GNU bug report logs - #69997
Should ‘guix import pypi’ get dependencies from pyproject files?

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Mon, 25 Mar 2024 16:16:05 UTC

Severity: normal

Done: Sharlatan Hellseher <sharlatanus <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 69997 <at> debbugs.gnu.org (full text, mbox):

From: Tanguy LE CARROUR <tanguy <at> bioneland.org>
To: 69997 <at> debbugs.gnu.org,
 Ludovic Courtès <ludovic.courtes <at> inria.fr>
Cc: Munyoki Kilyungi <me <at> bonfacemunyoki.com>,
 Sharlatan Hellseher <sharlatanus <at> gmail.com>, Lars-Dominik Braun <lars <at> 6xq.net>,
 jgart <jgart <at> dismail.de>, Marius Bakke <marius <at> gnu.org>
Subject: Re: bug#69997: Should ‘guix import pypi’
 get dependencies from pyproject files?
Date: Tue, 26 Mar 2024 08:54:17 +0100

Hi Ludo’,


Quoting Ludovic Courtès (2024-03-25 12:06:51)
> Should ‘guix import pypi’ attempt to get dependency information from
> ‘pyproject.toml’, in addition to ‘requirements.txt’ and wheel ‘METADATA’
> as it already does?
> 
> It might be more complicated than we’d like: in some cases, that file
> seems to be used as a “trampoline” to Poetry.  For instance, in
> python-pypugjs, the ‘requires’ bit delegates everything to Poetry:

Short answer: no! 😁

I’m pretty sure you know everything that I’m about to write, but better
say it out loud…

For a "standard modern" project managed with Poetry, the Python source
package contains `PKG-INFO` and `pyproject.toml ` that both contain
the run time dependencies. The wheel package only contains `METADATA` that
lists the dependencies. The source only contains a `pyproject.toml`.
To make the installed package as small as possible, tests files and
uncompiled assets are not (should not be) included.
From a Guix stand point, it’s better to build from source to be able to
run the test suite.

For the `python-pypugjs` you used as an example, we build from source,
so I guess the question does not arise. If we were to use the packages
available on PyPI, what I said above is *NOT* confirmed 😱:
- wheel (`.whl`) only contains `METADATA` with the dependencies; **BUT**
- source (`.tar.gz`) contains `PKG-INFO` (without dependency information),
  `pyproject.toml` (with dep’) and `setup.py` (also with dep’).

… "fun" fact, the information in `pyproject.toml` are **NOT** the same as
the one in `setup.py`!? 🤯 `pyproject.toml` says that `nose` is a run time
dependency (which it is not), but `setup.py` properly lists it in `tests_require`.

So, my answer would be: do not import from PyPI! Yes, I know, it’s radical! 😅
But if you have to, rely on the wheel’s `METADATA` file.

I hope this make sense. … I’m not really sure any more! 😅

Regards,

-- 
Tanguy
This bug report was last modified 209 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.