Unsafe load()

[alex-kozinov]

Hi! Thank you for your great job) Can I ask you to add patch to prefix, which fix this bug:

Unsafe load() call disabled by Gentoo. See bug #659348

It appeared when I tried to run rosdep command (

[awesomebytes]

Can you give me a more detailed description and log of what problem is arising?

Note that rosdep does not work in Gentoo Prefix because it tries to write in /etc/ros as reported here: https://github.com/ros-infrastructure/rosdep/pull/583

And Gentoo Prefix aims to run on a system without root access and without touching anything outside the Prefix itself.

What do you need rosdep for? (Just curious)

Update: I've looked a bit more into it with the data you provided. The latest version of rosdep does not use unsafe load calls (or I can't find them: https://github.com/ros-infrastructure/rosdep/search?q=load%28&unscoped_q=load%28 ) Update2: I saw that you are probably pulling version 0.13.0 from ros-overlay (cause the upstream dev-python/rosdep in Gentoo has dropped support for Python 2 as I reported here https://github.com/ros/ros-overlay/issues/950). The way to probably workaround this is... well I'll tell you how I did it so it's documented for the future :)

First I cloned the rosdep repo: https://github.com/ros-infrastructure Then I switched to the tag of the 0.13.0 release git checkout 0.13.0 and I looked for calls to the unsafe yaml.load. I went with doing grep -r load\( . and I saw a bunch of files that did have this call. I went the quick way as they all seemed be called in the same way with yaml.load( so I substituted them with the safe call with: find ./ -type f -exec sed -i -e 's/yaml.load/yaml.safe_load/g' {} \;.

I created a new branch and made a commit to be able to generate a .patch so it can be easily applied in our Gentoos:

git checkout -b rosdep_0.13.0_safe_load
git commit -m "change yaml.load to yaml.safe_load so to workaround gentoo bug https://bugs.gentoo.org/659348"
git format-patch -n HEAD^

This gave me the file: 0001-change-yaml.load-to-yaml.safe_load-so-to-workaround-.patch with the contents: https://gist.github.com/awesomebytes/18938bb640413b175948fa82d3d168ae

Now you can use that patch easily in your install by placing it in $EPREFIX/etc/portage/patches/dev-python/rosdep-0.13.0 and re-emerging dev-python/rosdep.

mkdir -p $EPREFIX/etc/portage/patches/dev-python/rosdep-0.13.0
cd $EPREFIX/etc/portage/patches/dev-python/rosdep-0.13.0
wget https://gist.githubusercontent.com/awesomebytes/18938bb640413b175948fa82d3d168ae/raw/0bab3eb11ec88a7615cd08191487fab2a5730670/0001-change-yaml.load-to-yaml.safe_load-so-to-workaround-.patch
emerge dev-python/rosdep

Note that I haven't tried any of this and there may be some typo, but it should work, I think.

[alex-kozinov]

Hi! Sorry for very long pause What i've done:

• install sbre_robot_ros_gentoo release on nao robot
• clone libuvc_ros
• try to install dependencies rosdep install --from-paths src/ --ignore-src
• then try to update rosdep update

Is there another way to install all dependencies of libuvc_ros pachage?

[awesomebytes]

@alex-kozinov Hello!

libuvc_ros depends on libuvc_camera (same metapackage) which has the following package.xml with the highlighted dependencies: https://github.com/ros-drivers/libuvc_ros/blob/master/libuvc_camera/package.xml#L37-L55

Other than usual ROS packages (as ros-melodic-image-transport for example) it depends on libuvc. Which any search engine with 'gentoo libuvc' links me to: https://packages.gentoo.org/packages/media-libs/libuvc

So, to compile libuvc_ros I think you'll need to emerge media-libs/libuvc first. Then you should be able to compile libuvc_ros from source. That said, I see that ros-overlay does have the ebuild for libuvc_ros (https://github.com/ros/ros-overlay/tree/main/ros-melodic/libuvc_ros ) so you may be able to just do emerge ros-melodic/libuvc_ros and be done with it.