-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Un-deprecate --process-dependency-links
until an alternative is implemented
#4187
Comments
[Wrote in #3939, moving my comment here]
|
Another issue is that |
Is there any news regarding this? Is there any alternative in progress? dependency_links_ seems to be the only option for internal/private distribution of libraries. Instead of deprecating it, it should be fixed, a lot of people forget or get confuse because they forget to put both the name-version of the library in the the install_requires and the dependency link that contains the tarbal together with the egg. As an alternative, I would love to see that @jleclanche has suggested, a simple link to the tarball in the install_requires (specifying the egg could be optional). I don't think we are alone: https://stackoverflow.com/questions/3472430/how-can-i-make-setuptools-install-a-package-thats-not-on-pypi |
@robertour tools like devpi support a more clear approach since years now |
@dstufft btw - i would like to argue that the existene of devpi demonstrates a more clean solution to the problem making dependency links unnecessary IMHO index inheritance + white listing/blacklisting is more consistent and more comprehensible at a ops level |
@RonnyPfannschmidt, thanks for the suggestion, it seems I am missing something important (discussions about this deprecation have been going for too long) but generally speaking I cannot agree more with this comment from reddit:
Ideally, I would like an alternative that won't take me more than adding a file in my library, or few lines in the setup.py. I basically don't understand the underlying decision of removing it, I can see how it can lead to bad practices and insecurities, but as long as it is keep for internal use, it should not be a major issue. |
I thought 86b0779 meant that the |
It shouldn't be deprecated until there is an alternative in place, i.e. PEP 508 support. Until then, too many people are using it. |
What's the proper workflow for this? Let 's say there's a library that I need to add a feature to. I fork it on Github. Feature isn't going to be merged any time soon, so I have a tool that I set to use my Github fork instead of PyPi. Now all of my users have to add --process-dependency-links when installing my tool with pip, which is a deprecated and even once removed flag? Is there some option in setup.py that I'm missing or is there really no way around this? It seems like the only viable way to do this is to push up a forked pypi package. That is just going to add to user's confusion once your pull request does get merged, anyway. |
Let's come around to this.
However, the flag does mean that pip would reach out to arbitrary URLs -- it should have a warning attached to it about this. |
Thanks to pypa/pip#4187 (comment), we can finally install Kingpin easily with a simple `pip install` command.
Hi guys, I just like to note that the deprecation pathway in this case was way too short. I know that dependency links have been marked as deprecated for quite some time, but PEP 508 URLs, which can be used to replace them, haven't been implemented until 18.1. As a result there was only a 3 month long window to switch from dependency links to URL requirements, which is very short time for large projects. |
… 508 URL dependencies' - see: pypa/pip#4187
Replaced pip.main() call with subprocess.check_call() Solved installation issue reported in pilcru#12
Found a suitable solution to dependency_link hell using @ at the dependency declaration as suggested in: pypa/pip#4187 (comment)
@rgerkin Hi, I am trying to follow your instructions to no avail, Searching for PACKAGE@ git+ssh://[email protected]:OWNER/PACKAGE.git@BRANCH PACKAGE@ git+ssh://[email protected]:OWNER/PACKAGE.git@BRANCH, this is in install_requires. Would you have an idea why I am getting the above? |
@KevinMars There are a few differences between my example and what you have, including the use of git_ssh, bitbucket, a.git suffix, a named branch, and no version tag. Maybe one or more of those things is leading pip to search on PyPI instead of at your URL. What version of pip are you using? |
To remark something that I've found: Using
|
@rgerkin Thanks for sharing this solution. But what if I'm using pbr to setup my Python package? How to adapt this to fit pbr? |
@KevinMars I have the same exact issue. Did you ever figure out the fix? I am trying to require a specific branch of a private bitbucket repo over SSH. |
I just realized --process-dependency-links didn't existed anymore. I'm grateful for all the work the community does. Trying to justify the decision in never ending discussions and a maze of issue closing and redirection was the chosen solution but I still think leaving this option would have harmed nobody. |
Description:
The
--process-dependency-links
was re-added to pip a while ago because there are a number of valid use-cases for the flag: #1955For this reason, it should probably be un-deprecated until an implementation of PEP 508/440 is in pip. The
dependency_links
argument to setuptools'ssetup
is also still documented and not deprecated: http://setuptools.readthedocs.io/en/latest/setuptools.html#dependencies-that-aren-t-in-pypiWhat I've run:
The text was updated successfully, but these errors were encountered: