Hi all --
at long last, I have fixed two problems that a couple people noticed a
* I folded in Amos Latteier's NT patches almost verbatim -- just
changed an `os.path.sep == "/"' to `os.name == "posix"' and added
some comments bitching about the inadequacy of the current library
installation model (I think this is Python's fault, but for now
Distutils is slavishly aping the situation in Python 1.5.x)
* I fixed the problem whereby running "setup.py install" without
doing anything else caused a crash (because 'build' hadn't yet
been run). Now, the 'install' command automatically runs 'build'
before doing anything; to make this bearable, I added a 'have_run'
dictionary to the Distribution class to keep track of which commands
have been run. So now not only are command classes singletons,
but their 'run' method can only be invoked once -- both restrictions
enforced by Distribution.
The code is checked into CVS, or you can download a snapshot at
Hope someone (Amos?) can try the new version under NT. Any takers for
BTW, all parties involved in the Great "Where Do We Install Stuff?"
Debate should take a good, hard look at the 'set_final_options()' method
of the Install class in distutils/install.py; this is where all the
policy decisions about where to install files are made. Currently it
apes the Python 1.5 situation as closely as I could figure it out.
Obviously, this is subject to change -- I just don't know to *what* it
Greg Ward - software developer gward(a)cnri.reston.va.us
Corporation for National Research Initiatives
1895 Preston White Drive voice: +1-703-620-8990
Reston, Virginia, USA 20191-5434 fax: +1-703-620-0913
I've been aware that the distutils sig has been simmerring away, but
until recently it has not been directly relevant to what I do.
I like the look of the proposed api, but have one question. Will this
support an installed system that has multiple versions of the same
package installed simultaneously? If not, then this would seem to be a
significant limitation, especially when dependencies between packages
Assuming it does, then how will this be achieved? I am presently
managing this with a messy arrangement of symlinks. A package is
installed with its version number in it's name, and a separate
directory is created for an application with links from the
unversioned package name to the versioned one. Then I just set the
pythonpath to this directory.
A sample of what the directory looks like is shown below.
I'm sure there is a better solution that this, and I'm not sure that
this would work under windows anyway (does windows have symlinks?).
So, has this SIG considered such versioning issues yet?
Tim Docker timd(a)macquarie.com.au
Quantative Applications Division
qad16:qad $ ls -l lib/python/
drwxr-xr-x 2 mts mts 512 Nov 11 11:23 1.1
-r--r----- 1 root mts 45172 Sep 1 1998 cdrmodule_0_7_1.so
drwxr-xr-x 2 mts mts 512 Sep 1 1998 chart_1_1
drwxr-xr-x 3 mts mts 512 Sep 1 1998 Fnorb_0_7_1
dr-xr-x--- 3 mts mts 512 Nov 11 11:21 Fnorb_0_8
drwxr-xr-x 3 mts mts 1536 Mar 3 12:45 mts_1_1
dr-xr-x--- 7 mts mts 512 Nov 11 11:22 OpenGL_1_5_1
dr-xr-x--- 2 mts mts 1024 Nov 11 11:23 PIL_0_3
drwxr-xr-x 3 mts mts 512 Sep 1 1998 Pmw_0_7
dr-xr-x--- 2 mts mts 512 Nov 11 11:21 v3d_1_1
qad16:qad $ ls -l lib/python/1.1
lrwxrwxrwx 1 root other 29 Apr 10 10:43 _glumodule.so -> ../OpenGL_1_5_1/_glumodule.so
lrwxrwxrwx 1 root other 30 Apr 10 10:43 _glutmodule.so -> ../OpenGL_1_5_1/_glutmodule.so
lrwxrwxrwx 1 root other 22 Apr 10 10:43 _imaging.so -> ../PIL_0_3/_imaging.so
lrwxrwxrwx 1 root other 36 Apr 10 10:43 _opengl_nummodule.so -> ../OpenGL_1_5_1/_opengl_nummodule.so
lrwxrwxrwx 1 root other 27 Apr 10 10:43 _tkinter.so -> ../OpenGL_1_5_1/_tkinter.so
lrwxrwxrwx 1 mts mts 21 Apr 10 10:43 cdrmodule.so -> ../cdrmodule_0_7_1.so
lrwxrwxrwx 1 mts mts 12 Apr 10 10:43 chart -> ../chart_1_1
lrwxrwxrwx 1 root other 12 Apr 10 10:43 Fnorb -> ../Fnorb_0_8
lrwxrwxrwx 1 mts mts 12 Apr 10 10:43 mts -> ../mts_1_1
lrwxrwxrwx 1 root other 15 Apr 10 10:43 OpenGL -> ../OpenGL_1_5_1
lrwxrwxrwx 1 root other 33 Apr 10 10:43 opengltrmodule.so -> ../OpenGL_1_5_1/opengltrmodule.so
lrwxrwxrwx 1 root other 33 Apr 10 10:43 openglutil_num.so -> ../OpenGL_1_5_1/openglutil_num.so
lrwxrwxrwx 1 root other 10 Apr 10 10:43 PIL -> ../PIL_0_3
lrwxrwxrwx 1 mts mts 10 Apr 10 10:43 Pmw -> ../Pmw_0_7
lrwxrwxrwx 1 root other 10 Apr 10 10:43 v3d -> ../v3d_1_1
I am attempting to build statically linked distributions.
I am using docker containers to ensure the
deployment environment matches the build environment so there is no
Is there any way to force static linking so that wheels can be installed
into a virtual env without requiring specific packages on the host?
Starting a new thread with more explicit details at Richard’s request.
Essentially the tl;dr here is that we'll switch to using sha2 (specifically
Drop the #md5= from the PyPI hosted tarballs and replace it with #sha256, the
~60 or so externally hosted files which are using #md5 links will be fetched
(one time) verified, and have their #md5= hash replaced with a computed
- pip: Will work with no issues, pip has supported sha256 since 1.2, and
< 1.2 will install without a hash just fine.
- setuptools: Will work with no issues, setuptools has supported sha256 since
0.9 and < 0.9 will install without a hash just fine.
- distribute: Doesn't support sha256, will intall without a hash just fine.
- buildout: Uses setuptools/distribute to do the downloads I believe.
- z3c.pypimirror: Appears to use MD5 hashes, but appears it won't error out
if they do not exist.
JSON / XMLRPC API
Keep the md5_sum field, add an additional sha256_sum, suggest that applications
switch to using sha256 for verification.
- bandersnatch: bandersnatch will continue to use the md5_sum field from the
JSON (and previously XMLRPC) and should be updated to using
sha256 in the future.
Simply replace any use of MD5 with SHA256, no clients are expected to access
anything here so this should be perfectly fine.
- pep381client: Doesn't do anything special with the hash, will continue to
- devpi: ??? Unsure, I don't follow the code which fetches from PyPI so I
can't determine where it gets the md5sum from and what it will do if
it doesn't exist. It does have some handling of md5 though.
List of clients to look at taken from http://d.stufft.io/image/402r1s442m2r,
which is generated by looking at what is downloading the files from PyPI.
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
In my project, I install a .pth file into site-packages, I use the data_files... in Ubuntu this seems to work OK, but in a Windows VM the file doesn't seem to be being installed:
# Install the import hook
(site_packages_path, ["vext_importer.pth"] if environ.get('VIRTUAL_ENV') else ),
- Is there a better way to do this ?
I realise it's a bit odd installing a .pth - my project is to allow certain packages to use the system site packages from a virtualenv -
Florian Schulze just released several devpi package maintenance updates
to PyPI, see the changelogs below for details. Upgrading is considered
safe and does not require an export/import cycle on the server side.
Note that the "devpi" metapackage is discontinued, please rather use::
pip install devpi-server devpi-client
if you want to install both server and client. You can also install
devpi-web if you want more web UI including search.
Docs for devpi are here, including quickstart tutorials :
- fix issue209: argument default handling changed in argparse in Python 2.7.9.
- fix issue163: use PIP_CONFIG_FILE environment variable if set.
- fix issue191: provide return code !=0 for failures during push
- fix issue214: the whitelisting code stopped inheritance too early.
- fix regression: easy_install went to the full simple project list for a
non existing project.
- When uploading an existing version to a non-volatile index, it's now a
no op instead of an error if the content is identical. If the content is
different, it's still an error.
- Uploading documentation to non-volatile indexes is now protected the same
way as packages.
- added code to allow filtering on packages with stable version numbers.
- Change nginx template to set the X-outside-url header based on the
requested URL. This makes it possible to connect by IP address when
the server name is not in DNS.
- fix issue207: added documentation url for latest stable release of a package.
- added code to allow filtering on stable version numbers.
How can I upload an OpenPGP signature (and the signing key) for a
version, after the upload of the distribution is complete?
I have recently been informed of the ‘--sign’ and ‘--identity’ options
to the ‘upload’ command. As described here:
Signing a package is easy and it is done as part of the upload
process to PyPI. […]
Can it be done, not “as part of the upload process”, but subsequent to
the upload of the distribution? How?
\ “Try adding “as long as you don't breach the terms of service – |
`\ according to our sole judgement” to the end of any cloud |
_o__) computing pitch.” —Simon Phipps, 2010-12-11 |
If I run python setup.py install from my project [ https://github.com/stuaxo/vext.pygtk ]
inside a virtualenv, the python process promptly uses more memory than the machine has and dies.
I was able to hit ctrl-c before it locked up my machine and got the output:
writing requirements to vext.pygtk.egg-info/requires.txt
writing top-level names to vext.pygtk.egg-info/top_level.txt
writing dependency_links to vext.pygtk.egg-info/dependency_links.txt
reading manifest file 'vext.pygtk.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'vext.pygtk.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
warning: install_lib: 'build/lib.linux-x86_64-2.7' does not exist -- no Python modules to install
installing package data to build/bdist.linux-x86_64/egg
copying vext.pygtk.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying vext.pygtk.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying vext.pygtk.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying vext.pygtk.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying vext.pygtk.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating 'dist/vext.pygtk-0.1.1-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Copying vext.pygtk-0.1.1-py2.7.egg to /mnt/data/home/stu/.virtualenvs/tmpv/lib/python2.7/site-packages
vext.pygtk 0.1.1 is already the active version in easy-install.pth
Processing dependencies for vext.pygtk==0.1.1
Searching for vext
Best match: vext 0.1.1
Running vext-0.1.1/setup.py -q bdist_egg --dist-dir /tmp/easy_install-MC0DcL/vext-0.1.1/egg-dist-tmp-Od4X7D
Armin Ronacher just published a new utility for creating prebuilt
virtualenv tarballs called "platter": http://platter.pocoo.org/dev/
As he notes, it means you don't even need pip on your production systems.
>From the looks of it, it would also be well suited as a foundation of the
"venv in a native package" model where you use apt or RPM to do the
deployment, deployment to a user-space-tools-only PaaS environment and
container image builds.
I haven't used it myself yet, but I'm going to start looking into it for
use with Kallithea.