The ebuild for pipenv contains the following sed command in lines 98-100: ``` # remove python ruaml yaml sed --in-place -e "s/from pipenv\.vendor\.ruamel\.yaml import YAML/from ruaml\.yaml import YAML/g" pipenv/patched/safety/util.py || die "Failed sed in ruaml-yaml" sed --in-place -e "s/from pipenv\.vendor\.ruamel\.yaml\.error import MarkedYAMLError/from ruaml\.yaml\.error import MarkedYAMLError/g" pipenv/patched/safety/util.py || die "Failed sed in ruamel-yaml" ``` This command inserts a `from ruaml...` statement, but the package is `ruamel`, leading to a "No module named ruaml" error when running the pipenv check command. Reproducible: Always Steps to Reproduce: 1.run pipenv check 2. 3. Actual Results: $ pipenv check Checking PEP 508 requirements... Passed! Checking installed packages for vulnerabilities... Traceback (most recent call last): File "/usr/lib/python-exec/python3.11/pipenv", line 8, in <module> sys.exit(cli()) ^^^^^ File "/usr/lib/python3.11/site-packages/click/core.py", line 1130, in __call__ return self.main(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/pipenv/cli/options.py", line 57, in main return super().main(*args, **kwargs, windows_expand_args=False) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/click/core.py", line 1055, in main rv = self.invoke(ctx) ^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/click/core.py", line 1657, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/click/core.py", line 1404, in invoke return ctx.invoke(self.callback, **ctx.params) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/click/core.py", line 760, in invoke return __callback(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/click/decorators.py", line 84, in new_func return ctx.invoke(f, obj, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/click/core.py", line 760, in invoke return __callback(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/pipenv/cli/command.py", line 510, in check do_check( File "/usr/lib/python3.11/site-packages/pipenv/core.py", line 3018, in do_check from pipenv.patched.safety.cli import cli File "/usr/lib/python3.11/site-packages/pipenv/patched/safety/cli.py", line 12, in <module> from pipenv.patched.safety import safety File "/usr/lib/python3.11/site-packages/pipenv/patched/safety/safety.py", line 21, in <module> from .util import RequirementFile, read_requirements, Package, build_telemetry_data, sync_safety_context, SafetyContext, \ File "/usr/lib/python3.11/site-packages/pipenv/patched/safety/util.py", line 17, in <module> from ruaml.yaml import YAML ModuleNotFoundError: No module named 'ruaml' Expected Results: $ pipenv check Checking PEP 508 requirements... Passed! Checking installed packages for vulnerabilities... +=================================================================================================================================+ /$$$$$$ /$$ /$$__ $$ | $$ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ |_______/ \_______/|__/ \_______/ \___/ \____ $$ /$$ | $$ | $$$$$$/ by pyup.io \______/ +=================================================================================================================================+ REPORT Safety v2.3.2 is scanning for Vulnerabilities... Scanning dependencies in your files: -> /tmp/scratch-2FaiAiZL_r8o0r7c_requirements.txt Found and scanned 47 packages Timestamp 2023-04-28 11:27:38 0 vulnerabilities found 0 vulnerabilities ignored +=================================================================================================================================+ No known security vulnerabilities found. +=================================================================================================================================
Created attachment 860881 [details] Fixed ebuild Changing the sed commands to replace the typo with `ruamel` fixes pipenv check.
Created attachment 861032 [details, diff] patch Fixed ebuild but in the form of a patch.
This should be fixed by: https://github.com/gentoo/gentoo/pull/30866
b49ac8b31d3d99cad724b7ca4d756de8373d3740
