a leak in the setuptools sandbox
Folks: I just added this note to the bug tracker, but I'm not sure if anyone who has the ability to commit fixes to setuptools is reading all updates to all tickets on that tracker, so I wanted to draw attention to it here: http://bugs.python.org/setuptools/issue20 # package required at build time seems to be not fully present at install time? """ Okay Brian Warner and I just tracked this issue down a bit, since it is blocking the release of the next version of the Tahoe Least-Authority Filesystem. It turns out that when setuptools builds Twisted from source in a "setuptools sandbox", that this causes the import of a few things including "twisted" and "twisted._version". These get added to sys.modules, and then this side-effect on sys.modules is not undone after Twisted has been built and installed, so in a sense changes to sys.modules can "leak" out of the sandbox. Nevow's build process then tries to import twisted.components, which was not imported by Twisted's build process, so it isn't already in sys.modules, but also cannot be imported from the newly installed Twisted, because "twisted" is already in sys.modules (with a directory location of ".", which refers to a temporary directory when it was being built which has since been deleted). This is why Nevow cannot be installed in the same setuptools process as Twisted was. A good way to improve this would be to make the setuptools sandbox "tighter" -- make it so that the act of building and installing one distribution doesn't have side-effects on the sys.modules which effect the attempt to later build another distribution. A good way to do this is to use a subprocess. If you don't want the code that you are about to execute to have side-effects on your Python state, then execute that code in a subprocess. Another way to fix this would be to figure out which names had been added to sys.modules during the "build in a sandbox" and clean them out afterward. """
On Jun 9, 2008, at 6:49 PM, zooko wrote:
Folks:
I just added this note to the bug tracker, but I'm not sure if anyone who has the ability to commit fixes to setuptools is reading all updates to all tickets on that tracker, so I wanted to draw attention to it here:
*Is* anyone with setuptools commit privileges using the bug tracker or are we all just wasting our time?
At 12:12 AM 6/10/2008 -0400, Pete wrote:
On Jun 9, 2008, at 6:49 PM, zooko wrote:
Folks:
I just added this note to the bug tracker, but I'm not sure if anyone who has the ability to commit fixes to setuptools is reading all updates to all tickets on that tracker, so I wanted to draw attention to it here:
*Is* anyone with setuptools commit privileges using the bug tracker or are we all just wasting our time?
I'm using it; I just don't have very much free time.
On Jun 10, 2008, at 8:15 AM, Phillip J. Eby wrote:
At 12:12 AM 6/10/2008 -0400, Pete wrote:
*Is* anyone with setuptools commit privileges using the bug tracker or are we all just wasting our time?
I'm using it; I just don't have very much free time.
Is there anyone other than PJE who has commit privs for setuptools? Maybe setuptools would benefit from having some more folks whose job is mainly to fix bugs on the stable branch and make releases. Regards, Zooko
participants (3)
-
Pete
-
Phillip J. Eby
-
zooko