Re: Bug#1115706: Not installable with python3-cryptography >= 44

To: debian-python@lists.debian.org
Cc: Andrey Rakhmatullin <wrar@debian.org>, 1115706@bugs.debian.org
Subject: Re: Bug#1115706: Not installable with python3-cryptography >= 44
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 19 Sep 2025 18:22:46 +0200
Message-id: <[🔎] 878qia9zu1.fsf@josefsson.org>
In-reply-to: <[🔎] bzm67sysznyzcnqysmfzyddzemdddq7s3aftthfdymhmp6m5dt@rehyeqeaecys> (Stefano Rivera's message of "Fri, 19 Sep 2025 15:58:15 +0000")
References: <175826922917.2039399.2302457106203823282.reportbug@belkar.wrar.name> <87348i39kh.fsf@josefsson.org> <175826922917.2039399.2302457106203823282.reportbug@belkar.wrar.name> <aM1Qt4GZSnHYbN7M@belkar.wrar.name> <[🔎] 87wm5u1tc7.fsf@josefsson.org> <[🔎] mon3rw63gwfadrftvfozzxai3z4nqxvnite7so6dputkwze424@6xqxmscqirtu> <[🔎] 87cy7ma12r.fsf@josefsson.org> <[🔎] bzm67sysznyzcnqysmfzyddzemdddq7s3aftthfdymhmp6m5dt@rehyeqeaecys>

Stefano Rivera <stefanor@debian.org> writes:

> Hi Simon (2025.09.19_15:55:56_+0000)
>>> So, typically patching the upstream dependencies is appropriate in
>>> these situations.
>>
>>Or, as it happened for yubikey-manager, sync the debian/control <<
>>versioning with upstream's << versioning, which got out of sync over
>>time.
>
> That's unusal. Typically you can rely on dh_python3 to generate your
> dependencies.

Oh, maybe that explains the real bug.  Currently debian/control says:

Package: yubikey-manager
Depends: ${misc:Depends},
         ${python3:Depends},
         python3-click (>= 8.0),
         python3-ykman (= ${binary:Version}),
         pcscd,
         python3-cryptography (>= 3.0.0),
         python3-cryptography (<< 44),
         python3-fido2 (>= 0.9),
         python3-fido2 (<< 2.0)

Package: python3-ykman
Depends: ${misc:Depends},
         ${python3:Depends},
         python3-keyring (>= 23.4),
         python3-cryptography (>= 3.0.0),
         python3-cryptography (<< 48),
         python3-fido2 (>= 0.9),
         python3-fido2 (<< 2.0)

Which leads to binary packages (at least on my laptop's build) with:

 Package: yubikey-manager
 Depends: python3-ykman (= 5.8.0-1), python3:any, python3-click (>= 8.0), pcscd, python3-cryptography (>= 3.0.0), python3-cryptography (<< 44), python3-fido2 (>= 0.9), python3-fido2 (<< 2.0)

 Package: python3-ykman
 Depends: python3-click (>= 8.0), python3-cryptography (>= 3.0.0), python3-cryptography (<< 48), python3-fido2 (>= 0.9), python3-keyring (>= 23.4), python3-pyscard (>= 2.0), python3:any, python3-fido2 (<< 2.0)

If I drop all the hard coded python versioning, like this:

 Depends: ${misc:Depends},
          ${python3:Depends},
-         python3-click (>= 8.0),
-         python3-ykman (= ${binary:Version}),
-         pcscd,
-         python3-cryptography (>= 3.0.0),
-         python3-cryptography (<< 44),
-         python3-fido2 (>= 0.9),
-         python3-fido2 (<< 2.0)
+         pcscd
 Recommends: libyubikey-udev
 Description: Python library and command line tool for configuring a YubiKey
  YubiKey Manager (ykman) is a command line tool for configuring a YubiKey over
@@ -54,12 +48,7 @@ Package: python3-ykman
 Architecture: all
 Section: python
 Depends: ${misc:Depends},
-         ${python3:Depends},
-         python3-keyring (>= 23.4),
-         python3-cryptography (>= 3.0.0),
-         python3-cryptography (<< 48),
-         python3-fido2 (>= 0.9),
-         python3-fido2 (<< 2.0)
+         ${python3:Depends}
 Recommends: pcscd

the resulting binary packages looks like this:

 Package: yubikey-manager
 Depends: python3-ykman (= 5.8.0-1), python3:any, pcscd

 Package: python3-ykman
 Depends: python3-click (>= 8.0), python3-cryptography (>= 3.0), python3-cryptography (<< 48), python3-fido2, python3-keyring (>= 23.4), python3-pyscard (>= 2.0), python3:any

That seems more appropriate, right?

This would also fix the <<44 version dependency on the 'yubikey-manager'
binary package that I failed to fix in my last upload since I only
looked at 'python3-ykman'.

Please holler if this seems like a bad idea to upload.

/Simon

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Re: Bug#1115706: Not installable with python3-cryptography >= 44
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Bug#1115706: Not installable with python3-cryptography >= 44
  - From: Stefano Rivera <stefanor@debian.org>
- Re: Bug#1115706: Not installable with python3-cryptography >= 44
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Bug#1115706: Not installable with python3-cryptography >= 44
  - From: Stefano Rivera <stefanor@debian.org>

Prev by Date: Re: Bug#1115706: Not installable with python3-cryptography >= 44
Next by Date: Re: Requesting guidance on the best way to package Python packages that include Rust code (specifically uv_build)
Previous by thread: Re: Bug#1115706: Not installable with python3-cryptography >= 44
Next by thread: Bug#1116218: ITP: python-click-shell -- Interactive shell mode with command completion for command-line applications
Index(es):
- Date
- Thread