search

pypa / setuptools

Official project repository for the Setuptools build system
https://pypi.org/project/setuptools/
MIT License
2.53k stars 1.19k forks source link

[FR] Option to refuse to download dependencies #4735

Closed rossburton closed 2 weeks ago

rossburton commented 2 weeks ago

What's the problem this feature will solve?

If a setup.py has an entry in setup_requires that is not satisfied, setuptools will use _easyinstall to install it. In a Linux distribution context this is both non-deterministic (as we don't know what versions of what packages will be downloaded), doesn't allow source caching, and fails if built on a machine without internet.

Notably this installation is incredibly quiet, using git-pw as an example:

$ python3 ./setup.py build --verbose
running build
running build_py
creating build
creating build/lib
creating build/lib/git_pw
copying git_pw/__init__.py -> build/lib/git_pw
copying git_pw/bundle.py -> build/lib/git_pw
copying git_pw/logger.py -> build/lib/git_pw
copying git_pw/series.py -> build/lib/git_pw
copying git_pw/config.py -> build/lib/git_pw
copying git_pw/api.py -> build/lib/git_pw
copying git_pw/utils.py -> build/lib/git_pw
copying git_pw/patch.py -> build/lib/git_pw
copying git_pw/shell.py -> build/lib/git_pw
running egg_info
writing pbr to git_pw.egg-info/pbr.json
writing git_pw.egg-info/PKG-INFO
writing dependency_links to git_pw.egg-info/dependency_links.txt
writing entry points to git_pw.egg-info/entry_points.txt
writing requirements to git_pw.egg-info/requires.txt
writing top-level names to git_pw.egg-info/top_level.txt
[pbr] Processing SOURCES.txt
[pbr] In git context, generating filelist from git
warning: no previously-included files found matching '.gitreview'
warning: no previously-included files matching '*.pyc' found anywhere in distribution
adding license file 'LICENSE'
writing manifest file 'git_pw.egg-info/SOURCES.txt'

At no point so I see "installing pbr".

I propose adding an option so that this silent installation can be blocked and result in a build failure.

Describe the solution you'd like

I propose adding an option so that this silent installation can be optional and result in a build failure if enabled.

Alternative Solutions

We always do builds inside a user namespace with networking disabled, so it typically fails once the connection has timed out. We also have a (horrible) patch that predates the user namespacing at https://git.yoctoproject.org/poky/tree/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch.

Additional context

No response

Code of Conduct

abravalheri commented 2 weeks ago

This only happens when using the deprecated CLI interface. When using a PEP 517-compatible frontend setuptools will not use easy-install, instead it will return a list of dependencies to the frontend via the get_requires_* hooks and it is up to the frontend to do whatever they want with it.

Because the CLI capabilities of python setup.py * are deprecated we are no longer accepting feature requests on top of those.