Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PEP 518: enable source installs for build dependencies #5336

Merged
merged 3 commits into from
Jul 20, 2018
Merged

PEP 518: enable source installs for build dependencies #5336

merged 3 commits into from
Jul 20, 2018

Conversation

benoit-pierre
Copy link
Member

Re-enable support for source installs, and detect fork-bombs.

Constraints:

  • there could be multiple concurrent runs of pip (e.g. installing to different target directories with -t)
  • a fork-bomb can happen during a chain of prepare requirement -> install build dependencies -> [...] -> try to prepare the original requirement again, so we can't identify requirements based on a NAME-VERSION key because those are not always known (or can be dependend upon) before and during preparation

Solution:

  • identify requirements based on their source link (sans fragments)
  • each pip run will use a temporary directory to track preparation of requirements
  • sharing the directory is done using a simple environment variable to forward the information to child processess
  • there's no need for a lock because there's always only one active process during a call to pip download/install/wheel (during the install build dependencies phase, the parent process is waiting for the pip sub-process completion)

Note: this PR is based on and includes the changes in #5286 (see here for a comparison between the 2).

Fixes #5229.

@benoit-pierre
Copy link
Member Author

benoit-pierre commented Apr 26, 2018
edited by pradyunsg
Loading

TODO:

  • add a news entry
  • fix py_module declaration for pep518_forkbomb test project
  • drop packages4 test data
  • check documentation is up-to-date
  • add another delayed fork-bomb test?

@pradyunsg
Copy link
Member

You'll want to modify the documentation paragraph about the limitations, changing it to say in pip 10.

@benoit-pierre
Copy link
Member Author

I updated the check-list above. Will amend after rebasing on master once #5286 is merged.

@pradyunsg pradyunsg added the S: needs triage Issues/PRs that need to be triaged label May 11, 2018
@benoit-pierre benoit-pierre mentioned this pull request May 11, 2018
Merged
@pradyunsg pradyunsg mentioned this pull request May 16, 2018
Closed
@BrownTruck
Copy link
Contributor

Hello!

I am an automated bot and I have noticed that this pull request is not currently able to be merged. If you are able to either merge the master branch into this pull request or rebase this pull request against master then it will eligible for code review and hopefully merging!

@BrownTruck BrownTruck added the needs rebase or merge PR has conflicts with current master label May 18, 2018
@pypa-bot pypa-bot removed the needs rebase or merge PR has conflicts with current master label May 19, 2018
@benoit-pierre
Copy link
Member Author

Rebased on master + updated the documentation.

pradyunsg
pradyunsg reviewed May 19, 2018
View reviewed changes
Copy link
Member

@pradyunsg pradyunsg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have the bandwidth to do a full review right now.

docs/reference/pip.rst Outdated
unbounded recursion involved was not considered acceptable, and so
installation of build dependencies from source has been disabled until a safe
resolution of this issue is found.
* ``pip<18.0`` only support installing build requirements from wheels.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

merge it with the next point?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@pradyunsg pradyunsg added type: enhancement Improvements to functionality PEP implementation Involves some PEP and removed S: needs triage Issues/PRs that need to be triaged labels May 19, 2018
@benoit-pierre benoit-pierre reopened this May 21, 2018
@pradyunsg pradyunsg added this to the 18.0 milestone Jun 6, 2018
pradyunsg
pradyunsg reviewed Jun 11, 2018
View reviewed changes
Copy link
Member

@pradyunsg pradyunsg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good to me. Inline notes on tests.

news/5229.feature
@@ -0,0 +1 @@
Add support for installing PEP 518 build dependencies from source.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you remove the period?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I said that for consistency across news files -- I usually commit them without periods. Looking at the directory currently, it's inconsistent already so I guess this doesn't matter all that much.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'd definitely say this doesn't matter. FWIW personally I prefer complete sentences (i.e., periods).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same.

tests/functional/test_install.py Outdated
path_to_url(data.packages.join('pep518_forkbomb-235.tar.gz'))
) in result.stdout, result.stdout


Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A test for fork-bomb due to a cycle in the build-requirements (instead of self-depending) would be nice.

tests/functional/test_install.py Outdated
data.src.join("pep518_with_extra_and_markers-1.0"),
use_module=True,
)


@pytest.mark.parametrize('command', ('install', 'wheel'))
def test_pep518_forkbomb(script, data, common_wheels, command):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to limit this test so that it doesn't actually fork-bomb the system is we mess up the logic being tested?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll mark the test with @pytest.mark.timeout(60).

tests/lib/__init__.py
@@ -100,10 +100,6 @@ def packages2(self):
def packages3(self):
return self.root.join("packages3")

@property
def packages4(self):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bye bye packages4! 👋

pradyunsg
pradyunsg reviewed Jun 11, 2018
View reviewed changes
Copy link
Member

@pradyunsg pradyunsg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good to me. Inline notes on tests.

@benoit-pierre benoit-pierre mentioned this pull request Jun 12, 2018
Closed
@benoit-pierre
Copy link
Member Author

Rebased with additional tests.

pradyunsg
pradyunsg approved these changes Jun 17, 2018
View reviewed changes
Copy link
Member

@pradyunsg pradyunsg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@pradyunsg
Copy link
Member

A gentle ping for other @pypa/pip-committers. Would appreciate more 👀 through this.

Happy to merge as is though. :)

@BrownTruck
Copy link
Contributor

Hello!

I am an automated bot and I have noticed that this pull request is not currently able to be merged. If you are able to either merge the master branch into this pull request or rebase this pull request against master then it will eligible for code review and hopefully merging!

@BrownTruck BrownTruck added the needs rebase or merge PR has conflicts with current master label Jun 25, 2018
@pypa-bot pypa-bot removed the needs rebase or merge PR has conflicts with current master label Jun 26, 2018
pradyunsg
pradyunsg reviewed Jul 2, 2018
View reviewed changes
src/pip/_internal/req/req_tracker.py
self.cleanup()

def _entry_path(self, link):
hashed = hashlib.sha224(link.url_without_fragment.encode()).hexdigest()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noting here that I did briefly think that we should split the folder name, to be like pip's cache.

wheels
[...]
├── bf
│   └── c9
│       └── a3
│           └── c538d90ef17cf7823fa51fc701a7a7a910a80f6a405bf15b1a
│               └── future-0.16.0-cp37-none-any.whl
[...]

I understand the cache might be this way to prevent far too many files in a single directory. I doubt that build-trees would get all that large though, considering that we only have a tracker for what's being built right now.

@pradyunsg pradyunsg added the !release blocker Hold a release until this is resolved label Jul 2, 2018
@pradyunsg
Copy link
Member

@pypa/pip-committers Does anyone else have bandwidth to review this?

auvipy
auvipy reviewed Jul 15, 2018
View reviewed changes
Copy link

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nothing outstanding remain imho.

@pradyunsg pradyunsg merged commit 0bd01d9 into pypa:master Jul 20, 2018
@pradyunsg pradyunsg removed the !release blocker Hold a release until this is resolved label Jul 22, 2018
@segevfiner segevfiner mentioned this pull request Jul 23, 2018
Closed
@jamadden jamadden mentioned this pull request Aug 9, 2018
Merged
@benoit-pierre benoit-pierre mentioned this pull request Aug 22, 2018
Closed
@benoit-pierre benoit-pierre deleted the src_build_reqs_in_pep518 branch September 23, 2018 17:44
@pv pv mentioned this pull request Sep 27, 2018
Closed
2 tasks
gnomesysadmins pushed a commit to GNOME/pygobject that referenced this pull request Nov 13, 2018
@lazka
Revert "Revert "Add PEP518/pyproject.toml file""
fe33c56 
This was reverted because pip didn't support installing build deps
from sdists. But this looks fixed since pypa/pip#5336

pip now builds and installs pycairo before building pygobject.

This reverts commit ad1bbfa.
@lock
Copy link

lock bot commented Jun 1, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot added the auto-locked Outdated issues that have been locked by automation label Jun 1, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Jun 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@pfmoore pfmoore pfmoore left review comments

@pradyunsg pradyunsg pradyunsg approved these changes

@auvipy auvipy auvipy left review comments

Assignees
No one assigned
Labels
auto-locked Outdated issues that have been locked by automation PEP implementation Involves some PEP type: enhancement Improvements to functionality
Projects
None yet
Milestone
18.0
Development

Successfully merging this pull request may close these issues.

Build dependencies with no binary wheels don't work
7 participants
@benoit-pierre @pradyunsg @BrownTruck @mjpieters @pfmoore @auvipy @pypa-bot