2270911 – oci-cli version pin blocks update of python-cryptography to 42.0

Bug 2270911 - oci-cli version pin blocks update of python-cryptography to 42.0

Summary: oci-cli version pin blocks update of python-cryptography to 42.0

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	oci-cli
Sub Component:
Version:	39
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Major Hayden 🤠
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2246256
Blocks:	2251816
TreeView+	depends on / blocked

Reported:	2024-03-22 06:00 UTC by Christian Heimes
Modified:	2024-04-11 20:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-04-11 20:07:18 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Christian Heimes 2024-03-22 06:00:20 UTC

The package has an upper limit for python-cryptography that prevents me to update the package with latest security updates. The version pin is likely coming from upstreams setup.py, requirements.txt, or pyproject.toml. Please remove the version limit and update the package in my side tag for F41, F40, and F39, e.g. fedpkg build --target=f41-build-side-86213

- f41-build-side-86213
- f40-build-side-86215
- f39-build-side-86167

$ dnf repoquery --requires oci-cli | grep cryptography
Last metadata expiration check: 0:31:31 ago on 2024-03-22T06:26:51 CET.
(python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 3.2.1)
$ dnf repoquery --nvr oci-cli
Last metadata expiration check: 0:32:16 ago on 2024-03-22T06:26:51 CET.
oci-cli-3.33.1-1.fc39
oci-cli-3.37.10-1.fc39


Reproducible: Always

Comment 1 Major Hayden 🤠 2024-03-22 11:35:45 UTC

Looking at this now.

Comment 2 Christian Heimes 2024-03-22 11:49:08 UTC

Thanks Major!

pgadmin4 maintainer solved the problem by patching the requirements: https://src.fedoraproject.org/rpms/pgadmin4/blob/rawhide/f/pgadmin4_requirements.patch . I don't know any better solution to override the pins while using "%pyproject_buildrequires".

Comment 3 Major Hayden 🤠 2024-03-22 12:42:36 UTC

Yeah, that's my plan, too. 😢 I need to make some adjustments in python-oci + oci-cli to make this work.

Comment 4 Major Hayden 🤠 2024-03-22 12:55:27 UTC

I'm trying to build python-oci in your side tag, but I'm having issues with pyopenssl:

Package "pyproject-rpm-macros-1.12.0-1.fc40.noarch" is already installed.
Package "python3-devel-3.12.2-2.fc41.aarch64" is already installed.
Package "python3-packaging-23.2-4.fc40.noarch" is already installed.
Package "python3-pip-24.0-2.fc41.noarch" is already installed.
Package "python3-pytest-7.4.3-3.fc40.noarch" is already installed.
Package "python3-setuptools-69.1.1-1.fc41.noarch" is already installed.
Package "python3-vcrpy-5.0.0-4.fc40.noarch" is already installed.
Package "python3-wheel-1:0.41.2-3.fc40.noarch" is already installed.
Problem: conflicting requests
  - nothing provides ((python3.12dist(cryptography) < 40 or python3.12dist(cryptography) > 40) with (python3.12dist(cryptography) < 40.0.1 or python3.12dist(cryptography) > 40.0.1) with python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 38) needed by python3-pyOpenSSL-23.2.0-3.fc40.noarch

Should I just try to get python-oci/oci-cli into rawhide directly instead?

Comment 5 Christian Heimes 2024-03-22 14:58:16 UTC

For the record, the fix requires a new build of PyOpenSSL first.

Comment 6 Major Hayden 🤠 2024-04-11 20:06:56 UTC

I forgot about this ticket and pushed some new builds of oci-cli/python-oci to rawhide, f40, and f39. All of these have the upper limits removed. I'm sorry for forgetting about your side tag! 🤦‍♂️

Note You need to log in before you can comment on or make changes to this bug.