Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 714866 - dev-python/awscli: requires old dev-python/{colorama,pyyaml,rsa}
Summary: dev-python/awscli: requires old dev-python/{colorama,pyyaml,rsa}
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Patrick Lauer
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 722500
  Show dependency tree
 
Reported: 2020-03-26 14:35 UTC by Michał Górny
Modified: 2020-08-11 21:09 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 14:35:24 UTC
NonsolvableDepsInDev: version 1.18.16: nonsolvable depset(depend) keyword(~amd64) dev profile (default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+) (2 total): solutions: [ <dev-python/colorama-0.4.2[-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-),python_targets_python3_6(-),python_targets_python3_7(-),python_targets_python3_8(-)] ]
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-03-29 07:20:55 UTC
  NonsolvableDepsInStable: version 1.18.16: nonsolvable depset(rdepend) keyword(~amd64) stable profile (default/linux/amd64/17.0) (28 total): solutions: [ <dev-python/rsa-3.5.0.0[-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-),python_targets_python3_6(-),python_targets_python3_7(-),python_targets_python3_8(-)] ]
Comment 2 Thomas Deutschmann gentoo-dev Security 2020-03-31 11:51:12 UTC
I am closing this bug as invalid.

Yes, software is sometimes not compatible with latest stuff. There was a known bug preventing the usage of latest colorama and pyyaml. But that doesn't justify a bug in Gentoo.

Anyway, this got fixed upstream and will be in Gentoo with 1.18.32.

Really no reason to CC treecleaners.
Comment 3 Larry the Git Cow gentoo-dev 2020-03-31 11:53:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=070f87608556531a768024550b6bc52e083a8a4b

commit 070f87608556531a768024550b6bc52e083a8a4b
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-31 11:52:30 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-31 11:53:19 +0000

    dev-python/awscli: bump to v1.18.32
    
    Bug: https://bugs.gentoo.org/714866
    Closes: https://bugs.gentoo.org/708682
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-python/awscli/Manifest              |  1 +
 dev-python/awscli/awscli-1.18.32.ebuild | 56 +++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
Comment 4 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-03-31 11:59:30 UTC
(In reply to Thomas Deutschmann from comment #2)
> I am closing this bug as invalid.

There is nothing invalid about it.  If users are prevented from upgrading, it's a bug and it should be fixed, and it should continue being open for as long as users are subject to it and developers are blocked with their work.

While I understand that some people seem to have problems with having bugs reported against their packages, I would like to remind you that bugs are primarily technical means of noting down problems, and that they are sometimes used as 'semaphores' -- i.e. to tell others when the issue is resolved and they can resume their work.
Comment 5 Thomas Deutschmann gentoo-dev Security 2020-03-31 12:03:59 UTC
Maybe people wouldn't have a problem if you wouldn't start filing those bugs with treecleaners CC'ed from the beginning. Because having treecleaners in CC is usually the signal that this package is on somebody's schedule for removal...

And from that P.O.V. this bug is invalid.
Comment 6 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-03-31 12:06:23 UTC
(In reply to Thomas Deutschmann from comment #5)
> Maybe people wouldn't have a problem if you wouldn't start filing those bugs
> with treecleaners CC'ed from the beginning. Because having treecleaners in
> CC is usually the signal that this package is on somebody's schedule for
> removal...
> 
> And from that P.O.V. this bug is invalid.

If you have a problem with a specific aspect of the bug, you should address the specific aspect of the bug instead of unprofessionally rejecting the whole bug.
Comment 7 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-05-11 17:36:40 UTC
  NonsolvableDepsInDev: version 1.18.16: nonsolvable depset(depend) keyword(~amd64) dev profile (default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+) (2 total): solutions: [ <dev-python/pyyaml-5.3.0[-python_single_target_python3_6(-),-python_single_target_python3_7(-),-python_single_target_python3_8(-),python_targets_python3_6(-),python_targets_python3_7(-),python_targets_python3_8(-)] ]
Comment 8 Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2020-05-31 18:27:17 UTC
I am taking over awscli and not quite sure what is this bug about, what is the action that is supposed to be done here?

Upstream defines deps as
    <dev-python/pyyaml-5.4.
    <dev-python/colorama-0.4.4

Do you want to keep this bug open until upstream decide to switch to newer release of deps?
Comment 9 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-05-31 19:58:12 UTC
FWICS rsa problem still applies.  The other two are not ideal either but I can live with them if you promise to quickly update and fix when the dependencies are updated.  Or ideally just make sure tests are working, unlock the deps and let users find out by failing tests when things actually break.
Comment 10 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-06-12 18:05:42 UTC
This is now blocking security cleanup of dev-python/rsa.  Even though the security project lead claimed this invalid.
Comment 11 John Helmert III (ajak) 2020-07-30 06:33:43 UTC
Looks like new version(s) upstream might address our grievances.
Comment 12 Sam James archtester gentoo-dev Security 2020-08-11 02:20:56 UTC
(In reply to John Helmert III (ajak) from comment #11)
> Looks like new version(s) upstream might address our grievances.

ping.
Comment 13 Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2020-08-11 20:30:10 UTC
Upstream can work with new rsa, even rsa-4.5, however colorama and pyyaml are still required in the low versions. I will push a version bump that no longer binds to old rsa module, but rest really still stays the same.
Comment 14 Larry the Git Cow gentoo-dev 2020-08-11 21:09:01 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=669fbd66bdebdf7ba444c7528bf818a6e14faddf

commit 669fbd66bdebdf7ba444c7528bf818a6e14faddf
Author:     Piotr Karbowski <slashbeast@gentoo.org>
AuthorDate: 2020-08-11 21:08:12 +0000
Commit:     Piotr Karbowski <slashbeast@gentoo.org>
CommitDate: 2020-08-11 21:08:56 +0000

    dev-python/awscli: 1.18.117 bump; relax rsa dependency.
    
    Bug: https://bugs.gentoo.org/714866
    Signed-off-by: Piotr Karbowski <slashbeast@gentoo.org>

 dev-python/awscli/Manifest               |  1 +
 dev-python/awscli/awscli-1.18.117.ebuild | 56 ++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)