bug: error scanning apache-airflow requirements

[terriko]

I was trying to do a scan on the requirements for apache-airflow, which is currently a pretty long list of pinned dependencies:

[13:33:59] ERROR    cve_bin_tool.VersionScanner - b'  error:                              python.py:72
                    subprocess-exited-with-error\n  \n  \xc3\x97 Getting requirements to              
                    build wheel did not run successfully.\n  \xe2\x94\x82 exit code: 1\n              
                    \xe2\x95\xb0\xe2\x94\x80> [25 lines of output]\n      /bin/sh: line               
                    1: krb5-config: command not found\n      Traceback (most recent call              
                    last):\n        File                                                              
                    "/home/terri/venv-airflow/lib/python3.12/site-packages/pip/_vendor/py             
                    project_hooks/_in_process/_in_process.py", line 353, in <module>\n                
                    main()\n        File                                                              
                    "/home/terri/venv-airflow/lib/python3.12/site-packages/pip/_vendor/py             
                    project_hooks/_in_process/_in_process.py", line 335, in main\n                    
                    json_out[\'return_val\'] = hook(**hook_input[\'kwargs\'])\n                       
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n        File                                        
                    "/home/terri/venv-airflow/lib/python3.12/site-packages/pip/_vendor/py             
                    project_hooks/_in_process/_in_process.py", line 118, in                           
                    get_requires_for_build_wheel\n          return                                    
                    hook(config_settings)\n                 ^^^^^^^^^^^^^^^^^^^^^\n                   
                    File                                                                              
                    "/tmp/pip-build-env-jn2xk8xz/overlay/lib/python3.12/site-packages/set             
                    uptools/build_meta.py", line 327, in get_requires_for_build_wheel\n               
                    return self._get_build_requires(config_settings, requirements=[])\n               
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n                      
                    File                                                                              
                    "/tmp/pip-build-env-jn2xk8xz/overlay/lib/python3.12/site-packages/set             
                    uptools/build_meta.py", line 297, in _get_build_requires\n                        
                    self.run_setup()\n        File                                                    
                    "/tmp/pip-build-env-jn2xk8xz/overlay/lib/python3.12/site-packages/set             
                    uptools/build_meta.py", line 313, in run_setup\n          exec(code,              
                    locals())\n        File "<string>", line 109, in <module>\n                       
                    File "<string>", line 22, in get_output\n        File                             
                    "/usr/lib64/python3.12/subprocess.py", line 466, in check_output\n                
                    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,\n                
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n                       
                    File "/usr/lib64/python3.12/subprocess.py", line 571, in run\n                    
                    raise CalledProcessError(retcode, process.args,\n                                 
                    subprocess.CalledProcessError: Command \'krb5-config --libs gssapi\'              
                    returned non-zero exit status 127.\n      [end of output]\n  \n                   
                    note: This error originates from a subprocess, and is likely not a                
                    problem with pip.\nerror: subprocess-exited-with-error\n\n\xc3\x97                
                    Getting requirements to build wheel did not run                                   
                    successfully.\n\xe2\x94\x82 exit code: 1\n\xe2\x95\xb0\xe2\x94\x80>               
                    See above for output.\n\nnote: This error originates from a                       
                    subprocess, and is likely not a problem with pip.\n' 

I'm attaching the file I was using for the scan.

airflow-requirements.txt

Note that this isn't exactly the way airflow wants the install to work, I just wanted to get some scan results to answer a question someone had about the security of apache-airflow. cve-bin-tool does give me some output, but it's missing a lot of components that I would expect to see.

Pinging @anthonyharrison for his expertise on python dependency weirdness and @inosmeet for his recent delving into the language parser code in case they've got any ideas on what we could do better here.

[inosmeet]

It's a dependency problem, works as expected after installing libmysqlclient-dev, libkbr5-dev and pkg-config.