[OpenStack-Infra] [zuul-jobs] configure-mirrors: deprecate mirroring configuration for easy_install
Paul Belanger
pabelanger at redhat.com
Mon Nov 25 13:38:55 UTC 2019
On Mon, Nov 25, 2019 at 04:02:13PM +1100, Ian Wienand wrote:
> Hello,
>
> Today I force-merged [5] to avoid widespread gate breakage. Because
> the change is in zuul-jobs, we have a policy of annoucing
> deprecations. I've written the following but not sent it to
> zuul-announce (per policy) yet, as I'm not 100% confident in the
> explanation.
>
> I'd appreciate it if, once proof-read, someone could send it out
> (modified or otherwise).
>
> Thanks,
>
Greetings!
Rather then force merge, and potential break other zuul installs. What
about a new feature flag, that was still enabled but have openstack base
jobs disabled? This would still allow older versions of setuptools to
work I would guess?
That said, ansible Zuul is not affected as we currently fork
configure-mirrors for our open puproses, I'll check now that we are also
not affected.
> -i
>
> --
>
> Hello,
>
> The recent release of setuptools 42.0.0 has broken the method used by
> the configure-mirrors role to ensure easy_install (the older method of
> install packages, before pip became in widespread use [1]) would only
> access the PyPi mirror.
>
> The prior mirror setup code would set the "allow_hosts" whitelist to
> the mirror host exclusively in pydistutils.cfg. This would avoid
> easy_install "leaking" access outside the specified mirror.
>
> Change [2] in setuptools means that pip is now used to fetch packages.
> Since it does not implement the constraints of the "allow_hosts"
> setting, specifying this option has become an error condition. This
> is reported as:
>
> the `allow-hosts` option is not supported 'when using pip to install requirements
>
> It has been pointed out [3] that this prior code would break any
> dependency_links [4] that might be specified for the package (as the
> external URLs will not match the whitelist). Overall, there is no
> desire to work-around this behaviour as easy_install is considered
> deprecated for any current use.
>
> In short, this means the only solution is to remove the now
> conflicting configuration from pydistutils.cfg. Due to the urgency of
> this update, it has been merged with [5] before our usual 2-week
> deprecation notice.
>
> The result of this is that older setuptools (perhaps in a virtualenv)
> with jobs still using easy_install may not correctly access the
> specified mirror. Assuming jobs have access to PyPi they would still
> work, although without the benefits of a local mirror. If such jobs
> are firewalled from usptream they may now fail. We consider the
> chance of jobs using this legacy install method in this situation to
> be very low.
>
> Please contact zuul-discuss [6] with any concerns.
>
> We now return you to your regularly scheduled programming :)
>
> [1] https://packaging.python.org/discussions/pip-vs-easy-install/
> [2] https://github.com/pypa/setuptools/commit/d6948c636f5e657ac56911b71b7a459d326d8389
> [3] https://github.com/pypa/setuptools/issues/1916
> [4] https://python-packaging.readthedocs.io/en/latest/dependencies.html
> [5] https://review.opendev.org/695821
> [6] http://lists.zuul-ci.org/cgi-bin/mailman/listinfo/zuul-discuss
>
>
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
More information about the OpenStack-Infra
mailing list