Who pulls these dependencies?

As a part of sudo dnf up process I see these dependencies being pulled, and I am curious what and why needed Google Auth and MySQL access from Python all of a sudden. What is the dnf command (again?) to get that info?

I believe I already had this curiosity problem in the past, but Discourse search didn’t give me any proof that there is an answer.

...
 yum                                noarch 4.13.0-1.fc36         updates   40 k
Installing dependencies:
 python3-cachetools                 noarch 5.0.0-2.fc36          fedora    30 k
 python3-google-auth                noarch 1:2.6.6-1.fc36        updates  169 k
 python3-google-auth-oauthlib       noarch 0.4.1-6.fc36          fedora    30 k
 python3-greenlet                   x86_64 1.1.2-2.fc36          fedora   106 k
 python3-jwt                        noarch 2.4.0-1.fc36          updates   41 k
 python3-oauthlib                   noarch 3.0.2-12.fc36         fedora   169 k
 python3-requests-oauthlib          noarch 1.3.0-12.fc36         fedora    42 k
 python3-rsa                        noarch 4.8-2.fc36            fedora    58 k
Installing weak dependencies:
 python3-PyMySQL                    noarch 0.10.1-5.fc36         fedora    94 k
 python3-fsspec                     noarch 2022.5.0-1.fc36~bootstrap
                                                                 updates  232 k
 python3-gcsfs                      noarch 0.6.2-7.fc36          fedora    41 k
 python3-jwt+crypto                 noarch 2.4.0-1.fc36          updates  8.9 k
 python3-oauthlib+signedtoken       noarch 3.0.2-12.fc36         fedora   8.5 k
 python3-odfpy                      noarch 1.4.1-2.fc36          fedora   235 k
 python3-sqlalchemy                 x86_64 1.4.36-1.fc36         updates  2.2 M
 python3-xarray                     noarch 2022.3.0-1.fc36       fedora   1.5 M
 python3-xlsxwriter                 noarch 3.0.3-1.fc36          fedora   239 k
Removing:
 kernel                             x86_64 5.17.5-300.fc36       @fedora    0  
...
1 Like

sudo dnf repoquery --whatrequires package-name for dependencies and sudo dnf repoquery --whatrecommends package-name for weak dependencies.

3 Likes

Thanks, but it there any command to get the tree in one go? For example here is what I can pull in for python3-google-auth.

$ sudo dnf repoquery --whatrequires python3-google-auth
Last metadata expiration check: 4:14:56 ago on Sat 04 Jun 2022 09:24:22 AM +03.
python3-gcsfs-0:0.6.2-7.fc36.noarch
python3-google-api-client-2:2.40.0-1.fc36.noarch
python3-google-api-client-2:2.47.0-1.fc36.noarch
python3-google-api-core-0:2.7.1-1.fc36.noarch
python3-google-api-core-0:2.8.0-1.fc36.noarch
python3-google-auth-httplib2-0:0.1.0-2.fc36.noarch
python3-google-auth-oauthlib-0:0.4.1-6.fc36.noarch
python3-google-cloud-core-0:2.2.3-2.fc36.noarch
python3-google-cloud-core-0:2.3.0-1.fc36.noarch
python3-google-cloud-storage-0:2.1.0-2.fc36.noarch
python3-google-cloud-storage-0:2.2.1-1.fc36.noarch
python3-google-cloud-testutils-0:1.1.0-1.fc36.noarch
python3-kubernetes-1:21.7.0-1.fc36.noarch

There are no such packages in dnf up direct updates.

...
 openssl-libs                       x86_64 1:3.0.3-1.fc36        updates  2.1 M
 openvpn                            x86_64 2.5.7-1.fc36          updates  656 k
 perl-libwww-perl                   noarch 6.66-1.fc36           updates  203 k
 python3-bind                       noarch 32:9.16.29-1.fc36     updates   65 k
 python3-construct                  noarch 2.10.68-1.fc36        updates  112 k
 python3-dnf                        noarch 4.13.0-1.fc36         updates  415 k
 python3-dnf-plugins-core           noarch 4.2.1-1.fc36          updates  221 k
 python3-gstreamer1                 x86_64 1.20.2-1.fc36         updates  131 k
 python3-keyring                    noarch 23.5.1-1.fc36         updates   77 k
 python3-koji                       noarch 1.29.0-1.fc36         updates  309 k
 python3-pandas                     x86_64 1.3.5-1.fc36          updates  6.2 M
 python3-typed_ast                  x86_64 1.5.4-1.fc36          updates  194 k
 qgnomeplatform-qt5                 x86_64 0.8.4-9.fc36          updates  178 k
 qgnomeplatform-qt6                 x86_64 0.8.4-9.fc36          updates  147 k
...

But there is one python3-gcsfs in weak deps.

...
Installing weak dependencies:
 python3-PyMySQL                    noarch 0.10.1-5.fc36         fedora    94 k
 python3-fsspec                     noarch 2022.5.0-1.fc36~bootstrap
                                                                 updates  232 k
 python3-gcsfs                      noarch 0.6.2-7.fc36          fedora    41 k
 python3-jwt+crypto                 noarch 2.4.0-1.fc36          updates  8.9 k
 python3-oauthlib+signedtoken       noarch 3.0.2-12.fc36         fedora   8.5 k
 python3-odfpy                      noarch 1.4.1-2.fc36          fedora   235 k
 python3-sqlalchemy                 x86_64 1.4.36-1.fc36         updates  2.2 M
 python3-xarray                     noarch 2022.3.0-1.fc36       fedora   1.5 M
 python3-xlsxwriter                 noarch 3.0.3-1.fc36          fedora   239 k
...

sudo dnf repoquery --whatrequires python3-gcsfs shows nothing, so had to use --whatrecommends.

$ sudo dnf repoquery --whatrecommends python3-gcsfs
Last metadata expiration check: 4:22:22 ago on Sat 04 Jun 2022 09:24:22 AM +03.
python3-pandas-0:1.3.5-1.fc36.x86_64

Now going through the process for each dependency is unfeasible.

1 Like

There is --tree option for dnf repoquery command, you can use it with --whatrequires but not with --whatrecommends, not sure if it is what you looking for.

From my experience, those dependencies are usually belong to the weak dependencies (which belong to the already installed packages on your system) that will be installed with dnf upgrade command (dnf installs weak dependencies by default unless you tell it not to do it). You can opt out of installing weak dependencies with sudo dnf upgrade --setopt install_weak_deps=false command and see if you still have new dependencies to be installed and query them with repoquery --whatrequires command.

You could make a script which tracks them down iteratively. However, I think this might be best addressed by looking at your base assumptions. In particular, it seems like maybe you want to set install_weak_deps to false in your DNF configuration, so that supplemental dependencies like this aren’t pulled in.

I could probably make a script that will give output like this.

python3-pandas
  python3-gcsfs (dep)
    python3-google-auth (weak)

But even with script parsing textual output of dnf will be slow and hardly can be named a best practice.

Actually, it is different.

python3-pandas
  python3-gcsfs (weak)
    python3-google-auth (dep)