2013-03-21 02:27:06 -04:00
|
|
|
|
PEP: 439
|
2013-08-30 09:20:37 -04:00
|
|
|
|
Title: Inclusion of implicit pip bootstrap in Python installation
|
2013-03-21 02:27:06 -04:00
|
|
|
|
Version: $Revision$
|
|
|
|
|
Last-Modified: $Date$
|
|
|
|
|
Author: Richard Jones <richard@python.org>
|
|
|
|
|
BDFL-Delegate: Nick Coghlan <ncoghlan@gmail.com>
|
2022-02-27 17:46:36 -05:00
|
|
|
|
Discussions-To: distutils-sig@python.org
|
2013-08-30 09:20:37 -04:00
|
|
|
|
Status: Rejected
|
2013-03-21 02:27:06 -04:00
|
|
|
|
Type: Standards Track
|
2013-03-21 21:31:45 -04:00
|
|
|
|
Content-Type: text/x-rst
|
2013-03-21 02:27:06 -04:00
|
|
|
|
Created: 18-Mar-2013
|
|
|
|
|
Python-Version: 3.4
|
|
|
|
|
Post-History: 19-Mar-2013
|
2017-06-11 15:02:39 -04:00
|
|
|
|
Resolution: https://mail.python.org/pipermail/distutils-sig/2013-August/022527.html
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Abstract
|
|
|
|
|
========
|
|
|
|
|
|
2021-09-17 14:18:24 -04:00
|
|
|
|
This PEP proposes the inclusion of a pip bootstrap executable in the
|
2013-03-21 02:27:06 -04:00
|
|
|
|
Python installation to simplify the use of 3rd-party modules by Python
|
|
|
|
|
users.
|
|
|
|
|
|
|
|
|
|
This PEP does not propose to include the pip implementation in the
|
|
|
|
|
Python standard library. Nor does it propose to implement any package
|
2013-04-10 00:14:23 -04:00
|
|
|
|
management or installation mechanisms beyond those provided by PEP
|
2013-03-21 02:27:06 -04:00
|
|
|
|
427 ("The Wheel Binary Package Format 1.0") and TODO distlib PEP.
|
|
|
|
|
|
|
|
|
|
|
2013-08-30 09:20:37 -04:00
|
|
|
|
PEP Rejection
|
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
This PEP has been rejected in favour of a more explicit mechanism that
|
|
|
|
|
should achieve the same end result in a more reliable fashion. The more
|
2022-01-21 06:03:51 -05:00
|
|
|
|
explicit bootstrapping mechanism is described in :pep:`453`.
|
2013-08-30 09:20:37 -04:00
|
|
|
|
|
2013-03-21 02:27:06 -04:00
|
|
|
|
Rationale
|
|
|
|
|
=========
|
|
|
|
|
|
|
|
|
|
Currently the user story for installing 3rd-party Python modules is
|
|
|
|
|
not as simple as it could be. It requires that all 3rd-party modules
|
|
|
|
|
inform the user of how to install the installer, typically via a link
|
|
|
|
|
to the installer. That link may be out of date or the steps required
|
|
|
|
|
to perform the install of the installer may be enough of a roadblock
|
|
|
|
|
to prevent the user from further progress.
|
|
|
|
|
|
|
|
|
|
Large Python projects which emphasise a low barrier to entry have
|
|
|
|
|
shied away from depending on third party packages because of the
|
|
|
|
|
introduction of this potential stumbling block for new users.
|
|
|
|
|
|
|
|
|
|
With the inclusion of the package installer command in the standard
|
|
|
|
|
Python installation the barrier to installing additional software is
|
|
|
|
|
considerably reduced. It is hoped that this will therefore increase
|
|
|
|
|
the likelihood that Python projects will reuse third party software.
|
|
|
|
|
|
2013-07-09 23:01:57 -04:00
|
|
|
|
The Python community also has an issue of complexity around the current
|
2013-07-10 01:07:43 -04:00
|
|
|
|
bootstrap procedure for pip and setuptools. They all have
|
2013-07-09 23:01:57 -04:00
|
|
|
|
their own bootstrap download file with slightly different usages and
|
|
|
|
|
even refer to each other in some cases. Having a single bootstrap which
|
|
|
|
|
is common amongst them all, with a simple usage, would be far preferable.
|
|
|
|
|
|
2013-03-21 02:27:06 -04:00
|
|
|
|
It is also hoped that this is reduces the number of proposals to
|
|
|
|
|
include more and more software in the Python standard library, and
|
|
|
|
|
therefore that more popular Python software is more easily upgradeable
|
|
|
|
|
beyond requiring Python installation upgrades.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Proposal
|
|
|
|
|
========
|
|
|
|
|
|
2013-07-10 01:07:43 -04:00
|
|
|
|
The bootstrap will install the pip implementation, setuptools by downloading
|
|
|
|
|
their installation files from PyPI.
|
2013-07-09 23:01:57 -04:00
|
|
|
|
|
2013-07-08 21:20:06 -04:00
|
|
|
|
This proposal affects two components of packaging: `the pip bootstrap`_ and,
|
|
|
|
|
thanks to easier package installation, `modifications to publishing
|
|
|
|
|
packages`_.
|
|
|
|
|
|
|
|
|
|
The core of this proposal is that the user experience of using pip should not
|
|
|
|
|
require the user to install pip.
|
2013-03-25 23:52:54 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The pip bootstrap
|
|
|
|
|
-----------------
|
|
|
|
|
|
2022-01-21 06:03:51 -05:00
|
|
|
|
The Python installation includes an executable called "pip3" (see :pep:`394` for
|
2013-06-13 21:15:22 -04:00
|
|
|
|
naming rationale etc.) that attempts to import pip machinery. If it can then
|
|
|
|
|
the pip command proceeds as normal. If it cannot it will bootstrap pip by
|
2013-07-10 01:07:43 -04:00
|
|
|
|
downloading the pip implementation and setuptools wheel files. Hereafter the
|
|
|
|
|
installation of the "pip implementation" will imply installation of setuptools
|
|
|
|
|
and virtualenv. Once installed, the pip command proceeds as normal. Once the
|
|
|
|
|
bootstrap process is complete the "pip3" command is no longer the bootstrap
|
|
|
|
|
but rather the full pip command.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
2021-09-17 14:18:24 -04:00
|
|
|
|
A bootstrap is used in the place of a the full pip code so that we don't have
|
2013-06-13 21:15:22 -04:00
|
|
|
|
to bundle pip and also pip is upgradeable outside of the regular Python
|
|
|
|
|
upgrade timeframe and processes.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
To avoid issues with sudo we will have the bootstrap default to
|
|
|
|
|
installing the pip implementation to the per-user site-packages
|
2022-01-21 06:03:51 -05:00
|
|
|
|
directory defined in :pep:`370` and implemented in Python 2.6/3.0. Since
|
2013-03-21 02:27:06 -04:00
|
|
|
|
we avoid installing to the system Python we also avoid conflicting
|
|
|
|
|
with any other packaging system (on Linux systems, for example.) If
|
2022-01-21 06:03:51 -05:00
|
|
|
|
the user is inside a :pep:`405` virtual environment then the pip
|
2013-03-21 02:27:06 -04:00
|
|
|
|
implementation will be installed into that virtual environment.
|
|
|
|
|
|
2013-03-25 23:52:54 -04:00
|
|
|
|
The bootstrap process will proceed as follows:
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
1. The user system has Python (3.4+) installed. In the "scripts"
|
|
|
|
|
directory of the Python installation there is the bootstrap script
|
2013-04-10 00:14:23 -04:00
|
|
|
|
called "pip3".
|
|
|
|
|
2. The user will invoke a pip command, typically "pip3 install
|
|
|
|
|
<package>", for example "pip3 install Django".
|
2021-09-17 14:18:24 -04:00
|
|
|
|
3. The bootstrap script will attempt to import the pip implementation.
|
2013-07-08 21:20:06 -04:00
|
|
|
|
If this succeeds, the pip command is processed normally. Stop.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
4. On failing to import the pip implementation the bootstrap notifies
|
2013-07-08 21:20:06 -04:00
|
|
|
|
the user that it needs to "install pip". It will ask the user whether it
|
|
|
|
|
should install pip as a system-wide site-packages or as a user-only
|
|
|
|
|
package. This choice will also be present as a command-line option to pip
|
|
|
|
|
so non-interactive use is possible.
|
|
|
|
|
5. The bootstrap will and contact PyPI to obtain the latest download wheel
|
2022-01-21 06:03:51 -05:00
|
|
|
|
file (see :pep:`427`.)
|
2013-07-08 21:20:06 -04:00
|
|
|
|
6. Upon downloading the file it is installed using "python setup.py install".
|
|
|
|
|
7. The pip tool may now import the pip implementation and continues to
|
2013-03-21 02:27:06 -04:00
|
|
|
|
process the requested user command normally.
|
|
|
|
|
|
|
|
|
|
Users may be running in an environment which cannot access the public
|
|
|
|
|
Internet and are relying solely on a local package repository. They
|
|
|
|
|
would use the "-i" (Base URL of Python Package Index) argument to the
|
2013-07-08 22:23:12 -04:00
|
|
|
|
"pip3 install" command. This simply overrides the default index URL pointing
|
|
|
|
|
to PyPI.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
2013-06-13 21:15:22 -04:00
|
|
|
|
Some users may have no Internet access suitable for fetching the pip
|
2013-07-08 22:23:12 -04:00
|
|
|
|
implementation file. These users can manually download and install the
|
2013-07-10 01:07:43 -04:00
|
|
|
|
setuptools and pip tar files. Adding specific support for this use-case is
|
|
|
|
|
unnecessary.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
2013-07-08 21:20:06 -04:00
|
|
|
|
The download of the pip implementation install file will be performed
|
|
|
|
|
securely. The transport from pypi.python.org will be done over HTTPS with the
|
2013-07-09 23:01:57 -04:00
|
|
|
|
CA certificate check performed. This facility will be present in Python 3.4+
|
|
|
|
|
using Operating System certificates (see PEP XXXX).
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
Beyond those arguments controlling index location and download
|
2021-09-17 14:18:24 -04:00
|
|
|
|
options, the "pip3" bootstrap command may support further standard pip
|
2013-03-21 02:27:06 -04:00
|
|
|
|
options for verbosity, quietness and logging.
|
|
|
|
|
|
2013-07-08 21:20:06 -04:00
|
|
|
|
The "pip3" command will support two new command-line options that are used
|
2021-09-17 14:18:24 -04:00
|
|
|
|
in the bootstrapping, and otherwise ignored. They control where the pip
|
2013-07-08 21:20:06 -04:00
|
|
|
|
implementation is installed:
|
2013-03-25 23:52:54 -04:00
|
|
|
|
|
2021-06-30 15:19:44 -04:00
|
|
|
|
``--bootstrap``
|
2013-07-08 21:20:06 -04:00
|
|
|
|
Install to the user's packages directory. The name of this option is chosen
|
|
|
|
|
to promote it as the preferred installation option.
|
2013-03-25 23:52:54 -04:00
|
|
|
|
|
2021-06-30 15:19:44 -04:00
|
|
|
|
``--bootstrap-to-system``
|
2013-07-08 21:20:06 -04:00
|
|
|
|
Install to the system site-packages directory.
|
2013-03-25 23:52:54 -04:00
|
|
|
|
|
2013-07-08 21:20:06 -04:00
|
|
|
|
These command-line options will also need to be implemented, but otherwise
|
|
|
|
|
ignored, in the pip implementation.
|
2013-03-25 23:52:54 -04:00
|
|
|
|
|
2013-07-08 22:23:12 -04:00
|
|
|
|
Consideration should be given to defaulting pip to install packages to the
|
|
|
|
|
user's packages directory if pip is installed in that location.
|
|
|
|
|
|
2013-07-08 21:20:06 -04:00
|
|
|
|
The "--no-install" option to the "pip3" command will not affect the
|
|
|
|
|
bootstrapping process.
|
2013-03-25 23:52:54 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Modifications to publishing packages
|
|
|
|
|
------------------------------------
|
|
|
|
|
|
|
|
|
|
An additional new Python package is proposed, "pypublish", which
|
2013-03-21 02:27:06 -04:00
|
|
|
|
will be a tool for publishing packages to PyPI. It would replace the
|
|
|
|
|
current "python setup.py register" and "python setup.py upload"
|
|
|
|
|
distutils commands. Again because of the measured Python release
|
|
|
|
|
cycle and extensive existing Python installations these commands are
|
|
|
|
|
difficult to bugfix and extend. Additionally it is desired that the
|
|
|
|
|
"register" and "upload" commands be able to be performed over HTTPS
|
|
|
|
|
with certificate validation. Since shipping CA certificate keychains
|
|
|
|
|
with Python is not really feasible (updating the keychain is quite
|
|
|
|
|
difficult to manage) it is desirable that those commands, and the
|
|
|
|
|
accompanying keychain, be made installable and upgradeable outside of
|
|
|
|
|
Python itself.
|
|
|
|
|
|
2013-03-25 23:52:54 -04:00
|
|
|
|
The existing distutils mechanisms for package registration and upload would
|
|
|
|
|
remain, though with a deprecation warning.
|
|
|
|
|
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
Implementation
|
|
|
|
|
==============
|
|
|
|
|
|
2013-03-25 23:52:54 -04:00
|
|
|
|
The changes to pip required by this PEP are being tracked in that project's
|
2013-07-08 21:20:06 -04:00
|
|
|
|
issue tracker [2]_. Most notably, the addition of --bootstrap and --bootstrap-
|
|
|
|
|
to-system to the pip command-line.
|
|
|
|
|
|
2013-07-10 01:07:43 -04:00
|
|
|
|
It would be preferable that the pip and setuptools projects distribute a wheel
|
|
|
|
|
format download.
|
2013-07-09 23:01:57 -04:00
|
|
|
|
|
2013-07-08 21:20:06 -04:00
|
|
|
|
The required code for this implementation is the "pip3" command described
|
|
|
|
|
above. The additional pypublish can be developed outside of the scope of this
|
|
|
|
|
PEP's work.
|
|
|
|
|
|
|
|
|
|
Finally, it would be desirable that "pip3" be ported to Python 2.6+ to allow
|
2013-07-10 01:07:43 -04:00
|
|
|
|
the single command to replace existing pip, setuptools and virtualenv (which
|
|
|
|
|
would be added to the bootstrap) bootstrap scripts. Having that bootstrap
|
|
|
|
|
included in a future Python 2.7 release would also be highly desirable.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Risks
|
|
|
|
|
=====
|
|
|
|
|
|
|
|
|
|
The key that is used to sign the pip implementation download might be
|
|
|
|
|
compromised and this PEP currently proposes no mechanism for key
|
|
|
|
|
revocation.
|
|
|
|
|
|
2013-06-13 21:15:22 -04:00
|
|
|
|
There is a Perl package installer also named "pip". It is quite rare and not
|
|
|
|
|
commonly used. The Fedora variant of Linux has historically named Python's
|
|
|
|
|
"pip" as "python-pip" and Perl's "pip" as "perl-pip". This policy has been
|
2015-02-14 12:49:04 -05:00
|
|
|
|
altered\ [3]_ so that future and upgraded Fedora installations will use the name
|
2013-06-13 21:36:16 -04:00
|
|
|
|
"pip" for Python's "pip". Existing (non-upgraded) installations will still
|
|
|
|
|
have the old name for the Python "pip", though the potential for confusion is
|
|
|
|
|
now much reduced.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
2013-03-25 23:52:54 -04:00
|
|
|
|
|
2013-03-21 02:27:06 -04:00
|
|
|
|
References
|
|
|
|
|
==========
|
|
|
|
|
|
2013-03-25 23:52:54 -04:00
|
|
|
|
.. [2] pip issue tracking work needed for this PEP
|
|
|
|
|
https://github.com/pypa/pip/issues/863
|
|
|
|
|
|
2013-06-13 21:15:22 -04:00
|
|
|
|
.. [3] Fedora's python-pip package does not provide /usr/bin/pip
|
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=958377
|
|
|
|
|
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
Acknowledgments
|
|
|
|
|
===============
|
|
|
|
|
|
|
|
|
|
Nick Coghlan for his thoughts on the proposal and dealing with the Red
|
|
|
|
|
Hat issue.
|
|
|
|
|
|
2013-06-13 21:15:22 -04:00
|
|
|
|
Jannis Leidel and Carl Meyer for their thoughts. Marcus Smith for feedback.
|
|
|
|
|
|
|
|
|
|
Marcela Mašláňová for resolving the Fedora issue.
|
2013-03-21 02:27:06 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright
|
|
|
|
|
=========
|
|
|
|
|
|
|
|
|
|
This document has been placed in the public domain.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
..
|
|
|
|
|
Local Variables:
|
|
|
|
|
mode: indented-text
|
|
|
|
|
indent-tabs-mode: nil
|
|
|
|
|
sentence-end-double-space: t
|
|
|
|
|
fill-column: 70
|
|
|
|
|
coding: utf-8
|
|
|
|
|
End:
|