Created attachment 172455 [details] patch from a git commit Lock the devel/awscli dependency on devel/py-botocore and net/py-s3transfer to a single, specific version. This follows the upstream behavior, which develops and releases these projects in tandem. See https://github.com/aws/aws-cli/blob/1.10.46/setup.py#L9-L13 portlint -C: OK testport: OK (poudriere 11.0-BETA1 amd64, 10.3-RELEASE amd64)
TL:DR The dependency specs need to be changed to to ">=" in setup.py Python upstreams often (blindly) pin their dependencies in their released packages, usually to help avoid users inadvertently installing (with pip) *potentially* incompatible versions. Other projects sometimes use >=X.Y,<Z.0, which is a little better, but assumes API's are not broken within minor versions (which does happen). Most Python projects understand that release packages and package/application deployment, where one wants to pin all dependencies by default, are two separate things, and use >= for their released (to PyPI) packages. These projects end up ahead of the curve, as they invariably end up knowing (if they're using CI) before releasing that a dependency of theirs breaks API, minimising the failure window for users. These exact version dependencies are untenable within ports, as multiple concurrent versions of Python ports/packages are not available for users to install, only the latest version. With the current == lines, devel/awscli will fail if botocore is ever updated. Whether or not they're currently maintained by the same person or always updated together is immaterial. It's very unlikely that there is always an *exact* and *only* dependence on a specific version of botocore. If there is, awscli should vendor the code. For the project in question, its probably better for them to unpin those dependencies for development and release purposes, so that they can test (CI) their code against the latest version of them at all times. I'd suggest opening an issue upstream and asking them to use >= (or at least >=, < X.0) as their default.
koobs: I understand and can relate to what you are saying, but I must admit that I'm a bit put off about what to do with this PR now. Is this PR dependent on the creation and/or resolution of an upstream issue? I'm unsure what's expected/required of me. > TL:DR The dependency specs need to be changed to to ">=" in setup.py Is a patch in the port good enough? And I then change the ports dependencies back to >=? > If there is, awscli should vendor the code. FWIW, They do. ;) The same person tagged and released both packages at the same time. https://github.com/aws/aws-cli/commit/064fdfcef6d2431200bad7ddac1a6c556bdcf90b https://github.com/boto/botocore/commit/7a9d2c6ba25c88f7a5b5ccaa03db74de4ce6b2d9 Or do you mean they should include a bundled copy?
(In reply to Bradley T. Hughes from comment #2) - It's not dependent on resolving upstream - Patching the setup.py and changing the *_DEPENDS lines back to >= is sufficient for now (in lieu of upstream changing it) - 'vendoring' the code means bundling yes, and given they don't is why I'm confident awscli doesn't *actually* depend on an exact version of botocore, but instead just appears to be an overly restrictive safety belt for users.
Created attachment 172558 [details] patch from a git commit Updated to address comments and bump to the latest upstream version.
A commit references this bug: Author: pawel Date: Sat Jul 16 18:47:41 UTC 2016 New revision: 418648 URL: https://svnweb.freebsd.org/changeset/ports/418648 Log: - Update devel/py-botocore to version 1.4.37 - Update devel/awscli to version 1.10.47 PR: 211073 Submitted by: Bradley T. Hughes Approved by: maintainer Changes: head/devel/awscli/Makefile head/devel/awscli/distinfo head/devel/awscli/files/ head/devel/awscli/files/patch-setup.cfg head/devel/awscli/files/patch-setup.py head/devel/py-botocore/Makefile head/devel/py-botocore/distinfo
Thanks! :)