Bug 1738194 (py2_removal_volatility) - python-volatility depends on Python 2
Summary: python-volatility depends on Python 2
Keywords:
Status: CLOSED DUPLICATE of bug 1775092
Alias: py2_removal_volatility
Product: Fedora
Classification: Fedora
Component: python-volatility
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michal Ambroz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: rr_volatility3
Blocks: F31_PY2REMOVAL
TreeView+ depends on / blocked
 
Reported: 2019-08-06 13:25 UTC by Lumír Balhar
Modified: 2019-11-21 12:15 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-21 12:15:19 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Spec file for volatility3 (3.24 KB, text/plain)
2019-10-25 23:25 UTC, Miro Hrončok
no flags Details

Description Lumír Balhar 2019-08-06 13:25:42 UTC
Python 2.7 will reach end-of-life in January 2020, over 9 years after it was released. This falls within the Fedora 31 lifetime.
Packages that depend on Python 2 are being switched to Python 3 or removed from Fedora: https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal#Information_on_Remaining_Packages
Python 2 will be retired in Fedora 32: https://fedoraproject.org/wiki/Changes/RetirePython2

To help planning, we'd like to know the plans for python-volatility's future. Specifically:


- What is the reason for the Python2 dependency? (Is it software written in Python, or does it just provide Python bindings, or use Python in the build system or test runner?) 

- What are the upstream/community plans/timelines regarding Python 3?

- What is the guidance for porting to Python 3? (Assuming that there is someone who generally knows how to port to Python 3, but doesn't know anything about the particular package, what are the next steps to take?)


This bug is filed semi-automatically, and might not have all the context specific to python-volatility.
If you need anything from us, or something is unclear, please mention it here.

Thank you.

Comment 1 Ben Cotton 2019-08-13 16:59:18 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.

Comment 2 Ben Cotton 2019-08-13 17:39:19 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.

Comment 3 Lumír Balhar 2019-08-15 06:38:32 UTC
Please answer the above questions. If you don't, the package can be orphaned: https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal#Information_on_Remaining_Packages

If you need any information or help, or if you need some more time, please let us know.

Comment 4 Lumír Balhar 2019-08-22 07:04:33 UTC
Please answer the above questions. If you don't, the package can be orphaned: https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal#Information_on_Remaining_Packages

If you need any information or help, or if you need some more time, please let us know.

Comment 5 Lumír Balhar 2019-08-29 05:23:29 UTC
Please answer the above questions. If you don't, the package can be orphaned: https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal#Information_on_Remaining_Packages

If you need any information or help, or if you need some more time, please let us know.

Comment 6 Miro Hrončok 2019-09-05 10:41:12 UTC
According to the procedure described in https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal#Information_on_Remaining_Packages the package was now orphaned. If you think it was a mistake, you can provide the answers and claim the package back.

Let us know if you need any help or just need more time.

Comment 7 Michal Ambroz 2019-09-19 14:47:48 UTC
Hello,
I would like to claim the volatility package.

>- What is the reason for the Python2 dependency? (Is it software written in Python, or does it just provide Python bindings, or use Python in the build system or test runner?) 
Software is written in python2 and is not working yet on python3.

>- What are the upstream/community plans/timelines regarding Python 3?
Upstream claims to be working on python3 support ( https://github.com/volatilityfoundation/volatility/issues/471 ), but I have not seen any progress within last year (https://github.com/volatilityfoundation/volatility/issues/155).

Most recent issue on github is this one:
https://github.com/volatilityfoundation/volatility/issues/598


> What is the guidance for porting to Python 3? (Assuming that there is someone who generally knows how to port to Python 3, but doesn't know anything about the particular package, what are the next steps to take?)
Package is forensics framework for dissecting and parsing binary structures in the memory dumps.
A lot of stuff depends on how the string used to work in python2 and logic will have to be rewritten to python3 binary arrays.

Best regards
Michal Ambroz

Comment 8 Lumír Balhar 2019-09-27 10:08:45 UTC
Well, it seems that the upstream is not active. Do you plan to port this package or request an exception?

Comment 9 Lumír Balhar 2019-10-04 12:29:53 UTC
No response from the upstream in the most recent issue. It seems that the upstream has no tests so the porting won't be easy. Do you have any plans?

Comment 10 Miro Hrončok 2019-10-06 13:04:01 UTC
I've talked to Michal during LinuxDays in Prague. I think the best course of action here is to request an exception to keep this. It only depends on python2-setuptools and python2-crypto. The dependency on setuptools seems to be optional (although removing it might result in .egg-info becoming a regular file that replaces a directory, so I'd only remove it if no other package requests an exception for setuptools).

Comment 11 Petr Viktorin (pviktori) 2019-10-07 08:10:50 UTC
Just get an exception for python2-setuptools?
It already has a separate python2 SRPM; keeping it alive might be less work than ripping it out. And it's a build-only dependency here.

Comment 12 Lumír Balhar 2019-10-14 08:02:30 UTC
Michale, what is your plan, please?

Comment 13 Michal Ambroz 2019-10-14 10:42:41 UTC
> Michale, what is your plan, please?
If possible I would like to keep the package for now as it is. 
It is currenlty working only in python2 at the moment and it is certainly giving the value as it is.

I will hope that the upstream will start migrating to python3, but so far I have not seen any significant movement to that.

Michal Ambroz

Comment 14 Lumír Balhar 2019-10-14 10:55:41 UTC
(In reply to Michal Ambroz from comment #13)
> > Michale, what is your plan, please?
> If possible I would like to keep the package for now as it is. 
> It is currenlty working only in python2 at the moment and it is certainly
> giving the value as it is.

Then, you have one month and one day to request a fesco exception (for example: https://pagure.io/fesco/issue/2243).

Let us know if you need any help.

Comment 15 Michal Ambroz 2019-10-14 21:50:23 UTC
Fesco request raised as https://pagure.io/fesco/issue/2247

Comment 16 Miro Hrončok 2019-10-25 23:25:37 UTC
Created attachment 1629346 [details]
Spec file for volatility3

Here's an attached specfile for volatility3 that can be packaged in addition to volatility but replaces it on F32+.

It has a new license, so I've asked at https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/thread/OHECHDPLDJ7LLFUZXQMBBAXEXYTQMXOR/

Comment 17 Michal Ambroz 2019-10-30 23:57:31 UTC
Thank you Miro for the SPEC, its more that I would be hoping for. Submitting the package review reuqest for it. 

Would you consider the python2-pycrypto -> pycryptodomex patch resulting from the fesco review to be worth of updating the packages in supported releases to reduce the dependecy on unsupported python2-pycrypto?

Comment 18 Miro Hrončok 2019-10-31 00:10:57 UTC
(In reply to Michal Ambroz from comment #17)
> Would you consider the python2-pycrypto -> pycryptodomex patch resulting
> from the fesco review to be worth of updating the packages in supported
> releases to reduce the dependecy on unsupported python2-pycrypto?

I don't have a strong opinion. Whatever works for you. Several observations:

 - there are other packages depending on pycrypto
 - pycrypto cannot be removed from Fedora 31 anyway (too late)
 - the pycrypto maintainer at least seems responsive, unlike the pycryptodomex one

Comment 19 Miro Hrončok 2019-11-21 12:15:19 UTC

*** This bug has been marked as a duplicate of bug 1775092 ***


Note You need to log in before you can comment on or make changes to this bug.