Bug 1025787 - remove python-pygments hard requirement
remove python-pygments hard requirement
Product: Fedora
Classification: Fedora
Component: python-cheetah (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Mike Bonnet
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-11-01 11:02 EDT by Matthew Miller
Modified: 2016-07-19 06:33 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-07-19 06:33:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
spec file patch to remove these dependencies. (1.91 KB, patch)
2014-06-19 17:13 EDT, Matthew Miller
no flags Details | Diff

  None (edit)
Description Matthew Miller 2013-11-01 11:02:10 EDT
python-pygments is currently a hard requirement of the python-cheetah package. Cheetah actually will run without this -- it's just needed for a code syntax highlighting filter. And, it pulls in some dependencies I'd really rather keep out of the cloud image, particularly because they are security-hole-prone graphics libs.

I tested and cheetah degrades reasonably when pygments is not installed -- telling you to add it, rather than tracebacking.
Comment 1 Matthew Miller 2014-06-17 08:54:00 EDT
Mike, can we escalate this? python-pygments brings 25 new packages into the cloud images, comprising 54mb on disk, and including lcms2, openjpeg2 and libjpeg-turbo, libtiff, ghostscript, and libX11. This _significantly_ increases our security surface.
Comment 2 Matthew Miller 2014-06-17 08:59:37 EDT
Less important, but this goes for python-markdown too.
Comment 3 Matthew Miller 2014-06-17 11:12:31 EDT
These are the packages that require python-cheetah:


If it would be helpful, I could file bugs against those of these where python-pygments support might make sense, so they could require it directly.
Comment 4 Mike Bonnet 2014-06-17 12:34:31 EDT
I assume you don't care if it BuildRequires: python-pygments and python-markdown?  The Requires: are the only problem?
Comment 5 Matthew Miller 2014-06-17 12:58:03 EDT
(In reply to Mike Bonnet from comment #4)
> I assume you don't care if it BuildRequires: python-pygments and
> python-markdown?  The Requires: are the only problem?

Correct -- I don't care about buildrequires as long as it can bring in less baggage at runtime. Thanks!
Comment 6 Matthew Miller 2014-06-19 17:13:21 EDT
Created attachment 910543 [details]
spec file patch to remove these dependencies.

Patch attached. Put through basic testing; seems fine.

Cheetah's built-in tests even pass without these installed (although appropriate warnings are raised).
Comment 7 Mike Bonnet 2014-06-19 17:46:26 EDT

I truncated the changelog, seemed a bit verbose.  Hope you don't mind.
Comment 8 Matthew Miller 2014-06-19 18:15:00 EDT
I don't mind. :) I'll contact the maintainers of the dependent packages (and CC you) about the possible need to add the dependencies directly.
Comment 9 Orion Poplawski 2014-10-06 22:45:19 EDT
Is this going to migrate to EPEL7?
Comment 10 Jaroslav Reznik 2015-03-03 12:10:33 EST
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
Comment 11 Fedora End Of Life 2016-07-19 06:33:05 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.