Description of problem: The RPM requires of the current awscli package prevent a security update of python3-rsa. https://bodhi.fedoraproject.org/updates/FEDORA-2021-c1fef03e71 Version-Release number of selected component (if applicable): python3-rsa-4.6-2.fc33.noarch awscli-1.18.223-1.fc33.noarch How reproducible: 100% Steps to Reproduce: 1. dnf update Actual results: Problem: package awscli-1.18.223-1.fc33.noarch requires (python3.9dist(rsa) <= 4.7 with python3.9dist(rsa) >= 3.1.2), but none of the providers can be installed - cannot install both python3-rsa-4.7.2-1.fc33.noarch and python3-rsa-4.6-2.fc33.noarch - cannot install the best update candidate for package python3-rsa-4.6-2.fc33.noarch - cannot install the best update candidate for package awscli-1.18.223-1.fc33.noarch ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Skipping packages with conflicts: (add '--best --allowerasing' to command line to force their upgrade): python3-rsa noarch 4.7.2-1.fc33 updates 58 k Transaction Summary ============================================================================================================================================================================================================================================== Skip 1 Package Expected results: - update should succeed Additional info: rpm -q --requires awscli |grep rsa (python3.9dist(rsa) <= 4.7 with python3.9dist(rsa) >= 3.1.2)
working on a replacement RPM package here, but will review this and make sure it is cleared.
Thanks for letting me know, I was going to get to this today and I'm glad I won't step on your toes.
@gwync just an fyi, you do such excellent work, I will always defer. I worked with the upstream devel team yesterday and they are looking at working the python-rsa out of the dependencies in favor of python-cryptography. I am also working on completing the new awscli-2 and that removes the dependency altogether.
@davdunc You're too kind. :) I'll update the sed statement to allow up to rsa 4.8 in the .4 release, coming momentarily.
FEDORA-2021-032f3ed942 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.
@gwync , unfortunately, the issue is still present in F33 (security update of python3-rsa is blocked by awscli) and I haven't seen any commits or builds for F33/F34. Please could you update awscli for F33 (and probably F34) as well? If needed, I can certainly help out here and apply the same patch to the F33 and F34 branch in order to relax the BRs. Please let me know if I can/should do this.
Apologies, getting those out now.
FEDORA-2021-f916f64e5e has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-f916f64e5e
FEDORA-2021-bbe47cbab6 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-bbe47cbab6
FEDORA-2021-89619b6feb has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-89619b6feb
FEDORA-2021-f916f64e5e has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-f916f64e5e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f916f64e5e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-89619b6feb has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-89619b6feb` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-89619b6feb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-bbe47cbab6 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-bbe47cbab6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-bbe47cbab6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
looking at the dependency declaration: https://github.com/aws/aws-cli/blob/develop/setup.cfg#L11 itβs ceiling is 4.8 and the latest release appears to be 4.7.2
FEDORA-2021-89619b6feb has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-f916f64e5e has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-bbe47cbab6 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.