Bug 2216297
| Summary: | Review Request: rust-expectrl - Tool for automating terminal applications in Unix like Don libes expect | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | blinxen <h-k-81> |
| Component: | Package Review | Assignee: | Nobody's working on this, feel free to take it <nobody> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | decathorpe, package-review |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-06-24 18:07:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
blinxen
2023-06-20 19:09:50 UTC
Hm, this crate is going to be problematic: The dependency on "python" is not good, since this resolves to "python-unversioned-command", which should no longer be used. However, the source code explicitly spawns "python" processes, so this would likely need to be patched in all places to spawn "python3" instead (or patch out the "spawn_python()" functions in "src/repl.rs"). Though looking at the source code, I'm almost certain that most of this stuff is never going to be used anyway (I doubt that anything will try to spawn a PowerShell REPL on Linux). Additionally, the "Requires: python" (which should be "python3" as well) is ending up in a void, since it does not apply to any sub-package that's being built. You'd need to move it to the "-devel" subpackage for it to have the desired effect. However, looking at this weird crate, and the fact that it's likely only going to be used for running some tests, I'd drop the dependency and the tests that use it. It appears that only the gix-prompt crate would be affected? > The dependency on "python" is not good, since this resolves to "python-unversioned-command", which should no longer be used Any specific reason for this? Source? I tried looking into the python packaging guidelines but did not find anything relevant there. > Additionally, the "Requires: python" (which should be "python3" as well) is ending up in a void, since it does not apply to any sub-package that's being built. You'd need to move it to the "-devel" subpackage for it to have the desired effect. Makes sense > It appears that only the gix-prompt crate would be affected? ``` > rg expectrl Cargo.lock 1011:name = "expectrl" 2046: "expectrl", gix-prompt/CHANGELOG.md 65: - Finally update expectrl to get rid of security exception in tests ([`d45f57a`](https://github.com/Byron/gitoxide/commit/d45f57a714e29cc52239a3456cf0035c97339f73)) 159: - The first successful assertion, showing that expectrl can intercept the tty ([`8582697`](https://github.com/Byron/gitoxide/commit/8582697cc21adc5eeb67155a0e4b0e2780d37beb)) 222: - Upgrade `expectrl` - still comes with dependencies flagged as vulnerable though ([`f9312d5`](https://github.com/Byron/gitoxide/commit/f9312d5719056006267d50370d366fc316b882cf)) gix-prompt/tests/prompt.rs 11: let mut p = expectrl::spawn("../target/debug/examples/use-askpass").unwrap(); 15: p.expect(expectrl::Eof).unwrap(); 25: let mut p = expectrl::spawn("../target/debug/examples/credentials").unwrap(); 32: p.expect(expectrl::Eof).unwrap(); gix-prompt/Cargo.toml 28:expectrl = "0.7.0" ``` Yeah it seems that way. I guess deactivating the tests is not such a bad idea here. Closing this package review. |