| Message ID | 20230425171454.48802-3-aduskett@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Selinux: bump to 3.5 | expand |
Adam, All, On 2023-04-25 10:14 -0700, Adam Duskett spake thusly: > In the following patch that updates libselinux, the libselinux python tools now > require pip to install. This was a bit terse an explanation, so I extended it a bit. Applied to master, thanks. Regards, Yann E. MORIN. > Signed-off-by: Adam Duskett <aduskett@gmail.com> > --- > package/python-pip/python-pip.mk | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk > index 8cf3aaa3ec..35ad7bede2 100644 > --- a/package/python-pip/python-pip.mk > +++ b/package/python-pip/python-pip.mk > @@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa > PYTHON_PIP_CPE_ID_PRODUCT = pip > > $(eval $(python-package)) > +$(eval $(host-python-package)) > -- > 2.40.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Adam" == Adam Duskett <aduskett@gmail.com> writes: > In the following patch that updates libselinux, the libselinux python tools now > require pip to install. > Signed-off-by: Adam Duskett <aduskett@gmail.com> Somewhat related, is there any way we can ensure that this pip is only used for the installation logic (which is fine if a bit odd) and NOT to pull in extra python dependencies (which is naturally NOT OK)? > --- > package/python-pip/python-pip.mk | 1 + > 1 file changed, 1 insertion(+) > diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk > index 8cf3aaa3ec..35ad7bede2 100644 > --- a/package/python-pip/python-pip.mk > +++ b/package/python-pip/python-pip.mk > @@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa > PYTHON_PIP_CPE_ID_PRODUCT = pip > $(eval $(python-package)) > +$(eval $(host-python-package)) > -- > 2.40.0 > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
Peter, All, On 2023-06-12 17:52 +0200, Peter Korsgaard spake thusly: > >>>>> "Adam" == Adam Duskett <aduskett@gmail.com> writes: > > In the following patch that updates libselinux, the libselinux python tools now > > require pip to install. > > Signed-off-by: Adam Duskett <aduskett@gmail.com> > Somewhat related, is there any way we can ensure that this pip is only > used for the installation logic (which is fine if a bit odd) Yes, I too found it odd. I don't recall the details, though, but indeed, we do need pip to perform the install step, while the build step is still performed with setuptools. > and NOT to pull in extra python > dependencies (which is naturally NOT OK)? That was a concern of mine when I applied the patch, too, but I did not have a good idea to prevent that. But since then, I've learnt about --no-index, and if that is not enough, we can redirect to a fake index with -i and --extra-index-url. Could using --no-deps also be useful? So we could maybe provide our wrapper around pip3, that uses a combo of those options, to prevent installing anything but a local file. That would not work for packages that use a python script to import pip and directly call it, though; is that even possible (I'd guess so, and probably something, somewhere is (ab)using that). Alternatively, the wrapper could also export http_proxy and https_proxy to something that does not exist, and that would cause the download to fail. Regards, Yann E. MORIN. > > --- > > package/python-pip/python-pip.mk | 1 + > > 1 file changed, 1 insertion(+) > > > diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk > > index 8cf3aaa3ec..35ad7bede2 100644 > > --- a/package/python-pip/python-pip.mk > > +++ b/package/python-pip/python-pip.mk > > @@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa > > PYTHON_PIP_CPE_ID_PRODUCT = pip > > > $(eval $(python-package)) > > +$(eval $(host-python-package)) > > -- > > > 2.40.0 > > > _______________________________________________ > > buildroot mailing list > > buildroot@buildroot.org > > https://lists.buildroot.org/mailman/listinfo/buildroot > > > -- > Bye, Peter Korsgaard
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: > Peter, All, > On 2023-06-12 17:52 +0200, Peter Korsgaard spake thusly: >> >>>>> "Adam" == Adam Duskett <aduskett@gmail.com> writes: >> > In the following patch that updates libselinux, the libselinux python tools now >> > require pip to install. >> > Signed-off-by: Adam Duskett <aduskett@gmail.com> >> Somewhat related, is there any way we can ensure that this pip is only >> used for the installation logic (which is fine if a bit odd) > Yes, I too found it odd. I don't recall the details, though, but indeed, > we do need pip to perform the install step, while the build step is > still performed with setuptools. >> and NOT to pull in extra python >> dependencies (which is naturally NOT OK)? > That was a concern of mine when I applied the patch, too, but I did not > have a good idea to prevent that. > But since then, I've learnt about --no-index, and if that is not enough, > we can redirect to a fake index with -i and --extra-index-url. Could > using --no-deps also be useful? > So we could maybe provide our wrapper around pip3, that uses a combo of > those options, to prevent installing anything but a local file. Ahh, yes - That could be a nice improvement! > That would not work for packages that use a python script to import pip > and directly call it, though; is that even possible (I'd guess so, and > probably something, somewhere is (ab)using that). Hmm, I guess someone is creative enough for that ;)
diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk index 8cf3aaa3ec..35ad7bede2 100644 --- a/package/python-pip/python-pip.mk +++ b/package/python-pip/python-pip.mk @@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa PYTHON_PIP_CPE_ID_PRODUCT = pip $(eval $(python-package)) +$(eval $(host-python-package))
In the following patch that updates libselinux, the libselinux python tools now require pip to install. Signed-off-by: Adam Duskett <aduskett@gmail.com> --- package/python-pip/python-pip.mk | 1 + 1 file changed, 1 insertion(+)