Log file Viewer

[15:12:13] <sumanah> hey PyPI package maintainers and owners -- in the next few hours we are soft-launching U2F security key support for 2FA login for PyPI (e.g., Yubikeys and other devices that support WebAuthn)

[15:12:48] <mdk> sumanah: \o/

[15:12:50] <sumanah> it's a beta feature and I am looking forward to getting bug reports before we really widely announce it

[15:13:22] <mdk> sumanah: need beta testers? I'm using a yubikey 5 here

[15:16:04] <sumanah> mdk: yes - I'll speak up and ping you once it's live! Thanks

[15:16:31] <mdk> sumanah: ping welcome, I'm not watching all my channels :P happy to help testing

[15:16:35] <sumanah> :)

[16:10:50] <Siecje> Is this the correct way to specify semver like versions? https://github.com/phalt/graphene-django-sentry/pull/1/files

[16:16:36] <sumanah> mdk: https://pypi.org/manage/account/ it's up!

[16:24:29] <sumanah> mdk: please do go ahead and test it!

[16:37:53] <mdk> sumanah: WebAuthn successfully provisioned.

[16:38:15] <mdk> logging out

[16:38:18] <mdk> logging in

[16:38:24] <mdk> click to auth with key -> 404

[16:39:03] <mdk> on https://pypi.org/accounts/login

[16:39:08] <sumanah> mdk: fixing! thx!

[16:39:28] <mdk> sumanah: ping me back when it's OK, I'm in the kitchen but will hear the HL ;)

[18:26:39] <rrueth> I have a packaging/installation question that I was hoping someone could help me out with.

[18:27:04] <rrueth> Assume that I have two local packages that only exist on my file system. They don't exist in any PyPI server: `packages/bar` and `packages/foo`.

[18:27:12] <rrueth> `packages/bar` depends on `packages/foo`. So `bar`'s `setup.py` has `install_requires=["foo"]`.

[18:27:25] <rrueth> Now, assume that I have another virtual environment where I use both `foo` and `bar`. So, I have a `requirements.txt` that looks like:

[18:27:38] <rrueth> -e ./packages/bar

[18:27:39] <rrueth> -e ./packager/foo

[18:27:45] <rrueth> When I do a `pip install -r requirements.txt`, the install fails with:

[18:27:54] <rrueth> ERROR: Could not find a version that satisfies the requirement foo (from bar==1.0.0->-r requirements.txt (line 1)) (from versions: none)

[18:28:01] <rrueth> If I switch the ordering of the installs, everything works. But, I want to avoid the user having to know that the packages must be installed in a specific order.

[18:28:08] <rrueth> Is there something that I'm missing with the `bar` or `foo` packages that would be able to allow `pip` to collect the necessary information about my package so that it knew that the dependency would be installed next?

[18:28:26] <rrueth> Or is this an inherit limitation with Pip's current dependency resolution?

[18:30:08] <dude-x> this kind of sounds like you have to use namespace packages, or something like pkg_utils.add_namespace

[18:43:06] <sumanah> mdk: I believe it should work now!

[18:44:11] <mdk> sumanah: It works!

[18:44:18] <sumanah> mdk: awesome! Thank you!

[18:44:26] <mdk> sumanah: thank you!

[18:44:35] <rrueth> @dude-x: how would namespace packages or add_namespace help in this case?

[18:44:36] <mdk> sumanah: tested with 66.0.5 on Debian, with a Yubikey 5

[18:44:48] <mdk> 66.0.5 (Firefox !)

[18:44:53] <sumanah> Firefox ... I figured :)

[18:45:01] <mdk> :)

[18:47:13] <toad_polo> dude-x: I don't think pkg_utils.add_namespace is the right way to create a namespace package these days.

[18:47:35] <dude-x> it should just work in python 3 so to speak

[18:47:53] <toad_polo> Yeah, in Python 3 it will just work.

[18:48:16] <toad_polo> In Python 2 I think you mainly just need an `__init__.py`, but you may want to put some sort of path extension thing in the `__init__.py`.

[18:49:46] <toad_polo> I think whatever setuptools/distutils option explicitly adds namespaces (maybe `namespace_packages` or something) will add a `.pth` file to the thing you deploy, which is quite dangerous, I would make sure that whatever that `pkg_utils` thing is that it doesn't do the same.

[18:50:01] <rrueth> My goal was to convert these to independent packages that could be installed separately

[18:50:30] <rrueth> In my case, we're all Python3. So, no need to worry about Python 2.

[18:55:46] <toad_polo> Anyway, this does not appear to be a question of namespace packages.

[18:56:07] <toad_polo> The problem is that it doesn't know where to look for the packages.

[18:57:39] <dude-x> s/he would have to write a setup.py or alter the path :/

[18:57:44] <toad_polo> The simplest solution is to use a caching proxy like `devpi` as your PyPI index so that `foo` and `bar` actually *are* visible in PyPI, in which case you will only need to specify `foo` if it is a direct dependency of the thing that's using both `foo` and `bar`.

[18:57:53] <toad_polo> dude-x: No, that is not correct.

[18:59:08] <dude-x> toad_polo how would you describe a package where some of the modules are optional

[18:59:29] <toad_polo> dude-x: Is this an unrelated question?

[18:59:48] <dude-x> it's essentialy what rrueth is asking

[19:00:01] <toad_polo> Er, no it's not.

[19:00:31] <toad_polo> If I understand this correctly, rrueth 's problem is that `bar` depends on foo unconditionally, not optionally.

[19:00:36] <toad_polo> But neither of them are on PyPI.

[19:00:56] <dude-x> right.

[19:01:01] <rrueth> My main problem is that pip doesn't seem to realize that the editable install contains the package I want to install

[19:01:27] <toad_polo> So `pip install foo` and `pip install bar` will not work, and similarly `pip install /path/to/bar` will not work either, because `bar` has declared a dependency on `foo`, which cannot be satisfied without telling `pip` where to get `foo` from.

[19:01:42] <toad_polo> It's also not clear why you want them to be editable installs?

[19:01:43] <rrueth> @toad_polo, that's correct.

[19:01:56] <rrueth> Basically, for development purposes

[19:02:17] <toad_polo> rrueth: I think you need `bar` to depend on `/path/to/foo`, not on `foo`.

[19:02:24] <toad_polo> That should solve your problem.

[19:02:35] <rrueth> Oh, I didn't realize that was allowed.

[19:03:03] <rrueth> So, my `install_requires` in bar's `setup.py` would have `/path/to/foo`?

[19:03:10] <rrueth> instead of `foo`?

[19:03:32] <toad_polo> Yes, I'm pretty sure that's fine.

[19:04:23] <toad_polo> I mean, try it out, but my mental model of how `install_requires` works is that whatever you put in there gets passed to `pip`, which then just runs `pip install <x>` on it (with some additional steps in between).

[19:05:13] <rrueth> ERROR: error in message_exchange setup command: 'install_requires' must be a string or list of strings containing valid project/version requirement specifiers; Invalid requirement, parse error at "../../foo"

[19:05:21] <rrueth> Hmm, it didn't like a relative path

[19:07:17] <rrueth> Hmm, I don't think a path is allowed. According to https://setuptools.readthedocs.io/en/latest/setuptools.html#declaring-dependencies:

[19:07:30] <rrueth> setuptools and pkg_resources use a common syntax for specifying a project’s required dependencies. This syntax consists of a project’s PyPI name, optionally followed by a comma-separated list of “extras” in square brackets, optionally followed by a comma-separated list of version specifiers.

[19:09:02] <rrueth> PipEnv and Poetry seem to handle the dependency resolution if I do something similar in their systems. But, I was hoping to stick with `pip` at the moment =/

[19:20:20] <toad_polo> rrueth: Hm, sorry. I don't know enough about this particular thing to just know the solution offhand, but I'm pretty sure I have the problem right 😉

[19:21:49] <toad_polo> One thing I'll say is that you may find some old stuff about dependency_links, but that's likely a red herring. I think it's not supported in `pip` at the moment.

[19:27:36] <rrueth> Good to know

[19:27:39] <rrueth> Thanks!

[19:54:25] <dude-x> you may not have code in pypi but if you use git, you can do something like my_package+git://...