Log file Viewer
#pypa logs for Tuesday the 3rd of March, 2015
[14:21:33] <nanonyme> Also why is it that egg->wheel breaks entry-points of scripts *every* frigging time for me :(
[14:26:21] <nanonyme> When I install the result, the stuff defined in scripts ends up nowhere reasonable
[14:29:20] <nanonyme> Yeah, could be that it was just duplicated under site-packages as a coincidence in one of the packages I tried it with
[14:30:32] <nanonyme> There's a site-packages/package-foo.dist-info/scripts, everything is under that
[14:34:25] <ronny> nanonyme: when i make a normal wheel package, there is a entrypoints.txt in the dist-info
[14:39:52] <nanonyme> (I wonder if this has some weird side-effects on what kind of package names you can use with eggs)
[14:40:10] <nanonyme> Yeah, I'd prefer we would not use eggs but I'm having difficulty convincing everyone to migrate away from it
[14:40:27] <nanonyme> If someone can make setuptools drop egg support, please do. Will make my job easier
[14:44:05] <nanonyme> I know, hence why I'm trying to have automatic .egg->.wheel conversions so I won't at least have to suffer easy_install
[14:47:45] <nanonyme> You mean teach wheel to automatically translate everything under scripts directory as entrypoints :)
[14:50:19] <nanonyme> ronny, wait, I just build a bdist_wheel, it didn't have entrypoints.txt either
[14:51:37] <ronny> nanonyme: im not talking about automatic, im talking about snd patches for entrypoints upstream
[14:52:40] <nanonyme> When I create bdist_wheel directly, scripts is put under .data. When I convert, it puts scripts under .dist-info
[15:06:40] <nanonyme> Why was entrypoints introduced in the first place and can you have both scripts and entrypoints defined without things breaking?
[15:10:01] <ronny> nanonyme: entryppoints ensure nice executable names, windows support, windows gui support and more
[15:19:11] <StGambrinus> Anyone know if there's a way to get pip to actually ignore SSL errors? I've tried --trusted-host pypi.python.org install -i http://pypi.python.org/simple --allow-unverified and it still dies with an SSL verification failure.
[15:22:54] <skay> hi all, I'm having trouble installing something from pypi with pip. the project has the versions I'm looking for, but pip doesn't find them. http://paste.ubuntu.com/10516055/
[15:23:14] <skay> I have a workaround, but I want to understand what is going on. if the project needs to update how they upload to pypi I'd like to fix it
[15:25:05] <skay> ronny: when I tried --allow-external (scroll to bottom of pastebin) pip didn't seem to honor it
[15:26:15] <skay> ronny: heh. okay, I'm a packaging newbie, but I'll try to figure it out and make a mr
[15:26:24] <StGambrinus> ronny: here's the exact blow-by-blow (less the stack trace) in case it inspires anything: https://dpaste.de/1KU0
[15:27:38] <ronny> skay: basically they are supposed to either supply correct download links (which they dont) or supply tarballs hosted on pypi (which they also dont)
[15:28:20] <ronny> but canonical has a history of not following sane standards for being what they are ^^
[15:32:55] <skay> ronny: I might open an issue with pip to see if there is another error message that could happen when a project has broken download links. the message that suggests using --allow-external when the invokation has allow-external already isn't the best message
[15:38:35] <StGambrinus> so... there is no way to get pip to stop verifying SSL certificates, suggestively named options or not?
[15:51:16] <StGambrinus> nanonyme: yes, that's obviously the correct solution, though it will take some googling
[16:10:50] <StGambrinus> Should using --cert result in "No distributions at all"? https://dpaste.de/6bTo
[16:26:31] <StGambrinus> yeah, --cert doesn't work either (even after converting the crt file I get from digicert to pem). It's still refusing. I give up.
[17:14:31] <linovia> it's a very terrible thing to do because the check won't be against the private pypi which takes a lot of time when the internet access is restricted
[17:16:24] <ronny> linovia: can you report a bug that the version check des not honor the index server?
[19:10:36] <dstufft> linovia: you can disable it, and it shouldn't retry and it should have a short timeout
[19:15:09] <dstufft> not hitting a private index was a conscious choice, we tried to limit the negative effects of not being able to hit PyPI by not allowing it to retry, making it fail silently, and giving it a short timeout, and allow it to be disabled. but the idea is that we want people to be aware there is a newer version available, regardless of if they've uploaded it to their private index or not
[19:18:26] <linovia> dstufft: the thing is, at my client's office, they don't have the dns resolution which means any access to pypi times out after ~30 s :(
[19:27:29] <nanonyme> Eg that classic error where you try to connect to PyPI and SSL handshake fails because of too old SSL library
[19:27:46] <nanonyme> pip just says no distributions found and you don't get a clue of what goes wrong without --verbose
[19:28:24] <dstufft> right now we don't have good indication if a link should or should not br broken
[19:28:27] <mitsuhiko> i have the problem that i use it to download tarballs and wheels, but apparently i need to be running that as the user that installed pip which i am intentionally not :-/
[19:28:54] <nanonyme> dstufft, imo it should loudly fail if index server can't be connected to at all
[19:29:08] <dstufft> mitsuhiko: it shouldn't, but it does run setup.py egg_info which means it could be doing anything in there (particularly setup_requires)
[19:29:36] <mitsuhiko> dstufft: Executing /srv/fireline-builder/venv/bin/pip install --download /tmp/tmpuMIHXK-venv-tmp virtualenv
[19:29:51] <mitsuhiko> File "/srv/fireline-builder/venv/local/lib/python2.7/site-packages/pip/req.py", line 1527, in _make_build_dir
[19:30:19] <nanonyme> dstufft, ie even if one of the index servers can be contacted to for downloading the content, it's still in most cases useful to know if some others are unreachable
[19:30:59] <dstufft> mitsuhiko: it uses the build dir to unpack the thing so it can run setup.py egg_info
[19:32:49] <dstufft> mitsuhiko: also in pip 6.0 we undeprecated --build and --no-clean because we realized it was over zealous to deprecate them
[19:33:20] <dstufft> if you upgrade to pip 6.0.8 though --download wil use a randomized build directory
[19:34:39] <nanonyme> dstufft, considered trying to negotiate freeze exceptions for pip on various distros?
[19:35:30] <dstufft> on RPM based systems you can get unscrewed with pip/setuptools/virtualenv/wheel via COPR
[19:35:35] <nanonyme> dstufft, was just wondering since many distros pull eg newest version of Firefox even when there's API/ABI guarantees
[19:36:11] <dstufft> nanonyme: it's not a bad idea, I just don't know if I have the motviation to die on that hill yet
[19:37:17] <nanonyme> dstufft, do you think you'll end up unvendoring and forking pip's requirements, btw? Like, say, urllib3 and folks
[19:38:58] <dstufft> they generate .whl files for all of pip's deps, and they place them in /usr/share, and their pip is modified so that ti places those first on sys.path
[19:39:13] <dstufft> so it doesn't matter what version of foo you have installed, pip is going to internally import them from those wheels
[19:39:23] <nanonyme> Wait wait wait, will we end up digging ourself back into the pit with PEP470 where people publish things into public but personally managed sites and then we lose those projects from pip completely once the sites die? :/
[19:40:15] <dstufft> for people who want to host things externally we're alrady in that pit, just it's implicitly done by directly linking to files on PyPI
[19:42:12] <dstufft> there are always going to be people for one reason or another don't want to host on PyPI, and that's fine. We have tooling to enable it. Not hosting on PyPI limits how friendly it is for peolpe to install things from them, so I don't think people will take it lightly
[19:43:08] <nanonyme> Insofar I've seen many don't see PyPI as worth the effort and just put source tarballs in random places like Google code
[19:43:45] <nanonyme> Rather than facilitating them keeping the tarballs there imo PyPI publishing should be made at least as simple as publishing into personal sites :)
[19:44:33] <nanonyme> dstufft, did I already comment to you how I think PyPI publishing really needs to be separated from distutils so it can be properly upgraded?
[19:55:13] <nanonyme> dstufft, basically my grutch with distutils PyPi handling is there is no way at all to prevent it from trying to send to public PyPI by default. That plus bugs
[22:04:40] <StGambrinus> Still trying to convince pip to allow me to install numpy and it's still failing with a certification verification error. I've tried --trusted-host, -i http://..., --allow-unverified and supplying the digicert root cert using --cert. Ideas?
[22:12:51] <dstufft> your problem is the fact that scipy uses setup_requires, and setup_requires gets handled by setuptools not pip
[22:15:54] <dstufft> pip is able to successfully download numpy and scipy, and then it attempts to install scipy
[22:16:26] <StGambrinus> oh, that would explain why no matter what I throw at pip I get that error.. ok. thanks.
[22:16:35] <dstufft> and when doing ``python setup.py install`` for scipy, setuptools takes the setup_requires that scipy specifies and hits the network to try and pull it down
[22:16:49] <dstufft> a work around would be to install the things scipy needs first, before installing scipy
[22:31:55] <StGambrinus> I must say I find the whole installation layout hilariously avantgarde on OS X and one of these days I need to find all the python executables on my system. Anyway, thanks again.
[22:32:45] <doismellburning> StGambrinus: heh yes, py34 doesn't work for me and I think it's because my install is using half of System and half MacPorts or something