Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle the case where there are multiple bundled pip wheels #1444

Merged
merged 1 commit into from
Apr 27, 2023
Merged

Handle the case where there are multiple bundled pip wheels #1444

merged 1 commit into from
Apr 27, 2023

Conversation

edmorley
Copy link
Member

In some older versions of Python multiple pip wheels have been accidentally bundled with the Python stdlib upstream. For example in Python 3.9.0 (which has been superseded by newer patch versions of Python 3.9.x):
https://github.com/python/cpython/tree/v3.9.0/Lib/ensurepip/_bundled

After #1442, this results in eg:

-----> Installing pip 23.1.2, setuptools 67.7.2 and wheel 0.40.0
/app/.heroku/python/bin/python: can't open file '/build/.heroku/python/lib/python3.9/ensurepip/_bundled/pip-20.2.1-py2.py3-none-any.whl
.heroku/python/lib/python3.9/ensurepip/_bundled/pip-20.2.3-py2.py3-none-any.whl/pip': [Errno 2] No such file or directory

Whilst these affected Python versions are old/insecure and not available on newer stacks, we should still make sure they work as expected.

As such, the lookup of the bundled pip wheel needs to handle this case, which it now does by just picking the first found pip wheel.

This was spotted via https://heroku.support/1245122, which was from an app using the main branch of this buildpack (since #1442 hasn't yet been released to the buildpack registry).

GUS-W-13111316.

@edmorley edmorley self-assigned this Apr 27, 2023
@edmorley
Handle the case where there are multiple bundled pip wheels
746631a 
In some older versions of Python multiple pip wheels have been accidentally
bundled with the Python stdlib upstream. For example in Python 3.9.0 (which
has been superseded by newer patch versions of Python 3.9.x):
https://github.com/python/cpython/tree/v3.9.0/Lib/ensurepip/_bundled

After #1442, this results in eg:

```
-----> Installing pip 23.1.2, setuptools 67.7.2 and wheel 0.40.0
/app/.heroku/python/bin/python: can't open file '/build/.heroku/python/lib/python3.9/ensurepip/_bundled/pip-20.2.1-py2.py3-none-any.whl
.heroku/python/lib/python3.9/ensurepip/_bundled/pip-20.2.3-py2.py3-none-any.whl/pip': [Errno 2] No such file or directory
```

Whilst these affected Python versions are old/insecure and not available on
newer stacks, we should still make sure they work as expected.

As such, the lookup of the bundled pip wheel needs to handle this case,
which it now does by just picking the first found pip wheel.

This was spotted via https://heroku.support/1245122, which was from an
app using the `main` branch of this buildpack (since #1442 hasn't yet
been released to the buildpack registry).

GUS-W-13111316.
@edmorley edmorley force-pushed the bundled-pip-multiple-wheels branch from bf89692 to 746631a Compare April 27, 2023 14:32
@edmorley edmorley mentioned this pull request Apr 27, 2023
Merged
@edmorley edmorley marked this pull request as ready for review April 27, 2023 14:38
@edmorley edmorley requested a review from a team as a code owner April 27, 2023 14:38
@edmorley edmorley enabled auto-merge (squash) April 27, 2023 14:39
@edmorley edmorley merged commit ee3c40e into main Apr 27, 2023
5 checks passed
@edmorley edmorley deleted the bundled-pip-multiple-wheels branch April 27, 2023 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Malax Malax Malax approved these changes

Assignees

@edmorley edmorley

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@edmorley @Malax