Bug 2044285

Summary: F36FailsToInstall: python3-social-auth-core+saml
Product: [Fedora] Fedora Reporter: Miro Hrončok <mhroncok>
Component: python-social-auth-coreAssignee: cqi
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 36CC: cqi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-social-auth-core-4.2.0-2.fc36 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-26 15:03:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1992487    

Description Miro Hrončok 2022-01-24 11:17:16 UTC 
Hello,

Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok).

Your package (python-social-auth-core) Fails To Install in Fedora 36:

can't install python3-social-auth-core+saml:
  - nothing provides python3.10dist(lxml) < 4.7~~ needed by python3-social-auth-core+saml-4.2.0-1.fc36.noarch
  
If you know about this problem and are planning on fixing it, please acknowledge so by setting the bug status to ASSIGNED. If you don't have time to maintain this package, consider orphaning it, so maintainers of dependent packages realize the problem.


If you don't react accordingly to the policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/), your package may be orphaned in 8+ weeks.

P.S. The data was generated solely from koji buildroot, so it might be newer than the latest compose or the content on mirrors.

P.P.S. If this bug has been reported in the middle of upgrading multiple dependent packages, please consider using side tags: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter-dependent-packages

Thanks!
Comment 1 cqi 2022-01-30 04:47:28 UTC 
Communication in upstream via https://github.com/python-social-auth/social-core/issues/659

Wait a while for feedback from upstream maintainer.
Comment 2 cqi 2022-02-07 04:12:22 UTC 
Both social-core upstream and its dependency python3-saml restricted to lxml<4.7.1, but 4.7.1 is available in rawhide YUM repos now.
Comment 3 Ben Cotton 2022-02-08 20:10:45 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle.
Changing version to 36.
Comment 4 cqi 2022-02-09 01:06:46 UTC 
@mhroncok How do we handle such kind of version conflict between Fedora and the upstream generally?

From my understand of this upstream issue, it depends on the specific environment using the python3-saml, but not happens always. A workaround might be to remove the version restriction and build the package, meanwhile declare the known issue in package description. Alternatively, keeping lxml<4.7.1 in Fedora repos for a while until the upstream fixes the issue. What do you think? Any idea or suggestions?
Comment 5 Miro Hrončok 2022-02-09 09:42:36 UTC 
> How do we handle such kind of version conflict between Fedora and the upstream generally?

First of all, when we update packages, we try to make sure it doesn't happen and if it must happen, we coordinate with the dependents ahead of time.

Ideally, the maintainer follows this checklist:

1. Ensure the updated package builds successfully.
2. Ensure the updated package installs and all the subpackages install as well.
3. Ensure all dependent packages still install and build, coordinate otherwise.

When it does happen, I have this checklist:

1. Why is the dependency pinned? Let's find out.
2. Is the reason still valid? If not, propose an upstream change to stop doing it.
3. Is the reason valid for upstream but not for Fedora? Relax the pin with sed or downstream patch, test.
4. The reason is very much valid for Fedora as well: Try to fix the problem by code change.
5. Am I not able to fix the problem by code change?
   a. (only applies to extra subpackages, like +saml here) See if the extra subpackage is depended-upon in Fedora and consider dropping it if not.
   b. Revert the change, with an epoch bump if need to be or package and maintain older lxml as a compact package.
Comment 6 Fedora Update System 2022-02-27 06:23:17 UTC 
FEDORA-2022-75d09805e2 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-75d09805e2
Comment 7 Fedora Update System 2022-02-27 13:42:26 UTC 
FEDORA-2022-75d09805e2 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-75d09805e2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-75d09805e2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Miro Hrončok 2022-03-01 09:14:22 UTC 
Hello,

Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok).

All subpackages of a package against which this bug was filled are now installable or removed from Fedora 37.

Thanks for taking care of it!
Comment 9 Fedora Update System 2022-03-26 15:03:53 UTC 
FEDORA-2022-75d09805e2 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.