Bug 2270911

Summary: oci-cli version pin blocks update of python-cryptography to 42.0
Product: [Fedora] Fedora Reporter: Christian Heimes <cheimes>
Component: oci-cliAssignee: Major Hayden 🤠 <mhayden>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 39CC: mhayden
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-04-11 20:07:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2246256    
Bug Blocks: 2251816    

Description Christian Heimes 2024-03-22 06:00:20 UTC 
The package has an upper limit for python-cryptography that prevents me to update the package with latest security updates. The version pin is likely coming from upstreams setup.py, requirements.txt, or pyproject.toml. Please remove the version limit and update the package in my side tag for F41, F40, and F39, e.g. fedpkg build --target=f41-build-side-86213

- f41-build-side-86213
- f40-build-side-86215
- f39-build-side-86167

$ dnf repoquery --requires oci-cli | grep cryptography
Last metadata expiration check: 0:31:31 ago on 2024-03-22T06:26:51 CET.
(python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 3.2.1)
$ dnf repoquery --nvr oci-cli
Last metadata expiration check: 0:32:16 ago on 2024-03-22T06:26:51 CET.
oci-cli-3.33.1-1.fc39
oci-cli-3.37.10-1.fc39


Reproducible: Always
Comment 1 Major Hayden 🤠 2024-03-22 11:35:45 UTC 
Looking at this now.
Comment 2 Christian Heimes 2024-03-22 11:49:08 UTC 
Thanks Major!

pgadmin4 maintainer solved the problem by patching the requirements: https://src.fedoraproject.org/rpms/pgadmin4/blob/rawhide/f/pgadmin4_requirements.patch . I don't know any better solution to override the pins while using "%pyproject_buildrequires".
Comment 3 Major Hayden 🤠 2024-03-22 12:42:36 UTC 
Yeah, that's my plan, too. 😢 I need to make some adjustments in python-oci + oci-cli to make this work.
Comment 4 Major Hayden 🤠 2024-03-22 12:55:27 UTC 
I'm trying to build python-oci in your side tag, but I'm having issues with pyopenssl:

Package "pyproject-rpm-macros-1.12.0-1.fc40.noarch" is already installed.
Package "python3-devel-3.12.2-2.fc41.aarch64" is already installed.
Package "python3-packaging-23.2-4.fc40.noarch" is already installed.
Package "python3-pip-24.0-2.fc41.noarch" is already installed.
Package "python3-pytest-7.4.3-3.fc40.noarch" is already installed.
Package "python3-setuptools-69.1.1-1.fc41.noarch" is already installed.
Package "python3-vcrpy-5.0.0-4.fc40.noarch" is already installed.
Package "python3-wheel-1:0.41.2-3.fc40.noarch" is already installed.
Problem: conflicting requests
  - nothing provides ((python3.12dist(cryptography) < 40 or python3.12dist(cryptography) > 40) with (python3.12dist(cryptography) < 40.0.1 or python3.12dist(cryptography) > 40.0.1) with python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 38) needed by python3-pyOpenSSL-23.2.0-3.fc40.noarch

Should I just try to get python-oci/oci-cli into rawhide directly instead?
Comment 5 Christian Heimes 2024-03-22 14:58:16 UTC 
For the record, the fix requires a new build of PyOpenSSL first.
Comment 6 Major Hayden 🤠 2024-04-11 20:06:56 UTC 
I forgot about this ticket and pushed some new builds of oci-cli/python-oci to rawhide, f40, and f39. All of these have the upper limits removed. I'm sorry for forgetting about your side tag! 🤦‍♂️