[Distutils] Using Wheel with zipimport

Donald Stufft donald at stufft.io
Wed Jan 29 15:40:07 CET 2014


On Jan 29, 2014, at 9:25 AM, Vinay Sajip <vinay_sajip at yahoo.co.uk> wrote:

>> It may be useful to understand that wheel has *political features* or
>> if you prefer *setting the defaults based on what we have learned from
>> eggs*. I don't recommend that they be zip-imported generally
>> but if you are a consenting adult who understands the caveats you
>> may do so.
> 
> What *exactly* have we learned from eggs? We've learned that sys.path
> manipulation under the hood is bad, because sys.path is important to system
> behaviour and because the ramifications of changing it under the hood are unpredictable.
> 
> But we don't let that lead to a mindset that prohibits *any* sys.path manipulation - it's vital
> in many situations to be able to manipulate sys.path in a controlled way.
> 
> What *else* have we learned from eggs? If we leave to one side the sys.path manipulation
> issues, what else has been problematic about the egg format? Details seem hard to find,
> though there's lots of talk in general about "pain" and "weirdness". I'm asking because I
> really want to understand at a more detailed level what those problems are, because I
> would be interested in trying to solve them, or minimise their impact. That might sound
> naïve to some - but there it is.
> 
> Regards,
> 
> Vinay Sajip
> 

It’s hard to pin down because the failure modes of zipped eggs are nebulous themselves.

For instance take pip. I just recently redid the get-pip.py installer to use a zip file (not a
Wheel or Egg) that contained pip and add that zip file straight to sys.path instead of
unzipping it. One of the failure modes was that it was suddenly unable to validate TLS
certificates. The reason why, was because it bundles it’s own cacerts.pem which it
passes to the ssl library to validate the connection. In this case it’s impossible as far as
I can tell to use pkgutil.get_data directly because the ssl library does not directly
support pkgutil.get_data nor does it support passing the certificates as a string or other
in memory.

That’s really the biggest problem with strictly pure python Zipped Eggs. That the failure
modes are ill defined and depend greatly on the application/library itself. For some you’ll
get exceptions, for others some features will just stop working, for even others you’ll
just get subtle bugs that only happen under zip import.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140129/934faeee/attachment.sig>


More information about the Distutils-SIG mailing list