[Bf-committers] Bundling Python `requests` module for 2.70

Sun Mar 2 16:39:02 CET 2014

Follow up on this thread,

Requests do tag releases:
https://github.com/kennethreitz/requests/releases

And we can avoid including CACERT.pem (you have to parse
`verify=False` when making requests for now) .

And the UUID on windows issue can be worked around fairly easily by
monkey patching in a new `choose_boundary` function.
https://developer.blender.org/D321#comment-15
... not ideal but works OK for now.

On Wed, Feb 19, 2014 at 9:22 AM, Thomas Dinges <blender at dingto.org> wrote:
> There is a patch for this here: https://developer.blender.org/T38364
>
> Am 18.02.2014 um 22:59 schrieb Campbell Barton <ideasman42 at gmail.com>:
>
>> Theres another issue thats come up,
>>
>> The addon is using a slightly modified version of `requests` since
>> blender/python/ms-windows has a bug importing `uuid`,
>> https://github.com/sketchfab/blender-exporter/commit/782d1791ba7005f92e578309b6158780957d2248
>>
>> For more details on issue importing uuid, see:
>>
>> https://developer.blender.org/T27666
>> http://bugs.python.org/issue17213
>>
>> Would be really good to resolve this, its been an issue for years now.
>>
>>
>> On Tue, Feb 18, 2014 at 8:43 PM, Sergey Sharybin <sergey.vfx at gmail.com> wrote:
>>> It's not so much clear how to grab sources actually.
>>>
>>> Home page mentions release 2.3.0, but there's no release archive on the
>>> site and i don't really see tag in their repo.We could use latest master,
>>> but that i feel a bit paranoid to do because wouldn't b able to test.
>>>
>>> Any thoughts here?
>>>
>>>
>>> On Tue, Feb 18, 2014 at 12:08 PM, Trouble Daemon <troubledaemon at gmail.com>wrote:
>>>
>>>> Hey,
>>>>
>>>> I did a local pip install of the requests file to take a look at the
>>>> cacert.pem file. It would appear that it is a copy of all the main
>>>> certificate authorities for use with SSL, so it would be rather large.
>>>>
>>>> I was a little concerned to see other posts online (
>>>> https://mail.python.org/pipermail/python-dev/2013-October/129755.html)
>>>> that
>>>> mentioned things like being slightly out of date, ignoring checks for
>>>> revoked certs, and what not, so they seem a little on the slow on the
>>>> update end of things.
>>>>
>>>> I can't (won't) verify the actual authenticity of all of those certs to
>>>> prove that they aren't "fake" or anything, but probably minor since only
>>>> HTTPS requests using this lib would be able to be MITM'd if there were some
>>>> fakes in there (unless they found a way to install into your browser
>>>> storage via another script since users generally have full access to their
>>>> own browser settings, for example).
>>>>
>>>> Personally I wish they would set this up to point at the system maintained
>>>> certs, but these paths vary too much on the OS's and would require root
>>>> access. If you ask me, it is a can of worms to install CA files on to a
>>>> users system as that is half of the attack (getting the file on someones
>>>> computer, the second being to install it in the proper place and MITM a
>>>> users connection). Wouldn't it be better to leave out and tell the user
>>>> that if they want SSL, they should configure the library to point at the
>>>> system wide certs instead?
>>>>
>>>>
>>>> Dan
>>>>
>>>>
>>>>
>>>> On Mon, Feb 17, 2014 at 10:35 PM, Campbell Barton <ideasman42 at gmail.com
>>>>> wrote:
>>>>
>>>>> This is coming a bit late in the release cycle, but I've been asked to
>>>>> review an addon for Sketchfab, to see if we can include in 2.70.
>>>>>
>>>>> The addon its self is quite small and wont be enabled by default,
>>>>> however its using a python module called `requests`.
>>>>>
>>>>> Most likely this can be used by other scripts too since its a popular
>>>>> module.
>>>>>
>>>>> Bundling this isn't such a problem since this is pure python (just zip
>>>>> it up and include in lib/ for OSX, MS-Windows, Linux can copy from
>>>>> from Python's install dir).
>>>>>
>>>>> However this will take some work to update scons and cmake, and
>>>>> testing it works.
>>>>>
>>>>> Theres the issue of incresed size, did a quick test and it bzip2's
>>>>> down to 342kb,
>>>>> Though much of the space is used by `cacert.pem`,  without that file its
>>>>> 180kb
>>>>>
>>>>> I did a quick check and seems that file is optional since you can use
>>>>> cacerts provided by the system instead (but not totally sure at the
>>>>> point).
>>>>>
>>>>>
>>>>> So I'm proposing to include the Python module,
>>>>> I'll setup SCons and CMake for Linux and Windows and upload requests
>>>>> archive to lib/, but will need someone else to handle OSX or at least
>>>>> test it works ok.
>>>>>
>>>>>
>>>>> To be clear, Blender wont execute anything extra by default on
>>>>> startup, this just makes a Python module available for scripts to use
>>>>> if they need, and increases Blender's download size.
>>>>>
>>>>> ---
>>>>>
>>>>> Extra info.
>>>>>
>>>>> Addon URL if anyones interested:
>>>>> https://developer.blender.org/D321
>>>>>
>>>>> Requests website:
>>>>> http://requests.readthedocs.org
>>>>> --
>>>>> - Campbell
>>>>> _______________________________________________
>>>>> Bf-committers mailing list
>>>>> Bf-committers at blender.org
>>>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>>>>
>>>> _______________________________________________
>>>> Bf-committers mailing list
>>>> Bf-committers at blender.org
>>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>>>
>>>
>>>
>>>
>>> --
>>> With best regards, Sergey Sharybin
>>> _______________________________________________
>>> Bf-committers mailing list
>>> Bf-committers at blender.org
>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>
>>
>>
>> --
>> - Campbell
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

-- 
- Campbell