From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Bernd Kuhls <bernd@kuhls.net>
Cc: buildroot@buildroot.org, Antoine Tenart <atenart@kernel.org>,
Marcus Folkesson <marcus.folkesson@gmail.com>,
Julien Olivain <ju.o@free.fr>
Subject: Re: [Buildroot] [PATCH 1/1] package/libselinux: host-python3 needs SSL support
Date: Fri, 26 Dec 2025 18:32:20 +0100 [thread overview]
Message-ID: <20251226183220.5ae9e99c@windsurf> (raw)
In-Reply-To: <20251217184822.3765937-1-bernd@kuhls.net>
Hello Bernd,
On Wed, 17 Dec 2025 19:48:22 +0100
Bernd Kuhls <bernd@kuhls.net> wrote:
> WARNING: pip is configured with locations that require TLS/SSL,
> however the ssl module in Python is not available.
> [...]
> Could not fetch URL https://pypi.org/simple/setuptools/:
> There was a problem confirming the ssl certificate:
> HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded
> with url: /simple/setuptools/ (Caused by SSLError("Can't connect to
> HTTPS URL because the SSL module is not available.")) - skipping
> ERROR: Could not find a version that satisfies the requirement setuptools>=40.8.0 (from versions: none)
This should be a very strong red flag. Why is the build process of
libselinux even trying to connect to the network to download stuff? It
definitely should not, as everything should be downloaded by Buildroot.
Packages are not allowed to download random stuff.
> + select BR2_PACKAGE_HOST_PYTHON3_SSL if BR2_PACKAGE_PYTHON3
This doesn't work as it doesn't make sense: it is perfectly possible
for host-libselinux to be built, which will build host-python-pip,
without BR2_PACKAGE_PYTHON3=y.
See the build failures that continue to pop up:
https://autobuild.buildroot.net/?reason=host-libselinux%
For example:
https://autobuild.buildroot.net/results/0e9/0e9de0c0d8b6ec57eea9f8834f02076b296ba4f1/config
has:
# BR2_PACKAGE_PYTHON3 is not set
So your patch has no effect to fix the issue.
The solution is clearly not to add SSL support in Python. The solution
is to make sure libselinux doesn't use pip to connect over the network.
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-12-26 17:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-17 18:48 [Buildroot] [PATCH 1/1] package/libselinux: host-python3 needs SSL support Bernd Kuhls
2025-12-21 12:49 ` Julien Olivain via buildroot
2025-12-26 17:32 ` Thomas Petazzoni via buildroot [this message]
2025-12-27 14:59 ` Thomas Petazzoni via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251226183220.5ae9e99c@windsurf \
--to=buildroot@buildroot.org \
--cc=atenart@kernel.org \
--cc=bernd@kuhls.net \
--cc=ju.o@free.fr \
--cc=marcus.folkesson@gmail.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox