Chore: Fix setuptools version

[manand881]

This commit constraints setuptools version lesser than or equal to 69 to be used while installing zope interface via pip. this has been done to avoid the error with setup tools as stated in https://github.com/pypa/setuptools/issues/4519

[cjwatson]

I think we should drop the setup.py test integration instead. It shouldn't be too hard, and it's basically obsolete anyway.

But what's the issue being fixed here? zope.interface doesn't rely on the setuptools test command (it just declares test_suite in its metadata), and I seem to be able to install zope.interface even from its sdist in a virtualenv with setuptools 72 installed.

[tseaver]

@manand881 Can you please describe how https://github.com/pypa/setuptools/issues/4519 affects zope.interface at installation or at runtime? While we pin setuptools < 69 in tox.ini (driven from https://github.com/zopefoundation/meta/pull/243), the following works fine here:

$ python3.8 -m venv /tmp/foo
$ cd /tmp/foo
$ bin/pip install --upgrade setuptools pip
...
Successfully installed pip-24.2 setuptools-71.1.0
$ bin/pip install zope.interface
...
Successfully installed zope.interface-6.4.post2
$ bin/python -c "from zope.interface import Interface; print(Interface)"
zope.interface.Interface

FWIW, zope.interface actually only depends on setuptools at runtime to get pkg_resources importable in zope.interface.__init__ (to support namespace packages pre-PEP420). There are hundreds of projects which install into the zope namespace: we would need a HUGE flag-day to migrate to PEP420-style across the whole ecosystem (which would be the Right Thing(TM) to do).

@cjwatson We don't use setup.py test for anything, but do still pass the test_suite and tests_require keywords to setup() -- those should be gone, AFAICT.

@dataflake, @icemac I don't recall why the pin was added in https://github.com/zopefoundation/meta/pull/243 -- can you point to an issue describing the breakage? I do see that sdists get created with the underscore in the filename, which is obnoxious, but does it break anything?

[cjwatson]

Note that setuptools 72.0.0 has been yanked, so your test was with 71.1.0, which is less interesting here. (I tested by explicitly doing pip install setuptools==72.0.0.)

[tseaver]

@cjwatson Thanks, I had figured that out chasing the issue myself. Meanwhile, I've opened two issues on the meta repository:

• https://github.com/zopefoundation/meta/issues/260
• https://github.com/zopefoundation/meta/issues/261

Neither of them will get done quickly: the first is basically just a ginormous, tedious pile of work (we don't script the creation of setup.py, unlike many other project artifacts); the second has large / unknown risks of breaking downstream users.

[tseaver]

@cjwatson So I followed up on the yanked version:

$ python3.12 -m venv /tmp/bar
$ cd /tmp/bar/
$ /tmp/bar/bin/pip install --upgrade setuptools==72.0.0
Collecting setuptools==72.0.0
  Using cached setuptools-72.0.0-py3-none-any.whl.metadata (6.6 kB)
WARNING: The candidate selected for download or install is a yanked version: 'setuptools' candidate (version 72.0.0 at https://files.pythonhosted.org/packages/2f/83/06edd551b4fdf6170dcbafeeed588a8909819e943905c182ebdc98835be8/setuptools-72.0.0-py3-none-any.whl (from https://pypi.org/simple/setuptools/) (requires-python:>=3.8))
Reason for being yanked: https://github.com/pypa/setuptools/issues/4518
Using cached setuptools-72.0.0-py3-none-any.whl (2.3 MB)
Installing collected packages: setuptools
Successfully installed setuptools-72.0.0
$ bin/pip install --upgrade pip
...
Successfully installed pip-24.2
$ bin/pip install zope.interface
...
Successfully installed zope.interface-6.4.post2
$ bin/python -c "from zope.interface import Interface; print(Interface)"
zope.interface.Interface
$ bin/pip uninstall zope.interface
...
  Successfully uninstalled zope.interface-6.4.post2
$ bin/pip install --no-cache --no-binary :all: zope.interface
...
Successfully installed zope.interface-6.4.post2
$ bin/python -c "from zope.interface import Interface; print(Interface)"
zope.interface.Interface

[manand881]

I guess at this time, i dont have the level of experience or insight as much as the people who have created this project. What was happening to us was that our poetry was allowing the latest setuptools to install since the project did not explicitly mention a version and the latest version had an issue. I made this pull request trying to freeze on the version to be the same tox.ini this is how i thought i could contribute. if you feel that its good practice to do so, please let me know

[cjwatson]

@manand881 Do you have a log of the actual failure you were seeing? A copy of that would be helpful, just to make sure it's not somehow a Zope problem.

I suspect that the problem is actually in the interaction between the latest setuptools and some other package, rather than in its interaction with zope.interface - which means it should be fixed there and not here (ideally by removing that other package's reliance on the feature that has been removed from setuptools).

[manand881]

@cjwatson Unfortunately we do not have persistent logs of the error that we were seeing since we dont have a mechanism to store logs of the builds that we do. our product is not sophisticated. I would like to confirm that there is no problem with zope interface at all. this is how our poetry.lock file looks

name = "zope-interface"
version = "6.4.post2"
description = "Interfaces for Python"
optional = false
python-versions = ">=3.7"
files = [
    {file = "zope.interface-6.4.post2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:2eccd5bef45883802848f821d940367c1d0ad588de71e5cabe3813175444202c"},
    {file = "zope.interface-6.4.post2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:762e616199f6319bb98e7f4f27d254c84c5fb1c25c908c2a9d0f92b92fb27530"},
    {file = "zope.interface-6.4.post2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5ef8356f16b1a83609f7a992a6e33d792bb5eff2370712c9eaae0d02e1924341"},
    {file = "zope.interface-6.4.post2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0e4fa5d34d7973e6b0efa46fe4405090f3b406f64b6290facbb19dcbf642ad6b"},
    {file = "zope.interface-6.4.post2-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d22fce0b0f5715cdac082e35a9e735a1752dc8585f005d045abb1a7c20e197f9"},
    {file = "zope.interface-6.4.post2-cp310-cp310-win_amd64.whl", hash = "sha256:97e615eab34bd8477c3f34197a17ce08c648d38467489359cb9eb7394f1083f7"},
    {file = "zope.interface-6.4.post2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:599f3b07bde2627e163ce484d5497a54a0a8437779362395c6b25e68c6590ede"},
    {file = "zope.interface-6.4.post2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:136cacdde1a2c5e5bc3d0b2a1beed733f97e2dad8c2ad3c2e17116f6590a3827"},
    {file = "zope.interface-6.4.post2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:47937cf2e7ed4e0e37f7851c76edeb8543ec9b0eae149b36ecd26176ff1ca874"},
    {file = "zope.interface-6.4.post2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6f0a6be264afb094975b5ef55c911379d6989caa87c4e558814ec4f5125cfa2e"},
    {file = "zope.interface-6.4.post2-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47654177e675bafdf4e4738ce58cdc5c6d6ee2157ac0a78a3fa460942b9d64a8"},
    {file = "zope.interface-6.4.post2-cp311-cp311-win_amd64.whl", hash = "sha256:e2fb8e8158306567a3a9a41670c1ff99d0567d7fc96fa93b7abf8b519a46b250"},
    {file = "zope.interface-6.4.post2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:b912750b13d76af8aac45ddf4679535def304b2a48a07989ec736508d0bbfbde"},
    {file = "zope.interface-6.4.post2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:4ac46298e0143d91e4644a27a769d1388d5d89e82ee0cf37bf2b0b001b9712a4"},
    {file = "zope.interface-6.4.post2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:86a94af4a88110ed4bb8961f5ac72edf782958e665d5bfceaab6bf388420a78b"},
    {file = "zope.interface-6.4.post2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:73f9752cf3596771c7726f7eea5b9e634ad47c6d863043589a1c3bb31325c7eb"},
    {file = "zope.interface-6.4.post2-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:00b5c3e9744dcdc9e84c24ed6646d5cf0cf66551347b310b3ffd70f056535854"},
    {file = "zope.interface-6.4.post2-cp312-cp312-win_amd64.whl", hash = "sha256:551db2fe892fcbefb38f6f81ffa62de11090c8119fd4e66a60f3adff70751ec7"},
    {file = "zope.interface-6.4.post2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e96ac6b3169940a8cd57b4f2b8edcad8f5213b60efcd197d59fbe52f0accd66e"},
    {file = "zope.interface-6.4.post2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cebff2fe5dc82cb22122e4e1225e00a4a506b1a16fafa911142ee124febf2c9e"},
    {file = "zope.interface-6.4.post2-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:33ee982237cffaf946db365c3a6ebaa37855d8e3ca5800f6f48890209c1cfefc"},
    {file = "zope.interface-6.4.post2-cp37-cp37m-macosx_11_0_x86_64.whl", hash = "sha256:fbf649bc77510ef2521cf797700b96167bb77838c40780da7ea3edd8b78044d1"},
    {file = "zope.interface-6.4.post2-cp37-cp37m-win_amd64.whl", hash = "sha256:4c0b208a5d6c81434bdfa0f06d9b667e5de15af84d8cae5723c3a33ba6611b82"},
    {file = "zope.interface-6.4.post2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:d3fe667935e9562407c2511570dca14604a654988a13d8725667e95161d92e9b"},
    {file = "zope.interface-6.4.post2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:a96e6d4074db29b152222c34d7eec2e2db2f92638d2b2b2c704f9e8db3ae0edc"},
    {file = "zope.interface-6.4.post2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:866a0f583be79f0def667a5d2c60b7b4cc68f0c0a470f227e1122691b443c934"},
    {file = "zope.interface-6.4.post2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5fe919027f29b12f7a2562ba0daf3e045cb388f844e022552a5674fcdf5d21f1"},
    {file = "zope.interface-6.4.post2-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8e0343a6e06d94f6b6ac52fbc75269b41dd3c57066541a6c76517f69fe67cb43"},
    {file = "zope.interface-6.4.post2-cp38-cp38-win_amd64.whl", hash = "sha256:dabb70a6e3d9c22df50e08dc55b14ca2a99da95a2d941954255ac76fd6982bc5"},
    {file = "zope.interface-6.4.post2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:706efc19f9679a1b425d6fa2b4bc770d976d0984335eaea0869bd32f627591d2"},
    {file = "zope.interface-6.4.post2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:3d136e5b8821073e1a09dde3eb076ea9988e7010c54ffe4d39701adf0c303438"},
    {file = "zope.interface-6.4.post2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1730c93a38b5a18d24549bc81613223962a19d457cfda9bdc66e542f475a36f4"},
    {file = "zope.interface-6.4.post2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bc2676312cc3468a25aac001ec727168994ea3b69b48914944a44c6a0b251e79"},
    {file = "zope.interface-6.4.post2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1a62fd6cd518693568e23e02f41816adedfca637f26716837681c90b36af3671"},
    {file = "zope.interface-6.4.post2-cp39-cp39-win_amd64.whl", hash = "sha256:d3f7e001328bd6466b3414215f66dde3c7c13d8025a9c160a75d7b2687090d15"},
    {file = "zope.interface-6.4.post2.tar.gz", hash = "sha256:1c207e6f6dfd5749a26f5a5fd966602d6b824ec00d2df84a7e9a924e8933654e"},
]

[package.dependencies]
setuptools = "*"

This * for the setuptools version was causing poetry to install the latest version of setuptools which upgraded the older version of setup tools that we had in the same poetry.lock file. hence we decided to contribute to help freezing the version inside zope so that it remains immune from newer changes that are breaking.

I hope this was of some help.

[cjwatson]

@manand881 I can't reproduce this failure after setting up a similar poetry environment. I suspect you've been confused by some piece of the error output and misidentified the problem as being in zope.interface.

[manand881]

@cjwatson when you have the same poetry as mine, what version of setuptools does it install? the latest version that caused issues i.e 72.0.0 has been removed from PyPi

[cjwatson]

I explicitly told it to install 72.0.0.

[manand881]

@cjwatson looking at https://pypi.org/project/setuptools/#history i also notice that setup tools is notorious releasing a lot of versions which end up getting yanked

[cjwatson]

Sure, but I don't think that's really relevant here.

[cjwatson]

Also, upper bounds on requirements should be avoided in libraries.

[manand881]

what would be the right way to do this?

[cjwatson]

Find and fix the actual problem, rather than just slapping an upper bound in and hoping none of the library's other users have any kind of conflict with it!

[cjwatson]

I'm going to close this. I think it's actively harmful (it would break as soon as any other package has a setuptools requirement with a conflicting lower bound, and you try to install that other package and zope.interface in the same environment), there seems no evidence that zope.interface is directly broken here even with the yanked setuptools 72.0.0, and we have zopefoundation/meta issues for the longer-term problems here.