[Distutils] Adding egg support (Resource API) to existing packages
Phillip J. Eby
pje at telecommunity.com
Thu Jul 14 17:04:55 CEST 2005
At 10:26 AM 7/14/2005 +0100, Paul Moore wrote:
>What I'm saying, is that I see a need for *another* transitional
>process - enabling users and/or package authors to make their code
>"resource safe", *without* having to buy into the egg/setuptools
>transition.
It still seems to me that you're missing something. If I don't care about
eggs, why would I care about resource safety? Its only benefit is to allow
my code to be put in an egg! :)
>I see the resource API as a major benefit in isolation -
>it's a general tool which can be used with zipimport, or other import
>hooks, and is not egg-specific.
In principle that's true. In practice, the only other tool I know of where
it'd actually be *relevant* today would be py2exe -- and you don't get all
of the features there that you get with eggs. For example,
resource_filename() works with eggs and unmanaged packages, but not with
py2exe. Indeed, the majority of pkg_resources' code deals with things that
are only of relevance to eggs; simple resource safety is hardly any code at
all; something like:
if hasattr(module,'__loader__'):
if hasattr(module.__loader__,'get_data'):
# code to call get_data w/appropriate value
else:
# error
else:
# use __file__
This doesn't give you resource_filename() and it doesn't let you put C
extensions in a zipfile, but it's adequate to implement basic zip-safety.
> There's very little downside (IMHO) to
>using the resource API.
You have to bundle pkg_resources, and then deal with potential version
conflicts to it. The bundling isn't a big deal, but the version conflict
issue is very big because it means you could break someone's whole system
by installing an old version of pkg_resources that can't deal with some new
feature used by other packages they've installed.
> > You're also missing the other half of the problem, where pkg_resources
> > needs setuptools so it can be installed in a way that's safe from being
> > overwritten by random packages reinstalling it! This is also why other
> > packages can't bundle it, without effectively bundling setuptools too. So,
> > the simplest solution is to Just Drink the Kool-Aid and use setuptools
> > already. It's not like there aren't numerous other benefits to using it
> > for your packaging, anyway.
>
>Hmm, I've read this a number of times and it still seems to me to be
>saying that all of setuptools' package management goodies break
>horribly if an unmanaged copy of a package is installed
No, it's saying that if an unmanaged copy of *pkg_resources* is installed,
you could break somebody's whole installation, because somebody who just
bundles it could be distributing a version that doesn't work with stuff
somebody already has installed. This is one of the many reasons that
"bundling sucks", but it's downright dangerous for something like
pkg_resources.
Let me repeat: bundling pkg_resources without setuptools is *dangerous*,
because you could screw up somebody's system just by not keeping your
pkg_resources version up-to-date. You could say, "well, I'll have my setup
check the version", but now you're modifying setup.py a bunch, and by the
time you make it safe, you could've spent less time just slapping
ez_setup.py in there and been done with it.
> - making it a
>very "all or nothing" solution. While I accept that something like
>require("setuptools=0.5a7,=0.5a11,=0.5a12") is probably not going to
>work well if there's an unmanaged copy of setuptools on sys.path,
>can't you make some attempt in simpler cases (maybe introspect for
>__version__, and if not present assume the unmanaged version is
>"wrong", and put a good version at the *front* of sys.path - or
>something). Some form of graceful degradation should be available,
>surely?
So come up with a proposal for *how*, that doesn't involve duplicating
setuptools' code in pkg_resources or vice versa. Unless you're suggesting
I put ez_setup inside of pkg_resources as some kind of trojan? :)
More seriously, I suppose I could write some kind of bootstrap code in
pkg_resources that scans sys.path for a setuptools egg and then reloads
pkg_resources from it if it's not running in an egg. That would make it
safe to bundle pkg_resources as long as it was a version with that
feature. It would be hideous and stupid, though, because it'd be doubling
the import time for people who do have setuptools. I want installing
setuptools to be a benefit, not a penalty.
My perspective on this is that I don't really care if packages use
pkg_resources now; if nobody does it until pkg_resources is in the stdlib,
that's okay by me. Eggs work fine in unpacked form, they just slow down
top-level imports a little.
> What if I install a new package, which I know depends on a
>number of major packages I already have installed - and the new one is
>an egg, but the old ones have been there for ages and are used by a
>number of existing scripts. Surely I don't have to switch everything
>to managed eggs in one "big bang" just to get the one new package
>installed?
This isn't a problem for most eggs; it's strictly a problem with
overwriting the egg runtime.
More information about the Distutils-SIG
mailing list