pip install --upgrade google.generativeai => Mac OS malware warning re rustc

Question

pip install --upgrade google.generativeai => Mac OS malware warning re rustc

fredzannarbor opened this issue 2 months ago · comments

Fred Zimmerman commented 2 months ago

Description of the bug:

Running pip install on google.generativeai produces a Mac OS malware alert related to rustc.

“rustc” will damage your computer. You should move it to the Trash.

Actual vs expected behavior:

Not trying to deposit malware on my system, or, helping Mac correctly recognize that this is not malware.

Any other information you'd like to share?

Collecting google.generativeai
Downloading google_generativeai-0.5.2-py3-none-any.whl (146 kB)
|████████████████████████████████| 146 kB 3.1 MB/s
Requirement already satisfied: tqdm in /Users/fred/miniconda3/lib/python3.9/site-packages (from google.generativeai) (4.63.0)
Collecting google-ai-generativelanguage==0.6.2
Downloading google_ai_generativelanguage-0.6.2-py3-none-any.whl (664 kB)
|████████████████████████████████| 664 kB 19.9 MB/s
Collecting pydantic
Downloading pydantic-2.7.1-py3-none-any.whl (409 kB)
|████████████████████████████████| 409 kB 21.0 MB/s
Collecting google-auth>=2.15.0
Downloading google_auth-2.29.0-py2.py3-none-any.whl (189 kB)
|████████████████████████████████| 189 kB 27.4 MB/s
Requirement already satisfied: typing-extensions in /Users/fred/miniconda3/lib/python3.9/site-packages (from google.generativeai) (4.5.0)
Collecting google-api-core
Downloading google_api_core-2.19.0-py3-none-any.whl (139 kB)
|████████████████████████████████| 139 kB 17.0 MB/s
Requirement already satisfied: protobuf in /Users/fred/miniconda3/lib/python3.9/site-packages (from google.generativeai) (3.20.3)
Collecting google-api-python-client
Downloading google_api_python_client-2.127.0-py2.py3-none-any.whl (12.7 MB)
|████████████████████████████████| 12.7 MB 19.4 MB/s
Collecting proto-plus<2.0.0dev,>=1.22.3
Downloading proto_plus-1.23.0-py3-none-any.whl (48 kB)
|████████████████████████████████| 48 kB 7.2 MB/s
Requirement already satisfied: requests<3.0.0.dev0,>=2.18.0 in /Users/fred/miniconda3/lib/python3.9/site-packages (from google-api-core->google.generativeai) (2.31.0)
Collecting googleapis-common-protos<2.0.dev0,>=1.56.2
Downloading googleapis_common_protos-1.63.0-py2.py3-none-any.whl (229 kB)
|████████████████████████████████| 229 kB 28.0 MB/s
Collecting grpcio<2.0dev,>=1.33.2
Downloading grpcio-1.63.0-cp39-cp39-macosx_10_9_universal2.whl (10.2 MB)
|████████████████████████████████| 10.2 MB 60.0 MB/s
Collecting grpcio-status<2.0.dev0,>=1.33.2
Downloading grpcio_status-1.63.0-py3-none-any.whl (14 kB)
Collecting rsa<5,>=3.1.4
Downloading rsa-4.9-py3-none-any.whl (34 kB)
Requirement already satisfied: cachetools<6.0,>=2.0.0 in /Users/fred/miniconda3/lib/python3.9/site-packages (from google-auth>=2.15.0->google.generativeai) (5.3.0)
Collecting pyasn1-modules>=0.2.1
Downloading pyasn1_modules-0.4.0-py3-none-any.whl (181 kB)
|████████████████████████████████| 181 kB 13.5 MB/s
Collecting grpcio-status<2.0.dev0,>=1.33.2
Downloading grpcio_status-1.62.2-py3-none-any.whl (14 kB)
Collecting protobuf
Using cached protobuf-4.25.3-cp37-abi3-macosx_10_9_universal2.whl (394 kB)
Collecting pyasn1<0.7.0,>=0.4.6
Downloading pyasn1-0.6.0-py2.py3-none-any.whl (85 kB)
|████████████████████████████████| 85 kB 7.8 MB/s
Requirement already satisfied: urllib3<3,>=1.21.1 in /Users/fred/miniconda3/lib/python3.9/site-packages (from requests<3.0.0.dev0,>=2.18.0->google-api-core->google.generativeai) (1.26.8)
Requirement already satisfied: charset-normalizer<4,>=2 in /Users/fred/miniconda3/lib/python3.9/site-packages (from requests<3.0.0.dev0,>=2.18.0->google-api-core->google.generativeai) (2.0.4)
Requirement already satisfied: idna<4,>=2.5 in /Users/fred/miniconda3/lib/python3.9/site-packages (from requests<3.0.0.dev0,>=2.18.0->google-api-core->google.generativeai) (3.3)
Requirement already satisfied: certifi>=2017.4.17 in /Users/fred/miniconda3/lib/python3.9/site-packages (from requests<3.0.0.dev0,>=2.18.0->google-api-core->google.generativeai) (2021.10.8)
Collecting httplib2<1.dev0,>=0.19.0
Downloading httplib2-0.22.0-py3-none-any.whl (96 kB)
|████████████████████████████████| 96 kB 12.6 MB/s
Collecting google-auth-httplib2<1.0.0,>=0.2.0
Downloading google_auth_httplib2-0.2.0-py2.py3-none-any.whl (9.3 kB)
Collecting uritemplate<5,>=3.0.1
Downloading uritemplate-4.1.1-py2.py3-none-any.whl (10 kB)
Requirement already satisfied: pyparsing!=3.0.0,!=3.0.1,!=3.0.2,!=3.0.3,<4,>=2.4.2 in /Users/fred/miniconda3/lib/python3.9/site-packages (from httplib2<1.dev0,>=0.19.0->google-api-python-client->google.generativeai) (3.0.9)
Collecting typing-extensions
Downloading typing_extensions-4.11.0-py3-none-any.whl (34 kB)
Collecting annotated-types>=0.4.0
Downloading annotated_types-0.6.0-py3-none-any.whl (12 kB)
Collecting pydantic-core==2.18.2
Downloading pydantic_core-2.18.2-cp39-cp39-macosx_10_12_x86_64.whl (1.9 MB)
|████████████████████████████████| 1.9 MB 2.7 MB/s
Installing collected packages: pyasn1, rsa, pyasn1-modules, protobuf, proto-plus, grpcio, googleapis-common-protos, google-auth, typing-extensions, httplib2, grpcio-status, google-api-core, uritemplate, pydantic-core, google-auth-httplib2, annotated-types, pydantic, google-api-python-client, google-ai-generativelanguage, google.generativeai
Attempting uninstall: protobuf
Found existing installation: protobuf 3.20.3
Uninstalling protobuf-3.20.3:
Successfully uninstalled protobuf-3.20.3
Attempting uninstall: typing-extensions
Found existing installation: typing-extensions 4.5.0
Uninstalling typing-extensions-4.5.0:
Successfully uninstalled typing-extensions-4.5.0
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
streamlit 1.20.0 requires protobuf<4,>=3.12, but you have protobuf 4.25.3 which is incompatible.
Successfully installed annotated-types-0.6.0 google-ai-generativelanguage-0.6.2 google-api-core-2.19.0 google-api-python-client-2.127.0 google-auth-2.29.0 google-auth-httplib2-0.2.0 google.generativeai-0.5.2 googleapis-common-protos-1.63.0 grpcio-1.63.0 grpcio-status-1.62.2 httplib2-0.22.0 proto-plus-1.23.0 protobuf-4.25.3 pyasn1-0.6.0 pyasn1-modules-0.4.0 pydantic-2.7.1 pydantic-core-2.18.2 rsa-4.9 typing-extensions-4.11.0 uritemplate-4.1.1

John Kurkowski · Answer 1 · Wed May 08 2024 08:59:03 GMT+0800 (China Standard Time)

I'm seeing the error as well, even during a "read-only" command like pip list. I don't use generative-ai-python. The package I have in common with the OP is Pydantic or pydantic-core, which are Rust-based. Maybe this issue should be reported in those repos?

John Kurkowski · Answer 2 · Wed May 08 2024 09:21:13 GMT+0800 (China Standard Time)

Actually, I don't think the issue is a particular Python package. I think the problem is having an outdated rustc installed on your PATH. pip checks the installed version of rustc passively. I removed my installed Cargo and Rust versions, and pip commands no longer trigger the macOS error dialog. 👍

Rust has published some security advisories lately. Maybe macOS just started flagging old versions.

Niraj Singh · Answer 3 · Wed May 08 2024 13:54:18 GMT+0800 (China Standard Time)

@fredzannarbor,

I tried installing generative-ai SDK on mac and it installed without any issues. Please make sure if other packages are causing the "rustc" warning. Thank you!

Ref:

Fred Zimmerman · Answer 4 · Wed May 08 2024 14:08:41 GMT+0800 (China Standard Time)

I did pip install -u RUST, then pip install -u google-generativeai, and the malware warning went away. So I suspect @john-kurkowski is correct that Apple was responding to Rust security issues.