Well, this sucks - consider this a PSA

User requested an enhancement to the LIFX Bridge plugin to support RGB light commands, so they can use the Harmony remotes to change light colors. Lots of programming grief followed, culminating in the discovery of a bug in the lifxlan library (Autolog take notice).

So I fork the repository, do a patch, do a pull request, and include the patched version in the plugin distribution. Great. Seems to work fine. Post a pre-release on GitHub for the user to install.

The user reports an install error. Unnoticed by me, lifxlan now requires the netifaces package. I already had it on my system, so I never noticed. I go to grab the package to bundle into the plugin. It's a compiled C binary. I don't think that's portable across systems. Give the user the pip command to install it.

Now the real drama starts. User has 10.12.6 with an older version of pip. Pre-TLS 1.2 version. Trying to install a package gives him:

Code: Select all

Collecting netifaces
Could not fetch URL https://pypi.python.org/simple/netifaces/: There was a problem confirming the ssl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:645) - skipping

Well, crap. pipit.python.org turned off TLS 1.0/1.1 support in April. If you don't have an up-to-date pip, you can't use pip to update itself.

User is trying different solutions. Both of my systems have an updated pip, so I can't test solutions myself.

This is the best post I've found so far: https://stackoverflow.com/questions/497 ... 5#49769015

Hi Joe,
I have PM'd you a solution/work-around to the netifaces issue and thanks for the heads-up on the LIFXLAN library bug.

Away at present but ran into the pip problem on my indigo system. Have managed to upgrade now but can’t recall the steps. Will check the server in a few days and see if I can find the solution I used in my browser history. It might have even been on these boards..

Couldn’t install any new modules.

[jay (support)]

Yet another area where Apple is really letting it's power users down and it's particularly bad for us: upgrading to High Sierra might break because of their driver bugs, but not upgrading is causing their Python install to break because of it's lack of support for modern security standards. Rock, meet hard place...

If any of our Apple employee users are listening, we would greatly appreciate it if you could help us escalate these issues. I know that it's not only our users that are running across these bugs and addressing them would go a long way towards restoring the failing confidence that has been building in many of us for a while now.

In the end, I decided to work around the issue by writing a stub version of netifaces to include in the plugin. So it's no longer required to install via pip.

But the problem is still there in general.

This is a kind of hack (as seen on StackExchange) that lets you install an updated version of pip that supports the new TLS2 stuff.

Open a terminal shell:

Code: Select all

sudo sh
curl https://bootstrap.pypa.io/get-pip.py | python
exit

It will ask for your login password before you can continue.
You should be very careful about doing this, as you are basically grabbing some random content from the web and running it with full privileges.
To confirm it's installed:

Code: Select all

pip install --upgrade pip

You will get a message saying "Requirement already up-to-date" blah blah blah