PMXBOT Log file Viewer

Help | Karma | Search:

#pypa logs for Wednesday the 28th of October, 2015

(Back to #pypa overview) (Back to channel listing) (Animate logs)
[13:03:33] <mgedmin> somehow I managed to break a pip inside virtualenv so that it was unable to upgrade itself
[13:03:47] <mgedmin> "ImportError: cannot import name InsecurePlatformWarning" somewhere deep in _vendor
[13:04:14] <mgedmin> anyway a 'rm -rf venv/lib && virtualenv venv && venv/bin/pip install -U pip' fixed it
[13:04:20] <mgedmin> and now I can't reproduce that problem any more
[13:05:09] <mgedmin> full traceback if anyone's curious: https://github.com/ManoSeimas/manoseimas.lt/commit/f9e723f07a60e60a22be2b4a50befdcf7ddd7358
[13:07:29] <dstufft> mgedmin: was this a virtualenv created by a recent Debian or Ubuntu installed virtualenv?
[13:08:15] <mgedmin> it's hard to say
[13:08:31] <mgedmin> the virtualenv was created by the makefile
[13:09:00] <mgedmin> originally outside vagrant, I think, judging by the symlinks in local/ that point to /home/mg and not /home/vagrant
[13:09:15] <mgedmin> but then it was re-created inside vagrant, without wiping everything first
[13:09:45] <mgedmin> outside vagrant I have a recent virtualenv + pip in my ~, early in $PATH
[13:10:00] <mgedmin> inside vagrant is virtualenv 1.11.4 (ubuntu trusty)
[13:10:30] <mgedmin> the thing I find most curious is how the traceback doesn't have any paths outside pip's _vendor
[13:10:59] <mgedmin> outside vagrant virtualenv is version 13.1.2
[13:11:02] <dstufft> there is black magic in pip's _vendor in the version of virtualenv that iss hipped in ubuntu I think
[13:11:08] <dstufft> If I recall correctly
[13:11:51] <dstufft> where it will attempt to import from outside of _vendor but make it look like it's still in _vendor
[13:12:02] <mgedmin> oh my
[13:12:13] <dstufft> we removed all of that fwiw :)
[13:12:19] <dstufft> it was an experiment that did not go well
[14:30:52] <nedbat> dstufft: thanks for your help last night, i have a very reproducible scenario that helps me understand things better.
[14:31:18] <nedbat> dstufft: i'm looking through the pip issues to see if it's well described already. i notice issues that should be labelled and/or closed, is that something that would be helpful?
[14:32:36] <dstufft> nedbat: yes that is helpful :) If you CC me on them I can label/close them or you can link them or whatever is easiest for you
[14:32:47] <nedbat> ok, cool.
[15:37:00] <ionelmc> dstufft: don't ubuntu have that wheelhouse thing for virtualenv?
[15:37:23] <ionelmc> those weird "-whl" packages
[17:04:43] <nedbat> I'm confused about pip options: is there a way to say, "if you decide to install a package, always uninstall the existing one first"?
[17:10:47] <apollo13> nedbat: isn't that the "default"?
[17:11:13] <nedbat> apollo13: hmm, perhaps, but if you have a "-e" install, and then do a regular install, the -e is left behind.
[17:11:23] <apollo13> oh
[17:11:24] <nedbat> i guess the problem is not realizing there's an existing one.
[17:12:15] <xafer> nedbat: --ignore-installed ?
[17:12:32] <nedbat> xafer: that will re-install everything, even if the version hasn't changed, right?
[17:13:11] <xafer> I think so, but you want this behavior on a single package I imagine ?
[17:13:38] <nedbat> xafer: I have a large requirements.txt, and am trying to finally nail down how to get predictable behavior from it.
[17:14:00] <nedbat> xafer: one of the things we're deciding is, "no more -e", but that means changing from -e to regular, which means we'll have lots left behind
[17:14:42] <apollo13> nedbat: sounds like a bug
[17:15:09] <nedbat> apollo13: yes, it's a bug in pip. I'm wondering what my options are for doing something about it. :)
[17:15:16] <apollo13> works for me
[17:15:24] <mgedmin> nuke the virtualenv from orbit and reinstall
[17:15:27] <apollo13> https://dpaste.de/4kJp/raw
[17:15:37] <xafer> nedbat: I think this is the other way around: normal then -e
[17:16:13] <xafer> and then you need to uninstall twice to remove both installs :p
[17:17:08] <nedbat> xafer, apollo13: I made a reproducible experiment: https://github.com/nedbat/version_dummy/blob/master/experiment.sh (a bit noisy in output, but the last phase is the one we're discussing)
[17:18:30] <apollo13> nedbat: my paste shows it uninstalling the -e before installing the new package
[17:19:09] <nedbat> apollo13: I know. Now we have to figure out why your scenario is different than mine. You have a file and then a pypi-with-version spec. Mine was using two git urls (which is my real-world concern)
[17:19:47] <nedbat> xafer: i tried adding a "regular, then -e" to my experiment, that seems to upgrade properly: it might still have both, but it runs the latest. with "-e then regular", it runs the old code instead.
[17:21:16] <nedbat> i'll gratefully accept corrections to my experiment, if you have them.
[17:52:51] <dstufft> nedbat: umm --upgrade --force-reinstall might do it
[18:04:39] <nedbat> dstufft: --upgrade scares me :)
[18:05:09] <nedbat> xafer: the plot thickens: e-then-regular continues running the old -e code, but regular-then-e is the one that needs two uninstalls to clean things out. ??
[18:06:23] <xafer> aouch
[18:36:06] <nedbat> xafer: ah: my e-then-regular scenaio probably didn't actually do the second install.
[19:39:47] <wsanchez> dstufft: http://pastebin.com/WMNsJ87R
[19:40:00] <wsanchez> There's movement on your bug
[19:42:01] <dstufft> wsanchez: A++++
[19:42:43] <dstufft> wsanchez: I just verified that should resolve the Apple side of the problem. I think with SIP we'll still need to do some work on our side, but that should be perfect
[19:43:06] <wsanchez> define: SIP
[19:43:34] <dstufft> wsanchez: rootless mode?
[19:43:42] <dstufft> the SELinux like thing on El Capitan
[19:43:47] <wsanchez> Oh right yes
[19:44:24] <dstufft> (I think we'll try to muck around in those paths still, and ultimately fail because permissions, but that's our fault for mucking around in those paths)
[19:44:40] <wsanchez> SIP just means you can't modified the system python, so as long as system modules can be overriden, we should be OK, no?
[19:45:49] <dstufft> wsanchez: pip would try to say, uninstall something from /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python if it detected it needed to upgrade it, but we need to stop doing that (not just for SIP but also for being better behaved citizens) and start defaulting to --user
[19:46:01] <wsanchez> Ah, OK
[19:46:03] <dstufft> and I think /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python is covered under SIP
[19:46:17] <wsanchez> Yeah it should be
[19:46:32] <dstufft> but --user will solve that and is a better answer than mucking around with the system files
[19:46:56] <dstufft> and if the changes in that pastebin happen, --user will work (where it previously didn't because sys.path order)
[19:48:19] <nanonyme> Can we please please have --user be the default? :)
[19:48:28] <dstufft> wsanchez: thanks a lot for the update
[19:49:50] <dstufft> nanonyme: https://github.com/pypa/pip/issues/1668
[19:52:37] <nanonyme> dstufft, meh, who uses PATH anymore anyway? The sanest way on Windows to call stuff is py -2 -m foo params or py -3 -m fooo params
[19:53:12] <dstufft> nanonyme: that ticket is longer then I remember
[19:53:28] <nanonyme> Also large parts of that ticket was irrelevated by Python3.5
[19:53:31] <dstufft> the tl;dr is that we're going to make --user the default, we just need to hammer out exactly what that means
[19:53:34] <dstufft> How so?
[19:53:38] <ngoldbaum> the first thing i'm going to do after updating to el cap is turn off SIP
[19:53:46] <nanonyme> Python now goes under program files so pip won't work without UAC elevation
[19:54:08] <ngoldbaum> the most annoying thing to me re: python on 10.11 is that the openssl headers have been removed, so it's not longer possible to build python with ssl unless you install the headers somehow
[19:54:35] <dstufft> ngoldbaum: I'm running with SIP just fine fwiw
[19:54:53] <ngoldbaum> yeah, or just temporarily disable it for homebrew or whatever
[19:55:06] <dstufft> If you use homebrew you can just install your own openssl, you don't need to disable it, /usr/local is exempt from SIP
[19:57:10] <ngoldbaum> right, not for me, but for users on our crazy bootstrapped python install script
[19:57:23] <ngoldbaum> right now our solution is to use miniconda to build a python environment
[19:57:31] <ngoldbaum> (sorry to derail the discussion in here)
[19:59:24] <tdsmith> i'm pretty happy about SIP
[19:59:37] <nanonyme> dstufft, FWIW Windows has delay-resolve environment variables so it's enough to have Python installer to do a global PATH=%PATH%:%USERHOME%\.local\scripts or whatever
[19:59:51] <dstufft> tdsmith: it's got to be the single largest deployment of a MAC to a personal computer
[20:00:04] <dstufft> which is pretty cool
[20:00:42] <tdsmith> managed access control?
[20:00:46] <nanonyme> It will then take effect for all user accounts
[20:01:25] <tdsmith> (i'm not sure what MAC stands for, but i guess i get the gist)
[20:09:55] <wiggy_> I haven't found a reason to disable SIP on el cap
[20:24:23] <Demiurge> i think i couldn't edit my nfs mounts
[20:24:28] <Demiurge> and they got reset
[20:24:33] <Demiurge> by update, yaw
[21:28:39] <dstufft> tdsmith: Mandatory access control
[21:28:43] <dstufft> tdsmith: you were close :)
[21:29:47] <dstufft> DAC is the other kind, discretionary access control
[21:30:10] <dstufft> the main difference is whether a user (root or otherwise) can override the policy
[21:32:32] <tdsmith> nice, ty
[21:40:49] <nanonyme> dstufft, ever played around with SELinux multilevel security?
[21:43:00] <nanonyme> Allows you to define truly write-only storages
[21:43:28] <nanonyme> The writer will have no possible way of reading the data back