[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#934356: stretch-pu: package mitmproxy/0.18.2-6

On 26/08 17:42, Adam D. Barratt wrote:
> Our tooling has highlighted a dependency issue. I've not had chance to
> check if it already existed in the earlier package, but:
> 
>       unsat-dependency: python-cryptography (< 1.6)
> 
> stretch has python-cryptography 1.7.1

This is a regression somewhere in the build process; 0.18.2-6 in stretch
currently has (sorted alphabetically for easier reading):

  Depends:
  python-backports.ssl-match-hostname,
  python-blinker (<< 1.5),
  python-brotli (>= 0.5.1),
  python-certifi,
  python-click,
  python-configargparse (>= 0.10),
  python-construct (>= 2.5.2),
  python-cryptography (>= 1.3),
  python-cssutils (<< 1.1),
  python-flask (>= 0.10.1),
  python-h2 (>= 2.4.1),
  python-hpack,
  python-html2text (>= 2016.1.8),
  python-hyperframe (<< 5),
  python-jsbeautifier (>= 1.6.3),
  python-lxml (>= 3.5.0),
  python-openssl (>= 16.0),
  python-passlib (>= 1.6.5),
  python-pil (>= 3.2),
  python-pyasn1 (>= 0.1.9),
  python-pyparsing (>= 2.1.3),
  python-pyperclip,
  python-requests (>= 2.9.1),
  python-six (>= 1.10),
  python-tornado (>= 4.3),
  python-typing
  python-urwid (>= 1.3.1),
  python-watchdog (>= 0.8.3),
  python:any (<< 2.8),
  python:any (>= 2.7.5-5~),

0.18.2-6+deb9u1 has:

  Depends:
  python-backports.ssl-match-hostname,
  python-blinker (<< 1.5),
  python-brotli (>= 0.5.1),
  python-certifi,
  python-click,
  python-configargparse (>= 0.10),
  python-construct (>= 2.5.2),
  python-cryptography (<< 1.6),
  python-cryptography (>= 1.3),
  python-cssutils (<< 1.1),
  python-flask (<< 0.12),
  python-flask (>= 0.10.1),
  python-h2 (>= 2.4.1),
  python-hpack,
  python-html2text (>= 2016.1.8),
  python-hyperframe (<< 5),
  python-jsbeautifier (>= 1.6.3),
  python-lxml (>= 3.5.0),
  python-openssl (>= 16.0),
  python-passlib (>= 1.6.5),
  python-pil (>= 3.2),
  python-pyasn1 (<< 0.2),
  python-pyasn1 (>= 0.1.9),
  python-pyparsing (>= 2.1.3),
  python-pyperclip,
  python-requests (>= 2.9.1),
  python-six (<< 1.11),
  python-six (>= 1.10),
  python-tornado (>= 4.3),
  python-typing
  python-urwid (>= 1.3.1),
  python-watchdog (>= 0.8.3),
  python:any (<< 2.8),
  python:any (>= 2.7.5-5~),

At this point I'm not sure what part of the build chain is adding back
all the "python foo (<< .n.m)" (obviously during the expansion of
${python:Depends}, and by looking at setup.py), even though python-foo
is already explicitly listed in debian/control's Depends field.

Even more confusing to me right now is that the whole point of 0.18.2-6
was indeed to *remove* all those upper-bound dependencies:

  - https://bugs.debian.org/848562
  - https://salsa.debian.org/debian/mitmproxy/commit/4c238cb3549b9bf5e7b01a9c287eb2428a7134d2

And obviously at the time it worked, because 0.18.6-2 is indeed
"correct".

Cheers,

-- 
Seb
Reply to: