Red Hat Bugzilla – Bug 1025787
remove python-pygments hard requirement
Last modified: 2016-07-19 06:33:05 EDT
python-pygments is currently a hard requirement of the python-cheetah package. Cheetah actually will run without this -- it's just needed for a code syntax highlighting filter. And, it pulls in some dependencies I'd really rather keep out of the cloud image, particularly because they are security-hole-prone graphics libs.
I tested and cheetah degrades reasonably when pygments is not installed -- telling you to add it, rather than tracebacking.
Mike, can we escalate this? python-pygments brings 25 new packages into the cloud images, comprising 54mb on disk, and including lcms2, openjpeg2 and libjpeg-turbo, libtiff, ghostscript, and libX11. This _significantly_ increases our security surface.
Less important, but this goes for python-markdown too.
These are the packages that require python-cheetah:
If it would be helpful, I could file bugs against those of these where python-pygments support might make sense, so they could require it directly.
I assume you don't care if it BuildRequires: python-pygments and python-markdown? The Requires: are the only problem?
(In reply to Mike Bonnet from comment #4)
> I assume you don't care if it BuildRequires: python-pygments and
> python-markdown? The Requires: are the only problem?
Correct -- I don't care about buildrequires as long as it can bring in less baggage at runtime. Thanks!
Created attachment 910543 [details]
spec file patch to remove these dependencies.
Patch attached. Put through basic testing; seems fine.
Cheetah's built-in tests even pass without these installed (although appropriate warnings are raised).
I truncated the changelog, seemed a bit verbose. Hope you don't mind.
I don't mind. :) I'll contact the maintainers of the dependent packages (and CC you) about the possible need to add the dependencies directly.
Is this going to migrate to EPEL7?
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.
More information and reason for this action is here:
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
Thank you for reporting this bug and we are sorry it could not be fixed.