Bug#967908: awscli: python3-botocore dependency too permissive

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#967908: awscli: python3-botocore dependency too permissive
From: "Roberto C. Sanchez" <roberto@debian.org>
Date: Tue, 04 Aug 2020 12:31:53 -0400
Message-id: <[🔎] 159655871331.9787.15232726268119922076.reportbug@miami.connexer.com>
Reply-to: "Roberto C. Sanchez" <roberto@debian.org>, 967908@bugs.debian.org

Package: awscli
Version: 1.18.99-1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The permissions of the awscli package call for python3-botocore (>=
1.12.103).  This makes it possible to install the testing/unstable
version of the package on stable (buster).  However, every invocation of
the 'aws' utility simply results in this error message:

- ---------------------------------------------------------
Credential named assume-role-with-web-identity not found.
- ---------------------------------------------------------

It seems that a newer python3-botocore package (at least 1.13.8) is
required with newer versions of awscli.  References:

https://github.com/99designs/aws-vault/issues/442
https://github.com/boto/botocore/commit/02df351ce8e857b32997e749d81effc4ba86bc22#diff-dcd72ae45553af71f1ceafb2d4ee5dcf

Regards,

- -Roberto

- -- System Information:
Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages awscli depends on:
ii  python3             3.7.3-1
ii  python3-botocore    1.12.103+repack-1
ii  python3-colorama    0.3.7-1
ii  python3-docutils    0.14+dfsg-4
ii  python3-pyasn1      0.4.2-3
ii  python3-rsa         4.0-2
ii  python3-s3transfer  0.2.0-1
ii  python3-yaml        3.13-2

awscli recommends no packages.

awscli suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl8pjVQACgkQLNd4Xt2n
sg+7Yw//dX28WPRwW5SIm4oFzJ9NGmo6qFT3Y0tTVlCHY6z5SIGvyr8MFkUP5cWJ
70dDOYxBHlrwtvxc11PfOtYkJzbnpubiGhzId5gCNrPfwvD0VvcqE0Xku4NfupMg
mYXDKE/yfiTt8nuJmZLqckX2ySa2xwGNYIlKJDbBhOGhkGwMji+v+0Yip/xD+5e2
T10YA4w62cqAwY9B4/s4+UTsxViFTFj9iz2hpwZ/mDJSCHrV+3rSC4V2kNhCIT6r
D+14A3OIKuUoM3H9lW3rUlVrfBcyxQ7H6xg97bTGWg8KNOuB8siG8lSGnsLjfJgb
NIt8/firxhG4vCc2F9wpCYbjQ8674tGj9+ojvRWDdAWmqBNA68qHXGtwg1RtKtbE
43nr6fpHjwH85MdlxpTyGIWpA76AdtPn2l+nxx1/SH39nQxhF7hNfJG37FAbqWG9
Ieh43PkFXEHGOM/xoLLtMDHd+lqnpTI1WPheqdrbpHVaHm235UHLreF85nCYrogd
YC8QKmcwnFbYEzphuDhr8wPK922iDUHcn/jUbg7nv4VZ4oWJQiIoHKd4TWRylvHB
9eOR0M7bwrs+xo0Oc6454n6Y07rZjsmSyw+bN2GWOz3VyZ+Y3LMOzuG7YtCo2BSQ
aWuhR1H7NQWE0rhU1J1qSeM9VWbuVahivSbouTh7bo6PPvKWJYc=
=+HzL
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#967908: awscli: python3-botocore dependency too permissive
  - From: Noah Meyerhans <noahm@debian.org>
- Processed: Re: Bug#967908: awscli: python3-botocore dependency too permissive
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#967908 marked as pending in awscli
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#967908: marked as done (awscli: python3-botocore dependency too permissive)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#966451: marked as done (cloud.debian.org: systemd-growfs@-.service fails intermittently)
Next by Date: Bug#967908: awscli: python3-botocore dependency too permissive
Previous by thread: Bug#966451: marked as done (cloud.debian.org: systemd-growfs@-.service fails intermittently)
Next by thread: Bug#967908: awscli: python3-botocore dependency too permissive
Index(es):
- Date
- Thread