[Python-modules-team] Bug#697721: python-django-registration: FTBFS with python3-sphinx: AttributeError: 'str' object has no attribute '__dict__'

Jakub Wilk jwilk at debian.org
Thu Jan 10 12:04:50 UTC 2013 

* Raphael Hertzog <hertzog at debian.org>, 2013-01-10, 09:43:
>>This happens because the source package includes doctree pickles (in 
>>which parsed rST sources are cached) were generated by Python 2.X, and 
>>cannot be loaded by Python 3.X.  Please ask upstream to exclude the 
>>doctrees/ subdirectory from their tarballs.  Meanwhile please use the 
>>attached patch as a work-around.
>So if I understand correctly the python-sphinx upstream bug entry, I 
>don't have to ask upstream to remove the doctrees, sphinx will detect 
>alone that it's not compatible.

It's still a bad idea for upstream to include them in the tarball:
- They take significant amount of space.
- They leak information about upstream's home directory layout; try this 
for example: 
$ strings docs/_build/doctrees/*.doctree | grep ^/User

Maybe more importantly, they are bad for us, because they are 
unauditable. Quoting <http://docs.python.org/2/library/pickle.html>:
"The pickle module is not intended to be secure against erroneous or 
maliciously constructed data. Never unpickle data received from an 
untrusted or unauthenticated source."

Anyway, I made this pull request:
https://bitbucket.org/ubernostrum/django-registration/pull-request/34

>Now a question about your patch:
>
>>  override_dh_auto_clean:
>> -	rm -rf docs/_build/html
>> +	rm -rf docs/_build/
>>  	dh_auto_clean
>>
>>  override_dh_auto_build:
>>  	cd registration && /usr/bin/django-admin compilemessages
>> +	rm -rf docs/_build/doctrees/
>>  	cd docs && $(MAKE) html
>>  	dh_auto_build
>
>Why do you have to remove docs/_build/doctrees/ again in 
>override_dh_auto_build ? any dpkg-buildpackage call starts with 
>"debian/rules clean" and thus docs/_build will already have been 
>removed...

I don't believe one can assume that clean is always run before build. 
dpkg-buildpackage does that, because it has no way of knowing whether 
the package is in a clean state or not. But IMO the following is also a 
legitimate way to build a package:

$ dpkg-source -x foo_*.dsc
$ cd foo-*/
$ debian/rules build
$ fakeroot debian/rules binary

-- 
Jakub Wilk

More information about the Python-modules-team mailing list