classification
Title: Replace bundled pip and setuptools with a downloader in the ensurepip module
Type: enhancement Stage: patch review
Components: Library (Lib) Versions: Python 3.9, Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: dstufft, eric.smith, pradyunsg, serhiy.storchaka, webknjaz
Priority: normal Keywords: patch

Created on 2019-04-11 22:13 by webknjaz, last changed 2019-07-13 14:57 by webknjaz.

Pull Requests
URL Status Linked Edit
PR 12791 open webknjaz, 2019-04-11 22:17
Messages (6)
msg339998 - (view) Author: Sviatoslav Sydorenko (webknjaz) * Date: 2019-04-11 22:13
Hi,

I've noticed that there's an idea to not pollute Git tree with vendored blobs. In particular, `ensurepip` is one of the components doing this.

Such a wish was expressed here: https://bugs.python.org/issue35277#msg330098

So I thought I'd take a stab at it...
msg340039 - (view) Author: Eric V. Smith (eric.smith) * (Python committer) Date: 2019-04-12 13:32
ensurepip does not access the network, by design. We do not want it to start access the network without a lot of discussion.

And if it does access the network, it will need to be able to use alternate URLs. For example: where I deploy Python, it would not have access to the URLs in your PR, but instead would need to specify a different (internal) location. This is the same reason that pip install has --find-links, --no-index, --extra-index-url, etc.

I think this would need a lot of discussion (probably on distutils-sig), and probably a PEP.
msg340060 - (view) Author: Eric V. Smith (eric.smith) * (Python committer) Date: 2019-04-12 15:24
And I don't mean to sound like a total downer. I just think it's important that we recognize all of the use cases.

Thanks for your work on this.
msg340169 - (view) Author: Pradyun Gedam (pradyunsg) * Date: 2019-04-13 18:39
(Not sure how the Roundup handles email replies but I'm hoping this goes to
the right place)

I think it would be better if the downloading got invoked during the
interpreter build process -- to download the wheels and add them to the
final distribution. This lets us remove the wheels from the source
tree/version control and prevents needing to change the PEP for this change.

Functionally, I imagine having all the download logic in some sort of
ensurepip._bootstrap which has all the download logic and that getting
invoked in the build process. `python -m ensurepip` not hitting the
internet is a good invariant to keep.

On Fri, 12 Apr 2019 at 8:54 PM, Eric V. Smith <report@bugs.python.org>
wrote:

>
> Eric V. Smith <eric@trueblade.com> added the comment:
>
> And I don't mean to sound like a total downer. I just think it's important
> that we recognize all of the use cases.
>
> Thanks for your work on this.
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <https://bugs.python.org/issue36608>
> _______________________________________
>
msg340218 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-04-14 16:46
I proposed to move bundled pip and setuptools to the external repository and download them at build time like Tcl and other dependencies on Windows.
msg347836 - (view) Author: Sviatoslav Sydorenko (webknjaz) * Date: 2019-07-13 14:57
Thanks for the feedback!

I've changed it a bit to have a separate command for downloading bundles to the source tree. It'd work as in `python -m ensurepip.bundle` (needs a better name/CLI args probably).

Does it sound better now?
History
Date User Action Args
2019-07-13 14:57:28webknjazsetmessages: + msg347836
2019-04-14 16:46:49serhiy.storchakasetmessages: + msg340218
2019-04-13 18:39:13pradyunsgsetmessages: + msg340169
2019-04-12 15:24:29eric.smithsetmessages: + msg340060
2019-04-12 13:32:52eric.smithsetnosy: + eric.smith
messages: + msg340039
2019-04-11 22:17:25webknjazsetkeywords: + patch
stage: patch review
pull_requests: + pull_request12719
2019-04-11 22:13:02webknjazcreate