On Thursday, March 27, 2025 9:29:33 PM Pacific Daylight Time Fred Wright via devel wrote: > On Fri, 28 Mar 2025, Matt Selsky wrote: > > On Thu, Mar 27, 2025 at 02:48:54PM -0700, Fred Wright via devel wrote: > >> I've confirmed that it works with Python 2.7, including building the > >> extension. That means that shebanging it to 'python3' is inappropriate, > >> unless there are systems with a 'python3' command and no 'python' > >> command. > > > > Hi Fred, > > > > There are definitely systems with python3 and no python. Eg, Debian 12 for > > example. > > > > What specifically is currently shebanged to python3 and maybe needs to be > > changed? > I'm referring to waf. It's easily worked around, though technically not > having a 'python' command is a bug, since code that works with both Python > 2 and Python 3 is supposed to use the more generic 'python' in the shebang > line. The absence of Python 2 doesn't change that.
It breaks the embedded signature few people check. ``` $ wget https://gitlab.com/ita1024/waf/raw/master/utils/verify-sig.py Saving 'verify-sig.py' HTTP response 200 [https://gitlab.com/ita1024/waf/raw/master/utils/verify-sig.py] verify-sig.py 100% [============================>] 1.27K --.-KB/s [Files: 1 Bytes: 1.27K [1.54KB/s] Redirects: 0 Todo: 0 Errors: 0 ] $ gpg --receive-keys 8C7EB2F93B0C45F5732FE5D11BAC571DCD772295 gpg: key 1BAC571DCD772295: public key "Waf Project <nore...@waf.io>" imported gpg: Total number processed: 1 gpg: imported: 1 $ python ./verify-sig.py -> 'gpg --verify waf-sig.asc' gpg: assuming signed data in 'waf-sig' gpg: Signature made Tue 12 Nov 2024 11:09:43 AM PST gpg: using RSA key 8C7EB2F93B0C45F5732FE5D11BAC571DCD772295 gpg: Good signature from "Waf Project <nore...@waf.io>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 8C7E B2F9 3B0C 45F5 732F E5D1 1BAC 571D CD77 2295 $ sed "1s/3$//" -i waf $ python ./verify-sig.py -> 'gpg --verify waf-sig.asc' gpg: assuming signed data in 'waf-sig' gpg: Signature made Tue 12 Nov 2024 11:09:43 AM PST gpg: using RSA key 8C7EB2F93B0C45F5732FE5D11BAC571DCD772295 gpg: BAD signature from "Waf Project <nore...@waf.io>" [unknown] ``` _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
