mailman-web compress - Invalid template socialaccount/login_cancelled.html
Running an install on Debian12 VM. Getting a new error message that I haven't seen previously:
(venv) mailman@debian12:~$ mailman-web compress Compressing... Invalid template socialaccount/login_cancelled.html: Invalid block tag on line 7: 'element', expected 'endblock'. Did you forget to register or load this tag? Invalid template account/verified_email_required.html: Invalid block tag on line 7: 'element', expected 'endblock'. Did you forget to register or load this tag? Error parsing template socialaccount/signup.html: socialaccount/base.html done Compressed 2 block(s) from 78 template(s) for 1 context(s).
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
On 10/28/23 01:59, Odhiambo Washington wrote:
Running an install on Debian12 VM. Getting a new error message that I haven't seen previously:
(venv) mailman@debian12:~$ mailman-web compress Compressing... Invalid template socialaccount/login_cancelled.html: Invalid block tag on line 7: 'element', expected 'endblock'. Did you forget to register or load this tag? Invalid template account/verified_email_required.html: Invalid block tag on line 7: 'element', expected 'endblock'. Did you forget to register or load this tag?
These templates are part of django_allauth. What is your version of that? There are backwards incompatible changes in version 0.58. See https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst#backwards...
If you have 0.58 try
pip install django_allauth\<0.58
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
This is definitely an issue with django_allauth 0.58. See https://github.com/pennersr/django-allauth/issues/3503 and https://github.com/pennersr/django-allauth/pull/3504
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Sat, Oct 28, 2023 at 9:46 PM Mark Sapiro <mark@msapiro.net> wrote:
This is definitely an issue with django_allauth 0.58. See https://github.com/pennersr/django-allauth/issues/3503 and https://github.com/pennersr/django-allauth/pull/3504
Thank you for following up on the fix.
Consequent upon this django-allauth issue and the previous issue with psycopg2, how likely is it that new MM3 installations will suffer the effects? I am asking because I am doing my tests on a relatively vanilla system and just following the official documentation sin any deviations.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Consequent upon this django-allauth issue and the previous issue with psycopg2, how likely is it that new MM3 installations will suffer the effects? I am asking because I am doing my tests on a relatively vanilla system and just following the official documentation sin any deviations.
The allauth issue will happen until the allauth package is patched. Mark's patch was merged yesterday, so I suspect a new release will be imminent.
I've noticed the django-allauth ecosystem seems to be somewhat prone to breaking changes. I'm sure this discussion has happened before, but it may be worth pinning "known good" dependency versions for django-mailman -- either in the project, or in your documentation. It's definitely a headache for me since I rebuild my mailman container roughly weekly, and always need to allow time for functional testing or rollback to my last image.
There's not really a right answer here; either dependency versions are left open and the end user gets security updates for dependencies on their own schedule, or the Mailman maintainers have to monitor for security updates in the dependency tree and push a new mailman release. (This can also help ameliorate supply-chain attacks where an unverified update ends up in PyPI, but I'm not sure that's a realistic threat model for us.) I'm sure this is something the maintainers have considered in the past.
--Jered
Odhiambo,
It appears that django-allauth 0.58.1 has been released to fix this issue.
--Jered
----- On Oct 29, 2023, at 10:41 AM, Jered Floyd jered@convivian.com wrote:
Consequent upon this django-allauth issue and the previous issue with psycopg2, how likely is it that new MM3 installations will suffer the effects? I am asking because I am doing my tests on a relatively vanilla system and just following the official documentation sin any deviations.
The allauth issue will happen until the allauth package is patched. Mark's patch was merged yesterday, so I suspect a new release will be imminent.
I've noticed the django-allauth ecosystem seems to be somewhat prone to breaking changes. I'm sure this discussion has happened before, but it may be worth pinning "known good" dependency versions for django-mailman -- either in the project, or in your documentation. It's definitely a headache for me since I rebuild my mailman container roughly weekly, and always need to allow time for functional testing or rollback to my last image.
There's not really a right answer here; either dependency versions are left open and the end user gets security updates for dependencies on their own schedule, or the Mailman maintainers have to monitor for security updates in the dependency tree and push a new mailman release. (This can also help ameliorate supply-chain attacks where an unverified update ends up in PyPI, but I'm not sure that's a realistic threat model for us.) I'm sure this is something the maintainers have considered in the past.
--Jered
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to jered@convivian.com
Jered Floyd writes:
I've noticed the django-allauth ecosystem seems to be somewhat prone to breaking changes. I'm sure this discussion has happened before, but it may be worth pinning "known good" dependency versions for django-mailman
That's a double-edged sword, of course, because you will not get security upgrades etc either.
It seems to me that we generally only pin when there's a strong sense that the incompatibility will continue into the future. My sense is that it's not that allauth is subject to breaking changes (ie, deliberate backward incompatibility), more that it's prone to bugs that affect Mailman. In this case we see that django-allauth responded promptly with what appears to be a release to address this problem. I think that validates our past practice.
I think it's a good idea to keep a known-good requirements.txt from pip freeze around, but I'm not sure we should provide it.
On 10/30/23 20:58, Stephen J. Turnbull wrote:
Jered Floyd writes:
I've noticed the django-allauth ecosystem seems to be somewhat prone to breaking changes. I'm sure this discussion has happened before, but it may be worth pinning "known good" dependency versions for django-mailman
That's a double-edged sword, of course, because you will not get security upgrades etc either.
I agree, but past few days I've been thinking if we should do _something_ about it so that after a while 'pip install' doesn't just start failing for folks forcing us to do another release to pin to a version that we support.
In the past, we've had to do that a couple of times for various packages and maybe it doesn't make sense for to pin to a very specific version, but maybe we can provide a requirements.txt with "~=" compatible release requirements so it doesn't stop newer bugfix/security releases from being installed.
There will still be issues with packages that don't follow semver or unknown bugs (which was the case IIUC in allauth) that creep up, but it can still prevent us from intentional compat changes made by bumping major version.
Thoughts?
-- thanks, Abhilash Raj (maxking)
the "requirements.txt with "~=" compatible" bit sounds reasonable. By the way, the current rolling release of your docker image sports the 0.58.2 version and seems to work just fine.
Am 2. November 2023 um 09:24 schrieb "Abhilash Raj" <maxking@asynchronous.in <mailto:maxking@asynchronous.in?to=%22Abhilash%20Raj%22%20%3Cmaxking%40asynchronous.in%3E>>:
(...)
I agree, but past few days I've been thinking if we should do
_something_ about it so that after a while 'pip install' doesn't just
start failing for folks forcing us to do another release to pin to a
version that we support.
In the past, we've had to do that a couple of times for various
packages
and maybe it doesn't make sense for to pin to a very specific version,
but maybe we can provide a requirements.txt with "~=" compatible
release
requirements so it doesn't stop newer bugfix/security releases from
being installed.
There will still be issues with packages that don't follow semver or
unknown bugs (which was the case IIUC in allauth) that creep up, but it
can still prevent us from intentional compat changes made by bumping
major version.
Thoughts?
(...)On 10/29/23 01:57, Odhiambo Washington wrote:
Consequent upon this django-allauth issue and the previous issue with psycopg2, how likely is it that new MM3 installations will suffer the effects?
As noted in other replies, the django-allauth issue has been fixed in 0.58.1 and should not be an issue for anyone installing Mailman at this point.
Regarding your psycopg2 issue, it was apparently fixed when you upgraded from 2.8.6 to 2.9.9. Presumably you got 2.8.6 with the command
(venv)$ pip install wheel mailman psycopg2-binary\<2.9
shown at https://docs.mailman3.org/en/latest/install/virtualenv.html#installing-mailm...
Perhaps you didn't read the following paragraph which says in part "Currently Django>=2.2,<3.1 requires psycopg2-binary<2.9. See this issue. Later versions of Django will work with psycopg2-binary 2.9.x."
That said, I don't know why there was an issue with psycopg2-binary=2.8.6. I have an installation with that version and it works.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Sat, Oct 28, 2023 at 7:19 PM Mark Sapiro <mark@msapiro.net> wrote:
On 10/28/23 01:59, Odhiambo Washington wrote:
Running an install on Debian12 VM. Getting a new error message that I haven't seen previously:
(venv) mailman@debian12:~$ mailman-web compress Compressing... Invalid template socialaccount/login_cancelled.html: Invalid block tag on line 7: 'element', expected 'endblock'. Did you forget to register or load this tag? Invalid template account/verified_email_required.html: Invalid block tag on line 7: 'element', expected 'endblock'. Did you forget to register or load this tag?
These templates are part of django_allauth. What is your version of that? There are backwards incompatible changes in version 0.58. See
https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst#backwards...
(venv) mailman@debian12:~$ pip freeze | grep django-all django-allauth==0.58.0
If you have 0.58 try
pip install django_allauth\<0.58
>
After that, I end up with:
(venv) mailman@debian12:~$ pip freeze | grep django-all
django-allauth==0.57.0
And then `mailman-web compress` is happy.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
even after updating djengo-allauth to 0.60.1 the problem stay here is the snip $pip freeze | grep django-all django-allauth==0.60.1 $mailman_web compress >> Compressing... Error parsing template socialaccount/signup.html: socialaccount/base.html after downgrade to 0.57.0 $pip install django-allauth==0.57.0 $mailman_web compress >> Compressing... done Compressed 2 block(s) from 124 template(s) for 1 context(s). no errors this is very frustrating not able to buil working VENV mailman. my be the howto document must give the perfect working packages with exact version. for me each time i build venv i have different warning or erro.
amg hsn writes:
even after updating djengo-allauth to 0.60.1 the problem stay here is the snip $pip freeze | grep django-all django-allauth==0.60.1 $mailman_web compress >> Compressing... Error parsing template socialaccount/signup.html: socialaccount/base.html
I think you also need to update django-mailman3 and maybe mailmanweb. Have you done so?
Mark will probably have more information later.
Steve
On 1/24/24 02:38, amg hsn wrote: working packages with exact version.
for me each time i build venv i have different warning or erro.
I understand your frustration and I'm sorry.
The problem is that the current release of django-mailman3, 1.3.11, just requires django-allauth>=0.56, so a new install will get the latest django-allauth==0.60.1, but django-mailman3==1.3.11 is not compatible with django_allauth>=0.59. This will be fixed in the next release, but in the mean time, you can apply https://gitlab.com/mailman/django-mailman3/-/merge_requests/237/diffs and https://gitlab.com/mailman/django-mailman3/-/merge_requests/243/diffs to update django-mailman3 for compatibility with the latest django-allauth.
This can be an issue when any of our third party dependencies is upgraded in an incompatible way. Short of pinning all the dependencies to a specific version, there's not much we can do about it.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (7)
-
Abhilash Raj -
amg hsn -
Jered Floyd -
Jörg Schulz -
Mark Sapiro -
Odhiambo Washington -
Stephen J. Turnbull