top | item 28579898

(no title)

(I'm one of the cryptography authors)

We did not roll back our dependency, no, although our current release (3.4.x) allows you to disable Rust compilation via an environment variable specifically so we could understand where in the ecosystem challenges would occur. Our next release (now 35.0 based partially on feedback from the community around our unusual versioning) will hard depend on it for all X509 ASN.1 parsing. During the months since we did our first rust release, however, the `musllinux` specification and implementation has been finished so we expect to be able to ship binary wheels for Alpine very shortly. I am actually working on that today, with the only remaining blocker being an update to warehouse to allow wheel upload.

discuss

newman314|4 years ago

I think I ran into this problem while trying to Dockerize ansible to be able to run on ppc64le.

For other reasons, I have a need to be able to run an up to ansible on Linux on POWER. I think due to a lack of an available wheel for cryptography on ppc64le, I ended up having to include cargo in the dependency chain and subsequently a pretty large docker image (over 200MB). Ugh.

reaperhulk|4 years ago

You can avoid this by building cryptography as a docker stage and then just extract the wheel as part of your docker build process. Alternately if you install rust, build cryptography, and uninstall rust all in one layer then you can also avoid this issue.

gpm|4 years ago

I believe you should be able to avoid docker image size bloat by combining `install rust; do things that need rust; uninstall rust` into one run directive (same with anything that needs any compiler). It's not a runtime dependency.