Ancor Gonzalez Sosa changed bug 1131024
What Removed Added
Component 3rd party software Other
Version unspecified Leap 15.1
Assignee yast-internal@suse.de cbosdonnat@suse.com
Product openSUSE.org openSUSE Distribution
Target Milestone --- Leap 15.0
QA Contact bnc-team-screening@forge.provo.novell.com qa-bugs@suse.de

Comment # 10 on bug 1131024 from 
David D�az has being investigating this and he did some VERY interesting
findings.

TLDR; the package python-websockify is wrong and that is what is producing the
error.


And now the long version.

The upstream version of websockify 0.8.0 uses jwcrypto to enable the web
access. But SLE doesn't include python-jwcrypto. To make the feature work in
both openSUSE and SLE, the python-websockify package contains this patch.

https://build.opensuse.org/package/view_file/openSUSE:Factory/python-websockify/PyJWT-token-plugin.patch?expand=1

Looking at that patch and at the set of "recommends" from comment#3 is pretty
obvious that the intention of the package is: use jwcrypto if available and, IF
NOT, fall-back to use PyJWT (which is available in both openSUSE and SLE).

But that's not what that package achieves. It actually enforces to have PyJWT
installed. In openSUSE, if jwcrypto is installed and PyJWT is not (which
according to the RPM recommendations is the preferred solution) the service
fails to start with the error

> pkg_resources.DistributionNotFound: The 'PyJWT' distribution was not found and is required by websockify

That's almost for sure caused by the "install_requires" entry of the mentioned
patch. Having that line there, all the modifications to token_plugins.py are
pointless. The whole thing will explode on the absence of PyJWT, no matter how
many exceptions are catch in token_plugin.py.

In other words, our package modifies websockify 0.8.0 to make it incapable of
working with jwcrypto and to depend always on PyJWT, which I'm pretty sure was
not the intention (and which doesn't match with the "recommends").

On the other hand, the default python installation of SLE already includes
PyJWT (so this issue is not visible in SLE) and the default python installation
of openSUSE already includes jwcrypto.

To make things work with the currently wrong python-websockify in openSUSE,
YaST would need to enforce the installation of PyJWT, no matter if jwcrypto is
there and no matter in which distro we are. But that fix would contradict the
real intention of python-websockify. If that package is fixed to do what it
should do, this will work in a default installation of both SLE and openSUSE
without modifying YaST.

So:
 1. reassigning to the author of PyJWT-token-plugin.patch
 2. David, great catch!

You are receiving this mail because: