| 2022-10-04 03:35:16 |
wieczyk |
bug |
|
|
added bug |
| 2022-10-05 21:00:08 |
Dan Bungert |
distro-info (Ubuntu): status |
New |
Incomplete |
|
| 2022-10-08 00:56:40 |
Benjamin Drung |
distro-info (Ubuntu): importance |
Undecided |
Medium |
|
| 2022-10-08 00:56:44 |
Benjamin Drung |
distro-info (Ubuntu): status |
Incomplete |
Fix Committed |
|
| 2022-10-13 17:59:17 |
Launchpad Janitor |
distro-info (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2023-01-20 23:13:25 |
Benjamin Drung |
bug watch added |
|
https://github.com/pypa/setuptools/issues/3772 |
|
| 2023-01-20 23:13:48 |
Benjamin Drung |
nominated for series |
|
Ubuntu Focal |
|
| 2023-01-20 23:13:48 |
Benjamin Drung |
bug task added |
|
distro-info (Ubuntu Focal) |
|
| 2023-01-20 23:13:48 |
Benjamin Drung |
nominated for series |
|
Ubuntu Jammy |
|
| 2023-01-20 23:13:48 |
Benjamin Drung |
bug task added |
|
distro-info (Ubuntu Jammy) |
|
| 2023-01-20 23:13:48 |
Benjamin Drung |
nominated for series |
|
Ubuntu Kinetic |
|
| 2023-01-20 23:13:48 |
Benjamin Drung |
bug task added |
|
distro-info (Ubuntu Kinetic) |
|
| 2023-01-27 10:22:03 |
Benjamin Drung |
summary |
Invalid PEP440 package version |
Invalid PEP440 package version breaking setuptools >= 60 |
|
| 2023-01-27 10:22:55 |
Benjamin Drung |
nominated for series |
|
Ubuntu Bionic |
|
| 2023-01-27 10:22:55 |
Benjamin Drung |
bug task added |
|
distro-info (Ubuntu Bionic) |
|
| 2023-01-27 10:56:37 |
Benjamin Drung |
description |
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1' |
With setuptools 66, the versions of all packages visible in the Python environment *must* obey PEP440 <https://peps.python.org/pep-0440/>. Otherwise, attempts to use pip to install a package with a setup.py-based build system, or other attempts to use the `pkg-resources` module, can produce errors like this:
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 844, in _resolve_dist
env = Environment(self.entries)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1044, in __init__
self.scan(search_path)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1077, in scan
self.add(dist)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1096, in add
dists.sort(key=operator.attrgetter('hashcmp'), reverse=True)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2631, in hashcmp
self.parsed_version,
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2678, in parsed_version
self._parsed_version = parse_version(self.version)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/_vendor/packaging/version.py", line 266, in __init__
raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '0.23ubuntu1'
The official opinion of the setuptools maintainers seems to be that version strings of this form haven't *really* been allowed since about 2014, and distributions need to change their package version naming scheme for Python packages they install, so that the resulting version strings obey PEP440. See for example <https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813>.
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1' |
|
| 2023-01-27 10:56:55 |
Benjamin Drung |
bug task added |
|
reportbug (Ubuntu) |
|
| 2023-01-27 10:58:41 |
Benjamin Drung |
bug task added |
|
devscripts (Ubuntu) |
|
| 2023-01-27 10:59:17 |
Benjamin Drung |
bug task added |
|
drslib (Ubuntu) |
|
| 2023-01-27 11:05:17 |
Benjamin Drung |
bug task added |
|
duecredit (Ubuntu) |
|
| 2023-01-27 11:07:03 |
Benjamin Drung |
bug task added |
|
ubuntu-dev-tools (Ubuntu) |
|
| 2023-01-30 17:23:23 |
Benjamin Drung |
ubuntu-dev-tools (Ubuntu Kinetic): status |
New |
Invalid |
|
| 2023-01-30 17:23:36 |
Benjamin Drung |
ubuntu-dev-tools (Ubuntu Jammy): status |
New |
Invalid |
|
| 2023-01-31 09:05:46 |
Benjamin Drung |
bug task added |
|
python-debian (Ubuntu) |
|
| 2023-02-01 09:01:56 |
Benjamin Drung |
tags |
|
regression-update |
|
| 2023-02-01 09:40:05 |
Benjamin Drung |
distro-info (Ubuntu): importance |
Medium |
High |
|
| 2023-02-01 09:40:28 |
Benjamin Drung |
devscripts (Ubuntu): importance |
Undecided |
High |
|
| 2023-02-01 09:44:18 |
Benjamin Drung |
drslib (Ubuntu Bionic): status |
New |
Invalid |
|
| 2023-02-01 09:46:31 |
Benjamin Drung |
python-debian (Ubuntu Kinetic): status |
New |
Invalid |
|
| 2023-02-01 09:46:44 |
Benjamin Drung |
python-debian (Ubuntu Bionic): status |
New |
Invalid |
|
| 2023-02-01 09:46:55 |
Benjamin Drung |
python-debian (Ubuntu): importance |
Undecided |
High |
|
| 2023-02-01 09:47:04 |
Benjamin Drung |
duecredit (Ubuntu): importance |
Undecided |
High |
|
| 2023-02-01 09:47:12 |
Benjamin Drung |
drslib (Ubuntu): importance |
Undecided |
High |
|
| 2023-02-01 09:47:22 |
Benjamin Drung |
reportbug (Ubuntu): importance |
Undecided |
High |
|
| 2023-02-01 09:47:40 |
Benjamin Drung |
ubuntu-dev-tools (Ubuntu): importance |
Undecided |
High |
|
| 2023-02-01 10:14:59 |
Benjamin Drung |
python-debian (Ubuntu): status |
New |
Fix Committed |
|
| 2023-02-01 10:15:14 |
Benjamin Drung |
reportbug (Ubuntu): status |
New |
Fix Committed |
|
| 2023-02-01 10:52:02 |
Benjamin Drung |
duecredit (Ubuntu): status |
New |
Fix Committed |
|
| 2023-02-01 11:59:47 |
Benjamin Drung |
ubuntu-dev-tools (Ubuntu): status |
New |
Fix Committed |
|
| 2023-02-01 14:05:46 |
Launchpad Janitor |
reportbug (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2023-02-02 10:01:51 |
Launchpad Janitor |
python-debian (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2023-02-02 13:48:33 |
Launchpad Janitor |
duecredit (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2023-02-02 18:26:47 |
Earl Ruby |
bug |
|
|
added subscriber Earl Ruby |
| 2023-02-02 20:50:00 |
ian |
bug |
|
|
added subscriber ian |
| 2023-02-02 21:10:51 |
Launchpad Janitor |
ubuntu-dev-tools (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2023-02-03 23:37:53 |
Benjamin Drung |
tags |
regression-update |
foundations-todo regression-update |
|
| 2023-02-04 08:32:09 |
Richard |
bug |
|
|
added subscriber Richard |
| 2023-02-13 09:50:51 |
Benjamin Drung |
bug task added |
|
update-manager (Ubuntu) |
|
| 2023-02-15 17:26:54 |
Andrew Martin |
bug |
|
|
added subscriber Andrew Martin |
| 2023-02-18 18:40:18 |
Launchpad Janitor |
update-manager (Ubuntu): status |
New |
Fix Released |
|
| 2023-02-22 14:56:52 |
Benjamin Drung |
summary |
Invalid PEP440 package version breaking setuptools >= 60 |
Invalid PEP440 package version breaking setuptools >= 66 |
|
| 2023-02-24 19:42:53 |
Henry Ward Hopeman Jr. |
bug task added |
|
gpgme1.0 (Ubuntu) |
|
| 2023-03-25 10:38:36 |
Launchpad Janitor |
devscripts (Ubuntu): status |
New |
Fix Released |
|
| 2023-04-25 13:27:41 |
Benjamin Drung |
distro-info (Ubuntu Kinetic): status |
New |
Fix Released |
|
| 2023-04-25 13:35:45 |
Benjamin Drung |
attachment added |
|
distro-info_1.1ubuntu0.1.debdiff https://bugs.launchpad.net/ubuntu/kinetic/+source/distro-info/+bug/1991606/+attachment/5668501/+files/distro-info_1.1ubuntu0.1.debdiff |
|
| 2023-04-25 14:03:33 |
Benjamin Drung |
attachment added |
|
distro-info_0.23ubuntu1.1.debdiff https://bugs.launchpad.net/ubuntu/kinetic/+source/distro-info/+bug/1991606/+attachment/5668503/+files/distro-info_0.23ubuntu1.1.debdiff |
|
| 2023-04-25 15:51:07 |
Benjamin Drung |
attachment added |
|
distro-info_0.18ubuntu0.18.04.2.debdiff https://bugs.launchpad.net/ubuntu/kinetic/+source/distro-info/+bug/1991606/+attachment/5668560/+files/distro-info_0.18ubuntu0.18.04.2.debdiff |
|
| 2023-04-25 16:14:21 |
Ubuntu Foundations Team Bug Bot |
tags |
foundations-todo regression-update |
foundations-todo patch regression-update |
|
| 2023-04-25 16:31:28 |
Benjamin Drung |
attachment added |
|
python-debian_0.1.43ubuntu1.1.debdiff https://bugs.launchpad.net/ubuntu/kinetic/+source/distro-info/+bug/1991606/+attachment/5668562/+files/python-debian_0.1.43ubuntu1.1.debdiff |
|
| 2023-04-25 18:44:00 |
Benjamin Drung |
attachment added |
|
python-debian_0.1.36ubuntu1.1.debdiff https://bugs.launchpad.net/ubuntu/kinetic/+source/distro-info/+bug/1991606/+attachment/5668643/+files/python-debian_0.1.36ubuntu1.1.debdiff |
|
| 2023-04-25 19:36:22 |
Benjamin Drung |
description |
With setuptools 66, the versions of all packages visible in the Python environment *must* obey PEP440 <https://peps.python.org/pep-0440/>. Otherwise, attempts to use pip to install a package with a setup.py-based build system, or other attempts to use the `pkg-resources` module, can produce errors like this:
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 844, in _resolve_dist
env = Environment(self.entries)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1044, in __init__
self.scan(search_path)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1077, in scan
self.add(dist)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1096, in add
dists.sort(key=operator.attrgetter('hashcmp'), reverse=True)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2631, in hashcmp
self.parsed_version,
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2678, in parsed_version
self._parsed_version = parse_version(self.version)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/_vendor/packaging/version.py", line 266, in __init__
raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '0.23ubuntu1'
The official opinion of the setuptools maintainers seems to be that version strings of this form haven't *really* been allowed since about 2014, and distributions need to change their package version naming scheme for Python packages they install, so that the resulting version strings obey PEP440. See for example <https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813>.
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1' |
[ Impact ]
With setuptools 66, the versions of all packages visible in the Python environment *must* obey PEP440 <https://peps.python.org/pep-0440/>. Otherwise, attempts to use pip to install a package with a setup.py-based build system, or other attempts to use the `pkg-resources` module, can produce errors like this:
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 844, in _resolve_dist
env = Environment(self.entries)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1044, in __init__
self.scan(search_path)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1077, in scan
self.add(dist)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1096, in add
dists.sort(key=operator.attrgetter('hashcmp'), reverse=True)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2631, in hashcmp
self.parsed_version,
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2678, in parsed_version
self._parsed_version = parse_version(self.version)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/_vendor/packaging/version.py", line 266, in __init__
raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '0.23ubuntu1'
The official opinion of the setuptools maintainers seems to be that version strings of this form haven't *really* been allowed since about 2014, and distributions need to change their package version naming scheme for Python packages they install, so that the resulting version strings obey PEP440. See for example <https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813>.
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1'
[ Test Plan ]
1. Install the affected package and pip plus python3-dev, gcc, libfuzzy-dev:
```
sudo apt update
sudo apt install python3-dev python3-pip python3-distro-info python3-debian libfuzzy-dev gcc -y
```
2. Install setuptools 67.5 **as normal user** using pip:
```
python3 -m pip install setuptools==67.5.0
```
3. Then try to install ssdeep with pip using that setuptools version:
```
python3 -m pip install ssdeep
```
The installation should succeed with the fixed package, but it will fail with InvalidVersion with the affected package versions installed.
Commands for Benjamin's local testing with schroot:
```
schroot-wrapper -p python3-dev,python3-pip,python3-distro-info,python3-debian,libfuzzy-dev,gcc -c $distro
python3 -m pip install setuptools==67.5.0
python3 -m pip install ssdeep
```
[ Where problems could occur ]
The fix touches only setup.py which is only used for installing the package. So there should be no effect on the installed package (except for exposing a different version). But there could be indirect effects (hidden bugs that trigger on package upgrade, etc). |
|
| 2023-04-25 20:01:02 |
Benjamin Drung |
description |
[ Impact ]
With setuptools 66, the versions of all packages visible in the Python environment *must* obey PEP440 <https://peps.python.org/pep-0440/>. Otherwise, attempts to use pip to install a package with a setup.py-based build system, or other attempts to use the `pkg-resources` module, can produce errors like this:
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 844, in _resolve_dist
env = Environment(self.entries)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1044, in __init__
self.scan(search_path)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1077, in scan
self.add(dist)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1096, in add
dists.sort(key=operator.attrgetter('hashcmp'), reverse=True)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2631, in hashcmp
self.parsed_version,
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2678, in parsed_version
self._parsed_version = parse_version(self.version)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/_vendor/packaging/version.py", line 266, in __init__
raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '0.23ubuntu1'
The official opinion of the setuptools maintainers seems to be that version strings of this form haven't *really* been allowed since about 2014, and distributions need to change their package version naming scheme for Python packages they install, so that the resulting version strings obey PEP440. See for example <https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813>.
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1'
[ Test Plan ]
1. Install the affected package and pip plus python3-dev, gcc, libfuzzy-dev:
```
sudo apt update
sudo apt install python3-dev python3-pip python3-distro-info python3-debian libfuzzy-dev gcc -y
```
2. Install setuptools 67.5 **as normal user** using pip:
```
python3 -m pip install setuptools==67.5.0
```
3. Then try to install ssdeep with pip using that setuptools version:
```
python3 -m pip install ssdeep
```
The installation should succeed with the fixed package, but it will fail with InvalidVersion with the affected package versions installed.
Commands for Benjamin's local testing with schroot:
```
schroot-wrapper -p python3-dev,python3-pip,python3-distro-info,python3-debian,libfuzzy-dev,gcc -c $distro
python3 -m pip install setuptools==67.5.0
python3 -m pip install ssdeep
```
[ Where problems could occur ]
The fix touches only setup.py which is only used for installing the package. So there should be no effect on the installed package (except for exposing a different version). But there could be indirect effects (hidden bugs that trigger on package upgrade, etc). |
[ Impact ]
With setuptools 66, the versions of all packages visible in the Python environment *must* obey PEP440 <https://peps.python.org/pep-0440/>. Otherwise, attempts to use pip to install a package with a setup.py-based build system, or other attempts to use the `pkg-resources` module, can produce errors like this:
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 844, in _resolve_dist
env = Environment(self.entries)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1044, in __init__
self.scan(search_path)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1077, in scan
self.add(dist)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1096, in add
dists.sort(key=operator.attrgetter('hashcmp'), reverse=True)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2631, in hashcmp
self.parsed_version,
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2678, in parsed_version
self._parsed_version = parse_version(self.version)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/_vendor/packaging/version.py", line 266, in __init__
raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '0.23ubuntu1'
The official opinion of the setuptools maintainers seems to be that version strings of this form haven't *really* been allowed since about 2014, and distributions need to change their package version naming scheme for Python packages they install, so that the resulting version strings obey PEP440. See for example <https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813>.
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1'
[ Test Plan ]
1. Install the affected package and pip plus python3-dev, gcc, libfuzzy-dev:
```
sudo apt update
sudo apt install python3-dev python3-pip python3-distro-info python3-debian libfuzzy-dev gcc -y
```
2. Install setuptools 67.5 **as normal user** using pip:
```
python3 -m pip install setuptools==67.5.0
```
3. Then try to install ssdeep with pip using that setuptools version:
```
python3 -m pip install ssdeep
```
The installation should succeed with the fixed package, but it will fail with InvalidVersion with the affected package versions installed.
Commands for Benjamin's local testing with schroot:
```
schroot-wrapper -p python3-dev,python3-pip,python3-distro-info,python3-debian,libfuzzy-dev,gcc -c $distro
python3 -m pip install setuptools==67.5.0
python3 -m pip install ssdeep
```
[ Where problems could occur ]
The fix touches only setup.py which is only used for installing the package. So there should be no effect on the installed package (except for exposing a different version). But there could be indirect effects (hidden bugs that trigger on package upgrade, etc).
[ Other Info ]
The related upstream bug report is https://github.com/pypa/setuptools/issues/3772. As of 2023-04-25 it has 85 comments and 108 thumbs ups. |
|
| 2023-05-26 15:27:57 |
Philippe Warren |
bug watch added |
|
https://github.com/tox-dev/pipdeptree/issues/235 |
|
| 2023-05-26 16:42:29 |
Benjamin Drung |
python-debian (Ubuntu): assignee |
|
Benjamin Drung (bdrung) |
|
| 2023-05-26 16:42:41 |
Benjamin Drung |
distro-info (Ubuntu): assignee |
|
Benjamin Drung (bdrung) |
|
| 2023-05-26 23:54:49 |
Benjamin Drung |
attachment added |
|
python-debian_0.1.46ubuntu1.debdiff https://bugs.launchpad.net/ubuntu/+source/distro-info/+bug/1991606/+attachment/5675921/+files/python-debian_0.1.46ubuntu1.debdiff |
|
| 2023-05-26 23:55:00 |
Benjamin Drung |
python-debian (Ubuntu Kinetic): status |
Invalid |
New |
|
| 2023-06-01 16:05:13 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Steve Langasek |
| 2023-06-01 16:05:20 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Benjamin Drung |
| 2023-06-02 18:53:33 |
Steve Langasek |
python-debian (Ubuntu Kinetic): status |
New |
Incomplete |
|
| 2023-06-05 17:07:27 |
Steve Langasek |
gpgme1.0 (Ubuntu Kinetic): status |
New |
Fix Released |
|
| 2023-06-05 17:07:39 |
Steve Langasek |
gpgme1.0 (Ubuntu): status |
New |
Fix Released |
|
| 2023-06-15 17:24:09 |
Launchpad Janitor |
ubuntu-dev-tools (Ubuntu Focal): status |
New |
Fix Released |
|
| 2023-06-16 22:40:48 |
Steve Langasek |
description |
[ Impact ]
With setuptools 66, the versions of all packages visible in the Python environment *must* obey PEP440 <https://peps.python.org/pep-0440/>. Otherwise, attempts to use pip to install a package with a setup.py-based build system, or other attempts to use the `pkg-resources` module, can produce errors like this:
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 844, in _resolve_dist
env = Environment(self.entries)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1044, in __init__
self.scan(search_path)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1077, in scan
self.add(dist)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1096, in add
dists.sort(key=operator.attrgetter('hashcmp'), reverse=True)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2631, in hashcmp
self.parsed_version,
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2678, in parsed_version
self._parsed_version = parse_version(self.version)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/_vendor/packaging/version.py", line 266, in __init__
raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '0.23ubuntu1'
The official opinion of the setuptools maintainers seems to be that version strings of this form haven't *really* been allowed since about 2014, and distributions need to change their package version naming scheme for Python packages they install, so that the resulting version strings obey PEP440. See for example <https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813>.
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1'
[ Test Plan ]
1. Install the affected package and pip plus python3-dev, gcc, libfuzzy-dev:
```
sudo apt update
sudo apt install python3-dev python3-pip python3-distro-info python3-debian libfuzzy-dev gcc -y
```
2. Install setuptools 67.5 **as normal user** using pip:
```
python3 -m pip install setuptools==67.5.0
```
3. Then try to install ssdeep with pip using that setuptools version:
```
python3 -m pip install ssdeep
```
The installation should succeed with the fixed package, but it will fail with InvalidVersion with the affected package versions installed.
Commands for Benjamin's local testing with schroot:
```
schroot-wrapper -p python3-dev,python3-pip,python3-distro-info,python3-debian,libfuzzy-dev,gcc -c $distro
python3 -m pip install setuptools==67.5.0
python3 -m pip install ssdeep
```
[ Where problems could occur ]
The fix touches only setup.py which is only used for installing the package. So there should be no effect on the installed package (except for exposing a different version). But there could be indirect effects (hidden bugs that trigger on package upgrade, etc).
[ Other Info ]
The related upstream bug report is https://github.com/pypa/setuptools/issues/3772. As of 2023-04-25 it has 85 comments and 108 thumbs ups. |
[ Impact ]
With setuptools 66, the versions of all packages visible in the Python environment *must* obey PEP440 <https://peps.python.org/pep-0440/>. Otherwise, attempts to use pip to install a package with a setup.py-based build system, or other attempts to use the `pkg-resources` module, can produce errors like this:
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 844, in _resolve_dist
env = Environment(self.entries)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1044, in __init__
self.scan(search_path)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1077, in scan
self.add(dist)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1096, in add
dists.sort(key=operator.attrgetter('hashcmp'), reverse=True)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2631, in hashcmp
self.parsed_version,
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/__init__.py", line 2678, in parsed_version
self._parsed_version = parse_version(self.version)
File "/builds/databiosphere/toil/venv/lib/python3.9/site-packages/pkg_resources/_vendor/packaging/version.py", line 266, in __init__
raise InvalidVersion(f"Invalid version: '{version}'")
pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: '0.23ubuntu1'
The official opinion of the setuptools maintainers seems to be that version strings of this form haven't *really* been allowed since about 2014, and distributions need to change their package version naming scheme for Python packages they install, so that the resulting version strings obey PEP440. See for example <https://github.com/pypa/setuptools/issues/3772#issuecomment-1384342813>.
suffix 1build1 is invalid.
Some python building tools, that verifies if version strings are compatible with PEP440, are failing.
Example: python poetry: Invalid PEP 440 version: '1.1build1'
[ Test Plan ]
1.
$ mkdir /tmp/lp.1991606
$ export HOME=/tmp/lp.1991606
$ sudo apt install dput python3-pip
$ pip3 install -U setuptools
$ sudo apt install <broken package>
$ dput
This will produce a backtrace.
2. Enable -proposed
3. Upgrade <broken package> from proposed
4. dput
This will succeed.
[ Where problems could occur ]
The fix touches only setup.py which is only used for installing the package. So there should be no effect on the installed package (except for exposing a different version). But there could be indirect effects (hidden bugs that trigger on package upgrade, etc).
[ Other Info ]
The related upstream bug report is https://github.com/pypa/setuptools/issues/3772. As of 2023-04-25 it has 85 comments and 108 thumbs ups. |
|
| 2023-06-16 22:41:17 |
Steve Langasek |
python-debian (Ubuntu Kinetic): status |
Incomplete |
Fix Committed |
|
| 2023-06-16 22:41:19 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2023-06-16 22:41:21 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2023-06-16 22:41:28 |
Steve Langasek |
tags |
foundations-todo patch regression-update |
foundations-todo patch regression-update verification-needed verification-needed-kinetic |
|
| 2023-06-16 22:42:12 |
Steve Langasek |
python-debian (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2023-06-16 22:42:22 |
Steve Langasek |
tags |
foundations-todo patch regression-update verification-needed verification-needed-kinetic |
foundations-todo patch regression-update verification-needed verification-needed-jammy verification-needed-kinetic |
|
| 2023-06-16 22:43:17 |
Steve Langasek |
python-debian (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2023-06-16 22:43:28 |
Steve Langasek |
tags |
foundations-todo patch regression-update verification-needed verification-needed-jammy verification-needed-kinetic |
foundations-todo patch regression-update verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic |
|
| 2023-06-16 23:06:20 |
Steve Langasek |
distro-info (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2023-06-27 21:33:28 |
Mike Depinet |
bug |
|
|
added subscriber Mike Depinet |
| 2023-06-29 13:53:26 |
Benjamin Drung |
bug task added |
|
dput (Ubuntu) |
|
| 2023-06-29 14:49:57 |
Benjamin Drung |
attachment added |
|
dput_1.1.2ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/dput/+bug/1991606/+attachment/5682858/+files/dput_1.1.2ubuntu2.1.debdiff |
|
| 2023-06-29 14:57:30 |
Benjamin Drung |
attachment added |
|
dput_1.1.0ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/dput/+bug/1991606/+attachment/5682859/+files/dput_1.1.0ubuntu2.1.debdiff |
|
| 2023-06-29 15:25:40 |
Benjamin Drung |
attachment added |
|
dput_1.0.3ubuntu1.1.debdiff https://bugs.launchpad.net/ubuntu/+source/dput/+bug/1991606/+attachment/5682866/+files/dput_1.0.3ubuntu1.1.debdiff |
|
| 2023-06-29 16:50:59 |
Benjamin Drung |
attachment added |
|
gpgme1.0_1.16.0-1.2ubuntu4.1.debdiff https://bugs.launchpad.net/ubuntu/+source/dput/+bug/1991606/+attachment/5682868/+files/gpgme1.0_1.16.0-1.2ubuntu4.1.debdiff |
|
| 2023-06-29 16:58:46 |
Benjamin Drung |
attachment added |
|
gpgme1.0_1.13.1-7ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/dput/+bug/1991606/+attachment/5682869/+files/gpgme1.0_1.13.1-7ubuntu2.1.debdiff |
|
| 2023-06-29 17:13:44 |
Benjamin Drung |
tags |
foundations-todo patch regression-update verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic |
foundations-todo patch regression-update verification-done verification-done-focal verification-done-jammy verification-done-kinetic |
|
| 2023-06-30 17:45:00 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
| 2023-06-30 23:57:15 |
Benjamin Drung |
attachment added |
|
dput_1.1.3ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/distro-info/+bug/1991606/+attachment/5683179/+files/dput_1.1.3ubuntu2.1.debdiff |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
nominated for series |
|
Ubuntu Lunar |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
devscripts (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
dput (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
reportbug (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
update-manager (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
gpgme1.0 (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
python-debian (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
ubuntu-dev-tools (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
distro-info (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
drslib (Ubuntu Lunar) |
|
| 2023-06-30 23:57:39 |
Benjamin Drung |
bug task added |
|
duecredit (Ubuntu Lunar) |
|
| 2023-06-30 23:57:52 |
Benjamin Drung |
devscripts (Ubuntu Lunar): status |
New |
Fix Released |
|
| 2023-06-30 23:58:04 |
Benjamin Drung |
distro-info (Ubuntu Lunar): status |
New |
Fix Released |
|
| 2023-06-30 23:58:31 |
Benjamin Drung |
bug task deleted |
drslib (Ubuntu Lunar) |
|
|
| 2023-06-30 23:58:40 |
Benjamin Drung |
bug task deleted |
distro-info (Ubuntu Lunar) |
|
|
| 2023-06-30 23:58:50 |
Benjamin Drung |
bug task deleted |
devscripts (Ubuntu Lunar) |
|
|
| 2023-06-30 23:58:59 |
Benjamin Drung |
bug task deleted |
duecredit (Ubuntu Lunar) |
|
|
| 2023-06-30 23:59:10 |
Benjamin Drung |
bug task deleted |
gpgme1.0 (Ubuntu Lunar) |
|
|
| 2023-06-30 23:59:18 |
Benjamin Drung |
bug task deleted |
python-debian (Ubuntu Lunar) |
|
|
| 2023-06-30 23:59:26 |
Benjamin Drung |
bug task deleted |
reportbug (Ubuntu Lunar) |
|
|
| 2023-06-30 23:59:35 |
Benjamin Drung |
bug task deleted |
ubuntu-dev-tools (Ubuntu Lunar) |
|
|
| 2023-06-30 23:59:42 |
Benjamin Drung |
bug task deleted |
update-manager (Ubuntu Lunar) |
|
|
| 2023-07-01 14:05:58 |
Launchpad Janitor |
dput (Ubuntu): status |
New |
Fix Released |
|
| 2023-07-02 20:16:23 |
Andreas Hasenack |
dput (Ubuntu Lunar): status |
New |
Fix Committed |
|
| 2023-07-02 20:16:30 |
Andreas Hasenack |
tags |
foundations-todo patch regression-update verification-done verification-done-focal verification-done-jammy verification-done-kinetic |
foundations-todo patch regression-update verification-done-focal verification-done-jammy verification-done-kinetic verification-needed verification-needed-lunar |
|
| 2023-07-02 20:18:06 |
Andreas Hasenack |
dput (Ubuntu Kinetic): status |
New |
Fix Committed |
|
| 2023-07-02 20:18:21 |
Andreas Hasenack |
tags |
foundations-todo patch regression-update verification-done-focal verification-done-jammy verification-done-kinetic verification-needed verification-needed-lunar |
foundations-todo patch regression-update verification-done-focal verification-done-jammy verification-needed verification-needed-kinetic verification-needed-lunar |
|
| 2023-07-02 20:19:03 |
Andreas Hasenack |
dput (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2023-07-02 20:19:16 |
Andreas Hasenack |
tags |
foundations-todo patch regression-update verification-done-focal verification-done-jammy verification-needed verification-needed-kinetic verification-needed-lunar |
foundations-todo patch regression-update verification-done-focal verification-needed verification-needed-jammy verification-needed-kinetic verification-needed-lunar |
|
| 2023-07-06 21:44:21 |
Andreas Hasenack |
dput (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2023-07-06 21:44:39 |
Andreas Hasenack |
tags |
foundations-todo patch regression-update verification-done-focal verification-needed verification-needed-jammy verification-needed-kinetic verification-needed-lunar |
foundations-todo patch regression-update verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic verification-needed-lunar |
|
| 2023-07-07 07:15:19 |
Timo Aaltonen |
gpgme1.0 (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2023-07-07 07:16:31 |
Timo Aaltonen |
gpgme1.0 (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2023-07-07 20:48:28 |
Steve Langasek |
distro-info (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2023-07-10 11:20:44 |
Benjamin Drung |
tags |
foundations-todo patch regression-update verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic verification-needed-lunar |
foundations-todo patch regression-update verification-done verification-done-focal verification-done-jammy verification-done-kinetic verification-done-lunar |
|
| 2023-07-13 13:27:51 |
Launchpad Janitor |
dput (Ubuntu Lunar): status |
Fix Committed |
Fix Released |
|
| 2023-07-13 13:27:56 |
Andreas Hasenack |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2023-07-13 13:28:10 |
Launchpad Janitor |
dput (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
| 2023-07-13 13:28:28 |
Launchpad Janitor |
dput (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2023-07-13 13:28:55 |
Launchpad Janitor |
dput (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-07-13 14:37:16 |
Launchpad Janitor |
python-debian (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
| 2023-07-13 14:37:38 |
Launchpad Janitor |
python-debian (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2023-07-13 14:37:57 |
Launchpad Janitor |
python-debian (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-07-19 01:35:53 |
Florin Andrei |
bug |
|
|
added subscriber Florin Andrei |
| 2023-08-03 14:55:20 |
Launchpad Janitor |
distro-info (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2023-08-03 14:56:11 |
Launchpad Janitor |
distro-info (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-08-03 17:00:24 |
Launchpad Janitor |
gpgme1.0 (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2023-08-03 17:01:10 |
Launchpad Janitor |
gpgme1.0 (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-08-03 22:31:29 |
Benjamin Drung |
tags |
foundations-todo patch regression-update verification-done verification-done-focal verification-done-jammy verification-done-kinetic verification-done-lunar |
patch regression-update verification-done verification-done-focal verification-done-jammy verification-done-kinetic verification-done-lunar |
|
| 2023-08-10 18:01:33 |
Utkarsh Gupta |
reportbug (Ubuntu Kinetic): status |
New |
Won't Fix |
|
| 2023-08-10 18:01:36 |
Utkarsh Gupta |
devscripts (Ubuntu Kinetic): status |
New |
Won't Fix |
|
| 2023-08-10 18:01:39 |
Utkarsh Gupta |
drslib (Ubuntu Kinetic): status |
New |
Won't Fix |
|
| 2023-08-10 18:01:42 |
Utkarsh Gupta |
duecredit (Ubuntu Kinetic): status |
New |
Won't Fix |
|
| 2023-08-10 18:02:13 |
Utkarsh Gupta |
update-manager (Ubuntu Kinetic): status |
New |
Won't Fix |
|
