PREAMBLE: I am well aware of the status of Python 2.7, the versions of various libraries we are using, etc. and are working on an upgrade path. We have a complex legacy application and we can't just make changes haphazardly. Hence why we use buildout to ensure a consistent installation. Unless you can show how a newer version of a package is going to resolve this issue, kindly refrain from throwing out comments about versions and upgrading. Thank you.
We have a complex buildout that has been running fine for years. However, on a new installation, two eggs which themselves require other eggs are not respecting the version pins for those requirements.
- python-dateutil 2.7.5 is trying to install setuptools_scm 7.1.0 which is Python 3 only. We have it pinned to the final 2.7 compatible version, 4.1.2.
- Similarly ua-parser 0.8.0 is trying to install PyYAML 6.0, which we have pinned to 3.13
Neither package includes a version constraint in its "requires" clause.
We have tried ensuring the pinned versions of the required eggs are installed first, but the packages still try to install the latest version. Many tens of eggs are being installed by the same buildout with no issues.
While our buildout uses omelette to install eggs, we can reproduce this in a very simple test case:
[buildout]
parts =
test
index = https://pypi.python.org/simple
[versions]
setuptools_scm = 4.1.2
python-dateutil = 2.7.5
zc.recipe.egg = 2.0.7
[test]
recipe = zc.recipe.egg
eggs =
setuptools_scm
python-dateutil
The requirement clauses from python-dateutil's setup.py:
requires=["six"],
setup_requires=['setuptools_scm'],
install_requires=["six >=1.5"], # XXX fix when packaging is sane again
Running the buildout -c test.cfg results in:
Installing test.
Installing 'setuptools_scm', 'python-dateutil'.
We have no distributions for setuptools-scm that satisfies 'setuptools-scm==4.1.2'.
Getting distribution for 'setuptools-scm==4.1.2'.
Fetching setuptools-scm 4.1.2 from: https://files.pythonhosted.org/packages/02/d6/3fb2388faf97942103412838437561f59248086de0e268d98ec3a630ae72/setuptools_scm-4.1.2-py2.7.egg#sha256=b42c150c34d6120babf3646abd7513e032be2e230b3d2034f27404c65aa0c977
Got setuptools-scm 4.1.2.
We have no distributions for python-dateutil that satisfies 'python-dateutil==2.7.5'.
Getting distribution for 'python-dateutil==2.7.5'.
Fetching python-dateutil 2.7.5 from: https://files.pythonhosted.org/packages/0e/01/68747933e8d12263d41ce08119620d9a7e5eb72c876a3442257f74490da0/python-dateutil-2.7.5.tar.gz#sha256=88f9287c0174266bb0d8cedd395cfba9c58e87e5ad86b2ce58859bc11be3cf02
Running easy_install:
"/home/hugh/Projects/eluta/trunk2/lib/python/bin/python2.7" "-c" "import sys; sys.path[0:0] = ['/home/hugh/Projects/eluta/trunk2/lib/python/lib/python2.7/site-packages']; from setuptools.command.easy_install import main; main()" "-mZUNxd" "/home/hugh/Projects/eluta/trunk2/eggs/tmpMuWDfi" "/tmp/tmpPrViTjget_dist/python-dateutil-2.7.5.tar.gz"
path=['/home/hugh/Projects/eluta/trunk2/lib/python/lib/python2.7/site-packages']
Processing python-dateutil-2.7.5.tar.gz
Writing /tmp/easy_install-UoQL8O/python-dateutil-2.7.5/setup.cfg
Running python-dateutil-2.7.5/setup.py -q bdist_egg --dist-dir /tmp/easy_install-UoQL8O/python-dateutil-2.7.5/egg-dist-tmp-Tdk8Lr
Traceback (most recent call last):
.
.
.
File "/tmp/easy_install-UoQL8O/python-dateutil-2.7.5/temp/easy_install-EzwsLI/setuptools_scm-7.1.0/setup.py", line 20
def scm_version() -> str:
What is odd is that setuptools_scm comes up as both setuptools_scm and setuptools-scm on PyPi, and while the filename is setuptools_scm, the version spec needs to be setuptools-scm, otherwise it is ignored. In any event, I've set version specs for both setuptools_scm and setuptools-scm, with no change.
While I can think of some hacks to work around this (e.g. executing pip to install these two eggs, as the version issue doesn't occur when installing them from pip), I'd rather find a proper solution to this problem, if at all possible.