isolated-builds aren't isolated when run with system dist-packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pip |
Fix Released
|
Unknown
|
|||
python-pip (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
pip is unable to perform isolated builds (that are truly isolated) when run in a --system-
This means one can't depend on newer setuptools features, for example
[ Test Plan ]
# apt install python3-venv
$ python3 -m venv --system-
$ mkdir /tmp/test-pkg
$ cd /tmp/test-pkg
$ cat > pyproject.toml <<EOF
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.
[project]
name = "tmp"
version = "0"
EOF
$ cat > tmp.py <<EOF
print("Hi")
EOF
$ cat > setup.py <<EOF
import sys
from setuptools import setup
assert "/usr/lib/
setup()
EOF
$ /tmp/ve/bin/python -m pip install .
...
Successfully installed tmp-0
Or, in the case of this bug, a failure due to the AssertionError
[ Where problems could occur ]
Upstream went through quite a meandering path to fix this series of bugs in their isolated build implementation. Since Debian got involved in reviewing the patches, we got down to a relatively simple approach, that this SRU can apply.
The current approach, applied here, shipped in 23.1, and we haven't been aware of any issues with it.
[ Other Info ]
https:/
https:/
https:/
https:/
https:/
https:/
== Original Description ==
This happens on Ubuntu Jammy. I have not tested other versions.
To reproduce this bug, first create a dummy Python package. In a directory called `tmp`, put these files:
```
jean@ubuntu22:
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.
[project]
name = "tmp"
version = "0"
jean@ubuntu22:
print("Hi")
```
Now run
```
pip install --verbose .
```
to install this package.
```
jean@ubuntu22:
Using pip 22.0.2 from /home/jean/
Defaulting to user installation because normal site-packages is not writeable
Processing /home/jean/tmp
Running command pip subprocess to install build dependencies
Collecting setuptools
Using cached setuptools-
Installing collected packages: setuptools
Successfully installed setuptools-67.7.2
WARNING: You are using pip version 22.0.2; however, version 23.1.2 is available.
You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.
Installing build dependencies ... done
Running command Getting requirements to build wheel
running egg_info
writing manifest file 'UNKNOWN.
Getting requirements to build wheel ... done
Running command pip subprocess to install backend dependencies
Collecting wheel
Using cached wheel-0.
Installing collected packages: wheel
Successfully installed wheel-0.40.0
WARNING: You are using pip version 22.0.2; however, version 23.1.2 is available.
You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.
Installing backend dependencies ... done
Running command Preparing metadata (pyproject.toml)
running dist_info
creating /tmp/pip-
writing manifest file '/tmp/pip-
writing manifest file '/tmp/pip-
Preparing metadata (pyproject.toml) ... done
Building wheels for collected packages: UNKNOWN
Running command Building wheel for UNKNOWN (pyproject.toml)
running bdist_wheel
running build
running install
running install_egg_info
running egg_info
writing manifest file 'UNKNOWN.
Copying UNKNOWN.egg-info to build/bdist.
running install_scripts
Building wheel for UNKNOWN (pyproject.toml) ... done
Created wheel for UNKNOWN: filename=
Stored in directory: /tmp/pip-
Successfully built UNKNOWN
Installing collected packages: UNKNOWN
Successfully installed UNKNOWN-0.0.0
WARNING: You are using pip version 22.0.2; however, version 23.1.2 is available.
You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.
```
Note how the package ends up called "unknown". This is a known problem with older setuptools versions. However, pip is building a wheel for the package in an isolated environment, where it has installed setuptools 67.7.2, which is the latest version.
Another hint at the problem:
```
$ pip install --verbose --editable .
Using pip 22.0.2 from /home/jean/
Defaulting to user installation because normal site-packages is not writeable
Obtaining file://
Running command pip subprocess to install build dependencies
Collecting setuptools
Using cached setuptools-
Installing collected packages: setuptools
Successfully installed setuptools-67.7.2
WARNING: You are using pip version 22.0.2; however, version 23.1.2 is available.
You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.
Installing build dependencies ... done
Running command Checking if build backend supports build_editable
Checking if build backend supports build_editable ... done
ERROR: Project file://
WARNING: You are using pip version 22.0.2; however, version 23.1.2 is available.
You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.
```
The latest setuptools version definitely supports editable builds.
This indicates that within the isolated build environment, setuptools from the system package python3-setuptools was used instead of the temporary copy of setuptools.
This problem does not occur on Fedora 38. I verified this by editing `/usr/lib/
I was not quite sure which package to file this bug against. It does not seem to come from distro patches to pip *itself* (but perhaps distro patches to the Python interpreter, e.g., sysconfig): using pip from PyPI ("pip install --upgrade pip==22.0.2", installing a pip that shadows the system pip) also exhibits the bug. Although "pip install --upgrade pip" to get the latest version does *not* exhibit the bug, so this is probably an interaction between distro patches *and* the older pip version in Jammy.
In my opinion, this bug is quite severe, as it makes the system pip mostly unusable for installing packages from local checkouts, at least when those packages use setuptools as their build backend.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: python3-pip 22.0.2+
ProcVersionSign
Uname: Linux 5.19.0-41-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.4
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Tue May 2 11:25:42 2023
InstallationDate: Installed on 2023-01-06 (115 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
PackageArchitec
SourcePackage: python-pip
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in python-pip (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in pip: | |
status: | Unknown → Fix Released |
Changed in python-pip (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in python-pip (Ubuntu Jammy): | |
status: | New → Confirmed |
summary: |
- pip picks up wrong setuptools version during isolated build + isolated-builds aren't isolated when run with system dist-packages |
Status changed to 'Confirmed' because the bug affects multiple users.