[Distutils] Preventing downloading for package requirements

Tarek Ziadé ziade.tarek at gmail.com
Wed Feb 23 22:04:24 CET 2011 

On Wed, Feb 23, 2011 at 9:46 PM, Barry Warsaw <barry at python.org> wrote:
> Something that's come up recently in the Debian Python mailing list is
> setuptools/distribute's habit of downloading *_requires packages
> (e.g. install_requires) when they are not available locally.
>
> This causes us problems because dependencies are defined in two places.  They
> are defined in setup.py by the upstream package author, and in the
> debian/control file by the OS packager.  Generally, this is okay because we
> can generate debian/control from setup.py -- though it does take some manual
> intervention to keep things in sync.
>
> This came up in the context of always enabling tests when we build the OS
> package.  The problem arises if the two dependency lists are out of sync.  For
> example, your setup.py depends on 'foo' but the Debian 'python-foo' package is
> not installed.  In this case, during the build process, 'foo' would get
> downloaded from the Cheeseshop and this would mask a bug in the debian/control
> file (since any listed in debian/control would get installed from the archive
> and thus be available by the time setuptools/distribute runs).
>
> The question is: what's the best way for us Debian packagers to absolutely
> prevent download from Cheeseshop?  We would much rather have
> setuptools/distribute spew an error and stop, because then we'd fix
> debian/control and ensure that all the package's dependencies came from the OS
> archive instead of external resources.
>
> One way that seems to work is to add this to setup.cfg:
>
> [easy_install]
> allow_hosts: www.example.com
>
> This will break the download by limiting acceptable hosts to bogus ones that
> can't possibly satisfy the requirement.  But it's unsatisfying for several
> reasons:
>
> * It's obscure and doesn't really describe what we're trying to do ('fixable'
>  I suppose by a comment)
> * Requires the Debian packager to add a setup.cfg or modify an existing one in
>  the upstream package.
>
> Note that I thought this might also work, but it does not afaict:
>
> [easy_install]
> no_deps: true

Well, if you want to handle all the dependencies for a project
yourself, you can shortcut distribute or setuptools by using the
--single-version-externaly managed option.

When using this option, the project will be installed by the vanilla
distutils install command.

Then it's up to you to handle dependencies. That's how pip does, and Fedora IIRC

HTH

Cheers
Tarek

-- 
Tarek Ziadé | http://ziade.org

More information about the Distutils-SIG mailing list