USE flag 'ssl' only disables building _ssl module currently. If openssl is found, _hashlib still is built instead of _sha and _md5. In Python-2.5.1/setup.py building _hashlib easily could be disabled using that 'global disable_ssl' variable set from os.environ["PYTHON_DISABLE_SSL"]. This may affect portage in a bad way: Consider one wants to remove openssl, doing: $ USE="-ssl" emerge -uDN world $ emerge -C openssl Now python was built finding openssl, thus not building _sha and _md5. After removing openssl, python lacks implementation for them. Eventually, _sha and _md5 should be build unconditionally, to always be available as fallbacks in case openssl is dropped/broken/upgraded/etc. Additionally, python2.5 only provides RMD160 when built _with_ openssl. There is some portage error message indicating python2.5 alone whould suffice: File "/prefix/usr/lib/portage/pym/portage/checksum.py", line 255, in perform_multiple_checksums raise portage.exception.DigestException, x+" hash function not available (needs dev-python/pycrypto or >=dev-lang/python-2.5)" portage.exception.DigestException: RMD160 hash function not available (needs dev-python/pycrypto or >=dev-lang/python-2.5) This happened here in alt/prefix during bootstrap, while neither openssl nor pycrypto where available along python2.5. (did not find time to create a patch for Python-2.5.1/setup.py yet, just figured out the issues)
Created attachment 136196 [details, diff] 04_all_disable_modules_and_ssl.patch Here is an updated version of our module disabling patch. It handles the first two problems. It won't build _hashlib when built without ssl USE flag and it builds _sha, _md5, _sha256 and _sha512 unconditionally so emerge will continue to work fine when python's _hashlib module is broken due to openssl. About the last issue, I think portage handles it fine when RMD160 is not available. The code after the comment '# Need special handling for RMD160 as it may not always be provided by hashlib.' in portage_checksum.py ignores ValueError raised when RMD160 is unavailable. That is for portage version 2.1.3.19
cc'ing portage team, can you please comment?
(In reply to comment #1) > Created an attachment (id=136196) [edit] > 04_all_disable_modules_and_ssl.patch I tested this patch with python-2.5.1-r3 and portage-2.1.3.19 and it seemed to work fine. After rebuilding python, there was no more _hashlib.so and NEEDED (from scanelf) didn't show any more ssl linkages. I unmerged pycrypto and python-fchksum and emerge still worked fine. Then I was not able to generate manifests because RMD160 was not available. Some other functions where available from the hashlib module though: >>> import portage_checksum >>> print portage_checksum.hashorigin_map {'SHA1': 'hashlib', 'SHA256': 'hashlib', 'MD5': 'hashlib'} Manifest generation isn't required to build packages, so the missing RMD160 hash isn't really an immediate problem. I've fixed it in svn to tolerate missing hashes if the most essential hashes are available (MD5 and SHA1).
I should also mention that portage-2.1.3.9 allowed me to create manifests again after I installed pycrypto: >>> import portage_checksum >>> print portage_checksum.hashorigin_map {'RMD160': 'pycrypto', 'SHA1': 'hashlib', 'SHA256': 'hashlib', 'MD5': 'hashlib'}
thanks, python-2.5.1-r4 uses this patch, which should fix this.
*** Bug 199984 has been marked as a duplicate of this bug. ***