-
-
Notifications
You must be signed in to change notification settings - Fork 30.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ensurepip --upgrade doesn't change the version of pip used by venv #81288
Comments
$ python3.7 -m ensurepip --upgrade
Looking in links: /var/folders/m6/tsd59qsj7pd_lldh4mhwh6kh0000gn/T/tmpqk_vncev
Requirement already up-to-date: setuptools in /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages (39.0.1)
Requirement already up-to-date: pip in /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages (18.1) But: $ python3.7 -m venv /tmp/test_venv
$ /tmp/test_venv/bin/pip --version
pip 10.0.1 from /private/tmp/test_venv/lib/python3.7/site-packages/pip (python 3.7) |
(Added packaging, Linux distro, and Windows and macOS installer folks to the cc list) Chris and I were discussing this behaviour, and it turns out even I had forgotten how we had specified this feature in PEP-453: We both expected the ensurepip option to behave the same way as the pip option, since they share a name. If I had the time machine keys, I'd use a more verbose name for the ensurepip flag (e.g. As it is though, for Python 3.9, I think we should change the behaviour of The make file would presumably be updated to pass the |
Addressing the other part of Chris's initial post: there's also no Instead, there's only an Unless you're using a Linux distro Python that has been patched to inject the external pip installation with rewheel or dirtbike, getting a venv that uses the externally updated version of pip requires running So my suggestion there would be to:
|
I don't suppose there's any chance we can treat the misnaming of these options as the bugs they feel like, so so fix them for 3.7+, rather than having people battle on with the confusion for another 3+ years until 3.9 is mainstream? |
Please don't forget that it is possible to use venv without PyPI. With my Fedora hat on: as a distro, we don't trust PyPI as a package delivery infrastructure. Lots of users do, and we allow the users to easily but explicitly opt in to trusting it by running "pip install". (In the same way, we don't trust rubygems, npm, CPAN, hackage, etc. -- there are too many, and PyPI is not special.) Changing venv's existing ISTM, the proposed semantics aren't consistent: "venv --upgrade" would not match what "pip --upgrade" does: it would do what "pip install --upgrade pip" does. The latter needs an extra argument, explicitly saying *what* to upgrade. Making "pip" implicit makes sense for "ensurepip", but not for "venv". Also, in my view, "network" should not be used as a synonym for PyPI (outside pip). Could we instead make ---
FWIW, "rewheel" is no more: Fedora now distributes the wheels themselves, and patches system ensurepip to look in /usr/share/python-wheels/. |
I'm with Petr here. ensurepip/venv should only go as far as we support, which is the version of the wheels included in our bundle. We should continue having the stdlib pretend that PyPI doesn't exist. External network access would justify the longer option, in my opinion: "--upgrade-pip-from-pypi" |
Hey guys, |
The issue still exists, I support @ncoghlan's approach, and I have as much faith in pypi as I do in Fedora's distribution mechanisms, if not more ;-) |
It's not the mechanisms, but the validation. Fedora will have tested the version of pip you're getting from them in their context, whereas the PyPI release has only been tested in other contexts. I totally understand Fedora not wanting to support users when they're not using their packages, and so not wanting them to easily get into an unsupported scenario. If there is any change made here, it should be easily patched out. Possibly a more consistent solution is to more clearly document that it's for upgrading old venvs, and possibly add output indicating that it's only upgrading to the "default" versions. If this is still confusing, then we could display "Use 'python -m pip --upgrade pip' to upgrade from public internet sources". But this doesn't really affect me. So if those who are impacted here decide it's best to just go straight to the newest release of pip, go for it. |
The important patch result I'm expecting is that, we remain consistent with the latest environments outside and inside a venv. |
It's quite clear this issue is going nowhere. It pretty frustrating that we have such a confusing situation, but I can't see consensus ever being reached so we'll just all have to live with this confusing and broken behaviour, but hey, it's Python Packaging, so SNAFU, right? |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: