Log file Viewer
#pypa-dev logs for Wednesday the 29th of April, 2020
[00:25:12] <omry> Hi, I hit a new problem that I suspect is a result of the build-in-place change in 20.1.
[00:27:12] <omry> in particular, pytest is blowing up once the build directory is there because it discovers the python files (or pyc) inside and they are in conflict with those in the directory.
[00:27:57] <omry> I can work around it by excluding build from pytest discovery, but this is likely to cause issue to many projects.
[04:43:31] <pradyunsg> toad_polo, techalchemy: yea, the change-over in pip is intentional -- part of it is that the "copy" step was prone to issues/errors and generally slow. Another part is that pip has to start moving away from bodging to hide distutils-specific consistency issues, to "rely on the backend behaving correctly".
[04:44:51] <ronny> pradyunsg: i suppose we can kind of assume that the build directory is going to be a python thing to ignore more often now?
[04:47:35] <ronny> techalchemy: distutils leaves it, pip no longer ihdes grave distutils errors (which actually is awesome for setuptools_scm)
[04:50:17] <ronny> my personal impression is you cant really change distutils behaviour sanely - its all a big house of cards thats rather fragile, and even more so when setuptools is wrapped around
[04:51:02] <ronny> so now i hope someone comes around and fixes the intgration layer on the distutils/setuptools side
[04:52:13] <techalchemy> i'm just not clear on what pip gains from holding the position that adding crap to a users directory that doesn't need to be there is good
[04:54:40] <pradyunsg> The benefit to this change, is less code in pip, faster build times for users and less distutils-specific workarounds in pip.
[04:54:46] <techalchemy> like, they have to use pip to do stuff, and decisions like these are confusing at best and leave users wondering whether developers are attentive to UX (not this one specifically but ones like it, in the aggregate) -- it's not crazy to clean up after a build that you invoked
[04:55:04] <ronny> techalchemy: thing is - pip has nothing to do with the folder that now appear, distutils has, pip is just no longer hiding everything in a tmpdir while breaking some other tools
[04:55:24] <techalchemy> i mean, if you don't have the folder, then you run pip, then you do have the folder
[04:56:35] <techalchemy> pip is choosing to use tools that produce the folder as part of its build process, and as the primary user facing packaging tool in python that unfortunately means any decision made in pip impacts basically everyone
[04:58:13] <techalchemy> idk, if it were up to me i'd delete the directory, sounds like it must be more complicated than that to be causing so much maintainability burden
[05:02:33] <ronny> so far it was hidden by making a copy of the pakcage in tmp, breaking a few tools along the way and then dropping that tmpdir cause it was something under safe control
[05:03:06] <techalchemy> how can you not know if it's safe to delete a folder you created? that doesn't make any sense
[05:05:35] <techalchemy> ronny, I'm super familiar with pip's old build logic, it was a bit annoying and there was a layer or two too many of indirection, but it was still better to build in isolation
[05:07:11] <techalchemy> what pip does under the hood, its 'internal api' if you will ;) isn't that important to someone who just wants to run things from the command line
[05:07:32] <pradyunsg> techalchemy: It's still a directory that's clearly not a big deal IMO. There's some tools that'd need to learn to ignore it if they haven't already. 🤷🏻♂️
[05:08:44] <pradyunsg> techalchemy: is creating a dist/ directory after setup.py sdist polluting the user's code?
[05:10:23] <pradyunsg> I don't see why build/ directory would be different. It's pretty well known that distutils / setuptools generate them, it's in the default Python.gitignore that GitHub maintains and doesn't affect anything other than the current build (unless you're doing a wheel build LMAO).
[05:11:13] <ronny> techalchemy: i actualy hope people make a big deal out of this and fix distutils/setuptools, pip hiding the problem is not a good solution, and a working solution is the worst enemy of a good solution
[05:11:17] <pradyunsg> toad_polo: any idea if we can get setup.py bdist_wheel to complain about dirty build directories?
[05:11:54] <techalchemy> pradyunsg, i got burned by that today actually while i was updating my patches
[05:13:41] <ronny> pradyunsg: do you remember off-hand of the build isolation peps inform the backend of an intended tmpdir
[05:14:17] <ronny> the setuptools backend could be improved by setting the build-base to $THATTMPDIR/setuptools-build
[05:16:57] <pradyunsg> Ah. Okay, no, PEP 517 has no concept of a build directory / temporary directory.
[05:17:42] <pradyunsg> relevant line in PEP 517: "The source directory may be read-only. Backends should therefore be prepared to build without creating or modifying any files in the source directory, but they may opt not to handle this case, in which case failures will be visible to the user."
[05:18:17] <pradyunsg> "The backend may store intermediate artifacts in cache locations or temporary directories. The presence or absence of any caches should not make a material difference to the final result of the build."
[05:36:59] <pradyunsg> techalchemy: haha. everyone around me and I am fine, as of right now, which is a good enough for me.
[05:38:43] <PSFSlack1> <deveshkusingh> ^ reminds me of the meme where the dog sits in the middle of the burning room, and says "it's fine"
[06:07:30] <ronny> Ah, good old trauma anxiety, finally the external world adheres to the internal word
[07:11:26] <dstufft> i think changing away from isolation was a step in the wrong direction, but there isnt muuch to do about it now
[09:15:09] <pradyunsg> dstufft: I mean, we can still revert the patch and make a bugfix release -- though at that point, the discussion should really move over to GitHub to not exclude folks "not on #pypa-dev IRC". https://github.com/pypa/pip/issues/7555
[09:40:03] <ronny> dstufft: from my pov the directoy isolaton pip did was so far broken in a lot of edge cases and nobody fixed the details on the relevant places, so personally i welcome it going away
[11:09:42] <toad_polo> I definitely would have said something if I had gotten around to trying the beta...
[11:11:22] <toad_polo> I am surprised it's such a big deal though. Wouldn't the exact same thing happen for all non-PEP 517 builds? Or at least all editable installs?
[12:04:48] <ronny> Editable installs are built in place, so as far as I remember it is not always creating a build dir
[12:59:21] <toad_polo> I'd like to do it as part of this, though: https://discuss.python.org/t/proposal-adding-a-persistent-cache-directory-to-pep-517-hooks/2303
[13:26:43] <cnx> afaik atm pip only create build/ during build process, but it'd be easier for users to be able to have `pip install . && pip clean .` or `pip install --auto-clean .`
[13:37:28] <cnx> i see, so to my understanding the linked discourse is similar to previous pip's behavior
[13:37:41] <toad_polo> You're probably best off using `.gitignore` to exclude `build/`, then running `git clean` to remove files not tracked by git.
[13:39:36] <toad_polo> The proposal I linked to is that `pip` or any PEP 517 front-end would create a directory somewhere and pass it to the backend to use in arranging its build artifacts.
[13:40:40] <toad_polo> That could be a totally temporary place where the cache is deleted on every run, or one that persists between runs (i.e. the backend shouldn't assume it is empty, and should assume that if it is not empty that it contains the results of a previous build).
[13:41:22] <toad_polo> pip's previous behavior was to copy the entire build tree into a temporary directory then remove that directory once the build artifact was complete.
[13:42:17] <toad_polo> In the world of the proposal, `setuptools` would need to be updated to put the `build/` directory in that persistent cache directory instead of in CWD.
[13:44:09] <cnx> since I have a living resource to ask, sorry for being lazy, was the previous behavior copying the whole cwd instead of a generated sdist, since pip doesn't seem to have problem with setuptools' artifact anymore
[13:47:24] <toad_polo> `pip` doesn't go through a "generate sdist" step at the moment, but if it did you'd have the same problem that the build backend might generate random artifacts in the local directory.
[15:02:22] <dstufft> pradyunsg: ehh, im not convinced flip flopping after its been released is a desirable thing either. like it's out there now i think and unless a bunch of structural problems arise its probably worse to be like "lol just kidding"
[15:04:20] <dstufft> i think that moving away from that without a plan for dealing with dirty directories was suboptimal, but going back on it is probably even worse. at the end of the day i missed the discussion so i dont really get a say :)
[15:07:26] <dstufft> i do think it probably means weve lost our chanveto use pip as a forcing function for ensuring building sdists work and to narrow down the total "install paths" that the python ecosystem has to support
[15:09:52] <dstufft> since it is unlikely we could ever make build an sdist then build a wheel as fast as just building a wheel without changes made to pep517 to support optimizations. optimizations which were rejected at the time because no tool currently had any need for them
[20:38:57] <Raito_Bezarius> Hi there, is there any reason the PATH_HASHER in https://github.com/pypa/warehouse/blob/master/warehouse/forklift/legacy.py#L1340 is always blake2_256 when the Simple API gives only info about SHA256
[21:20:23] <dstufft> Raito_Bezarius: simple api gives sha256 because that is guaranteed to exist in a python install, so that is an obvious choice to use for a public api. The path hash it doesnt really matter, we had them both computed already and I just happened to pick blake2
[21:22:04] <Raito_Bezarius> given sha256 & filename & some metadata, I just cannot build the URL to the file
[21:23:13] <dstufft> youre not intended to guess the url. the url is not a stable api and may change in the future (and it has changed in the past).
[21:24:31] <Raito_Bezarius> is there a way to just go directly to the proper URL without going through an API first?
[21:25:36] <dstufft> its unlikely we will ever make any promises about the url structure of where files are hosted. youre inteded to use the api to discover it. There is a redirector for an url that doesnt have the hash in it thiugh
[21:35:51] <toad_polo> Raito_Bezarius: It doesn't really seem like it will solve "all your problems"
[21:36:34] <Raito_Bezarius> indeed, https://files.pythonhosted.org/packages/source/k/keras-applications/Keras_Applications-1.0.8-py3-none-any.whl seems to be failing
[21:38:42] <toad_polo> Because "here's some basically unsupported thing that might work incidentally for your use case" is not something to build on.
[21:39:14] <dstufft> note: pyversion is not exactly oython version, its a string sent along when the file was uploaded that is indended to represent the oython version
[21:39:51] <toad_polo> You should build on top of the supported API, convince the python community to support your use case or accept that you are on your own IMO.
[21:40:01] <toad_polo> But I'll butt out. I think plenty of people have tried to steer you towards a more sensible course.
[21:40:17] <Raito_Bezarius> toad_polo: I believe multiple Nix/nixpkgs developers tried to explain the usecase years ago
[21:41:09] <Raito_Bezarius> I definitely want to go for a more sensible course, but that's not always technically possible on my side, that's why I try to understand what's feasible
[21:41:30] <Raito_Bezarius> I understand what you say dstufft ; but I don't understand why it prevent a redirector for wheels
[21:42:42] <dstufft> it works, but you have to know what value was sent in the pyversion field when it was uploaded
[21:43:13] <Raito_Bezarius> dstufft: do you know if there is a list of such values? somewhere? I can read the code if that's required
[21:44:04] <dstufft> there is not, it was a free form field for uploaders to use. in practice the two popular uploaders have two different behaviors iirc
[21:44:50] <Raito_Bezarius> dstufft: what about https://files.pythonhosted.org/packages/py2.py3/r/requests-oauthlib/requests_oauthlib-1.3.0-py2.py3-none-any.whl ?
[21:45:16] <dstufft> and i think setuptools might use the version of python that the person running setuo.py upload ran it under
[21:46:36] <toad_polo> I don't understand why you don't want to use the API for discovering the packages...
[21:48:00] <dstufft> problems around pyversion being inconsistent is why our redictor is only really recommended for sdists
[21:50:40] <dstufft> the other reason we discourage its use it its really only intended to suport the legacy URLs after we migrated to hash urls so the structure was forced on us, if we were designing it from scratch it would be a lot simpler
[21:53:58] <PSFSlack1> <di> FWIW I was curious how many unique values exist for that field: https://gist.github.com/di/93019b51582899c294cfd76ee2d0a4a3
[21:56:34] <dstufft> that list gives a good indication of why we dont recommend the redirector for wheels
[21:57:06] <PSFSlack1> <di> my favorite is "2.7 (Tal Yarkoni's conflicted copy 2015" looks like someone's got their own personal 2.7 fork
[22:02:22] <dstufft> Make an URL like /{project}/{filename} look up /pypi/{project}/json read it for the url and then send a redirect
[22:04:16] <dstufft> https://github.com/pypa/conveyor/blob/eb15f0de91f945cfceedc52be8f8a6cd204b0e70/conveyor/views.py#L32-L103
[22:15:23] <dstufft> Raito_Bezarius: no problem. i dont know much about nix to know what option is the least bad, but hopefully thats enough to get something doable working
[22:17:14] <Raito_Bezarius> dstufft: we're actually going for the API call, but it requires to do something like this: https://github.com/nix-community/poetry2nix/pull/94/files#diff-49b94f8a45fd693ca88fb2813d640536R108
[22:18:54] <Raito_Bezarius> I terribly want to open an issue and submit such a PR for the lockfile, but I'm not sure it's a *very* good idea
[23:51:16] <dstufft> techalchemy: to be clear, the urls themselves are. the method for generating them is not
[23:51:55] <dstufft> https://warehouse.pypa.io/api-reference/integration-guide/#querying-pypi-for-package-urls
[23:52:00] <techalchemy> well, sure, and for practical purposes the files at /a/b/c will be redirected, but it's not that relevant
[23:53:56] <techalchemy> dstufft, that's good to know. And I didn't realize that some aspects of the JSON api were ok to rely on
[23:56:21] <techalchemy> if i create a mirror and swap indexes it would just make my lockfile useless for example
[23:57:14] <dstufft> techalchemy: the json api is weird and undersoecified and probably not the right solution long term, but its supported and were not likely to make breaking changes in it at this point without good reason