On Tue, Dec 18, 2018 at 3:43 PM Tzu-ping Chung <uranusjr@gmail.com> wrote:
Paul has described the technical details behind this phenomenon, but to be more explicit: it is not pip that breaks older packages, but the new PyPI server (pypi.org instead of the old pypi.python.org) that does.
So no, there is not a legacy mode in pip. Furthermore, you won’t be able to install the package now, even if you have the old pip version.
well luckily for me clicking on the download link did in fact produce a tar zip so that at least allow me to install this defunct
On 18/12/2018 15:00, Joni Orponen wrote: package.
The only way to overcome this is to find the original package, and either upload it to PyPI, or serve it yourself on your own server.
I can do the last, but surely only the package owner can upload the tar zip.
When dealing with legacy setups, buildout still has most of the required machinery to make arcane things tick. If the file still exists, buildout can be configured to follow the links via explicit whitelisting of acceptable sources (and many a links of the bitrot variety are still available through being a tad lucky through archive.org - pre-stdlib inclusion elementtree eggs are a fine example of this).
http://www.buildout.org/en/latest/reference.html#buildout-configuration-opti...
The real solution is to dive in to maintain the package barely enough to upload a new release to PyPI, though.
so little time :( sigh I accept that the fcrypt issue is not a pip problem, but perhaps there's another related to the _vendor included version of pyopenssl. One of the recovered environments needed to install pyOpenSSL==16.0.0, but when that occurred it seems as though pip 18.1 breaks due to an incompatibility in the site-packages/OpenSSL that is then imported by site-packages/_vendor/urllib3/contrib/pyopenssl.py In the end the answer is to upgrade the environment's pyopenessl so that pip can at least work. I'm not exactly sure why there's a _vendor (this is ubuntu 18.04.1 LTS) thing, but it shouldn't be importing from a wrong/different OpenSSL. -- Robin Becker