-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure all pip._vendor.* modules are mapped to debundled correspondences #6113
Conversation
I'm okay with this in principle but this shouldn't have a news file entry. It might be worth it to check if there's any documentation that needs to be updated for this. |
OK I replaced the news entry with an empty
With such a change the first step of debundling
is no longer necessary. However, as keeping files of bundled dependencies does not make sense if |
Gonna go ahead and mention the various Linux folks here. Their inputs on this issue would be nice; like if they're all okay with this change etc. Debian: @doko42 @warsaw |
Based on the rationale provided by upstream (you), Fedora keeps stuff in pip bundled. We only patch certifi to use Note: I've deleted the previous comment. I just woke up and I was commenting about pipenv, not pip. |
I'm not really doing much Debian work these days, but I think it's fine as long as it works in both a vendored and unvendored scenario. Is that tested? |
I've tested this patch in both original pip (with bundled dependencies) and Arch Linux's pip (with debundling scripts in [1]). [1] https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/python-pip |
@yan12125 could you update this PR? I think it's clear that this isn't a problem for anyone and this seems like a good change. |
This is an interesting point of failure, recursively unbundled dependencies. I'm thinking of a different potential issue this would solve though -- often, users will despite our best attempts, use This has caused issues in the past, and I believe this change would also change pip to simply ignore the leftover, mismatching modules (because One recent example where this matters is the progress module, which changed API (see #6319) and Arch has patched pip to contain the pip-specific changes together with the new system dependency. Importing |
@eli-schwartz Great point! I've just run a simple test:
On the current master, touching an empty progress.py breaks pip, and with this patch everything works fine. Glad that my patch can fix two issues at a time :)
@pradyunsg I assume you meant rebase this PR onto the current master branch? Then it's done. |
Yep. Thanks! |
Thanks @yan12125 for the PR and everyone else for chiming in on this! :D |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
With the original
vendored()
implementation and such an initialization sequence:In
sys.modules
,pip._vendor.packaging
is correctly connected to the debundledpackaging
, whilepip._vendor.packaging.version
is not, as the latter is__import__
ed from the existingpip._vendor.packaging
module. That results in the same issue as #5429 -pip._vendor.packaging.version.Version
andpackaging.version.Version
cannot be compared.My patch attempts to fix this issue by skipping
__import__
from the vendored name. This is safe becausevendored()
is called only whenDEBUNDLED = True
, and vendored libraries are already deleted as per debundling instructions.