Support checking install dependencies

[nanonyme]

Currently pypa/build supports checking build dependencies (and this is done by default). But when package is installed with pypa/installer, its runtime dependencies do not get validated. It would be nice that there would be an option for this at least.

[nanonyme]

Looks like the relevant runtime dependency information is available through output of parse_metadata_file. However, processing this might be tricky without packaging which installer cannot really depend on due to cycles.

[nanonyme]

Essentially why packaging makes things simpler here: https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/merge_requests/15404/diffs#d1ff495ddd14f96492c7b23fd7809ddbf1933ede ; this is extracted from importlib.metadata but I guess same data would be present through METADATA file.

[pradyunsg]

This is functionally covered by https://pypa-build.readthedocs.io/en/stable/api.html#build.check_dependency which can be invoked by the caller... I don't see much value in duplicating that functionality here TBH.

[nanonyme]

@pradyunsg you are misreading. I said that covers build dependencies. There is nothing that validates runtime dependencies.

[nanonyme]

Currently only pip is capable of stating that package runtime dependencies are fulfilled

[nanonyme]

Why I mentioned it here is runtime dependency validation makes sense when something is installed while build dependencies make sense to be validated when something is built. I don't really mind what grows this support.

[eli-schwartz]

This is functionally covered by https://pypa-build.readthedocs.io/en/stable/api.html#build.check_dependency which can be invoked by the caller... I don't see much value in duplicating that functionality here TBH.

That does indeed functionally cover the existence of library methods that take a list of dependency specifiers and check whether they are installed. It would be a valid library to reach for as a dependency for the python -m installer foo-1.0-*.whl CLI to use in implementing the desired feature request...

... which wasn't at all about building out the ecosystem of library APIs as far as I can tell. :)

[eli-schwartz]

That being said I do think that it's not particularly urgent to have. The people who are interested in the installer CLI and are concerned with bootstrap dependencies are also the people least likely to need it. In fact, I would typically pass --skip-dependency-check to the python -m build command too.

[nanonyme]

We are using that check but it does something different than what I requested. Normally packages do not declare their runtime dependencies as required for building wheel which is correct. I am after a check that says once wheel is installed, all its dependencies are fulfilled.

[eli-schwartz]

What I mean is that I would ignore both checks for similar reasons. You don't really need to check it since you can almost certainly just generate this part of a flatpak manifest programmatically, without baking it into the build/install pipeline.

And often when you install a wheel (in particular, if you are using --destdir), you haven't yet installed its dependencies, but will do so later after merging the destdir into a live filesystem. So you cannot really validate the install-time dependencies like this.

[nanonyme]

Actually commonly with flatpak pip is used to generate incomplete recipes and then pip is used to validate runtime dependencies. But I am not using a stack that uses pip. I am using stack that uses build+installer and that stack cannot validate runtime dependencies.