Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 844058

Summary: dev-python/dnspython: make cryptography dependency optional
Product: Gentoo Linux Reporter: Michael Orlitzky <mjo>
Component: Current packagesAssignee: Python Gentoo Team <python>
Status: RESOLVED FIXED    
Severity: normal CC: jah, sam
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/26080
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: dnspython-2.2.1-r1.ebuild
metadata.xml

Description Michael Orlitzky gentoo-dev 2022-05-13 16:32:04 UTC 
I'm not sure where the current level of resignation is at regarding dev-python/cryptography, but this might buy someone a few extra weeks:

"If cryptography is installed, then dnspython will be able to do low-level DNSSEC RSA, DSA, ECDSA and EdDSA signature validation."

  - https://github.com/rthalley/dnspython/blob/master/doc/installation.rst

For example, validating SPF records with mail-filter/spf-engine (which uses pyspf, which uses dnspython) does not require this feature.

I would suggest USE=dnssec, to match its pyproject.toml.
Comment 1 Michael Orlitzky gentoo-dev 2022-06-07 21:07:15 UTC 
Created attachment 783503 [details]
dnspython-2.2.1-r1.ebuild
Comment 2 Michael Orlitzky gentoo-dev 2022-06-07 21:08:11 UTC 
Created attachment 783506 [details]
metadata.xml

nothing unexpected here; lets me update the mail servers without spending a week building rust for a feature that isn't used
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-07 21:13:28 UTC 
The problem is we don't necessarily know which of its reverse dependencies need the dnssec functionality.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-07 21:14:34 UTC 
(In reply to Sam James from comment #3)
> The problem is we don't necessarily know which of its reverse dependencies
> need the dnssec functionality.

I _think_ it might be quite limited to e.g. just some bitcoin client thing, but I'm not sure.
Comment 5 Michael Orlitzky gentoo-dev 2022-06-07 22:05:46 UTC 
Packages without working test suites get what they deserve =)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-08 03:48:57 UTC 
Alright, no objection from me then. It's a special case and worthwhile I think.
Comment 7 Mattias Merilai 2022-07-03 21:11:07 UTC 
Sounds cool to me.
Comment 8 Larry the Git Cow gentoo-dev 2022-07-04 06:57:36 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3190a16c0773fd2de65a6573727dd0d1475784f

commit c3190a16c0773fd2de65a6573727dd0d1475784f
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2022-06-26 10:43:37 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2022-07-04 06:57:29 +0000

    dev-python/dnspython: Make DNSSEC support optional (cryptography dep)
    
    Thanks to Michael Orlitzky.
    
    Closes: https://bugs.gentoo.org/844058
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-python/dnspython/dnspython-2.2.1-r1.ebuild | 52 ++++++++++++++++++++++++++
 dev-python/dnspython/metadata.xml              |  6 +++
 2 files changed, 58 insertions(+)