unittest2"]
 
 [metadata]
-content-hash = "265c6813c52bdf5230bc37b324a171cd457bb8ba13629afce81724cc8b5d1a01"
+content-hash = "118d1166a7f31cbd59191bd86521cf9a80a1f537f747bb7d4d5be0bfec71b45d"
 python-versions = "~3.6"
 
 [metadata.files]
@@ -1871,6 +1900,10 @@ werkzeug = [
     {file = "Werkzeug-0.15.4-py2.py3-none-any.whl", hash = "sha256:865856ebb55c4dcd0630cdd8f3331a1847a819dda7e8c750d3db6f2aa6c0209c"},
     {file = "Werkzeug-0.15.4.tar.gz", hash = "sha256:a0b915f0815982fb2a09161cb8f31708052d0951c3ba433ccc5e1aa276507ca6"},
 ]
+wheel = [
+    {file = "wheel-0.35.1-py2.py3-none-any.whl", hash = "sha256:497add53525d16c173c2c1c733b8f655510e909ea78cc0e29d374243544b77a2"},
+    {file = "wheel-0.35.1.tar.gz", hash = "sha256:99a22d87add3f634ff917310a3d87e499f19e663413a52eb9232c447aa646c9f"},
+]
 wtforms = [
     {file = "WTForms-2.2.1-py2.py3-none-any.whl", hash = "sha256:e3ee092c827582c50877cdbd49e9ce6d2c5c1f6561f849b3b068c1b8029626f1"},
     {file = "WTForms-2.2.1.tar.gz", hash = "sha256:0cdbac3e7f6878086c334aa25dc5a33869a3954e9d1e015130d65a69309b3b61"},
diff --git a/pyproject.toml b/pyproject.toml
index 4b6b30a..72d6a84 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -15,11 +15,61 @@ pillar = {path = "../pillar"}
 attract = {path = "../attract"}
 flamenco = {path = "../flamenco"}
 svnman = {path = "../pillar-svnman"}
+amqp = "2.5.0"
+asn1crypto = "0.24.0"
+attrs = "19.1.0"
+babel = "2.7.0"
+bcrypt = "3.1.6"
+billiard = "3.6.0.0"
+bleach = "3.1.0"
+celery = "4.3.0"
+cerberus = "1.3.1"
+certifi = "2019.3.9"
+cffi = "1.12.3"
+chardet = "3.0.4"
+click = "7.0"
+commonmark = "0.9.0"
+cryptography = "2.7"
+eve = "0.9.1"
+fasteners = "0.15"
+flask = "1.0.3"
+flask-wtf = "0.14.2"
+future = "0.17.1"
+google-apitools = "0.5.28"
+googleapis-common-protos = "1.6.0"
+grpcio = "1.21.1"
+httplib2 = "0.12.3"
+ipaddress = "1.0.22"
+jinja2 = "2.10.1"
+kombu = "4.6.0"
+protobuf = "3.8.0"
+pyasn1 = "0.4.5"
+pyasn1-modules = "0.2.5"
+pycparser = "2.19"
+pymongo = "3.8.0"
+pyopenssl = "19.0.0"
+pytz = "2019.1"
+requests = "2.22.0"
+rsa = "4.0"
+setuptools = "51.0.0"
+shortcodes = "2.5.0"
+simplejson = "3.16.0"
+six = "1.12.0"
+wheel = "0.35.1"
+wtforms = "2.2.1"
 
 [tool.poetry.dev-dependencies]
 pillar-devdeps = {path = "../pillar/devdeps"}
-
+responses = "0.10.6"
+zipp = "0.5.1"
+py = "1.8.0"
+colorama = "0.4.1"
+importlib-metadata = "0.17"
+more-itertools = "7.0.0"
+coverage = "4.5.3"
+pluggy = "0.12.0"
+atomicwrites = "1.3.0"
 
 [build-system]
-requires = ["poetry>=0.12"]
+requires = ["poetry==1.0","cryptography==2.7","setuptools==51.0.0","wheel==0.35.1"]
 build-backend = "poetry.masonry.api"