Tastypie + virtualenv missing rose & VERSION #873

Closed
rmacy opened this Issue Mar 19, 2013 · 12 comments

Projects

None yet

7 participants

@rmacy
rmacy commented Mar 19, 2013

When installing tastypie w/ pip + virtualenvwrapper I get the following two errors:

IOError: [Errno 2] No such file or directory: '/app/.heroku/python/lib/python2.7/site-packages/VERSION'

and

ImportError: No module named rose

I can touch a file locally to satisfy the version requirement, and I can install rose. However both of these fixes are problematic with Heroku. Files are ephemeral so any VERSION file created would be temporary and the rose package is not always installed before django-tastypie is attempted for install.

Let me know what additional information I can include that will be helpful!

Thanks!

@rmacy
rmacy commented Mar 19, 2013

It looks like this issue is caused by 0.9.13's addition of Rose. If I downgrade to 0.9.12, I experience no issues.

@dyve
dyve commented Mar 19, 2013

Same here, current pip version is broken because rose is not properly included in requirements.

@fosstrack

Installed rose 1.0.0 using pip. Now I get an error trying to run django:
No such file or directory: '.../local/lib/python2.7/site-packages/VERSION
../local/lib/python2.7/site-packages/rose.py in load_version, line 25

@toastdriven
Contributor

@rmacy @fosstrack I'll look into it tomorrow as soon as I can. If need be, please fork & hardcode the version for the moment.

@dyve What are you looking for outside of https://github.com/toastdriven/django-tastypie/blob/master/requirements.txt#L1 and https://github.com/toastdriven/django-tastypie/blob/master/setup.py#L34-L43 ? What other ways are you looking for the requirement to be specified?

@vshjxyz
vshjxyz commented Mar 19, 2013

@toastdriven we use pip to install tastypie so the first file opened is the setup.py and you are currently importing rose before letting pip to install the requirements (https://github.com/toastdriven/django-tastypie/blob/master/setup.py#L10) :\ so currently pip installation seems broken

@acdha
Contributor
acdha commented Mar 19, 2013

I'd like someone like @carljm to confirm but it looks like fixing this would require something ghastly like making version a lazy string so we have time for setup_requires to run before doing the import.

@bollwyvl

Yeah: it seems like import of any non-stdlib pacakges in setup.py is a recipe for disaster. I guess pip-required packages are mostly ok :)

I looked at rose, and am not convinced that it adds much over the import hacks that it vilifies, especially if it would require a downstream user to do:

pip install rose
pip install -r requirements.txt

because an upstream decided to use rose.

i've pushed up a branch version which reverts to the nasty "exec" method, which avoids cascading imports from inside __init__.py... think I picked that up from the Allura guys, and it has served me pretty well.

@acdha
Contributor
acdha commented Mar 19, 2013

@dstufft suggests copying rose.py alongside setup.py to satisfy that initial import.

Then we need to move VERSION inside the tastypie package so it gets installed at all.

I'm with @bollwyvl in questioning whether this is worth the extra complexity.

@bollwyvl

Yeah, further looking at travis, it's pretty clear that something started happening once setup.py was being modified, first for versiontools, then for rose.

I came across this as I started encountering some issues with the branch I pushed up and 2.5 not supporting ssl for pip. This is likely a problem introduced by pip 1.3(.1) defaulting to https. tox didn't seem to dig just passing in the '--insecure' flag for the py25 cases, so I might throw up my hands for the moment and try again later.

I'm not sure right now what actually is supported by tastypie, as there is some evidence that 2.5 might be getting dropped, though I didn't dig in too deeply.

Since this is one of the first big changes to pip in a while, it compounds the complications we are dealing with right now. I anticipate this causing problems across a lot of projects' tests, too, though, so we're not alone!

Glad to help more, but have definitely gone back to 0.9.12 for my current work :)

@acdha
Contributor
acdha commented Mar 19, 2013

@bollwyvl 2.5 tests are definitely broken now since pip can't run following the PyPI mandatory SSL switch until you install it manually.

2.5 almost works but the defusedxml package used to avoid XML security issues isn't backported that far back so you're safest upgrading to a newer Python or disabling XML, which is now easy: http://django-tastypie.readthedocs.org/en/latest/serialization.html#serialization-security.

@acdha
Contributor
acdha commented Mar 19, 2013

tastypie 0.9.14 is out, removing rose. I'm testing now. Please confirm if you're still unable to install with the new release.

@rmacy
rmacy commented Mar 19, 2013

I've updated and I'm no longer seeing any errors with VERSION or rose deps.

Thanks!

@acdha acdha closed this Mar 19, 2013
@rafirosenberg rafirosenberg pushed a commit to rafirosenberg/pinry that referenced this issue Jan 13, 2014
@kklimonda kklimonda Fix TastyPie version at 0.9.12
TastyPie 0.9.13 doesn't install (reported upstream at
django-tastypie/django-tastypie#873) so use
0.9.12 for now.
98c9df7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment