[SRU] pip in xenial is installing packages incompatible with Python 2.7 (and those are becoming common)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-pip (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
[Impact]
Python 2.7 support is ending upstream.
Python libraries are dropping 2.7 support, in response to this.
One of the ways that legacy applications & libraries can stay installable is that Python packages can declare Requires-Python >= 3 (or similar).
https:/
The version of pip in Xenial is *just* too old to support this, so it happily downloads and installs libraries that declare incompatibility with Python 2.7.
setuptools 45.0.0 was released earlier this year, dropping support for Python 2.7.
It's one of the core packages installed by virtualenv.
Since it was released, virtualenv has been installing it, and then been unable to build C extensions.
[Test Case]
# apt install python virtualenv python-pip python3-pip
These should install setuptools older than 45, that still works with Python 2.7:
$ pip install --user setuptools
$ python -c 'import setuptools; print(setuptool
44.0.0
$ virtualenv -v -p python testve
$ testve/bin/python -c 'import setuptools; print(setuptool
44.0.0
Clean up, assuming you don't have anything important in there:
$ rm -rf ~/.local/{bin,lib} testve
These should install setuptools newer than 45, which is compatible with Python 3.5:
$ pip3 install --user setuptools
$ python3 -c 'import setuptools; print(setuptool
45.2.0
$ virtualenv -v -p python3 testve
$ testve/bin/python -c 'import setuptools; print(setuptool
45.2.0
$ rm -rf ~/.local/{bin,lib} testve
[Regression Potential]
Changing behaviour of core tools always comes with a risk. And pip is at the centre of the python ecosystem.
However, this is an attempt to fix a post-release regression.
The patch comes from pip's git history. This code has changed since then, so it's not known to be bug-free.
From NEWS spelunking, these changes seem related, but are not backported in this SRU, to keep it minimal:
From 19.2:
* Update ``pip download`` to respect the given ``--python-
checking ``"Requires-
https:/
* Fix ``pip install`` to respect ``--ignore-
evaluating links.
https:/
From 9.0.0:
* Raise when Requires-Python do not match the running version and add
``--
https:/
[Other Info]
User Bug: https:/
PEP 503 - Simple Repository API: https:/
PEP 345 - Metadata for Python Software Packages 1.2: https:/
summary: |
- pip in xenial is too old to support Requires-Python + [SRU] pip in xenial is installing packages incompatible with Python 2.7 + (and those are becoming common) |
description: | updated |
description: | updated |
Thank you for working on this. In principle this all makes sense and seems like the right thing to do, but as you say changing behaviour of core tools always comes with a risk. I don't think I'm qualified to review this and would appreciate a +1 from a Python- toolchain- knowledgeable person before an SRU accept. I'll ask around.