From Fedora Project Wiki
Line 68: Line 68:


PyPI has not permitted uploading packages with invalid versions for even more years. The latest versions of pip should be rejecting/erroring out on wheels with such versions as well. The stricter metadata validation helps pip's dependency resolver's logic, along with helping the broader ecology avoid needing to deal with outside-of-standard tooling/behaviours.
PyPI has not permitted uploading packages with invalid versions for even more years. The latest versions of pip should be rejecting/erroring out on wheels with such versions as well. The stricter metadata validation helps pip's dependency resolver's logic, along with helping the broader ecology avoid needing to deal with outside-of-standard tooling/behaviours.
Possible failures caused by upgraded python-packaging:
* pinned version of python-packaging
cekit - https://bugzilla.redhat.com/show_bug.cgi?id=2162433
python-limits - https://src.fedoraproject.org/rpms/python-limits/pull-request/5
* tests containing unsupported versions need to be adjusted
copr-backend - https://bugzilla.redhat.com/show_bug.cgi?id=2162436
* some packages provide incompatible versions and python-rpm-generators are unable to parse them.
obs-service-set_version
pcs
pyodbc
python-btchip
python-dipy
python-dropbox
python-haversion - https://src.fedoraproject.org/rpms/python-haversion/pull-request/1
python-httplib2
python-lacrosse - https://src.fedoraproject.org/rpms/python-lacrosse/pull-request/1
python-pdir2
python-pvc
python-pytest-httpx
* unknown
python-google-cloud-bigquery - package does not build in rawhide


== Feedback ==
== Feedback ==

Revision as of 15:16, 24 January 2023


Packaging 22+

Summary

Update to a new upstream release of python-packaging contains a breaking change. Since version 22+ upstream removed support for LegacySpecifier and LegacyVersion some packages will break. This is a breaking change and projects are encouraged to use versions adherent to PEP 440.

Owner


Current status

  • Targeted release: Fedora Linux 38
  • Last updated: 2023-01-24
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

>>> # before 22.0
>>> packaging.version.parse("This is a completely random string")
<LegacyVersion('This is a completely random string')>
>>> # after 22.0
>>> packaging.version.parse("This is a completely random string")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "[...]/.venv/lib/python3.10/site-packages/packaging/version.py", line 52, in parse
    return Version(version)
  File "[...]/.venv/lib/python3.10/site-packages/packaging/version.py", line 197, in __init__
    raise InvalidVersion(f"Invalid version: '{version}'")
packaging.version.InvalidVersion: Invalid version: 'This is a completely random string'

This "feature" has been deprecated for nearly two years now.

PyPI has not permitted uploading packages with invalid versions for even more years. The latest versions of pip should be rejecting/erroring out on wheels with such versions as well. The stricter metadata validation helps pip's dependency resolver's logic, along with helping the broader ecology avoid needing to deal with outside-of-standard tooling/behaviours.

Possible failures caused by upgraded python-packaging:

  • pinned version of python-packaging

cekit - https://bugzilla.redhat.com/show_bug.cgi?id=2162433 python-limits - https://src.fedoraproject.org/rpms/python-limits/pull-request/5

  • tests containing unsupported versions need to be adjusted

copr-backend - https://bugzilla.redhat.com/show_bug.cgi?id=2162436

  • some packages provide incompatible versions and python-rpm-generators are unable to parse them.

obs-service-set_version pcs pyodbc python-btchip python-dipy python-dropbox python-haversion - https://src.fedoraproject.org/rpms/python-haversion/pull-request/1 python-httplib2 python-lacrosse - https://src.fedoraproject.org/rpms/python-lacrosse/pull-request/1 python-pdir2 python-pvc python-pytest-httpx

  • unknown

python-google-cloud-bigquery - package does not build in rawhide

Feedback

Benefit to Fedora

Packaging 22+ contains a handwritten parser for parsing requirements and markers. Thanks to this, packaging has dropped a runtime dependency on pyparsing and from now on is not depending on any package on runtime. This will simplify bootstrapping of the next Python.

Scope

  • Proposal owners: update python-packaging to 23.x.x, provide help
  • Other developers: report problems to the upstream and backport patch to the affected packages. The impact can be tested using COPR repository where Packaging 23+ has been built.
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

How To Test

  1. Find the package you want to fix in this COPR repository and check the build logs to determine the failure cause.
  2. Patch package so Provides() provides correct version.
  3. When patching the package, you can test it using the same copr repository where the latest version of python-packaging has been built.

User Experience

Regular distro users shouldn't notice any change in python-packaging behaviour, except for packages that use LegacyVersion or LegacySpecifier. Such packages will fail with packaging.version.InvalidVersion: Invalid version: 'This is a completely random string' and should be fixed by their maintainers.

Dependencies

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No


Documentation

N/A (not a System Wide Change)

Release Notes