Bug#1038746: (python-cryptography) build dependency missing in testing

Peter Michael Green Sat, 24 Jun 2023 19:12:21 -0700

tags 1038746 +patch
thanks

Dose [1] is reporting issues with your packages. Normally your build
dependencies shouldn't be removed from testing without removal all
reverse build dependencies too, nor should a package be allowed to
migrate unless all build dependencies are candidate for migration too.
However, somehow we ended up in the current state

The "somehow" is that testing migration only checks build
dependencies in the forward direction, not in reverse. So a
new version of a package that breaks your build-dependencies
can and often does migrate. Specifically this was caused by
the recent update of rust-pyo3.


Anyway, a debdiff is attatched, I may or may not NMU this
later.

diff -Nru python-cryptography-38.0.4/debian/changelog 
python-cryptography-38.0.4/debian/changelog
--- python-cryptography-38.0.4/debian/changelog 2023-02-28 05:36:13.000000000 
+0000
+++ python-cryptography-38.0.4/debian/changelog 2023-06-25 00:58:26.000000000 
+0000
@@ -1,3 +1,13 @@
+python-cryptography (38.0.4-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Don't depend on librust-indoc-dev, it's not used directly,
+    instead depend on the "default" feature of librust-pyo3-dev.
+  * Apply adjusted upstream patch for py03 0.19 and bump
+    dependencies accordingly.
+
+ -- Peter Michael Green <plugw...@debian.org>  Sun, 25 Jun 2023 00:58:26 +0000
+
 python-cryptography (38.0.4-3) unstable; urgency=medium
 
   [ Salvatore Bonaccorso ]
diff -Nru python-cryptography-38.0.4/debian/control 
python-cryptography-38.0.4/debian/control
--- python-cryptography-38.0.4/debian/control   2023-02-28 05:36:13.000000000 
+0000
+++ python-cryptography-38.0.4/debian/control   2023-06-25 00:58:26.000000000 
+0000
@@ -12,12 +12,12 @@
                librust-asn1-0.12-dev,
                librust-asn1-derive-0.12-dev,
                librust-chrono-0.4-dev,
-               librust-indoc-dev,
                librust-ouroboros-0.15-dev,
                librust-paste-dev,
                librust-pem-1.0-dev,
-               librust-pyo3-0.17-dev,
-               librust-pyo3-macros-0.17-dev,
+               librust-pyo3-0.19-dev,
+               librust-pyo3-0.19+default-dev,
+               librust-pyo3-macros-0.19-dev,
                libssl-dev,
                pybuild-plugin-pyproject,
                python3-all-dev,
diff -Nru python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch 
python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch
--- python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch       
1970-01-01 00:00:00.000000000 +0000
+++ python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch       
2023-06-25 00:58:26.000000000 +0000
@@ -0,0 +1,13 @@
+Index: python-cryptography-38.0.4.new/src/rust/Cargo.toml
+===================================================================
+--- python-cryptography-38.0.4.new.orig/src/rust/Cargo.toml
++++ python-cryptography-38.0.4.new/src/rust/Cargo.toml
+@@ -7,7 +7,7 @@ publish = false
+ 
+ [dependencies]
+ once_cell = "1"
+-pyo3 = { version = "0.17" }
++pyo3 = { version = "0.19" }
+ asn1 = { version = "0.12", default-features = false, features = ["derive"] }
+ pem = ">= 1.0, < 1.2"
+ chrono = { version = "0.4", default-features = false, features = ["alloc", 
"clock"] }
diff -Nru python-cryptography-38.0.4/debian/patches/series 
python-cryptography-38.0.4/debian/patches/series
--- python-cryptography-38.0.4/debian/patches/series    2023-02-28 
05:36:13.000000000 +0000
+++ python-cryptography-38.0.4/debian/patches/series    2023-06-25 
00:58:26.000000000 +0000
@@ -6,3 +6,4 @@
 ease-chrono-dependency-from-0.4.22-to-0.4.patch
 drop-cffi-dep.patch
 Don-t-allow-update_into-to-mutate-immutable-objects-.patch
+Upgrade-to-pyo3-0.19.patch
diff -Nru python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch 
python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch
--- python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch        
1970-01-01 00:00:00.000000000 +0000
+++ python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch        
2023-06-25 00:58:26.000000000 +0000
@@ -0,0 +1,71 @@
+This patch is based on the upstream commit described below, adapted for use
+in the Debian package by Peter Michael Green.
+
+commit b1cfa3adef986ef3466b080263911e8d79ec6141
+Author: Alex Gaynor <alex.gay...@gmail.com>
+Date:   Wed May 31 16:27:10 2023 -0400
+
+    pyo3 0.19 (#8999)
+    
+    * Bump pyo3 from 0.18.3 to 0.19.0 in /src/rust
+    
+    Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.18.3 to 0.19.0.
+    - [Release notes](https://github.com/pyo3/pyo3/releases)
+    - [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
+    - [Commits](https://github.com/pyo3/pyo3/compare/v0.18.3...v0.19.0)
+    
+    ---
+    updated-dependencies:
+    - dependency-name: pyo3
+      dependency-type: direct:production
+      update-type: version-update:semver-minor
+    ...
+    
+    Signed-off-by: dependabot[bot] <supp...@github.com>
+    
+    * pyo3 0.19
+    
+    ---------
+    
+    Signed-off-by: dependabot[bot] <supp...@github.com>
+    Co-authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
+
+Index: python-cryptography-38.0.4.new/src/rust/Cargo.toml
+===================================================================
+--- python-cryptography-38.0.4.new.orig/src/rust/Cargo.toml
++++ python-cryptography-38.0.4.new/src/rust/Cargo.toml
+@@ -7,7 +7,7 @@ publish = false
+ 
+ [dependencies]
+ once_cell = "1"
+-pyo3 = { version = "0.17" }
++pyo3 = { version = "0.19" }
+ asn1 = { version = "0.12", default-features = false, features = ["derive"] }
+ pem = ">= 1.0, < 1.2"
+ chrono = { version = "0.4", default-features = false, features = ["alloc", 
"clock"] }
+Index: python-cryptography-38.0.4.new/src/rust/src/x509/crl.rs
+===================================================================
+--- python-cryptography-38.0.4.new.orig/src/rust/src/x509/crl.rs
++++ python-cryptography-38.0.4.new/src/rust/src/x509/crl.rs
+@@ -145,7 +145,7 @@ impl CertificateRevocationList {
+             });
+         });
+ 
+-        if idx.is_instance_of::<pyo3::types::PySlice>()? {
++        if idx.is_instance_of::<pyo3::types::PySlice>() {
+             let indices = idx
+                 .downcast::<pyo3::types::PySlice>()?
+                 .indices(self.len().try_into().unwrap())?;
+Index: python-cryptography-38.0.4.new/src/rust/src/x509/extensions.rs
+===================================================================
+--- python-cryptography-38.0.4.new.orig/src/rust/src/x509/extensions.rs
++++ python-cryptography-38.0.4.new/src/rust/src/x509/extensions.rs
+@@ -228,7 +228,7 @@ pub(crate) fn encode_extension(
+                     let mut qualifiers = vec![];
+                     for py_qualifier in py_policy_qualifiers.iter()? {
+                         let py_qualifier = py_qualifier?;
+-                        let qualifier = if 
py_qualifier.is_instance_of::<pyo3::types::PyString>()? {
++                        let qualifier = if 
py_qualifier.is_instance_of::<pyo3::types::PyString>() {
+                             let cps_uri = match 
asn1::IA5String::new(py_qualifier.extract()?) {
+                                 Some(s) => s,
+                                 None => {

Bug#1038746: (python-cryptography) build dependency missing in testing

Reply via email to