API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 25th, 2019
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.19 KB | None | 0 0
raw download clone embed print report
  1. Hello,
  2.  
  3. The recent release of setuptools 42.0.0 has broken the method used by
  4. the configure-mirrors role to ensure easy_install (the older method to
  5. install python packages, before pip became in widespread use [1])
  6. would only access the infra PyPi mirror.
  7.  
  8. The prior mirror setup code would set the "allow_hosts" whitelist to
  9. the mirror host exclusively in pydistutils.cfg. This would avoid
  10. easy_install "leaking" access outside the specified mirror.
  11.  
  12. Change [2] in setuptools means that pip is now used to fetch packages.
  13. Since it does not implement the constraints of the "allow_hosts"
  14. setting, specifying this option has become an error condition. This
  15. is reported as:
  16.  
  17. the `allow-hosts` option is not supported when using pip to install requirements
  18.  
  19. It has been pointed out [3] that this prior code would break any
  20. dependency_links [4] that might be specified for the package (as the
  21. external URLs will not match the whitelist). Overall, there is no
  22. desire to work-around this behaviour as easy_install is considered
  23. deprecated for any current use.
  24.  
  25. In short, this means the only solution is to remove the now-conflicting
  26. configuration from pydistutils.cfg. Due to the urgency of
  27. this update, it has been merged with [5] before our usual 2-week
  28. deprecation notice.
  29.  
  30. The result of this is that older setuptools (perhaps in a virtualenv)
  31. with jobs still using easy_install may not correctly access the
  32. specified mirror. Assuming jobs have access to PyPi, they would still
  33. work, although without the benefits of a local mirror. If such jobs
  34. are firewalled from usptream they may now fail. We consider the
  35. chance of jobs using this legacy install method in this situation to
  36. be very low.
  37.  
  38. Please contact zuul-discuss [6] with any concerns.
  39.  
  40. We now return you to your regularly scheduled programming :)
  41.  
  42.  
  43. [1] https://packaging.python.org/discussions/pip-vs-easy-install/
  44. [2] https://github.com/pypa/setuptools/commit/d6948c636f5e657ac56911b71b7a459d326d8389
  45. [3] https://github.com/pypa/setuptools/issues/1916
  46. [4] https://python-packaging.readthedocs.io/en/latest/dependencies.html
  47. [5] https://review.opendev.org/695821
  48. [6] http://lists.zuul-ci.org/cgi-bin/mailman/listinfo/zuul-discuss
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!