Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2044285 - F36FailsToInstall: python3-social-auth-core+saml
Summary: F36FailsToInstall: python3-social-auth-core+saml
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-social-auth-core
Version: 36
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: cqi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: F36FailsToInstall
TreeView+ depends on / blocked
 
Reported: 2022-01-24 11:17 UTC by Miro Hrončok
Modified: 2022-03-26 15:03 UTC (History)
1 user (show)

Fixed In Version: python-social-auth-core-4.2.0-2.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-26 15:03:53 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Miro Hrončok 2022-01-24 11:17:16 UTC
Hello,

Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok).

Your package (python-social-auth-core) Fails To Install in Fedora 36:

can't install python3-social-auth-core+saml:
  - nothing provides python3.10dist(lxml) < 4.7~~ needed by python3-social-auth-core+saml-4.2.0-1.fc36.noarch
  
If you know about this problem and are planning on fixing it, please acknowledge so by setting the bug status to ASSIGNED. If you don't have time to maintain this package, consider orphaning it, so maintainers of dependent packages realize the problem.


If you don't react accordingly to the policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/), your package may be orphaned in 8+ weeks.

P.S. The data was generated solely from koji buildroot, so it might be newer than the latest compose or the content on mirrors.

P.P.S. If this bug has been reported in the middle of upgrading multiple dependent packages, please consider using side tags: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter-dependent-packages

Thanks!

Comment 1 cqi 2022-01-30 04:47:28 UTC
Communication in upstream via https://github.com/python-social-auth/social-core/issues/659

Wait a while for feedback from upstream maintainer.

Comment 2 cqi 2022-02-07 04:12:22 UTC
Both social-core upstream and its dependency python3-saml restricted to lxml<4.7.1, but 4.7.1 is available in rawhide YUM repos now.

Comment 3 Ben Cotton 2022-02-08 20:10:45 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle.
Changing version to 36.

Comment 4 cqi 2022-02-09 01:06:46 UTC
@mhroncok How do we handle such kind of version conflict between Fedora and the upstream generally?

From my understand of this upstream issue, it depends on the specific environment using the python3-saml, but not happens always. A workaround might be to remove the version restriction and build the package, meanwhile declare the known issue in package description. Alternatively, keeping lxml<4.7.1 in Fedora repos for a while until the upstream fixes the issue. What do you think? Any idea or suggestions?

Comment 5 Miro Hrončok 2022-02-09 09:42:36 UTC
> How do we handle such kind of version conflict between Fedora and the upstream generally?

First of all, when we update packages, we try to make sure it doesn't happen and if it must happen, we coordinate with the dependents ahead of time.

Ideally, the maintainer follows this checklist:

1. Ensure the updated package builds successfully.
2. Ensure the updated package installs and all the subpackages install as well.
3. Ensure all dependent packages still install and build, coordinate otherwise.

When it does happen, I have this checklist:

1. Why is the dependency pinned? Let's find out.
2. Is the reason still valid? If not, propose an upstream change to stop doing it.
3. Is the reason valid for upstream but not for Fedora? Relax the pin with sed or downstream patch, test.
4. The reason is very much valid for Fedora as well: Try to fix the problem by code change.
5. Am I not able to fix the problem by code change?
   a. (only applies to extra subpackages, like +saml here) See if the extra subpackage is depended-upon in Fedora and consider dropping it if not.
   b. Revert the change, with an epoch bump if need to be or package and maintain older lxml as a compact package.

Comment 6 Fedora Update System 2022-02-27 06:23:17 UTC
FEDORA-2022-75d09805e2 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-75d09805e2

Comment 7 Fedora Update System 2022-02-27 13:42:26 UTC
FEDORA-2022-75d09805e2 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-75d09805e2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-75d09805e2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Miro Hrončok 2022-03-01 09:14:22 UTC
Hello,

Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok).

All subpackages of a package against which this bug was filled are now installable or removed from Fedora 37.

Thanks for taking care of it!

Comment 9 Fedora Update System 2022-03-26 15:03:53 UTC
FEDORA-2022-75d09805e2 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.