[Distutils] Using Wheel with zipimport

Wed Jan 29 15:46:39 CET 2014

On Wed, Jan 29, 2014 at 9:40 AM, Donald Stufft <donald at stufft.io> wrote:

>
> On Jan 29, 2014, at 9:25 AM, Vinay Sajip <vinay_sajip at yahoo.co.uk> wrote:
>
> >> It may be useful to understand that wheel has *political features* or
> >> if you prefer *setting the defaults based on what we have learned from
> >> eggs*. I don't recommend that they be zip-imported generally
> >> but if you are a consenting adult who understands the caveats you
> >> may do so.
> >
> > What *exactly* have we learned from eggs? We've learned that sys.path
> > manipulation under the hood is bad, because sys.path is important to
> system
> > behaviour and because the ramifications of changing it under the hood
> are unpredictable.
> >
> > But we don't let that lead to a mindset that prohibits *any* sys.path
> manipulation - it's vital
> > in many situations to be able to manipulate sys.path in a controlled way.
> >
> > What *else* have we learned from eggs? If we leave to one side the
> sys.path manipulation
> > issues, what else has been problematic about the egg format? Details
> seem hard to find,
> > though there's lots of talk in general about "pain" and "weirdness". I'm
> asking because I
> > really want to understand at a more detailed level what those problems
> are, because I
> > would be interested in trying to solve them, or minimise their impact.
> That might sound
> > naïve to some - but there it is.
> >
> > Regards,
> >
> > Vinay Sajip
> >
>
> It’s hard to pin down because the failure modes of zipped eggs are
> nebulous themselves.
>
> For instance take pip. I just recently redid the get-pip.py installer to
> use a zip file (not a
> Wheel or Egg) that contained pip and add that zip file straight to
> sys.path instead of
> unzipping it. One of the failure modes was that it was suddenly unable to
> validate TLS
> certificates. The reason why, was because it bundles it’s own cacerts.pem
> which it
> passes to the ssl library to validate the connection. In this case it’s
> impossible as far as
> I can tell to use pkgutil.get_data directly because the ssl library does
> not directly
> support pkgutil.get_data nor does it support passing the certificates as a
> string or other
> in memory.
>
> That’s really the biggest problem with strictly pure python Zipped Eggs.
> That the failure
> modes are ill defined and depend greatly on the application/library
> itself. For some you’ll
> get exceptions, for others some features will just stop working, for even
> others you’ll
> just get subtle bugs that only happen under zip import.

Just a heads-up that if I ever get around to re-implementing zipfile
importing using importlib (http://bugs.python.org/issue17630) I will ask
this list for feature feedback to make sure I don't miss something that's
critical.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140129/526a6917/attachment-0001.html>