eggs considered harmful

Re: eggs considered harmful

Harry George <harry.g.george @boeing.comwrit es:
[...]1. Given the presumptuous tone of your own message, I guess I'm not in
danger of coming across as more rude than you when I point out that
your requirements are just that: your own. The rest of the world
won't *always* bend over backwards to support just exactly what you'd
most prefer.

2. You can run your own private egg repository. IIRC, it's as simple
as a directory of eggs and a plain old web server with directory
listings turned on. You then run easy_install -f URL package_name
instead of easy_install package_name . The distutils-sig archives
will have more on this.

3. Alternatively, you could create bundled packages that include
dependencies (perhaps zc.buildout can do that for you, even? not sure)


John

Re: eggs considered harmful

Harry George wrote:Have you considered establishing a policy that these setuptools-using packages
should be installed using the --single-version-externally-managed option to the
install command? This does not check for dependencies.

Alternately, you can provide a company repository of the tarballs and their
depedencies tarballs. Your users can use the easy_install option --find-links to
point to that URL such that they do not have to go outside of the firewall to
install everything.
I'm sorry to hear that.
Given the options I outlined above, you can easily satisfy these requirements
for the vast majority of setuptools-using packages that are out there. There are
a handful of packages that only distribute the eggs and not the source tarballs,
but those are rare.

--
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco

Setuptools, build and install dependencies (was: eggs considered harmful)

Harry George <harry.g.george @boeing.comwrit es:
If you provide the build and install script with all the dependencies
already present (in the current directory), my experience is that
setuptools does not do any network actions.

--
\ "Self-respect: The secure feeling that no one, as yet, is |
`\ suspicious." -- Henry L. Mencken |
_o__) |
Ben Finney

Re: eggs considered harmful

jjl@pobox.com (John J. Lee) writes:
You deleted the "...at least here", which was intended to make clear I
was NOT speaking for the world at large, though possibly for a large
chunk of corporate life. Also, this wasn't out of the lbue. I ha ve
previously discussed this with several development teasm privately,
but the trend appears to be accelerating
Again, not speaking for anyone else: With 500 OSS packages, all of
which play by the same tarball rules, we don't have resources to
handle eggs differently.
No resources for special handling.



--
Harry George
PLM Engineering Architecture

Re: eggs considered harmful

Robert Kern <robert.kern@gm ail.comwrites:
I didn't know that one. I'll try it. Thanks.
This is a possibility. The tarballs can be seen in a directory
listing. They are in different subdirs (for different "bundles" of
functionality), so I'll need -f to look several places.
Me too. We worked long and hard to get Python established as a
standard language for corporate systems development, we have a host of
projects that need ZSI, and I look forward to making further inroads
into C++, Java, and VB development camps. Didn't really need a
roadblock at this point.
I agree pure eggs are rare. The fact that they increased this past
quarter was what concerned me. ZODB even looks like a normal tarball,
builds ok, but uses a easy-install-style lookup during install.

--
Harry George
PLM Engineering Architecture

Re: Setuptools, build and install dependencies (was: eggs considered harmful)

Ben Finney <bignose+hate s-spam@benfinney. id.auwrites:
Thanks for the idea. It doesn't work so well in our context, since
many dependencies are installed long before a particular egg is
attempted.

We need to know the dependencies, install them in dependency order,
and expect the next package to find them. "configure" does this for
hundreds of packages. cmake, scons, and others also tackle this
problem. Python's old setup.py seems to be able to do it.

However, as I understand it, setuptools can't detect previously
installed python packages if they were not installed via eggs. Thus,
my ZSI install was failing on "PyXML>=8.3 ", even though PyXML 8.4 is
installed. I can't afford to drag copies of all the dependent source
tarballs into an egg's currdir just so it can find them. (We have 6 GB
of tarballs -- who knows how much untarred source that would be.)

I just found hints that you should not attempt to install ZSI form
tarball, but should rather install from an egg. So I was able to
install ZSI for py2.4.

Unfortunately, that means I would have to carry
python-version-dependent renditions of every egg. We have people
running on py23, py24, and py25, thus tripling the number of
tarballs/eggs to manage. This is the very reason we went to a
*source* based repository.

--
Harry George
PLM Engineering Architecture

Re: Setuptools, build and install dependencies

Harry George wrote:
No, generic setup.py scripts don't do anything of that kind.

--
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco

Re: Setuptools, build and install dependencies

Robert Kern <robert.kern@gm ail.comwrites:
Ok, setup.py itself may not do the work, but from the end users'
perspective it works that way. Setup.py runs a configure and a make,
which in turn find the right already-installed libraries. The point
is, setup.py plays well in such an environment.

--
Harry George
PLM Engineering Architecture

Re: eggs considered harmful

On 21 Jun., 14:10, Harry George <harry.g.geo... @boeing.comwrot e:Alomost all projects I know of that provide eggs, also have a CVS or
SVN repository. Just download a tagged release and then use "python
setup.py <whatever>" or "easy_insta ll ." in the checkout. easy_install
can even do the checkout for you.
Eggs document dependencies better (i.e with version numbers) than most
other projects do, through the "install_requir es" argument to the
"setup()" call in "setup.py". In an egg, this list is found in *-egg-
info/requires.txt.
Configure etc. may be able to detect an installed version number of a
package/module because they include scripts to check for those. IMHO
it's silly to place the burden for checking for version numbers on the
developer who wants to distribute an app. The package/module should
provide a standard way to query the version number itself. This is
exactly one of things that setuptools is about.

Chris

Re: eggs considered harmful

On Jun 21, 8:10 am, Harry George <harry.g.geo... @boeing.comwrot e:
[snip description of unacceptable behaviors]If you have bugs to report against ZODB, I sugest posting to zodb-dev
(http://mail.zope.org/mailman/listinfo/zodb-dev).
--
Benji York

Re: eggs considered harmful

Harry George <harry.g.george @boeing.comwrit es:[...]You said earlier:
Not sure how this differs significantly "from running a repository",
in the sense I use it above.


John

Re: eggs considered harmful

On Jun 21, 1:10 pm, Harry George <harry.g.geo... @boeing.comwrot e:
I understand your situation and I have some misgivings myself. It
reminds me of the time when I worked in a 'corporate environment' and
I was trying to install a Perl application to get round the internet
blocking.

The application (localproxy - very good) was *intended* to be
installed via CPAN for tracking requirements - which didn't work
behind our proxy firewall. Although the project author (a very
technical guy) knew the direct dependencies, some of these had
dependencies. He *didn't know* the full dependency set for his
project.

Eventually, through trial and error (and a lot of help from the
author) I was able to get it working. But it was painful.

My guess is that a lot of the world's computers are behind firewalls
or proxies that preclude automatic dependency resolution.

*However*, there is a very good reason why setuptools and eggs are
gaining in popularity (and will continue to do so). For the majority
of users eggs are just *so damned convenient*. Being able to do
``easy_install some_project`` and have it just work is fantastic.

There are probably ways round this. For most non-esoteric eggs it
should be possible to create an ordinary installation tarball from an
egg. If you do easy_install of a project into a bare Python
installation (a VM instance for example) then you should be able to
see which dependencies are fetched.

If this is too much then I fear that you may be SOL...

Fuzzyman

Re: eggs considered harmful

Harry George <harry.g.george @boeing.comwrit es:
[...]One possibility here is to have a script maintain symlinks (or have it
otherwise appropriately configure a web server).

[...]All setuptools-based packages work this way: they have a setup.py that
(roughly) imports the setup function from setuptools rather than
distutils.


John

Re: eggs considered harmful

Fuzzyman wrote:Sounds like an "interestin g" bootstrapping issue to me.

[...]
I'd argue that mechanisms already exist for automatic upgrades even in
restricted environments, and we're not always talking about "big
bucks" corporate solutions, either. Indeed, the more established GNU/
Linux distributions seem to have had the required flexibility of
dependency resolution *and* not requiring an "always on" connection to
the Internet for quite some time - for obvious reasons if you consider
how long they've been going.
Sure. But being able to install any software (not just eggs via the
Package Index, or Perl software via CPAN, or...) with dependency
resolution isn't alien to a lot of people. Again, it's time to look at
established practice rather than pretend it doesn't exist:



Paul