Only install stable releases by default #834
Conversation
* Adds the --pre flag to pip install to specify that you wish to install pre-releases * If the version spec contains any pre-releases then continue to install pre-releases
|
I think we should go ahead and we just have to commit that we're going to make sure virtualenv can support installing it by the next release. ( @pfmoore ) also, it seems like |
|
Distlib doesn't support PEP426 yet which is why I didn't want to use distlib proper yet. PEP426 made some changes to restrict the allowed values and fixed some inconsistencies in the ordering. Since it wasn't yet updated I didn't feel comfortable including it yet. However for the use of determining if something was a pre release or not the differences between PEP386 and PEP426 doesn't matter so I stripped it down to just the parts I needed. I don't know how I feel about |
|
Assuming the tests pass I consider this ready for merging, whether it should be merged I leave as an exercise to the reader ;) As I indicated to @qwcode I don't feel comfortable using distlib as a whole yet. |
|
but the parts you used are unaltered? if so, why do we care if other parts are not up to date? yes, |
|
Yes the parts I used are unaltered. I just deleted things that I wasn't using (and in many cases are wrong in the contexts of PEP426). |
|
It's worth noting the the part I used is slightly wrong in the context of PEP426 as well, but not in a way that negatively affects my use of it here. PEP386 allowed |
|
Oh and the reason I care is because I didn't want to include something that was not up to date/wrong in the context of PEP426 because I felt it was confusing if we should be using them or not. |
|
And tests pass ;) So I guess all that's left is determining if it should be merged and/or if it needs any changes ;) |
|
sure, I care about distlib being all correct in the end, if we're going to get the most out of it, as a dependency. not sure you read the really long thread on the mailing list about wheel and distlib, but my tentative intention at the moment is to depend on distlib for our wheel support as well, so depending on it for that, but yet, cutting our parts of it for this would be pretty odd. worse case scenario if "distlib" development ends all of a sudden (or it ends up being to hard logistically to maintain the relationship), then we can fold what we need into pip. but I want to be more optimistic now. |
|
Thinking about this some more, I'm against depending on distlib (as opposed to folding it in) for other reasons as well. pip is not hardly a dependency of practically anyone's application. However pip's dependencies and the applications dependencies will exist in the same context. This means that if an app depends on distlib (or any other dependency of pip's if taken to a conclusion that we might want to do this in the future) that by simply using pip they have additional constraints on what they can install in their environment. The other problem here is one of testing. For your typical project if one of your deps breaks things you can just uninstall it and try to install a different version. However if a new version of distlib comes out that breaks with older versions of pip it's not inconceivable that it can break pip in a way that uninstalling distlib and installing a known good version is not possible leaving the user to need to manually uninstall distlib and then |
well, that's true now with our dependency on Setuptools/Distribute.
I'd be for some kind of automated process of periodically inserting "distlib" into a package of pip to reduce all of this confusion, but just not picking out parts one by one, and then having to maintain the divergence. |
|
I'd be ok with folding all of distlib into pip here. I only uses these parts because I thought including the unready parts would be confusing. Would that work for you? And if so want me to update the PR to do that? |
|
There are a number of issues here. @dstufft has a good point about imposing dependencies on user code. But we already have that with setuptools/distribute, as @qwcode points out. Adding distlib makes the problem worse, but replacing setuptools with distlib does not. In fact, given the complexities of setuptools' install, a distlib dependency is better. And adding distlib short-term with the intention of removing setuptools is an overall win, as it avoids either reimplementing things that already exist, or further extending our dependency on setuptools (wheel support involves both of these issues - the current code implements our own install code, and depends via wheel on setuptools for building wheels). The other issue is that setuptools and distlib both incorporate elements of installer support, and elements of package runtime support - specifically, the entry point stuff. It's a hard dependency in setuptools (exe wrppers and console scripts in general use pkg_resources entry point support) but I'm not sure how it works in distlib ("exports" as distlib calls them and script wrappers aren't used in the wild yet, AFAIK). It might be worth lobbying for distlib to separate out the subpackages intended for runtime use from those intended to help with implementing installers - that would ease the dependency issue even further. I'm not too happy about including the whole of distlib into pip - pip is about 625K, and distlib is (already) 1M+. Trebling the size of pip seems like a bad idea :-( Regarding virtualenv, I do intend to add support for installing distlib (probably by making the whole "what to install by default" process more configurable and flexible, and supporting install from wheels at the same time). If it's important to do so, though, (which I don't particularly expect) I can rush in minimal support for just installing distlib from source. |
|
The benefit to setuptools is that it does have a fairly good history of not breaking shit, distlib is an unknown quantity there. I don't even know that I'd want distlib to make that claim right now as it's still relatively new and evolving. |
you're worried about size? help me understand that? |
|
Agreed - setuptools/distribute is stable and distlib isn't yet (nobody expects it to be this early in its development). But distlib is the reference implementation of code supporting the new standards. So we should be using it going forward. The problem is managing the inevitable risks of instability in the short term. Question: how likely is it that a version of pip relying on distlib is going to be ready for release before distlib is sufficiently stable for us to depend on it? And even if that does happen, can't we simply bundle distlib then as a short-term solution? |
|
I wouldn't want distlib to be considered stable until packaging has settled down. I wouldn't expect that to happen for at least a year. |
Actually, I was mistaken. I was thinking about the speed impact of installing distribute from source on Windows that we talked about before. But in this situation, we're installing the same code (distlib and pip) in any case, so the analogy doesn't apply. Apologies for the confusion. However, in my picture of virtualenv's future, all I do is add the distlib wheel to sys.path, then use distlib to install a predefined list of requirements from virtualenv_support, or by downloading as a fallback. So in that case an unbundled distlib is simpler to use. But it's not a huge deal whatever way it ends up playing out, certainly. |
sounds good to me at the moment
instead, couldn't you add pip's wheel to sys.path, and use |
|
Ok this PR just got a whole lot biger :)
I added a note to pip/vendor/init.py that those files should be considered immutable, and hopefully the automated script will make it more unlikely for them to be modified. I've also updated the setup.py to use setuptool's find_packages() command and updated pip.util to use the newly vendored distlib instead of the partially vendored one. |
|
Just a note, I chose |
|
Well crap, distlib is 2.6+ so depending on it will require dropping Python 2.5 support from pip. The parts I was using happened to be 2.5 compatible. |
|
dropping py2.5 came up for pip-1.4 on the mailing list in the wheel/distlib discussion. I think its time. you could modify |
|
The tests pass on everything but Python 2.5. So we'll need to either use my original strategy or drop Python 2.5 support. |
|
Heh too fast for me. I'll go ahead and take it out then. |
* Includes helper scripts to maintaing pip.vendor
|
And there's the passing tests. |
|
@dholth, given all this, |
|
+1 although things like pip install still require an installed copy of setuptools to work, so it isn't a complete solution... |
my interest in |
|
|
It makes sense to include pkg_resources and merge the perfectly good wheel branch. It would be quick and it's not going to prevent distlib from happening later. The wheel branch uses pkg_resources to get the dependencies from a wheel but is otherwise independent. |
PEP 426 support is coming - awaiting it getting beyond Draft status. I've already started adding the fields, the version support is written in a Gist I posted to distutils-sig and can easily be set up in distlib. |
Do you mean a patched version of pkg_resources that understands environment markers? If not, how do you deal with dependencies that are environment-dependent? |
|
distribute's pkg_resources has supported (PEP 345) markers since the end of August, including the "extras" extension. |
Whoops, I forgot about that :-) I remember you telling me about |
only Distribute's pkg_resources recognizes dist-info, which is how wheels are being installed. |
|
we have enough consensus to merge at this point, except for clear agreement that we're ok with pip-1.4 dropping py25. going to list explicitly for that. |
|
If you also vendorize pkg_resources then pip's dependency count (when installing wheels) is down to 0. |
|
we have consensus IMO to drop py25. |
|
merging afterwards, I will:
|
Only install stable releases by default
| @@ -183,6 +183,9 @@ def mkurl_pypi_url(url): | |||
| logger.info("Ignoring link %s, version %s doesn't match %s" | |||
| % (link, version, ','.join([''.join(s) for s in req.req.specs]))) | |||
| continue | |||
| elif is_prerelease(version) and not req.prereleases: | |||
| logger.info("Ignoring link %s, version %s is a pre-release (use --pre to allow)." % (link, version)) | |||
There was a problem hiding this comment.
I realize I'm way, way, behind on this, but was there any discussion of making this logged info loud at the default verbosity level (i.e. warning rather than info), at least for 1.4, since it's a significant change in behavior that might confuse people if it happens silently?
There was a problem hiding this comment.
I wasn't around when this landed, but I agree, we should be loud about it.
There was a problem hiding this comment.
Not that I remember. I'm not opposed to that change though. Might be rather noisy though since it'll give a warning for every ==dev and such for any apps that have them.
There was a problem hiding this comment.
Hmm, yeah, that could get noisy. I guess what we'd ideally want is just a single warning iff a stable version is selected when a prerelease version would otherwise have been selected. But that's a more complex fix than just changing this info to warning.
lock
bot
added
the
auto-locked
This implements #820.
pip.vendor.distlib, which effectively drops py25 support in pip-1.4