[Distutils] mini-pip (Was: PEP 453 Round 2)

anatoly techtonik techtonik at gmail.com
Mon Sep 16 11:10:30 CEST 2013 

Because my proposal back in 2010 [1] and Richard Jones's PEP-439 [2] from
2013 were about the same thing - bootstrap script to get latest version of
package management tool, and were rejected, I'd like to discuss the concept
of mini-pip separately, as I believe not all points were addressed.

Let's define what a mini-pip is. When pip is not installed:

  $ python -m pip install django
  pip package management tool is not installed on this system.
  Would you like to download and install pip first? [Yn] Y
  ...
  pip version x.x.x is installed successfully.
  Removing pip bootstrap script.
  Done installing pip.

  Proceeding with 'install django'.
  ...

mini-pip is the human name for pip.py module that is bundled with Python.
It is packaged as pip.py to allow users do 'python -m pip'. This script
does two things:

  1. informs users that pip is not installed
  2. proposes to install pip and does this stuff if user agrees

Algorithm is the following:

  1. Start
  2. Propose
  3 Download or 4 Exit
  3.1 Check server certificate
  3.2 Check package signature
  3.3 Unpack
  3.4 Run python setup.py install
  3.5 Remove itself
  3.6 Continue to run user command

* When pip.py is removed, "python -m pip" will start serving from
pip/__main__.py
* PEP 439 was rejected, because bootstrap script didn't ask user for
permission, this proposal includes that

More issues are below:

On Sun, Sep 15, 2013 at 11:02 PM, Donald Stufft <donald at stufft.io> wrote:

> On Sep 15, 2013, at 3:56 PM, Alex Burke <alexjeffburke at gmail.com> wrote:
>
> Instead of a copy of pip, could there not be minimal code to simply fetch
> the wheel and install that or perhaps even use it directly (a la what was
> possible with eggs)?
>
> Basically three reasons:
>     - There's a lot of code to handle a variety of situations in pip, it
> would
>        be much harder to extract this code and keep it up to date in a way
>        that the "mini pip" could use it. It would also not be as battle
> worn as
>        the pip code.
>

mini-pip doesn't need share or import anything with pip - it is a
standalone bootstrap script, the basic parts of which - certificate
checking, downloading, unpacking - should already be available from stdlib,
so it is no different from shell script or any other system script except
that it is cross-platform.

There is no "variety of situations" in mini-pip - it doesn't do any
argument processing, postponing it to the phase when main pip library can
take the flag.


>     - On top of the one time cost there is the ongoing cost. As the
> packaging
>        ecosystem progresses the stdlib implementation will need to be kept
>        up to date as well as the pip code.
>

pip code, yes, but not mini-pip bootstrap script. All it ever needs is a
location of main pip package and it's signature.

    - We need to include a copy of pip in order to support offline installs
> either
>        way. Since we have the private copy there to support offline we
> might as
>        well use it to handle everything.
>

Offline installation is not an option - bootstrap script is for
bootstrapping and it requires "external media" with the rest of "operating
system" to be present.

1. https://mail.python.org/pipermail/distutils-sig/2010-March/015894.html
2. http://www.python.org/dev/peps/pep-0439/
-- 
anatoly t.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130916/517746fc/attachment.html>

More information about the Distutils-SIG mailing list