** Description changed: + [ Impact ] + The package is completely unusable. You can see the original description's bug + reproducer, where even a dead-simple empty Django app using tastypie would not + even start to run. + + I've tried to see if some minimal patching of the existing version to make it + work with modern Django would work, without success. I always end-up hitting + some wall, and at this point, I much better trust backporting the latest + upstream version that is already in both Debian and Resolute. + This is what this SRU is about, backporting the full version from Resolute. + + + [ Test Plan ] + + With the attached `tastytest.tar` file, that contains a dead simple Tastypie + application example. + ``` + $ tar xvf tastytest.tar + $ cd tastytest + $ ./manage.py migrate + $ ./manage.py loaddata ./fixtures.json + $ ./manage.py runserver & + $ curl "http://127.0.0.1:8000/api/v1/entry/?format=json"; | jq + ``` + The Django development server should start successfully and the last `curl` call + should yield meaningful results. + + Additionally, the Ubuntu Error Tracker is a nice real-world use-case of + Tastypie: https://github.com/ubuntu/error-tracker + One should be able to run its web part using the fixed `django-tastypie` package + (it should at least start, but it's known to be quite broken currently on modern + Python stack). + + + [ Where problems could occur ] + + Well, the biggest risk I see would be if someone would make use of Django + Tastypie from the system, with a Django version not from the system, but being + compatible. In that case they might end-up with a working setup, and would + thus be at risk of having regressions possibly coming with the newer version + of `django-tastypie`. + However I see multiple mitigations of that risk: + * django-tastypie's release notes[1] show that the changes are mostly bugfixes + and support for newer Django versions. I can't spot any deprecated feature, + so that's a really good sign that the risk of regression should be fairly + small. + * The mixed setup I just described is hopefully not something people do in + real life. Given how broken django-tastypie currently is, my guess is that + people simply tend to move away from using distro-provided packages like + that, despite the supposed improvement in security that the distro brings. + Otherwise, I hope we would have already received a bug report. + + [1]: https://github.com/django-tastypie/django-tastypie/releases + + + [ Other Info ] + + See below for the original description from the associated Debian bug. + + + [ Original description ] + + Imported from Debian bug http://bugs.debian.org/1122968: Source: django-tastypie Version: 0.14.3-1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: [email protected] Hello there, dear maintainers, Since the release of Django 4, many breaking changes are affecting django-tastypie, making it pretty much unusable. See the following session in an up-to-date `sid` container: root@sid:/tmp# dpkg-query -W python3-django python3-django 3:4.2.26-1 root@sid:/tmp# dpkg-query -W python3-django-tastypie python3-django-tastypie 0.14.3-1 root@sid:/tmp# django-admin startproject tastytest root@sid:/tmp# cd tastytest/ root@sid:/tmp/tastytest# cat - >tastytest/urls.py <<EOF from django.urls.conf import re_path, include from tastypie.api import Api from myapp.api import EntryResource v1_api = Api(api_name='v1') v1_api.register(EntryResource()) urlpatterns = [ - # The normal jazz here then... - re_path(r'^api/', include(v1_api.urls)), + # The normal jazz here then... + re_path(r'^api/', include(v1_api.urls)), ] EOF root@sid:/tmp/tastytest# ./manage.py runserver Watching for file changes with StatReloader Performing system checks... Exception in thread django-main-thread: Traceback (most recent call last): - File "/usr/lib/python3.13/threading.py", line 1044, in _bootstrap_inner - self.run() - ~~~~~~~~^^ - File "/usr/lib/python3.13/threading.py", line 995, in run - self._target(*self._args, **self._kwargs) - ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - File "/usr/lib/python3/dist-packages/django/utils/autoreload.py", line 64, in wrapper - fn(*args, **kwargs) - ~~^^^^^^^^^^^^^^^^^ - File "/usr/lib/python3/dist-packages/django/core/management/commands/runserver.py", line 133, in inner_run - self.check(display_num_errors=True) - ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^ - File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 485, in check - all_issues = checks.run_checks( - app_configs=app_configs, - ...<2 lines>... - databases=databases, - ) - File "/usr/lib/python3/dist-packages/django/core/checks/registry.py", line 88, in run_checks - new_errors = check(app_configs=app_configs, databases=databases) - File "/usr/lib/python3/dist-packages/django/core/checks/urls.py", line 14, in check_url_config - return check_resolver(resolver) - File "/usr/lib/python3/dist-packages/django/core/checks/urls.py", line 24, in check_resolver - return check_method() - File "/usr/lib/python3/dist-packages/django/urls/resolvers.py", line 494, in check - for pattern in self.url_patterns: - ^^^^^^^^^^^^^^^^^ - File "/usr/lib/python3/dist-packages/django/utils/functional.py", line 57, in __get__ - res = instance.__dict__[self.name] = self.func(instance) - ~~~~~~~~~^^^^^^^^^^ - File "/usr/lib/python3/dist-packages/django/urls/resolvers.py", line 715, in url_patterns - patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module) - ^^^^^^^^^^^^^^^^^^^ - File "/usr/lib/python3/dist-packages/django/utils/functional.py", line 57, in __get__ - res = instance.__dict__[self.name] = self.func(instance) - ~~~~~~~~~^^^^^^^^^^ - File "/usr/lib/python3/dist-packages/django/urls/resolvers.py", line 708, in urlconf_module - return import_module(self.urlconf_name) - File "/usr/lib/python3.13/importlib/__init__.py", line 88, in import_module - return _bootstrap._gcd_import(name[level:], package, level) - ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - File "<frozen importlib._bootstrap>", line 1387, in _gcd_import - File "<frozen importlib._bootstrap>", line 1360, in _find_and_load - File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked - File "<frozen importlib._bootstrap>", line 935, in _load_unlocked - File "<frozen importlib._bootstrap_external>", line 1023, in exec_module - File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed - File "/tmp/tastytest/tastytest/urls.py", line 2, in <module> - from tastypie.api import Api - File "/usr/lib/python3/dist-packages/tastypie/api.py", line 3, in <module> - from django.conf.urls import url, include + File "/usr/lib/python3.13/threading.py", line 1044, in _bootstrap_inner + self.run() + ~~~~~~~~^^ + File "/usr/lib/python3.13/threading.py", line 995, in run + self._target(*self._args, **self._kwargs) + ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/usr/lib/python3/dist-packages/django/utils/autoreload.py", line 64, in wrapper + fn(*args, **kwargs) + ~~^^^^^^^^^^^^^^^^^ + File "/usr/lib/python3/dist-packages/django/core/management/commands/runserver.py", line 133, in inner_run + self.check(display_num_errors=True) + ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 485, in check + all_issues = checks.run_checks( + app_configs=app_configs, + ...<2 lines>... + databases=databases, + ) + File "/usr/lib/python3/dist-packages/django/core/checks/registry.py", line 88, in run_checks + new_errors = check(app_configs=app_configs, databases=databases) + File "/usr/lib/python3/dist-packages/django/core/checks/urls.py", line 14, in check_url_config + return check_resolver(resolver) + File "/usr/lib/python3/dist-packages/django/core/checks/urls.py", line 24, in check_resolver + return check_method() + File "/usr/lib/python3/dist-packages/django/urls/resolvers.py", line 494, in check + for pattern in self.url_patterns: + ^^^^^^^^^^^^^^^^^ + File "/usr/lib/python3/dist-packages/django/utils/functional.py", line 57, in __get__ + res = instance.__dict__[self.name] = self.func(instance) + ~~~~~~~~~^^^^^^^^^^ + File "/usr/lib/python3/dist-packages/django/urls/resolvers.py", line 715, in url_patterns + patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module) + ^^^^^^^^^^^^^^^^^^^ + File "/usr/lib/python3/dist-packages/django/utils/functional.py", line 57, in __get__ + res = instance.__dict__[self.name] = self.func(instance) + ~~~~~~~~~^^^^^^^^^^ + File "/usr/lib/python3/dist-packages/django/urls/resolvers.py", line 708, in urlconf_module + return import_module(self.urlconf_name) + File "/usr/lib/python3.13/importlib/__init__.py", line 88, in import_module + return _bootstrap._gcd_import(name[level:], package, level) + ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "<frozen importlib._bootstrap>", line 1387, in _gcd_import + File "<frozen importlib._bootstrap>", line 1360, in _find_and_load + File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked + File "<frozen importlib._bootstrap>", line 935, in _load_unlocked + File "<frozen importlib._bootstrap_external>", line 1023, in exec_module + File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed + File "/tmp/tastytest/tastytest/urls.py", line 2, in <module> + from tastypie.api import Api + File "/usr/lib/python3/dist-packages/tastypie/api.py", line 3, in <module> + from django.conf.urls import url, include ImportError: cannot import name 'url' from 'django.conf.urls' (/usr/lib/python3/dist-packages/django/conf/urls/__init__.py). Did you mean: 'urls'? ^Croot@sid:/tmp/tastytest# This can be fixed by simply packaging a newer upstream release, as they support Django up to 5.2. A branch fixing this can be found here: https://salsa.debian.org/python- team/packages/django-tastypie/-/merge_requests/2 Thanks Skia -- System Information: Debian Release: forky/sid - APT prefers resolute - APT policy: (500, 'resolute'), (500, 'questing-updates'), (500, 'questing'), (200, 'noble-updates'), (200, 'noble-backports'), (200, 'noble'), (100, 'resolute-proposed'), (100, 'questing-proposed') + APT prefers resolute + APT policy: (500, 'resolute'), (500, 'questing-updates'), (500, 'questing'), (200, 'noble-updates'), (200, 'noble-backports'), (200, 'noble'), (100, 'resolute-proposed'), (100, 'questing-proposed') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.17.0-7-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
** Attachment added: "tastytest.tar" https://bugs.launchpad.net/ubuntu/+source/django-tastypie/+bug/2136109/+attachment/5939467/+files/tastytest.tar ** No longer affects: django-tastypie (Ubuntu Plucky) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2136109 Title: [SRU] django-tastypie: tastypie is completely broken against Django 4+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/django-tastypie/+bug/2136109/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
