SecureDrop package build breakage due to setuptools
A few days ago, setuptools 50.0.0 release caused
breakage to many projects.
SecureDrop package builds was also
broken. We use
dh-virtualenv tool to build
the packages. Initially, we tried to use the experimental build system from
dh-virtualenv
. We could specify the version of the setuptools
to be
installed in the virtualenv while creating it.
This approach worked for Xenial
builds. As we are working to have proper builds
on Focal
(still work in progress), that was
broken due to the
above-mentioned change.
So, we again tried to
use Python's venv
module itself to create the virtual environment and use the
wheels from the /usr/share/python-wheels
directory to build the virtual
environment. Which works very nicely on Xenial
, but on Focal
the default
setuptools
version is 44.0.0
, which also
failed to install the
dependencies.
Now, we are actually getting the setuptools 46.0.0
wheel and replacing the
build container's default setuptools
wheel. The team spent a lot of time in
debugging and finding a proper fix for the package builds. Hopefully, we will
not get a similar breakage on the same kind of dependency error soon (the
actual package dependencies are pinned via hashes).