Hide Forgot
python-pygments is currently a hard requirement of the python-cheetah package. Cheetah actually will run without this -- it's just needed for a code syntax highlighting filter. And, it pulls in some dependencies I'd really rather keep out of the cloud image, particularly because they are security-hole-prone graphics libs. I tested and cheetah degrades reasonably when pygments is not installed -- telling you to add it, rather than tracebacking.
Mike, can we escalate this? python-pygments brings 25 new packages into the cloud images, comprising 54mb on disk, and including lcms2, openjpeg2 and libjpeg-turbo, libtiff, ghostscript, and libX11. This _significantly_ increases our security surface.
Less important, but this goes for python-markdown too.
These are the packages that require python-cheetah: cloud-init-0:0.7.5-6.fc21 cobbler-0:2.6.1-2.fc21 gnuradio-0:3.7.3-4.fc21 koji-builder-0:1.9.0-3.fc21 koji-web-0:1.9.0-3.fc21 mgarepo-0:1.10.2-5.fc21 python-cinder-0:2014.1.1-2.fc21 python-nova-0:2014.1-3.fc21 python-paste-script-0:1.7.5-8.fc21 python-turbocheetah-0:1.0-13.fc21 viewmtn-0:0.10-12.20100308mtn0030ad67.fc21 If it would be helpful, I could file bugs against those of these where python-pygments support might make sense, so they could require it directly.
I assume you don't care if it BuildRequires: python-pygments and python-markdown? The Requires: are the only problem?
(In reply to Mike Bonnet from comment #4) > I assume you don't care if it BuildRequires: python-pygments and > python-markdown? The Requires: are the only problem? Correct -- I don't care about buildrequires as long as it can bring in less baggage at runtime. Thanks!
Created attachment 910543 [details] spec file patch to remove these dependencies. Patch attached. Put through basic testing; seems fine. Cheetah's built-in tests even pass without these installed (although appropriate warnings are raised).
http://koji.fedoraproject.org/koji/buildinfo?buildID=539134 I truncated the changelog, seemed a bit verbose. Hope you don't mind.
I don't mind. :) I'll contact the maintainers of the dependent packages (and CC you) about the possible need to add the dependencies directly.
Is this going to migrate to EPEL7?
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.